search

nektos / act

Run your GitHub Actions locally 🚀
https://nektosact.com
MIT License
55.31k stars 1.38k forks source link

act doesn't support expression lists for ports and expression mapping for env #2529

Open jsoref opened 1 day ago

jsoref commented 1 day ago

Bug report info

act version:            0.2.69
GOOS:                   darwin
GOARCH:                 arm64
NumCPU:                 10
Docker host:            DOCKER_HOST environment variable is not set
Sockets found:
    /var/run/docker.sock
Config files:           
    /Users/jsoref/.actrc:
        #-P ubuntu-latest=node:12.20.1-buster-slim
        #-P ubuntu-20.04=node:12.20.1-buster-slim
        #-P ubuntu-18.04=node:12.20.1-buster-slim
        -P ubuntu-latest=ghcr.io/catthehacker/ubuntu:act-latest
        -P ubuntu-24.04=ghcr.io/catthehacker/ubuntu:act-latest
        -P ubuntu-22.04=ghcr.io/catthehacker/ubuntu:act-22.04
        -P ubuntu-20.04=ghcr.io/catthehacker/ubuntu:act-20.04
        -P self-hosted=catthehacker/ubuntu:act-latest
        -P ubuntu-latest-4cpu=ubuntu:act-latest
        -P ubuntu-latest-8cpu=ubuntu:act-latest
        --use-new-action-cache
Build info:
    Go version:            go1.23.2
    Module path:           command-line-arguments
    Main version:          
    Main path:             
    Main checksum:         
    Build settings:
        -buildmode:           exe
        -compiler:            gc
        -ldflags:             -X main.version=0.2.69
        DefaultGODEBUG:       asynctimerchan=1,gotypesalias=0,httplaxcontentlength=1,httpmuxgo121=1,httpservecontentkeepheaders=1,tls10server=1,tls3des=1,tlskyber=0,tlsrsakex=1,tlsunsafeekm=1,winreadlinkvolume=0,winsymlink=0,x509keypairleaf=0,x509negativeserial=1
        CGO_ENABLED:          1
        CGO_CFLAGS:           
        CGO_CPPFLAGS:         
        CGO_CXXFLAGS:         
        CGO_LDFLAGS:          
        GOARCH:               arm64
        GOOS:                 darwin
        GOARM64:              v8.0
Docker Engine:
    Engine version:        26.1.5
    Engine runtime:        runc
    Cgroup version:        2
    Cgroup driver:         cgroupfs
    Storage driver:        overlay2
    Registry URI:          https://index.docker.io/v1/
    OS:                    Alpine Linux v3.20
    OS type:               linux
    OS version:            3.20.3
    OS arch:               aarch64
    OS kernel:             6.6.51-0-virt
    OS CPU:                2
    OS memory:             1906 MB
    Security options:
        name=seccomp,profile=builtin
        name=cgroupns

Command used with act

act -l

Describe issue

I expected to get a list of workflows

Link to GitHub repository

https://github.com/PowerDNS/pdns/blob/4b81e7f615fbe0bb0c65c2811716726ce0228d70/.github/workflows/build-and-test-all.yml#L367-L447

Workflow content

---
name: 'Build and test everything'

on:
  push:
  pull_request:
  workflow_call:
    inputs:
      branch-name:
        description: 'Checkout to a specific branch'
        required: true
        default: ''
        type: string
      runner-docker-image-name:
        description: 'Image name to be used for running all jobs'
        required: false
        default: ''
        type: string
  schedule:
    - cron: '0 22 * * 3'

permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
  contents: read

env:
  COMPILER: clang
  CLANG_VERSION: '13'
  # github.workspace variable points to the Runner home folder. Container home folder defined below.
  REPO_HOME: '/__w/${{ github.event.repository.name }}/${{ github.event.repository.name }}'
  BUILDER_VERSION: '0.0.0-git1'
  COVERAGE: ${{ github.repository == 'PowerDNS/pdns' && 'yes' || 'no' }}
  LLVM_PROFILE_FILE: "/tmp/code-%p.profraw"
  OPTIMIZATIONS: yes
  DECAF_SUPPORT: yes

