Skip to content

+ e0c603a41619ca

+ e0c603a41619ca #94

Workflow file for this run

name: RTPProxy CI
# Controls when the action will run.
on:
# Triggers the workflow on all push or pull request events
push:
pull_request:
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
schedule:
- cron: "0 0 * * *"
# added using https://github.com/step-security/secure-repo
permissions:
contents: read
# A workflow run is made up of one or more jobs that can run sequentially or in parallel
jobs:
LoadJobs_conf:
name: Load Jobs Settings
uses: ./.github/workflows/.jobs_configure.yml
MinBuild:
name: Lean Build
needs: LoadJobs_conf
if: needs.LoadJobs_conf.outputs.do_MinBuild == 'true'
# The type of runner that the job will run on
runs-on: ubuntu-${{ matrix.os }}
env:
COMPILER: ${{ matrix.compiler }}
TAR_CMD: tar_nosuid
GHA_OS: ubuntu-${{ matrix.os }}
strategy:
matrix:
os: [20.04]
compiler: ['gcc', 'clang', 'gcc-9', 'gcc-10', 'clang-9', 'clang-10']
include:
- os: 22.04
compiler: 'gcc-i386-cross'
- os: 22.04
compiler: 'clang-i386-cross'
- os: 22.04
compiler: 'gcc-mips64-cross'
- os: 22.04
compiler: 'gcc-arm32-cross'
- os: 22.04
compiler: 'gcc-arm64-cross'
- os: 22.04
compiler: 'gcc'
- os: 22.04
compiler: 'clang'
- os: 22.04
compiler: 'gcc-11'
- os: 22.04
compiler: 'gcc-12'
- os: 22.04
compiler: 'clang-11'
- os: 22.04
compiler: 'clang-12'
- os: 22.04
compiler: 'clang-13'
- os: 22.04
compiler: 'clang-14'
- os: 22.04
compiler: 'clang-15'
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Start Docker container
if: endsWith(matrix.compiler, '-cross')
run: sh -x scripts/build/start_container.sh
# - name: Sanitize list of Ubuntu mirrors
# if: endsWith(matrix.compiler, '-cross') == 0
# run: scripts/ft-apt-spy2-check-and-fix.sh
- name: Workaround for tar not being able to access /var/cache/apt/archives
if: endsWith(matrix.compiler, '-cross') == 0
run: |
sudo cp "$(command -v tar)" "$(command -v tar)"_nosuid
sudo chmod u+s "$(command -v tar)"
# Cache the apt-get packages
- name: Cache apt-get packages
if: endsWith(matrix.compiler, '-cross') == 0
uses: actions/cache@v4
with:
path: /var/cache/apt/archives
key: cleanbuild-${{ matrix.os }}-apt-get-${{ github.run_id }}
restore-keys: |
cleanbuild-${{ matrix.os }}-apt-get
cleanbuild-${{ matrix.os }}-${{ matrix.compiler }}-apt-get
- name: Install apt-get updates
run: scripts/ft-apt-get-update.sh
- name: Set up Python
if: endsWith(matrix.compiler, '-cross') == 0
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: install_depends
run: sh -x scripts/build/install_depends.sh
- name: build
run: sh -x ./scripts/do-build.sh cleanbuild
FullBuild:
name: Full Build
needs: [LoadJobs_conf, MinBuild]
if: needs.LoadJobs_conf.outputs.do_FullBuild == 'true'
# The type of runner that the job will run on
runs-on: ubuntu-${{ matrix.os }}
env:
COMPILER: ${{ matrix.compiler }}
TAR_CMD: tar_nosuid
GHA_OS: ubuntu-${{ matrix.os }}
strategy:
matrix:
os: [20.04]
compiler: ['gcc', 'clang', 'gcc-9', 'gcc-10', 'clang-9', 'clang-10']
include:
- os: 22.04
compiler: 'gcc-i386-cross'
- os: 22.04
compiler: 'clang-i386-cross'
- os: 22.04
compiler: 'gcc-mips64-cross'
- os: 22.04
compiler: 'gcc-arm32-cross'
- os: 22.04
compiler: 'gcc-arm64-cross'
- os: 22.04
compiler: 'gcc'
- os: 22.04
compiler: 'clang'
- os: 22.04
compiler: 'gcc-11'
- os: 22.04
compiler: 'gcc-12'
- os: 22.04
compiler: 'clang-11'
- os: 22.04
compiler: 'clang-12'
- os: 22.04
compiler: 'clang-13'
- os: 22.04
compiler: 'clang-14'
- os: 22.04
compiler: 'clang-15'
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Start Docker container
if: endsWith(matrix.compiler, '-cross')
run: sh -x scripts/build/start_container.sh
# - name: Sanitize list of Ubuntu mirrors
# if: endsWith(matrix.compiler, '-cross') == 0
# run: scripts/ft-apt-spy2-check-and-fix.sh
- name: Workaround for tar not being able to access /var/cache/apt/archives
