Skip to content
Build nflog_dns

Run QA tests on Ubuntu 26.04 #185

Sign in to view logs

Run QA tests on Ubuntu 26.04

Run QA tests on Ubuntu 26.04 #185

Workflow file for this run

.github/workflows/makefile.yml at 5069ae9
# Copyright Antti Kultanen <antti.kultanen@molukki.com>
# nflog_dns is licensed under GNU GPL v2 or later; see LICENSE file
name: Build nflog_dns
on:
workflow_dispatch:
push:
branches:
- '**'
tags:
- 'v*.*.*'
schedule:
- cron: "37 13 * * 3"
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
jobs:
# Do integration testing, requires full VM
ubuntu-full:
name: Ubuntu 26.04 QA tests
runs-on: ubuntu-26.04
timeout-minutes: 60
permissions:
security-events: write
contents: read
checks: write
steps:
- uses: actions/checkout@v6
- name: Initialize CodeQL
uses: github/codeql-action/init@v4
with:
languages: cpp
queries: security-and-quality
- name: Install build and test dependencies
run: |
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get update
sudo apt-get -y --no-install-recommends install libtins-dev libnetfilter-log-dev libspdlog-dev python3 build-essential clang-tidy debhelper-compat lsb-release doctest-dev
- name: Run clang-tidy
run: |
clang-tidy config.cpp nflog_dns.cpp -- -std=c++11 $(pkg-config --cflags libnetfilter_log libtins fmt spdlog)
- name: Compile binary
run: make
- name: Run CodeQL Analysis
uses: github/codeql-action/analyze@v4
- name: Run tests
run: sudo make test
- name: Verify installation
run: sudo make install
- name: Run the installed binary
run: nflog_dns --version
- name: Verify uninstallation
run: sudo make uninstall
- name: Verify clean
run: |
make clean
[ -z "$(git status --porcelain)" ] || exit 1
- name: Compile debug binary
run: make debug
- name: Run the debug binary
run: ASAN_OPTIONS=verify_asan_link_order=0 ./nflog_dns --version
- name: Verify clean
run: |
make clean
[ -z "$(git status --porcelain)" ] || exit 1
- name: Verify DEB package build
run: make deb
- name: Verify DEB package installation
run: sudo dpkg -i ../nflog-dns_*.deb
- name: List installed package contents
run: dpkg -L nflog-dns
- name: Run the installed binary
run: nflog_dns --version
- name: Stop and disable nflog_dns systemd service
run: |
sudo systemctl stop nflog_dns.service
sudo systemctl disable nflog_dns.service
- name: Enable and start nflog_dns systemd service
run: |
sudo systemctl enable nflog_dns.service
sudo systemctl start nflog_dns.service
- name: Verify DEB package reinstallation
run: sudo dpkg -i ../nflog-dns_*.deb
- name: Verify DEB package removal
run: sudo dpkg -r nflog-dns nflog-dns-dbgsym
- name: Verify DEB package purge
run: sudo dpkg -P nflog-dns
- name: Verify clean
run: |
make clean
[ -z "$(git status --porcelain)" ] || exit 1
# Build packages, uses containers
containers-amd64:
strategy:
fail-fast: false
matrix:
include:
- name: Debian 13
image: debian:13
pkgtype: deb
install: apt-get update && apt-get -y --no-install-recommends install ca-certificates libtins-dev libnetfilter-log-dev libspdlog-dev python3 build-essential debhelper-compat lsb-release
- name: Debian 12
image: debian:12
pkgtype: deb
install: apt-get update && apt-get -y --no-install-recommends install ca-certificates libtins-dev libnetfilter-log-dev libspdlog-dev python3 build-essential debhelper-compat lsb-release
- name: Fedora 43
image: fedora:43
pkgtype: rpm
install: dnf install -y gcc-c++ make libpcap-devel libtins-devel libnetfilter_log-devel spdlog-devel python3 rpm-build rpmdevtools rpmlint systemd-rpm-macros systemd
- name: Fedora 42
