From 62e118db34d1e1335e42175290aed7ba56a4755c Mon Sep 17 00:00:00 2001 From: Aleksei Bavshin Date: Thu, 29 May 2025 14:17:55 -0700 Subject: [PATCH 1/3] ci: test windows builds --- .github/workflows/nginx.yaml | 164 +++++++++++++++++++++++++++++++---- 1 file changed, 145 insertions(+), 19 deletions(-) diff --git a/.github/workflows/nginx.yaml b/.github/workflows/nginx.yaml index 3d3971d5..458968ef 100644 --- a/.github/workflows/nginx.yaml +++ b/.github/workflows/nginx.yaml @@ -9,7 +9,7 @@ on: env: CARGO_TERM_COLOR: 'always' RUST_BACKTRACE: '1' - NGX_CONFIGURE: >- + NGX_CONFIGURE_CMD: >- auto/configure --with-compat --with-debug @@ -19,10 +19,47 @@ env: --with-stream --with-stream_realip_module --with-stream_ssl_module + + NGX_CONFIGURE_UNIX: >- --with-threads + NGX_CONFIGURE_WINDOWS: >- + --with-cc=cl + --prefix= + --conf-path=conf/nginx.conf + --pid-path=logs/nginx.pid + --http-log-path=logs/access.log + --error-log-path=logs/error.log + --sbin-path=nginx.exe + --http-client-body-temp-path=temp/client_body_temp + --http-proxy-temp-path=temp/proxy_temp + --http-fastcgi-temp-path=temp/fastcgi_temp + --http-scgi-temp-path=temp/scgi_temp + --http-uwsgi-temp-path=temp/uwsgi_temp + --with-cc-opt=-DFD_SETSIZE=1024 + --with-pcre=objs/lib/pcre + --with-zlib=objs/lib/zlib + --with-openssl=objs/lib/openssl + --with-openssl-opt="no-asm no-module no-tests -D_WIN32_WINNT=0x0601" + + NGX_CONFIGURE_DYNAMIC_MODULES: >- + --add-dynamic-module=${{ github.workspace }}/examples + NGX_CONFIGURE_STATIC_MODULES: >- + --add-module=${{ github.workspace }}/examples + + NGX_TEST_FILES: examples/t + NGX_TEST_GLOBALS_DYNAMIC: >- + load_module ${{ github.workspace }}/nginx/objs/ngx_http_async_module.so; + load_module ${{ github.workspace }}/nginx/objs/ngx_http_awssigv4_module.so; + load_module ${{ github.workspace }}/nginx/objs/ngx_http_curl_module.so; + load_module ${{ github.workspace }}/nginx/objs/ngx_http_upstream_custom_module.so; + + OPENSSL_VERSION: '3.0.16' + PCRE2_VERSION: '10.45' + ZLIB_VERSION: '1.3.1' + jobs: - test: + linux: runs-on: ubuntu-latest strategy: @@ -61,36 +98,34 @@ jobs: ~/.cargo/registry/index/ ~/.cargo/registry/cache/ ~/.cargo/git/db/ - nginx/objs/ngx_rust_examples - key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} - restore-keys: ${{ runner.os }}-cargo- + nginx/objs/**/CACHEDIR.TAG + nginx/objs/**/ngx-debug + nginx/objs/**/ngx-release + key: ${{ runner.os }}-nginx-${{ hashFiles('**/Cargo.lock') }} + restore-keys: ${{ runner.os }}-nginx- - name: Update configure arguments if: matrix.nginx-ref != 'stable-1.24' run: | - echo NGX_CONFIGURE="${NGX_CONFIGURE} --with-http_v3_module" \ + echo NGX_CONFIGURE_UNIX="${NGX_CONFIGURE_UNIX} --with-http_v3_module" \ >> "$GITHUB_ENV" - name: Configure nginx with static modules if: matrix.module == 'static' working-directory: nginx run: | - ${NGX_CONFIGURE} \ - --add-module=${{ github.workspace }}/examples + ${NGX_CONFIGURE_CMD} \ + ${NGX_CONFIGURE_UNIX} \ + ${NGX_CONFIGURE_STATIC_MODULES} - name: Configure nginx with dynamic modules if: matrix.module != 'static' working-directory: nginx - env: - TEST_NGINX_GLOBALS: >- - load_module ${{ github.workspace }}/nginx/objs/ngx_http_async_module.so; - load_module ${{ github.workspace }}/nginx/objs/ngx_http_awssigv4_module.so; - load_module ${{ github.workspace }}/nginx/objs/ngx_http_curl_module.so; - load_module ${{ github.workspace }}/nginx/objs/ngx_http_upstream_custom_module.so; run: | - ${NGX_CONFIGURE} \ - --add-dynamic-module=${{ github.workspace }}/examples - echo "TEST_NGINX_GLOBALS=$TEST_NGINX_GLOBALS" >> $GITHUB_ENV + ${NGX_CONFIGURE_CMD} \ + ${NGX_CONFIGURE_UNIX} \ + ${NGX_CONFIGURE_DYNAMIC_MODULES} + echo TEST_NGINX_GLOBALS="$NGX_TEST_GLOBALS_DYNAMIC" >> "$GITHUB_ENV" - name: Build nginx working-directory: nginx @@ -98,8 +133,99 @@ jobs: - name: Run tests env: + PERL5LIB: ${{ github.workspace }}/nginx/tests/lib TEST_NGINX_BINARY: ${{ github.workspace }}/nginx/objs/nginx TEST_NGINX_MODULES: ${{ github.workspace }}/nginx/objs + TEST_NGINX_VERBOSE: 1 + run: | + prove -j$(nproc) --state=save ${NGX_TEST_FILES} || prove -v --state=failed + + windows: + runs-on: windows-2022 + env: + TEMP: "C:\\TEMP" + TMP: "C:\\TEMP" + TMPDIR: "C:\\TEMP" + VCARCH: x64 + + strategy: + fail-fast: false + matrix: + nginx-ref: + - master + module: + - static + + steps: + - uses: actions/checkout@v4 + - uses: actions/checkout@v4 + with: + ref: ${{ matrix.nginx-ref }} + repository: 'nginx/nginx' + path: 'nginx' + - uses: actions/checkout@v4 + with: + repository: 'nginx/nginx-tests' + path: 'nginx/tests' + sparse-checkout: | + lib + + - uses: dtolnay/rust-toolchain@stable + + - uses: actions/cache@v4 + with: + path: | + ~/.cargo/bin/ + ~/.cargo/registry/index/ + ~/.cargo/registry/cache/ + ~/.cargo/git/db/ + nginx/objs/**/CACHEDIR.TAG + nginx/objs/**/ngx-debug + nginx/objs/**/ngx-release + key: ${{ runner.os }}-nginx-${{ hashFiles('**/Cargo.lock') }} + restore-keys: ${{ runner.os }}-nginx- + + - name: Prepare build environment + shell: bash + working-directory: nginx + run: | + # Disable dynamic lookup of WSAPoll(); it crashes if the symbol is already imported by + # Rust stdlib. + sed 's/\(_WIN32_WINNT\s*\) 0x0501/\1 0x0601/' -i src/os/win32/ngx_win32_config.h + + echo VCVARSALL="$('C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe' -products \* -latest -property installationPath)\\VC\\Auxiliary\\Build\\vcvarsall.bat" \ + >> "$GITHUB_ENV" + + mkdir -p $TEMP + mkdir -p objs/lib + + curl -sLO https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$PCRE2_VERSION/pcre2-$PCRE2_VERSION.tar.gz + tar -C objs/lib --transform "s/pcre2-$PCRE2_VERSION/pcre/" -xzf ./pcre2-$PCRE2_VERSION.tar.gz + echo '#include ' > objs/lib/pcre/src/inttypes.h + + curl -sLO https://github.com/madler/zlib/releases/download/v$ZLIB_VERSION/zlib-$ZLIB_VERSION.tar.gz + tar -C objs/lib --transform "s/zlib-$ZLIB_VERSION/zlib/" -xzf ./zlib-$ZLIB_VERSION.tar.gz + + curl -sLO https://github.com/openssl/openssl/releases/download/openssl-$OPENSSL_VERSION/openssl-$OPENSSL_VERSION.tar.gz + tar -C objs/lib --transform "s/openssl-$OPENSSL_VERSION/openssl/" -xzf ./openssl-$OPENSSL_VERSION.tar.gz + + - name: Configure and build nginx + shell: cmd + working-directory: nginx + run: | + @echo on + call "%VCVARSALL%" %VCARCH% + bash.exe ^ + %NGX_CONFIGURE_CMD% ^ + %NGX_CONFIGURE_WINDOWS% ^ + %NGX_CONFIGURE_STATIC_MODULES% + nmake -f objs/Makefile + + - name: Run tests + shell: cmd + env: + PERL5LIB: "${{ github.workspace }}\\nginx\\tests\\lib" + TEST_NGINX_BINARY: "${{ github.workspace }}\\nginx\\objs\\nginx.exe" + TEST_NGINX_VERBOSE: 1 run: | - prove -v -j$(nproc) -Inginx/tests/lib --state=save examples/t \ - || prove -v -Inginx/tests/lib --state=failed + prove --state=save %NGX_TEST_FILES% || prove -v --state=failed From 8a7373ca7db48eed55e26fa1fdb04c8bfc912dca Mon Sep 17 00:00:00 2001 From: Aleksei Bavshin Date: Mon, 2 Jun 2025 11:28:23 -0700 Subject: [PATCH 2/3] ci: pin actions to full commit SHA --- .github/workflows/cargo-deny.yaml | 4 ++-- .github/workflows/ci.yaml | 31 +++++++++++++++++-------------- .github/workflows/fossa.yaml | 