jobs:
  get-runner-container-image:
    name: generate docker runner image name
    runs-on: ubuntu-22.04
    outputs:
      id: ${{ steps.get-runner-image.outputs.image-id }}
      tag: ${{ steps.get-runner-image.outputs.tag }}
    env:
      DEFAULT_RUNNER_DOCKER_IMAGE: base-pdns-ci-image/debian-12-pdns-base
      DEFAULT_IMAGE_TAG: master # update when backporting, e.g. auth-4.9.x
    steps:
      - id: get-runner-image
        run: |
          echo "image-id=ghcr.io/powerdns/${{ inputs.runner-docker-image-name || env.DEFAULT_RUNNER_DOCKER_IMAGE }}" >> "$GITHUB_OUTPUT"
          echo "tag=${{ env.DEFAULT_IMAGE_TAG }}" >> "$GITHUB_OUTPUT"

  build-auth:
    name: build auth (${{ matrix.builder }})
    if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
    runs-on: ubuntu-22.04
    needs: get-runner-container-image
    container:
      image: "${{ matrix.container_image }}"
      env:
        FUZZING_TARGETS: yes
        UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
        UNIT_TESTS: yes
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    strategy:
      matrix:
        container_image: ["${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"]
        builder: [autotools, meson]
        exclude:
          - container_image: "ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:${{ needs.get-runner-container-image.outputs.tag }}"
            builder: meson
      fail-fast: false
    defaults:
      run:
        working-directory: ./pdns-${{ env.BUILDER_VERSION }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - name: get timestamp for cache
        id: get-stamp
        run: |
          echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
        shell: bash
        working-directory: .
      - run: mkdir -p ~/.ccache
        working-directory: .
      - name: let GitHub cache our ccache data
        uses: actions/cache@v4
        with:
          path: ~/.ccache
          key: auth-ccache-${{ matrix.builder }}-${{ steps.get-stamp.outputs.stamp }}
          restore-keys: auth-ccache-${{ matrix.builder }}
      - name: set sanitizers
        run: echo "SANITIZERS=${{ matrix.builder == 'meson' && 'address,undefined' || 'asan+ubsan' }}" >> "$GITHUB_ENV"
        working-directory: .
      - run: inv install-auth-build-deps
        working-directory: .
      - run: inv ci-autoconf ${{ matrix.builder == 'meson' && '--meson' || '' }}
        working-directory: .
      - run: inv ci-auth-configure ${{ matrix.builder == 'meson' && '--meson' || '' }} -b pdns-${{ env.BUILDER_VERSION }}
        working-directory: .
      - run: inv ci-auth-build ${{ matrix.builder == 'meson' && '--meson' || '' }} # This runs under pdns-$BUILDER_VERSION/pdns/ for make bear
      - run: inv ci-auth-install-remotebackend-test-deps
      - if: ${{ matrix.builder == 'meson' }}
        run: inv install-auth-test-deps-only -b geoip
      - run: inv ci-auth-run-unit-tests ${{ matrix.builder == 'meson' && '--meson' || '' }}
        env:
          PDNS_BUILD_PATH: ../pdns-${{ env.BUILDER_VERSION }}
      - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }}
        working-directory: ./pdns-${{ env.BUILDER_VERSION }}/pdns
      - name: Coveralls Parallel auth unit
        if: ${{ env.COVERAGE == 'yes' && matrix.builder != 'meson' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: auth-unit-${{ env.SANITIZERS }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false
      - run: inv ci-auth-install ${{ matrix.builder == 'meson' && '--meson' || '' }}
      - run: ccache -s
      - if: ${{ matrix.builder != 'meson' }}
        run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - if: ${{ matrix.builder != 'meson' }}
        name: Store the binaries
        uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
        with:
          name: pdns-auth-${{ env.normalized-branch-name }}
          path: /opt/pdns-auth
          retention-days: 1

