From f6b0e647c7139fb12fb9dcf80fb0ae1efc4742c4 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 26 Apr 2025 23:34:15 +0100 Subject: [PATCH 01/53] Move root Dockerfile to debian.dockerfile --- Dockerfile => debian.dockerfile | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename Dockerfile => debian.dockerfile (100%) diff --git a/Dockerfile b/debian.dockerfile similarity index 100% rename from Dockerfile rename to debian.dockerfile From 46ee5abd436183788b9d9a697ae89031c49b3367 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 26 Apr 2025 23:34:23 +0100 Subject: [PATCH 02/53] Add rockylinux dockerfile --- rockylinux.dockerfile | 51 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 51 insertions(+) create mode 100644 rockylinux.dockerfile diff --git a/rockylinux.dockerfile b/rockylinux.dockerfile new file mode 100644 index 0000000..10654b8 --- /dev/null +++ b/rockylinux.dockerfile @@ -0,0 +1,51 @@ +FROM ghcr.io/mangadex-pub/containers-base/rockylinux:9 AS base + +USER root + +# This stage is mostly to import and unpack the dists in a docker-friendly fashion +FROM base AS dists + +RUN dnf -y update && dnf -y install bzip2 + +WORKDIR /tmp/dataplaneapi +COPY ./deps/dataplaneapi/dataplaneapi-dist.tar.gz /tmp/dataplaneapi/dataplaneapi.tar.gz +RUN ls -alh && tar xf dataplaneapi.tar.gz + +ARG HAPROXY_SSL_LIB="awslc" +WORKDIR /tmp/${HAPROXY_SSL_LIB} +COPY ./deps/${HAPROXY_SSL_LIB}/${HAPROXY_SSL_LIB}-dist.tar.gz /tmp/${HAPROXY_SSL_LIB}/${HAPROXY_SSL_LIB}.tar.gz +RUN ls -alh && tar xf ${HAPROXY_SSL_LIB}.tar.gz + +WORKDIR /tmp/haproxy +COPY ./haproxy/haproxy-dist.tar.gz /tmp/haproxy/haproxy.tar.gz +RUN ls -alh && tar xf haproxy.tar.gz + +FROM base + +LABEL Name="HAProxy" +LABEL Vendor="MangaDex" +LABEL Maintainer="MangaDex " + +ARG CANONICAL_VERSION="local-SNAPSHOT" +LABEL Version="${CANONICAL_VERSION}" + +ARG HAPROXY_SSL_LIB="awslc" +COPY --chown=root:root --from=dists /tmp/${HAPROXY_SSL_LIB}/opt /opt +COPY --chown=root:root --from=dists /tmp/dataplaneapi/usr /usr +COPY --chown=root:root --from=dists /tmp/haproxy/usr /usr + +RUN dnf -y update && \ + dnf -y install \ + ca-certificates \ + curl \ + libatomic \ + jemalloc \ + procps-ng \ + socat \ + zlib zlib-ng && \ + dnf -y autoremove && \ + dnf -y clean all && \ + groupadd "haproxy" && useradd -g "haproxy" "haproxy" && \ + /usr/local/sbin/haproxy -vv + +CMD [ "/usr/local/sbin/haproxy", "-W", "-db", "-f", "/usr/local/etc/haproxy/haproxy.cfg" ] From f166d8572463aac49bdae3f998a68fad7213c188 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 27 Apr 2025 00:46:31 +0100 Subject: [PATCH 03/53] foo --- .gitlab-ci.yml | 288 +++++++++++++++++++++------------------ tool/setup-debian.sh | 2 + tool/setup-rockylinux.sh | 14 ++ 3 files changed, 168 insertions(+), 136 deletions(-) create mode 100755 tool/setup-rockylinux.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0159ac3..4b36ab3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -55,34 +55,43 @@ variables: &default-variables HAPROXY_LIBUBSAN: "false" HAPROXY_OPTIMIZATION: "-Og" -.build-job: &build-job - image: ghcr.io/mangadex-pub/debuilder:bookworm-clang18 - needs: [ ] - before_script: - - apt -qq update - - apt install -y --no-install-recommends -qq build-essential ca-certificates cmake curl git libasan6 libjemalloc-dev libpcre2-dev libreadline-dev libsystemd-dev tar zlib1g-dev - - cc --version +.job-debian: &job-debian + image: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" + before_script: "./tool/setup-debian.sh" + +.job-rockylinux: &job-rockylinux + image: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-devel" + before_script: "./tool/setup-rockylinux.sh" #---------------------- # Common