4 ++-- .github/workflows/nginx.yaml | 24 ++++++++++++++---------- .github/workflows/sanitizers.yaml | 8 ++++---- misc/update-action-sha.sh | 10 ++++++++++ 6 files changed, 49 insertions(+), 32 deletions(-) create mode 100755 misc/update-action-sha.sh diff --git a/.github/workflows/cargo-deny.yaml b/.github/workflows/cargo-deny.yaml index bf926c83..0a34bfa1 100644 --- a/.github/workflows/cargo-deny.yaml +++ b/.github/workflows/cargo-deny.yaml @@ -18,7 +18,7 @@ jobs: continue-on-error: ${{ matrix.checks == 'advisories' }} steps: - - uses: actions/checkout@v4 - - uses: EmbarkStudios/cargo-deny-action@v2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: EmbarkStudios/cargo-deny-action@34899fc7ba81ca6268d5947a7a16b4649013fea1 # v2.0.11 with: command: check ${{ matrix.checks }} diff --git a/.github/workflows/ci.yaml b/.github/workflows/ci.yaml index 05686417..cb15d608 100644 --- a/.github/workflows/ci.yaml +++ b/.github/workflows/ci.yaml @@ -14,7 +14,7 @@ jobs: version: ${{ steps.read_version.outputs.msrv }} runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - id: read_version run: | awk -F '=' \ @@ -33,9 +33,9 @@ jobs: - stable steps: - name: checkout source - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: set up cargo cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 continue-on-error: false with: path: | @@ -47,7 +47,7 @@ jobs: key: ${{ runner.os }}-cargo-${{ matrix.rust-version}}-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo-${{ matrix.rust-version }}- - name: set up nginx deps cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 continue-on-error: false with: path: | @@ -59,7 +59,7 @@ jobs: key: ${{ runner.os }}-deps-${{ hashFiles('**/nginx-sys/build.rs') }} restore-keys: ${{ runner.os }}-deps- - - uses: dtolnay/rust-toolchain@master + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: components: rustfmt, clippy toolchain: ${{ matrix.rust-version }} @@ -88,9 +88,9 @@ jobs: runs-on: ubuntu-latest steps: - name: checkout source - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: set up cargo cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 continue-on-error: false with: path: | @@ -102,7 +102,7 @@ jobs: key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: set up nginx deps cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 continue-on-error: false with: path: | @@ -122,10 +122,12 @@ jobs: steps: - name: install command line dependencies run: brew install make gnupg - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + with: + toolchain: stable - name: set up cargo cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 continue-on-error: false with: path: | @@ -137,7 +139,7 @@ jobs: key: ${{ runner.os }}-cargo-${{ hashFiles('**/Cargo.lock') }} restore-keys: ${{ runner.os }}-cargo- - name: set up nginx deps cache - uses: actions/cache@v4 + uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 continue-on-error: false with: path: | @@ -161,10 +163,11 @@ jobs: name: Rustfmt runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 - - uses: dtolnay/rust-toolchain@stable + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b with: components: rustfmt + toolchain: stable - name: rustfmt version run: rustfmt --version - name: cargo fmt diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml index 82a3eb56..31036caa 100644 --- a/.github/workflows/fossa.yaml +++ b/.github/workflows/fossa.yaml @@ -11,9 +11,9 @@ jobs: runs-on: ubuntu-latest steps: - name: Checkout code - uses: actions/checkout@v4 + uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run