image: fedora:42
pkgtype: rpm
install: dnf install -y gcc-c++ make libpcap-devel libtins-devel libnetfilter_log-devel spdlog-devel python3 rpm-build rpmdevtools rpmlint systemd-rpm-macros systemd
- name: openSUSE Leap 16.0
image: opensuse/leap:16.0
pkgtype: rpm
install: |
zypper -n ref
zypper -n addrepo https://download.opensuse.org/repositories/security:netfilter/16.0/security:netfilter.repo
zypper -n --gpg-auto-import-keys ref
zypper -n in gcc-c++ make libpcap-devel libtins-devel libnetfilter_log-devel spdlog-devel fmt-devel python3 rpm-build rpmdevtools rpmlint systemd-rpm-macros systemd
- name: openSUSE Tumbleweed
image: opensuse/tumbleweed
pkgtype: rpm
install: |
zypper -n ref
zypper -n in gcc-c++ make libpcap-devel libtins-devel libnetfilter_log-devel spdlog-devel fmt-devel python3 rpm-build rpmdevtools rpmlint systemd-rpm-macros systemd
- name: Ubuntu 26.04
image: ubuntu:26.04
pkgtype: deb
install: |
ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime
echo "Etc/UTC" > /etc/timezone
apt-get update
apt-get -y --no-install-recommends install ca-certificates libtins-dev libnetfilter-log-dev libspdlog-dev python3 build-essential debhelper-compat lsb-release
- name: Ubuntu 24.04
image: ubuntu:24.04
pkgtype: deb
install: |
ln -fs /usr/share/zoneinfo/Etc/UTC /etc/localtime
echo "Etc/UTC" > /etc/timezone
apt-get update
apt-get -y --no-install-recommends install ca-certificates libtins-dev libnetfilter-log-dev libspdlog-dev python3 build-essential debhelper-compat lsb-release
runs-on: ubuntu-latest
container:
image: ${{ matrix.image }}
timeout-minutes: 60
name: ${{ matrix.name }} amd64 build
steps:
- name: Install dependencies
run: ${{ matrix.install }}
- uses: actions/checkout@v6
- name: Inject distribution into package version
run: |
case "${{ matrix.pkgtype }}" in
"deb")
CODENAME="$(lsb_release -c -s)"
FULL_VERSION="$(dpkg-parsechangelog --show-field Version)"
NEW_VERSION="${FULL_VERSION}+${CODENAME}1"
PACKAGE="$(dpkg-parsechangelog --show-field Source)"
sed -i "1s/^.*$/${PACKAGE} (${NEW_VERSION}) ${CODENAME}; urgency=medium/" "debian/changelog"
echo "DEB package version: ${NEW_VERSION}"
;;
"rpm")
if grep -q "opensuse" "/etc/os-release"
then
RELEASE="$(grep '^ID=' "/etc/os-release" | cut -d '=' -f 2 | tr -d '"')"
RELEASE="${RELEASE##*-}"
VERSION_ID="$(grep '^VERSION_ID=' "/etc/os-release" | cut -d '=' -f 2 | tr -d '"' | tr -d '.')"
FULLRELEASE="${RELEASE}${VERSION_ID}"
sed -i "s/^Release:.*/Release: 1.${FULLRELEASE}/" "nflog_dns.spec"
NOW="$(date '+%a %b %d %Y')"
VERSION="$(grep '^Version:' nflog_dns.spec | awk '{print $2}')"
PACKAGER="GitHub Actions <ci@molukki.com>"
awk -v rel="${FULLRELEASE}" -v ver="${VERSION}" -v date="${NOW}" \
-v packager="${PACKAGER}" -v release="${RELEASE}" -v version_id="${VERSION_ID}" '
/^%changelog/ {
print;
print "* " date " " packager " - " ver "-" rel;
print "- Automated RPM build for openSUSE " release " " version_id "\n";
next
}
{ print }
' nflog_dns.spec > nflog_dns.spec.tmp && mv nflog_dns.spec.tmp nflog_dns.spec
echo "OpenSUSE RPM release: ${FULLRELEASE}"
else
echo "No changes"
fi
;;
*)
echo "Error: unknown pkgtype" >&2
exit 1
;;
esac
- name: Build package
run: |
mkdir -p artifacts
case "${{ matrix.pkgtype }}" in
"deb")
make deb
mv -v ../nflog-dns*_amd64.*deb artifacts/
;;
"rpm")
make rpm
cp -v ${HOME}/rpmbuild/RPMS/x86_64/*.rpm artifacts/
;;
*)
echo "Error: unknown pkgtype" >&2
exit 1
;;
esac
- name: Verify DEB package installation
if: ${{ matrix.pkgtype == 'deb' }}
run: dpkg -i artifacts/*.*deb