dependencies #---------------------- -awslc: - <<: *build-job - stage: dependencies - script: make deps/awslc +.dependencies-common: &dependencies-common + stage: "dependencies" + script: "make deps/$DEPENDENCY" variables: <<: *default-variables <<: *build-resources-m + parallel: + matrix: + - DEPENDENCY: [ "awslc", "lua", "pcre2", "vtest" ] artifacts: expire_in: 7 days - paths: [ "deps/awslc/awslc-dist.tar.gz" ] + paths: [ "deps/$DEPENDENCY/$DEPENDENCY-dist.tar.gz" ] + +dependencies:debian: + <<: *job-debian + <<: *dependencies-common -dataplaneapi: - <<: *build-job - image: docker.io/library/golang:1.23-bookworm - stage: dependencies - script: make deps/dataplaneapi +dependencies:rockylinux: + <<: *job-rockylinux + <<: *dependencies-common + +dependencies:dataplaneapi: + image: "docker.io/library/golang:1.24" + stage: "dependencies" + script: "make deps/dataplaneapi" variables: <<: *default-variables <<: *build-resources-ml @@ -90,55 +99,25 @@ dataplaneapi: expire_in: 7 days paths: [ "deps/dataplaneapi/dataplaneapi-dist.tar.gz" ] -lua: - <<: *build-job - stage: dependencies - script: make deps/lua - variables: - <<: *default-variables - <<: *build-resources-xs - artifacts: - expire_in: 7 days - paths: [ "deps/lua/lua-dist.tar.gz" ] - -pcre2: - <<: *build-job - stage: dependencies - script: make deps/pcre2 - variables: - <<: *default-variables - <<: *build-resources-xs - artifacts: - expire_in: 7 days - paths: [ "deps/pcre2/pcre2-dist.tar.gz" ] +.needs-debian: &deps-debian + - "dependencies:dataplaneapi" + - "dependencies:debian: [awslc]" + - "dependencies:debian: [lua]" + - "dependencies:debian: [pcre2]" + - "dependencies:debian: [vtest]" -vtest: - <<: *build-job - stage: dependencies - script: make deps/vtest - variables: - <<: *default-variables - <<: *build-resources-xs - artifacts: - expire_in: 7 days - paths: [ "deps/vtest/dist/vtest" ] - -.needs-dependencies: &needs-dependencies - - job: awslc - artifacts: true - - job: dataplaneapi - artifacts: true - - job: lua - artifacts: true - - job: pcre2 - artifacts: true +.needs-rockylinux: &deps-rockylinux + - "dependencies:dataplaneapi" + - "dependencies:rockylinux: [awslc]" + - "dependencies:rockylinux: [lua]" + - "dependencies:rockylinux: [pcre2]" + - "dependencies:rockylinux: [vtest]" #---------------------- # HAProxy job templates #---------------------- .haproxy-build: &haproxy-build - <<: *build-job stage: build script: - apt install -y --no-install-recommends -qq bzip2 git @@ -146,13 +125,11 @@ vtest: - mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz - make -C haproxy HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR" HAPROXY_LIBASAN="$HAPROXY_LIBASAN" HAPROXY_OPTIMIZATION="$HAPROXY_OPTIMIZATION" - needs: *needs-dependencies artifacts: expire_in: 7 days paths: [ "haproxy/dist", "haproxy/haproxy-dist.tar.gz" ] .haproxy-regtests: &haproxy-regtests - <<: *build-job stage: test script: - apt install -y --no-install-recommends -qq bzip2 git @@ -163,13 +140,8 @@ vtest: set -euo pipefail if [ "$(ulimit -n)" = "1073741816" ]; then echo "Bad Docker ulimit: $(ulimit -n)..."; exit 1; else echo "ulimit -n = $(ulimit -n)"; fi make -C haproxy HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR" HAPROXY_LIBASAN="$HAPROXY_LIBASAN" HAPROXY_OPTIMIZATION="-Og" build test - needs: - - *needs-dependencies - - job: vtest - artifacts: true .haproxy-debian: &haproxy-debian - <<: *build-job stage: publish script: - apt install -y --no-install-recommends -qq bzip2 devscripts debhelper pkg-config @@ -289,109 +261,153 @@ vtest: # HAProxy jobs #---------------------- -build:stable: +build:stable:debian: + needs: *deps-debian + <<: *job-debian <<: *haproxy-build variables: <<: *default-variables <<: *build-resources-s <<: *haproxy-stable -build:dev: +build:dev:debian: + needs: *deps-debian + <<: *job-debian <<: *haproxy-build variables: <<: *default-variables <<: *build-resources-s <<: *haproxy-dev -regtests:stable: - <<: *haproxy-regtests +build:stable:rockylinux: + needs: *deps-rockylinux + <<: *job-rockylinux + <<: *haproxy-build variables: <<: *default-variables - <<: *build-resources-m + <<: *build-resources-s <<: *haproxy-stable -regtests:dev: - <<: *haproxy-regtests +build:dev:rockylinux: + needs: *deps-rockylinux + <<: *job-rockylinux + <<: *haproxy-build variables: <<: *default-variables - <<: *build-resources-m + <<: *build-resources-s <<: *haproxy-dev -haproxy-tarball:stable: - <<: *haproxy-tarball - variables: - <<: *default-variables - <<: *build-resources-xs - <<: *haproxy-stable - needs: - - job: "regtests:stable" - artifacts: false - - job: "build:stable" - artifacts: true - -haproxy-tarball:dev: - <<: *haproxy-tarball - variables: - <<: *default-variables - <<: *build-resources-xs - <<: *haproxy-dev - needs: - - job: "regtests:dev" - artifacts: false - - job: "build:dev" - artifacts: true - -docker:stable: - <<: *haproxy-docker +regtests:stable:debian: + needs: *deps-debian + <<: *job-debian + <<: *haproxy-regtests variables: <<: *default-variables <<: *build-resources-m <<: *haproxy-stable - needs: - - job: "awslc" - artifacts: true - - job: "dataplaneapi" - artifacts: true - - job: "regtests:stable" - artifacts: false - - job: "build:stable" - artifacts: true - -docker:dev: - <<: *haproxy-docker + +regtests:dev:debian: + needs: *deps-debian + <<: *job-debian + <<: *haproxy-regtests variables: <<: *default-variables <<: *build-resources-m <<: *haproxy-dev - needs: - - job: "awslc" - artifacts: true - - job: "dataplaneapi" - artifacts: true - - job: "regtests:dev" - artifacts: false - - job: "build:dev" - artifacts: true - -debian:stable: - <<: *haproxy-debian + +regtests:stable:rockylinux: + needs: *deps-rockylinux + <<: *job-rockylinux + <<: *haproxy-regtests variables: <<: *default-variables <<: *build-resources-m <<: *haproxy-stable - allow_failure: true - needs: - - *needs-dependencies - - job: "regtests:stable" - artifacts: false - -debian:dev: - <<: *haproxy-debian + +regtests:dev:rockylinux: + needs: *deps-rockylinux + <<: *job-rockylinux + <<: *haproxy-regtests variables: <<: *default-variables <<: *build-resources-m <<: *haproxy-dev - needs: - - *needs-dependencies - - job: "regtests:dev" - artifacts: false + +#haproxy-tarball:stable: +# <<: *haproxy-tarball +# variables: +# <<: *default-variables +# <<: *build-resources-xs +# <<: *haproxy-stable +# needs: +# - job: "regtests:stable" +# artifacts: false +# - job: "build:stable" +# artifacts: true + +#haproxy-tarball:dev: +# <<: *haproxy-tarball +# variables: +# <<: *default-variables +# <<: *build-resources-xs +# <<: *haproxy-dev +# needs: +# - job: "regtests:dev" +# artifacts: false +# - job: "build:dev" +# artifacts: true + +#docker:stable: +# <<: *haproxy-docker +# variables: +# <<: *default-variables +# <<: *build-resources-m +# <<: *haproxy-stable +# needs: +# - job: "awslc" +# artifacts: true +# - job: "dataplaneapi" +# artifacts: true +# - job: "regtests:stable" +# artifacts: false +# - job: "build:stable" +# artifacts: true + +#docker:dev: +# <<: *haproxy-docker +# variables: +# <<: *default-variables +# <<: *build-resources-m +# <<: *haproxy-dev +# needs: +# - job: "awslc" +# artifacts: true +# - job: "dataplaneapi" +# artifacts: true +# - job: "regtests:dev" +# artifacts: false +# - job: "build:dev" +# artifacts: true + +#debian:stable: +# <<: *haproxy-debian +# variables: +# <<: *default-variables +# <<: *build-resources-m +# <<: *haproxy-stable +# allow_failure: true +# needs: +# - *needs-dependencies +# - job: "regtests:stable" +# artifacts: false + +#debian:dev: +# <<: *haproxy-debian +# variables: +# <<: *default-variables +# <<: *build-resources-m +# <<: *haproxy-dev +# needs: +# - *needs-dependencies +# - job: "regtests:dev" +# artifacts: false diff --git a/tool/setup-debian.sh b/tool/setup-debian.sh index 37bf5e3..4c0f72f 100755 --- a/tool/setup-debian.sh +++ b/tool/setup-debian.sh @@ -25,3 +25,5 @@ apt -qq -y --no-install-recommends install \ tar \ zip unzip \ zlib1g-dev + +cc --version diff --git a/tool/setup-rockylinux.sh b/tool/setup-rockylinux.sh new file mode 100755 index 0000000..1fa9279 --- /dev/null +++ b/tool/setup-rockylinux.sh @@ -0,0 +1,14 @@ +#!/usr/bin/env bash + +set -euo pipefail + +dnf -y update +dnf -y install \ + bzip2-devel \ + cmake \ + jemalloc \ + jemalloc-devel \ + pcre2 \ + pcre2-devel + +cc --version From da2fa29c8f2781cfe3bae04ccf9e14d4d6522952 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 27 Apr 2025 00:51:58 +0100 Subject: [PATCH 04/53] force root user since rocky image defaults to MD user --- .gitlab-ci.yml | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 4b36ab3..03c3eeb 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -56,11 +56,17 @@ variables: &default-variables HAPROXY_OPTIMIZATION: "-Og" .job-debian: &job-debian - image: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" + image: + name: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" + docker: + user: root before_script: "./tool/setup-debian.sh" .job-rockylinux: &job-rockylinux - image: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-devel" + image: + name: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-devel" + docker: + user: root before_script: "./tool/setup-rockylinux.sh" #---------------------- From 8e571f83ef09c8500ae836ae184fc4d99a55aea9 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 27 Apr 2025 01:31:59 +0100 Subject: [PATCH 05/53] use develroot rocky image --- .gitlab-ci.yml | 10 ++-------- 1 file changed, 2 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 03c3eeb..e5734da 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -56,17 +56,11 @@ variables: &default-variables HAPROXY_OPTIMIZATION: "-Og" .job-debian: &job-debian - image: - name: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" - docker: - user: root + image: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" before_script: "./tool/setup-debian.sh" .job-rockylinux: &job-rockylinux - image: - name: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-devel" - docker: - user: root + image: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" before_script: "./tool/setup-rockylinux.sh" #---------------------- From 67ab3a00020732ed85365dc22e3a14a8053743aa Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 27 Apr 2025 01:39:59 +0100 Subject: [PATCH 06/53] raise dataplaneapi memory limit and set GOMEMLIMIT to try and rein in the build memory requirements... --- .gitlab-ci.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e5734da..738058c 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -31,10 +31,6 @@ variables: &default-variables KUBERNETES_MEMORY_REQUEST: 2Gi KUBERNETES_MEMORY_LIMIT: 2Gi -.build-resources-ml: &build-resources-ml - KUBERNETES_MEMORY_REQUEST: 2560Mi - KUBERNETES_MEMORY_LIMIT: 2560Mi - .haproxy_stable: &haproxy-stable HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy-3.1.git" HAPROXY_VERSION: 3.1-stable @@ -94,7 +90,9 @@ dependencies:dataplaneapi: script: "make deps/dataplaneapi" variables: <<: *default-variables - <<: *build-resources-ml + KUBERNETES_MEMORY_REQUEST: 3Gi + KUBERNETES_MEMORY_LIMIT: 3Gi + GOMEMLIMIT: 2097152 # 2GiB artifacts: expire_in: 7 days paths: [ "deps/dataplaneapi/dataplaneapi-dist.tar.gz" ] From 433a6d4424f085d4154373827ace363631f08237 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 27 Apr 2025 02:02:18 +0100 Subject: [PATCH 07/53] add necessary dependencies in non-debian golang build image --- .gitlab-ci.