if: endsWith(matrix.compiler, '-cross') == 0
run: |
sudo cp "$(command -v tar)" "$(command -v tar)"_nosuid
sudo chmod u+s "$(command -v tar)"
# Cache the apt-get packages
- name: Cache apt-get packages
if: endsWith(matrix.compiler, '-cross') == 0
uses: actions/cache@v4
with:
path: /var/cache/apt/archives
key: depsbuild-${{ matrix.os }}-apt-get-${{ github.run_id }}
restore-keys: |
depsbuild-${{ matrix.os }}-apt-get
depsbuild-${{ matrix.os }}-${{ matrix.compiler }}-apt-get
- name: Install apt-get updates
run: scripts/ft-apt-get-update.sh
- name: Set up Python
if: endsWith(matrix.compiler, '-cross') == 0
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: install_depends
run: sh -x scripts/build/install_depends.sh
- name: build
run: sh -x ./scripts/do-build.sh depsbuild
FuncTest:
name: Functional Testing
needs: [LoadJobs_conf, FullBuild]
if: needs.LoadJobs_conf.outputs.do_FuncTest == 'true'
# The type of runner that the job will run on
runs-on: ubuntu-${{ matrix.os }}
env:
COMPILER: ${{ matrix.compiler }}
TAR_CMD: tar_nosuid
GHA_OS: ubuntu-${{ matrix.os }}
strategy:
matrix:
os: [20.04]
compiler: ['gcc', 'clang', 'gcc-9', 'gcc-10', 'clang-9', 'clang-10']
include:
- os: 22.04
compiler: 'gcc'
- os: 22.04
compiler: 'clang'
- os: 22.04
compiler: 'gcc-11'
- os: 22.04
compiler: 'gcc-12'
- os: 22.04
compiler: 'clang-11'
- os: 22.04
compiler: 'clang-12'
- os: 22.04
compiler: 'clang-13'
- os: 22.04
compiler: 'clang-14'
- os: 22.04
compiler: 'clang-15'
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Workaround for tar not being able to access /var/cache/apt/archives
run: |
sudo cp "$(command -v tar)" "$(command -v tar)"_nosuid
sudo chmod u+s "$(command -v tar)"
# Cache the apt-get packages
- name: Cache apt-get packages
uses: actions/cache@v4
with:
path: /var/cache/apt/archives
key: functesting-${{ matrix.os }}-apt-get-${{ github.run_id }}
restore-keys: |
functesting-${{ matrix.os }}-apt-get
functesting-${{ matrix.os }}-${{ matrix.compiler }}-apt-get
- name: Install apt-get updates
run: scripts/ft-apt-get-update.sh
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: install_depends
run: sh -x scripts/build/install_depends.sh
- name: before_install
run: sh -x scripts/ft-before_install.sh
- name: build
run: sh -x ./scripts/do-build.sh basic
- name: test
run: sh -x scripts/do-test.sh
Glitching:
name: Glitch Injection
needs: [LoadJobs_conf, FuncTest]
if: needs.LoadJobs_conf.outputs.do_Glitch == 'true'
# The type of runner that the job will run on
runs-on: ubuntu-${{ matrix.os }}
env:
COMPILER: ${{ matrix.compiler }}
TAR_CMD: tar_nosuid
GHA_OS: ubuntu-${{ matrix.os }}
strategy:
matrix:
os: [20.04]
compiler: ['gcc', 'clang', 'gcc-9', 'gcc-10', 'clang-9', 'clang-10']
include:
- os: 22.04
compiler: 'gcc'
- os: 22.04
compiler: 'clang'
- os: 22.04
compiler: 'gcc-11'
- os: 22.04
compiler: 'gcc-12'
- os: 22.04
compiler: 'clang-11'
- os: 22.04
compiler: 'clang-12'
- os: 22.04
compiler: 'clang-13'
- os: 22.04
compiler: 'clang-14'
- os: 22.04
compiler: 'clang-15'
# Steps represent a sequence of tasks that will be executed as part of the job
steps:
# Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Workaround for tar not being able to access /var/cache/apt/archives
run: |
sudo cp "$(command -v tar)" "$(command -v tar)"_nosuid
sudo chmod u+s "$(command -v tar)"
# Cache the apt-get packages
- name: Cache apt-get packages
uses: actions/cache@v4
with:
path: /var/cache/apt/archives
key: glitching-${{ matrix.os }}-apt-get-${{ github.run_id }}
restore-keys: |
glitching-${{ matrix.os }}-apt-get
glitching-${{ matrix.os }}-${{ matrix.compiler }}-apt-get
- name: Install apt-get updates
run: scripts/ft-apt-get-update.sh
- name: Set up Python
uses: actions/setup-python@v5
with:
python-version: 3.9