- name: Run the installed binary
if: ${{ matrix.pkgtype == 'deb' }}
run: nflog_dns --version
- name: Verify DEB package re-installation
if: ${{ matrix.pkgtype == 'deb' }}
run: dpkg -i artifacts/*.*deb
- name: Verify DEB package removal
if: ${{ matrix.pkgtype == 'deb' }}
run: dpkg -r nflog-dns nflog-dns-dbgsym
- name: Verify RPM package installation
if: ${{ matrix.pkgtype == 'rpm' }}
run: rpm -i artifacts/*.rpm
- name: Run the installed binary
if: ${{ matrix.pkgtype == 'rpm' }}
run: nflog_dns --version
- name: Verify RPM package removal
if: ${{ matrix.pkgtype == 'rpm' }}
run: rpm -e nflog_dns
- name: Upload DEB package
if: ${{ matrix.pkgtype == 'deb' && github.event_name == 'push' }}
uses: actions/upload-artifact@v7
with:
name: nflog-dns ${{ matrix.name }} amd64 deb
path: artifacts/*_amd64.*deb
- name: Upload RPM package
if: ${{ matrix.pkgtype == 'rpm' && github.event_name == 'push' }}
uses: actions/upload-artifact@v7
with:
name: nflog_dns ${{ matrix.name }} x86_64 rpm
path: artifacts/*.rpm
# Build Devuan packages, uses chroot
chroot-amd64:
strategy:
fail-fast: false
matrix:
include:
- name: Devuan 6.0
release: excalibur
- name: Devuan 5.0
release: daedalus
runs-on: ubuntu-latest
timeout-minutes: 60
name: ${{ matrix.name }} amd64 build
steps:
- uses: actions/checkout@v6
- name: Install Devuan keyring
run: |
echo "Note: Devuan keyring information page is at https://www.devuan.org/os/keyring"
wget -O /tmp/devuan-keyring.deb http://deb.devuan.org/merged/pool/DEVUAN/main/d/devuan-keyring/devuan-keyring_2025.08.09_all.deb
sudo dpkg -i /tmp/devuan-keyring.deb
- name: Add Devuan Ceres package source
run: |
echo "deb http://deb.devuan.org/merged/ ceres main contrib non-free" | sudo tee -a /etc/apt/sources.list
sudo apt-get update
- name: Install debootstrap from Devuan Ceres
run: |
sudo rm -f /var/lib/man-db/auto-update
sudo apt-get -y install debootstrap/ceres
- name: Debootstrap ${{ matrix.name }}
run: sudo debootstrap --variant=minbase ${{ matrix.release }} ../devuan-${{ matrix.release }} http://deb.devuan.org/merged
- name: Install build dependencies
run: |
sudo chroot ../devuan-${{ matrix.release }} apt-get update
sudo chroot ../devuan-${{ matrix.release }} apt-get -y --no-install-recommends install ca-certificates libtins-dev libnetfilter-log-dev libspdlog-dev python3 build-essential debhelper-compat lsb-release
- name: Inject distribution into package version
run: |
FULL_VERSION="$(dpkg-parsechangelog --show-field Version)"
NEW_VERSION="${FULL_VERSION}+${{ matrix.release }}1"
PACKAGE="$(dpkg-parsechangelog --show-field Source)"
sed -i "1s/^.*$/${PACKAGE} (${NEW_VERSION}) ${{ matrix.release }}; urgency=medium/" "debian/changelog"
echo "DEB package version: ${NEW_VERSION}"
- name: Bind mount checkout to chroot
run: |
mkdir -p ../devuan-${{ matrix.release }}/tmp/nflog_dns-build/nflog_dns
sudo mount -o bind . ../devuan-${{ matrix.release }}/tmp/nflog_dns-build/nflog_dns
- name: Build package
run: |
echo 'cd /tmp/nflog_dns-build/nflog_dns && make deb' | sudo chroot ../devuan-${{ matrix.release }} /bin/sh
mkdir -p artifacts
cp -v ../devuan-${{ matrix.release }}/tmp/nflog_dns-build/*.deb artifacts/
- name: Verify DEB package installation
run: echo 'dpkg -i /tmp/nflog_dns-build/*.deb' | sudo chroot ../devuan-${{ matrix.release }} /bin/sh
- name: Run the installed binary
run: sudo chroot ../devuan-${{ matrix.release }} nflog_dns --version
- name: Verify disabling and enabling nflog_dns sysvinit service
run: |
sudo chroot ../devuan-${{ matrix.release }} update-rc.d nflog_dns remove