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 738058c..5ab173b 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -85,8 +85,11 @@ dependencies:rockylinux: <<: *dependencies-common dependencies:dataplaneapi: - image: "docker.io/library/golang:1.24" + image: "docker.io/library/golang:1.24-alpine" stage: "dependencies" + before_script: + - "apk add --no-cache curl bzip2 git make tar" + - "git config --global --add safe.directory $CI_PROJECT_DIR" # stupid stupid stupid script: "make deps/dataplaneapi" variables: <<: *default-variables From eff4fbe7553b83a4a7edc9e8d2ece102e03e274e Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 27 Apr 2025 02:10:08 +0100 Subject: [PATCH 08/53] remove unnecessary invocation of APT in agnostic job templates --- .gitlab-ci.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5ab173b..5395296 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -121,7 +121,6 @@ dependencies:dataplaneapi: .haproxy-build: &haproxy-build stage: build script: - - apt install -y --no-install-recommends -qq bzip2 git - mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz - mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz @@ -133,7 +132,6 @@ dependencies:dataplaneapi: .haproxy-regtests: &haproxy-regtests stage: test script: - - apt install -y --no-install-recommends -qq bzip2 git - mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz - mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz From 533cd3a1b54fac103a685dd7d1d076940719980f Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 27 Apr 2025 03:41:18 +0100 Subject: [PATCH 09/53] cleanup build files a bit and make depbuilding a single step --- .gitlab-ci.yml | 98 +++++++++++++++++++------------------ haproxy/Makefile | 20 +++++--- tool/check-docker-ulimit.sh | 8 +++ 3 files changed, 70 insertions(+), 56 deletions(-) create mode 100755 tool/check-docker-ulimit.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 5395296..e2bafa7 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -65,16 +65,21 @@ variables: &default-variables .dependencies-common: &dependencies-common stage: "dependencies" - script: "make deps/$DEPENDENCY" + script: + - "make deps/awslc" + - "make deps/lua" + - "make deps/pcre2" + - "make deps/vtest" variables: <<: *default-variables <<: *build-resources-m - parallel: - matrix: - - DEPENDENCY: [ "awslc", "lua", "pcre2", "vtest" ] artifacts: expire_in: 7 days - paths: [ "deps/$DEPENDENCY/$DEPENDENCY-dist.tar.gz" ] + paths: + - "deps/awslc/awslc-dist.tar.gz" + - "deps/lua/lua-dist.tar.gz" + - "deps/pcre2/pcre2-dist.tar.gz" + - "deps/vtest/vtest-dist.tar.gz" dependencies:debian: <<: *job-debian @@ -84,9 +89,14 @@ dependencies:rockylinux: <<: *job-rockylinux <<: *dependencies-common -dependencies:dataplaneapi: +#---------------------- +# Dataplane API +#---------------------- + +dataplaneapi: image: "docker.io/library/golang:1.24-alpine" - stage: "dependencies" + needs: [ ] + stage: "build" before_script: - "apk add --no-cache curl bzip2 git make tar" - "git config --global --add safe.directory $CI_PROJECT_DIR" # stupid stupid stupid @@ -100,54 +110,42 @@ dependencies:dataplaneapi: expire_in: 7 days paths: [ "deps/dataplaneapi/dataplaneapi-dist.tar.gz" ] -.needs-debian: &deps-debian - - "dependencies:dataplaneapi" - - "dependencies:debian: [awslc]" - - "dependencies:debian: [lua]" - - "dependencies:debian: [pcre2]" - - "dependencies:debian: [vtest]" - -.needs-rockylinux: &deps-rockylinux - - "dependencies:dataplaneapi" - - "dependencies:rockylinux: [awslc]" - - "dependencies:rockylinux: [lua]" - - "dependencies:rockylinux: [pcre2]" - - "dependencies:rockylinux: [vtest]" - #---------------------- # HAProxy job templates #---------------------- +.haproxy-build-import-artifacts: &haproxy-build-import-artifacts + | + #!