  build-recursor:
    name: build recursor
    if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
    runs-on: ubuntu-22.04
    needs: get-runner-container-image
    strategy:
      matrix:
        sanitizers: [ubsan+asan, tsan]
        features: [least, full]
        exclude:
          - sanitizers: tsan
            features: least
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        SANITIZERS: ${{ matrix.sanitizers }}
        UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
        UNIT_TESTS: yes
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    defaults:
      run:
        working-directory: ./pdns/recursordist/pdns-recursor-${{ env.BUILDER_VERSION }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - name: get timestamp for cache
        id: get-stamp
        run: |
          echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
        shell: bash
        working-directory: .
      - run: mkdir -p ~/.ccache
        working-directory: .
      - name: let GitHub cache our ccache data
        uses: actions/cache@v4
        with:
          path: ~/.ccache
          key: recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
          restore-keys: recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
      - run: inv ci-install-rust ${{ env.REPO_HOME }}
        working-directory: ./pdns/recursordist/
      - run: inv ci-autoconf
        working-directory: ./pdns/recursordist/
      - run: inv ci-rec-configure ${{ matrix.features }}
        working-directory: ./pdns/recursordist/
      - run: inv ci-make-distdir
        working-directory: ./pdns/recursordist/
      - run: inv ci-rec-configure ${{ matrix.features }}
      - run: inv ci-rec-make-bear
      - run: inv ci-rec-run-unit-tests
      - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
      - name: Coveralls Parallel rec unit
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: rec-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false
      - run: inv ci-make-install
      - run: ccache -s
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Store the binaries
        uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
        with:
          name: pdns-recursor-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
          path: /opt/pdns-recursor
          retention-days: 1

  build-dnsdist:
    name: build dnsdist
    if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
    runs-on: ubuntu-22.04
    needs: get-runner-container-image
    strategy:
      matrix:
        sanitizers: [ubsan+asan, tsan]
        features: [least, full]
        exclude:
          - sanitizers: tsan
            features: least
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        SANITIZERS: ${{ matrix.sanitizers }}
        UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
        UNIT_TESTS: yes
        FUZZING_TARGETS: yes
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    defaults:
      run:
        working-directory: ./pdns/dnsdistdist/dnsdist-${{ env.BUILDER_VERSION }}
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - name: get timestamp for cache
        id: get-stamp
        run: |
          echo "stamp=$(/bin/date +%s)" >> "$GITHUB_OUTPUT"
        shell: bash
        working-directory: .
      - run: mkdir -p ~/.ccache
        working-directory: .
      - name: let GitHub cache our ccache data
        uses: actions/cache@v4
        with:
          path: ~/.ccache
          key: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-${{ steps.get-stamp.outputs.stamp }}
          restore-keys: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-ccache-
      - run: inv ci-install-rust ${{ env.REPO_HOME }}
        working-directory: ./pdns/dnsdistdist/
      - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }}
        working-directory: ./pdns/dnsdistdist/
      - run: inv ci-autoconf
        working-directory: ./pdns/dnsdistdist/
      - run: inv ci-dnsdist-configure ${{ matrix.features }}
        working-directory: ./pdns/dnsdistdist/
      - run: inv ci-make-distdir
        working-directory: ./pdns/dnsdistdist/
      - run: inv ci-dnsdist-configure ${{ matrix.features }}
      - run: inv ci-dnsdist-make-bear
      - run: inv ci-dnsdist-run-unit-tests
      - run: inv generate-coverage-info ./testrunner $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
      - name: Coveralls Parallel dnsdist unit
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: dnsdist-unit-${{ matrix.features }}-${{ matrix.sanitizers }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false
      - run: inv ci-make-install
      - run: ccache -s
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Store the binaries
        uses: actions/upload-artifact@v4 # this takes 30 seconds, maybe we want to tar
        with:
          name: dnsdist-${{ matrix.features }}-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
          path: /opt/dnsdist
          retention-days: 1

  test-auth-api:
    needs:
      - build-auth
      - get-runner-container-image
    runs-on: ubuntu-22.04
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
        ASAN_OPTIONS: detect_leaks=0
        TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
        AUTH_BACKEND_IP_ADDR: "172.17.0.1"
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    strategy:
      matrix:
        include:
          - backend: gsqlite3
            image: coscale/docker-sleep
          - backend: gmysql
            image: mysql:5
          - backend: gpgsql
            image: postgres:9
          - backend: lmdb
            image: coscale/docker-sleep
      fail-fast: false
    services:
      database:
        image: ${{ matrix.image }}
        env:
          POSTGRES_USER: runner
          POSTGRES_HOST_AUTH_METHOD: trust
          MYSQL_ALLOW_EMPTY_PASSWORD: 1
        ports:
          - 3306:3306
          - 5432:5432
        # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
        options: >-
          --restart always
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Fetch the binaries
        uses: actions/download-artifact@v4
        with:
          name: pdns-auth-${{ env.normalized-branch-name }}
          path: /opt/pdns-auth
      - run: inv apt-fresh
      - run: inv install-clang-runtime
      - run: inv install-auth-test-deps -b ${{ matrix.backend }}
      - run: inv test-api auth -b ${{ matrix.backend }}
      - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' }}
      - name: Coveralls Parallel auth API ${{ matrix.backend }}
        if: ${{ env.COVERAGE == 'yes' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: auth-api-${{ matrix.backend }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false