sudo chroot ../devuan-${{ matrix.release }} update-rc.d nflog_dns defaults
- name: Verify DEB package removal
run: sudo chroot ../devuan-${{ matrix.release }} dpkg -r nflog-dns nflog-dns-dbgsym
- name: Upload DEB package
if: github.event_name == 'push'
uses: actions/upload-artifact@v7
with:
name: nflog-dns ${{ matrix.name }} amd64 deb
path: |
artifacts/*_amd64.*deb
containers-arm64:
if: github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository
strategy:
fail-fast: false
matrix:
include:
- name: Debian 13
image: debian:13
- name: Debian 12
image: debian:12
- name: Ubuntu 26.04
image: ubuntu:26.04
- name: Ubuntu 24.04
image: ubuntu:24.04
runs-on: [ self-hosted, ARM64 ]
container:
image: ${{ matrix.image }}
volumes:
- /var/cache/apt/archives:/var/cache/apt/archives:rw
- /var/lib/apt/lists:/var/lib/apt/lists:rw
timeout-minutes: 60
name: ${{ matrix.name }} arm64 build
steps:
- uses: actions/checkout@v6
- name: Install build dependencies
run: |
rm -f /etc/apt/apt.conf.d/docker-clean
apt-get update
apt-get -y --no-install-recommends install ca-certificates libtins-dev libnetfilter-log-dev libspdlog-dev python3 build-essential debhelper-compat lsb-release
- name: Inject distribution into package version
run: |
CODENAME="$(lsb_release -c -s)"
FULL_VERSION="$(dpkg-parsechangelog --show-field Version)"
NEW_VERSION="${FULL_VERSION}+${CODENAME}1"
PACKAGE="$(dpkg-parsechangelog --show-field Source)"
sed -i "1s/^.*$/${PACKAGE} (${NEW_VERSION}) ${CODENAME}; urgency=medium/" "debian/changelog"
echo "DEB package version: ${NEW_VERSION}"
- name: Build package
run: |
mkdir -p artifacts
make deb
mv -v ../nflog-dns*$(lsb_release -c -s)*_arm64.*deb artifacts/
- name: Verify DEB package installation
run: dpkg -i artifacts/*.deb
- name: Run the installed binary
run: nflog_dns --version
- name: Verify DEB package removal
run: dpkg -r nflog-dns nflog-dns-dbgsym
- name: Upload DEB package
if: github.event_name == 'push'
uses: actions/upload-artifact@v7
with:
name: nflog-dns ${{ matrix.name }} arm64 deb
path: artifacts/*_arm64.*deb
create-release:
name: Create GitHub Release
needs: [ ubuntu-full, containers-amd64, chroot-amd64, containers-arm64 ]
runs-on: ubuntu-latest
if: startsWith(github.ref, 'refs/tags/')
permissions:
contents: write
steps:
- uses: actions/checkout@v6
- name: Download all artifacts
uses: actions/download-artifact@v8
with:
path: release-artifacts
- name: Remove debug packages from release
run: rm -f release-artifacts/**/*dbgsym*
- name: Generate SHA256 checksums
run: |
cd release-artifacts
find . -type f \( -name "*.deb" -o -name "*.rpm" \) -exec sha256sum {} \; | sed 's| .*/nflog| nflog|g' | sort -k2 > SHA256SUMS.txt
cat SHA256SUMS.txt
- name: Generate release note
run: |
cat > release-body.md << 'EOF'
Prebuilt installation packages available for:
- AMD64 / x86_64:
- Debian 12, 13
- Ubuntu 24.04, 26.04
- Devuan 5.0, 6.0
- Fedora 42, 43
- openSUSE Leap 16.0, Tumbleweed
- ARM64:
- Debian 12, 13
- Ubuntu 24.04, 26.04
To verify the download:
sha256sum -c SHA256SUMS.txt
To install on Debian/Ubuntu/Devuan:
sudo dpkg -i nflog-dns_*.deb
To install on Fedora/openSUSE:
sudo rpm -i nflog_dns-*.rpm
SHA256 Checksums:
EOF
cat release-artifacts/SHA256SUMS.txt \
| sed 's/^/ /g' >> release-body.md
- name: Create Release
uses: softprops/action-gh-release@v3
with:
files: release-artifacts/**/*
generate_release_notes: true
body_path: release-body.md
draft: false
prerelease: false
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}