FOSSA scan and upload build data - uses: fossa-contrib/fossa-action@v3 + uses: fossa-contrib/fossa-action@3d2ef181b1820d6dcd1972f86a767d18167fa19b # v3.0.1 with: fossa-api-key: ${{ secrets.FOSSA_API_KEY }} diff --git a/.github/workflows/nginx.yaml b/.github/workflows/nginx.yaml index 458968ef..a5994b90 100644 --- a/.github/workflows/nginx.yaml +++ b/.github/workflows/nginx.yaml @@ -76,22 +76,24 @@ jobs: module: dynamic steps: - - uses: actions/checkout@v4 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ matrix.nginx-ref }} repository: 'nginx/nginx' path: 'nginx' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: 'nginx/nginx-tests' path: 'nginx/tests' sparse-checkout: | lib - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + with: + toolchain: stable - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.cargo/bin/ @@ -157,22 +159,24 @@ jobs: - static steps: - - uses: actions/checkout@v4 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ matrix.nginx-ref }} repository: 'nginx/nginx' path: 'nginx' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: 'nginx/nginx-tests' path: 'nginx/tests' sparse-checkout: | lib - - uses: dtolnay/rust-toolchain@stable + - uses: dtolnay/rust-toolchain@b3b07ba8b418998c39fb20f53e8b695cdcc8de1b + with: + toolchain: stable - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.cargo/bin/ diff --git a/.github/workflows/sanitizers.yaml b/.github/workflows/sanitizers.yaml index abd98591..93f38071 100644 --- a/.github/workflows/sanitizers.yaml +++ b/.github/workflows/sanitizers.yaml @@ -37,18 +37,18 @@ jobs: - name: Install dependencies run: dnf install -y ${BUILDREQUIRES} - - uses: actions/checkout@v4 - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: ref: ${{ matrix.nginx-ref }} repository: 'nginx/nginx' path: 'nginx' - - uses: actions/checkout@v4 + - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 with: repository: 'nginx/nginx-tests' path: 'nginx/tests' - - uses: actions/cache@v4 + - uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3 with: path: | ~/.cargo/bin/ diff --git a/misc/update-action-sha.sh b/misc/update-action-sha.sh new file mode 100755 index 00000000..30e83906 --- /dev/null +++ b/misc/update-action-sha.sh @@ -0,0 +1,10 @@ +#!/bin/sh + +set -ex + +if [ $# -lt 2 ]; then + grep "uses:[[:space:]]*$1" .github/workflows/*.yaml + exit +fi + +sed -e "s|\\(uses:[[:space:]]*$1@\\).*|\\1$2|" -i .github/workflows/*.yaml From 2c3a0e0d67fd8e39884c4029d69ea1c093c5bff5 Mon Sep 17 00:00:00 2001 From: Aleksei Bavshin Date: Mon, 2 Jun 2025 11:34:42 -0700 Subject: [PATCH 3/3] ci: switch to the official fossas/fossa-action --- .github/workflows/fossa.yaml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.github/workflows/fossa.yaml b/.github/workflows/fossa.yaml index 31036caa..c226e9dc 100644 --- a/.github/workflows/fossa.yaml +++ b/.github/workflows/fossa.yaml @@ -6,7 +6,7 @@ on: jobs: fossa: # This job is only useful when run on upstream - if: github.repository == 'nginxinc/ngx-rust' || github.event_name == 'workflow_dispatch' + if: github.repository == 'nginx/ngx-rust' || github.event_name == 'workflow_dispatch' name: FOSSA scan runs-on: ubuntu-latest steps: @@ -14,6 +14,6 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Run FOSSA scan and upload build data - uses: fossa-contrib/fossa-action@3d2ef181b1820d6dcd1972f86a767d18167fa19b # v3.0.1 + uses: fossas/fossa-action@3ebcea1862c6ffbd5cf1b4d0bd6b3fe7bd6f2cac # v1.7.0 with: - fossa-api-key: ${{ secrets.FOSSA_API_KEY }} + api-key: ${{ secrets.FOSSA_API_KEY }}