  test-auth-backend:
    needs:
      - build-auth
      - get-runner-container-image
    runs-on: ubuntu-22.04
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
        ASAN_OPTIONS: detect_leaks=0
        LDAPHOST: ldap://ldapserver/
        ODBCINI: /github/home/.odbc.ini
        AUTH_BACKEND_IP_ADDR: "172.17.0.1"
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    strategy:
      matrix:
        include:
          - backend: remote
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: gmysql
            image: mysql:5
            env:
              MYSQL_ALLOW_EMPTY_PASSWORD: 1
            ports:
            - 3306:3306
          - backend: gmysql
            image: mariadb:10
            env:
              MYSQL_ALLOW_EMPTY_PASSWORD: 1
            ports:
            - 3306:3306
          - backend: gpgsql
            image: postgres:9
            env:
              POSTGRES_USER: runner
              POSTGRES_HOST_AUTH_METHOD: trust
            ports:
            - 5432:5432
          - backend: gsqlite3  # this also runs regression-tests.nobackend and pdnsutil test-algorithms
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: lmdb
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: bind
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: geoip
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: lua2
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: tinydns
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: authpy
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: godbc_sqlite3
            image: coscale/docker-sleep
            env: {}
            ports: []
          - backend: godbc_mssql
            image: mcr.microsoft.com/mssql/server:2022-CU12-ubuntu-22.04
            env:
              ACCEPT_EULA: Y
              SA_PASSWORD: 'SAsa12%%-not-a-secret-password'
            ports:
              - 1433:1433
          - backend: ldap
            image: powerdns/ldap-regress:1.2.4-1
            env:
              LDAP_LOG_LEVEL: 0
              CONTAINER_LOG_LEVEL: 4
            ports:
              - 389:389
          - backend: geoip_mmdb
            image: coscale/docker-sleep
            env: {}
            ports: []
      fail-fast: false
    services:
      database:
        image: ${{ matrix.image }}
        env: ${{ matrix.env }}
        ports: ${{ matrix.ports }}
        # FIXME: this works around dist-upgrade stopping all docker containers. dist-upgrade is huge on these images anyway. Perhaps we do want to run our tasks in a Docker container too.
        options: >-
          --restart always
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Fetch the binaries
        uses: actions/download-artifact@v4
        with:
          name: pdns-auth-${{ env.normalized-branch-name }}
          path: /opt/pdns-auth
      # FIXME: install recursor for backends that have ALIAS
      - run: inv install-clang-runtime
      - run: inv install-auth-test-deps -b ${{ matrix.backend }}
      - run: inv test-auth-backend -b ${{ matrix.backend }}
      - run: inv generate-coverage-info /opt/pdns-auth/sbin/pdns_server $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' }}
      - name: Coveralls Parallel auth backend ${{ matrix.backend }}
        if: ${{ env.COVERAGE == 'yes' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: auth-backend-${{ matrix.backend }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false

  test-ixfrdist:
    needs:
      - build-auth
      - get-runner-container-image
    runs-on: ubuntu-22.04
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
        ASAN_OPTIONS: detect_leaks=0
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Fetch the binaries
        uses: actions/download-artifact@v4
        with:
          name: pdns-auth-${{ env.normalized-branch-name }}
          path: /opt/pdns-auth
      - run: inv install-clang-runtime
      - run: inv install-auth-test-deps
      - run: inv test-ixfrdist
      - run: inv generate-coverage-info /opt/pdns-auth/bin/ixfrdist $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' }}
      - name: Coveralls Parallel ixfrdist
        if: ${{ env.COVERAGE == 'yes' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: ixfrdist
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false