- name: install_depends
run: sh -x scripts/build/install_depends.sh
- name: before_install
run: sh -x scripts/ft-before_install.sh
- name: build
run: sh -x ./scripts/do-build.sh glitching
- name: test
run: sh -x scripts/do-test.sh
Fuzzing:
name: Fuzz with OSS-Fuzz
needs: [LoadJobs_conf, Glitching]
if: needs.LoadJobs_conf.outputs.do_Fuzzing == 'true'
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Build Fuzzers
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'rtpproxy'
dry-run: false
language: c
- name: Run Fuzzers
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'rtpproxy'
fuzz-seconds: 1200
dry-run: false
parallel-fuzzing: true
language: c
- name: Upload Crash
uses: actions/upload-artifact@v4
if: failure() && steps.build.outcome == 'success'
with:
name: artifacts
path: ./out/artifacts
Docker:
name: Build&Push to DockerHub
#needs: [LoadJobs_conf, Fuzzing]
needs: [LoadJobs_conf]
if: needs.LoadJobs_conf.outputs.do_Docker == 'true' &&
(github.event_name == 'push' || github.event_name == 'pull_request')
runs-on: ubuntu-latest
services:
registry:
image: registry:2
ports:
- 5000:5000
env:
DOCKER_REPO: sippylabs/rtpproxy
LOCAL_REPO: localhost:5000/sippylabs/rtpproxy
PLATFORMS: linux/amd64,linux/i386 #,linux/arm/v7,linux/arm64
BASE_IMAGE: debian:12-slim
CCACHE_ROOT: ccache
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
submodules: 'recursive'
- name: Set up QEMU
id: qemu
uses: docker/setup-qemu-action@v3
with:
platforms: arm64,arm
- name: Set up Docker Buildx
uses: docker/setup-buildx-action@v3
with:
driver-opts: network=host
- name: Log in to Docker Hub
if: github.event_name != 'pull_request'
uses: docker/login-action@v3
with:
username: ${{ secrets.DOCKER_USERNAME }}
password: ${{ secrets.DOCKER_PASSWORD }}
- name: Extract metadata (tags, labels) for Docker
id: meta
uses: docker/metadata-action@v5
with:
images: ${{ env.DOCKER_REPO }}
tags: |
type=schedule
type=ref,event=branch
type=ref,event=tag
type=ref,event=pr
type=raw,value=latest,enable={{is_default_branch}}
type=sha
# Cache the compiler cache
- name: Cache the compiler cache
uses: actions/cache@v4
with:
path: ${{ env.CCACHE_ROOT }}
key: dockerhub-ccache-${{ github.run_id }}
restore-keys: |
dockerhub-ccache
- name: Get branch name
run: |
echo "GIT_BRANCH=${GITHUB_HEAD_REF:-${GITHUB_REF#refs/heads/}}" >> $GITHUB_ENV
- name: Build Docker image
uses: docker/build-push-action@v6
env:
CACHE_SPEC: "type=registry,ref=${{ env.DOCKER_REPO }}:${{ env.GIT_BRANCH }}-buildcache"
with:
context: .
file: ./docker/Dockerfile
build-args: |
BASE_IMAGE=${{ env.BASE_IMAGE }}
CCACHE_ROOT=${{ env.CCACHE_ROOT }}
tags: ${{ env.LOCAL_REPO }}:latest
platforms: ${{ env.PLATFORMS }}
push: true
cache-from: ${{ env.CACHE_SPEC }}
cache-to: ${{ env.CACHE_SPEC }},mode=max
- name: Save Docker image
uses: docker/build-push-action@v6
with:
file: ./docker/Dockerfile.export_ccache
build-args: BASE_IMAGE=${{ env.LOCAL_REPO }}:latest
platforms: ${{ env.PLATFORMS }}
outputs: type=tar,dest=/tmp/ccache_export.tar
- name: Push Docker image
uses: docker/build-push-action@v6
with:
context: .
file: ./docker/Dockerfile.push
build-args: |
BASE_IMAGE=${{ env.BASE_IMAGE }}
BUILD_IMAGE=${{ env.LOCAL_REPO }}:latest
push: true
tags: ${{ steps.meta.outputs.tags }}
labels: ${{ steps.meta.outputs.labels }}
platforms: ${{ env.PLATFORMS }}
- name: Update DockerHub repo description
if: ${{ github.ref == format('refs/heads/{0}', github.event.repository.default_branch) }}
env:
DOCKER_USERNAME: ${{ secrets.DOCKER_USERNAME }}
DOCKER_PASSWORD: ${{ secrets.DOCKER_PASSWORD }}
run: sh -x docker/update_description.sh docker/README.md
- name: Update ccaches
run: |
rm -rf ccache
tar --strip-components=2 --no-wildcards-match-slash --wildcards -x -f /tmp/ccache_export.tar "*/rtpproxy/ccache"
du -d1 -h ${{ env.CCACHE_ROOT }}