  test-recursor-api:
    needs:
      - build-recursor
      - get-runner-container-image
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        sanitizers: [ubsan+asan, tsan]
        dist_name: [debian]
        pdns_repo_version: ['48']
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
        ASAN_OPTIONS: detect_leaks=0
        TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Fetch the binaries
        uses: actions/download-artifact@v4
        with:
          name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
          path: /opt/pdns-recursor
      - run: inv apt-fresh
      - run: inv add-auth-repo ${{ matrix.dist_name }} $(. /etc/os-release && echo $VERSION_CODENAME) ${{ matrix.pdns_repo_version }}
      - run: inv install-clang-runtime
      - run: inv install-rec-test-deps
      - run: inv test-api recursor
      - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
      - name: Coveralls Parallel recursor API
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: rec-api-full-${{ matrix.sanitizers }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false

  test-recursor-regression:
    needs:
      - build-recursor
      - get-runner-container-image
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        sanitizers: [ubsan+asan, tsan]
        dist_name: [debian]
        pdns_repo_version: ['48']
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
        ASAN_OPTIONS: ""
        LSAN_OPTIONS: "suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-lsan.supp"
        TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    steps:
      # - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Fetch the binaries
        uses: actions/download-artifact@v4
        with:
          name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
          path: /opt/pdns-recursor
      - run: inv apt-fresh
      - run: inv add-auth-repo ${{ matrix.dist_name }} $(. /etc/os-release && echo $VERSION_CODENAME) ${{ matrix.pdns_repo_version }}
      - run: inv install-clang-runtime
      - run: inv install-rec-test-deps
      - run: inv test-regression-recursor
      - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
      - name: Coveralls Parallel recursor regression
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: rec-regression-full-${{ matrix.sanitizers }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false

  test-recursor-bulk:
    name: 'test rec *mini* bulk'
    needs:
      - build-recursor
      - get-runner-container-image
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        sanitizers: [ubsan+asan, tsan]
        threads: [1, 2, 3, 4, 8]
        mthreads: [2048]
        shards: [1, 2, 1024]
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        UBSAN_OPTIONS: 'print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp'
        ASAN_OPTIONS: detect_leaks=0
        TSAN_OPTIONS: "halt_on_error=1:suppressions=${{ env.REPO_HOME }}/pdns/recursordist/recursor-tsan.supp"
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Fetch the binaries
        uses: actions/download-artifact@v4
        with:
          name: pdns-recursor-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
          path: /opt/pdns-recursor
      - run: inv install-clang-runtime
      - run: inv install-rec-bulk-deps
      - run: inv test-bulk-recursor ${{ matrix.threads }} ${{ matrix.mthreads }} ${{ matrix.shards }}
      - run: inv generate-coverage-info /opt/pdns-recursor/sbin/pdns_recursor $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
      - name: Coveralls Parallel recursor bulk
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: rec-regression-bulk-full-${{ matrix.sanitizers }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false

  test-dnsdist-regression:
    needs:
      - build-dnsdist
      - get-runner-container-image
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        sanitizers: [ubsan+asan, tsan]
    container:
      image: "${{ needs.get-runner-container-image.outputs.id }}:${{ needs.get-runner-container-image.outputs.tag }}"
      env:
        UBSAN_OPTIONS: "print_stacktrace=1:halt_on_error=1:suppressions=${{ env.REPO_HOME }}/build-scripts/UBSan.supp"
        # Disabling (intercept_send=0) the custom send wrappers for ASAN and TSAN because they cause the tools to report a race that doesn't exist on actual implementations of send(), see https://github.com/google/sanitizers/issues/1498
        ASAN_OPTIONS: intercept_send=0
        LSAN_OPTIONS: "suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-lsan.supp"
        TSAN_OPTIONS: "halt_on_error=1:intercept_send=0:suppressions=${{ env.REPO_HOME }}/pdns/dnsdistdist/dnsdist-tsan.supp"
        # IncludeDir tests are disabled because of a weird interaction between TSAN and these tests which ever only happens on GH actions
        SKIP_INCLUDEDIR_TESTS: yes
        SANITIZERS: ${{ matrix.sanitizers }}
        COVERAGE: yes
      options: --sysctl net.ipv6.conf.all.disable_ipv6=0 --privileged
    steps:
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - run: echo "normalized-branch-name=${{ inputs.branch-name || github.ref_name }}" | tr "/" "-" >> "$GITHUB_ENV"
      - name: Fetch the binaries
        uses: actions/download-artifact@v4
        with:
          name: dnsdist-full-${{ matrix.sanitizers }}-${{ env.normalized-branch-name }}
          path: /opt/dnsdist
      - run: inv install-clang-runtime
      - run: inv install-dnsdist-test-deps $([ "$(. /etc/os-release && echo $VERSION_CODENAME)" = "bullseye" ] && echo "--skipXDP=True")
      - run: inv test-dnsdist
      - run: inv generate-coverage-info /opt/dnsdist/bin/dnsdist $GITHUB_WORKSPACE
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
      - name: Coveralls Parallel dnsdist regression
        if: ${{ env.COVERAGE == 'yes' && matrix.sanitizers != 'tsan' }}
        uses: coverallsapp/github-action@v2
        with:
          flag-name: dnsdist-regression-full-${{ matrix.sanitizers }}
          path-to-lcov: $GITHUB_WORKSPACE/coverage.lcov
          parallel: true
          allow-empty: true
          fail-on-error: false

  swagger-syntax-check:
    if: ${{ !github.event.schedule || vars.SCHEDULED_JOBS_BUILD_AND_TEST_ALL }}
    runs-on: ubuntu-22.04
    # FIXME: https://github.com/PowerDNS/pdns/pull/12880
    # container:
    #   image: ghcr.io/powerdns/base-pdns-ci-image/debian-11-pdns-base:master
    #   options: --sysctl net.ipv6.conf.all.disable_ipv6=0
    steps:
      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - run: build-scripts/gh-actions-setup-inv  # this runs apt update+upgrade
      - run: inv install-swagger-tools
      - run: inv swagger-syntax-check

  collect:
    needs:
      - build-auth
      - build-dnsdist
      - build-recursor
      - swagger-syntax-check
      - test-auth-api
      - test-auth-backend
      - test-dnsdist-regression
      - test-ixfrdist
      - test-recursor-api
      - test-recursor-regression
      - test-recursor-bulk
    if: success() || failure()
    runs-on: ubuntu-22.04
    steps:
      - name: Coveralls Parallel Finished
        if: ${{ env.COVERAGE == 'yes' }}
        uses: coverallsapp/github-action@v2
        with:
          parallel-finished: true
          fail-on-error: false
      - name: Install jq and jc
        run: "sudo apt-get update && sudo apt-get install jq jc"
      - name: Fail job if any of the previous jobs failed
        run: "for i in `echo '${{ toJSON(needs) }}' | jq -r '.[].result'`; do if [[ $i == 'failure' ]]; then echo '${{ toJSON(needs) }}'; exit 1; fi; done;"
      - uses: actions/checkout@v4
        with:
          fetch-depth: 5
          submodules: recursive
          ref: ${{ inputs.branch-name }}
      - name: Get list of jobs in the workflow
        run: "cat .github/workflows/build-and-test-all.yml | jc --yaml | jq -rS '.[].jobs | keys | .[]' | grep -vE 'collect|get-runner-container-image' | tee /tmp/workflow-jobs-list.yml"
      - name: Get list of prerequisite jobs
        run: "echo '${{ toJSON(needs) }}' | jq -rS 'keys | .[]' | tee /tmp/workflow-needs-list.yml"
      - name: Fail if there is a job missing on the needs list
        run: "if ! diff -q /tmp/workflow-jobs-list.yml /tmp/workflow-needs-list.yml; then exit 1; fi"

# FIXME: if we can make upload/download-artifact fasts, running unit tests outside of build can let regression tests start earlier

Relevant log output

DEBU[0000] Reading workflow '/Users/jsoref/code/powerdns/pdns/.github/workflows/build-and-test-all.yml'
Error: workflow is not valid. 'build-and-test-all.yml': yaml: unmarshal errors:
  line 446: cannot unmarshal !!str `${{ mat...` into map[string]string
  line 447: cannot unmarshal !!str `${{ mat...` into []string


### Additional information

_No response_
ChristopherHX commented 23 hours ago

I plan this for next year, as enhancement for github-act-runner including a patch for act cli

Features of both act-cli (full workflow) and github-act-runner (single job worker only) gain higher priority from my side