/usr/env/bin bash + set -euo pipefail + echo "Importing dependencies built from previous stages..." + mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz + mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz + mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz + mkdir deps/vtest/dist && tar -C deps/vtest/dist -xf deps/pcre2/vtest-dist.tar.gz + .haproxy-build: &haproxy-build - stage: build + stage: "build" script: - - mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz - - mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - - mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz - - make -C haproxy HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR" HAPROXY_LIBASAN="$HAPROXY_LIBASAN" HAPROXY_OPTIMIZATION="$HAPROXY_OPTIMIZATION" + - *haproxy-build-import-artifacts + - set -euo pipefail && make -C haproxy artifacts: expire_in: 7 days paths: [ "haproxy/dist", "haproxy/haproxy-dist.tar.gz" ] .haproxy-regtests: &haproxy-regtests - stage: test + stage: "test" script: - - mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz - - mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - - mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz - - | - set -euo pipefail - if [ "$(ulimit -n)" = "1073741816" ]; then echo "Bad Docker ulimit: $(ulimit -n)..."; exit 1; else echo "ulimit -n = $(ulimit -n)"; fi - make -C haproxy HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR" HAPROXY_LIBASAN="$HAPROXY_LIBASAN" HAPROXY_OPTIMIZATION="-Og" build test + - *haproxy-build-import-artifacts + - set -euo pipefail && ./tool/check-docker-ulimit.sh && make -C haproxy build test + artifacts: + expire_in: 7 days + paths: [ "/tmp/vtest" ] .haproxy-debian: &haproxy-debian - stage: publish + stage: "publish" script: - - apt install -y --no-install-recommends -qq bzip2 devscripts debhelper pkg-config - - mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz - - mkdir deps/dataplaneapi/dist && tar -C deps/dataplaneapi/dist -xf deps/dataplaneapi/dataplaneapi-dist.tar.gz - - mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - - mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz + - *haproxy-build-import-artifacts - export BUILD_MESSAGE="$CI_COMMIT_MESSAGE" - make -C haproxy dist-deb HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR" HAPROXY_LIBASAN="$HAPROXY_LIBASAN" HAPROXY_OPTIMIZATION="$HAPROXY_OPTIMIZATION" - | @@ -261,7 +259,7 @@ dependencies:dataplaneapi: #---------------------- build:stable:debian: - needs: *deps-debian + needs: [ "dependencies:debian" ] <<: *job-debian <<: *haproxy-build variables: @@ -270,7 +268,7 @@ build:stable:debian: <<: *haproxy-stable build:dev:debian: - needs: *deps-debian + needs: [ "dependencies:debian" ] <<: *job-debian <<: *haproxy-build variables: @@ -279,7 +277,7 @@ build:dev:debian: <<: *haproxy-dev build:stable:rockylinux: - needs: *deps-rockylinux + needs: [ "dependencies:rockylinux" ] <<: *job-rockylinux <<: *haproxy-build variables: @@ -288,7 +286,7 @@ build:stable:rockylinux: <<: *haproxy-stable build:dev:rockylinux: - needs: *deps-rockylinux + needs: [ "dependencies:rockylinux" ] <<: *job-rockylinux <<: *haproxy-build variables: @@ -297,40 +295,44 @@ build:dev:rockylinux: <<: *haproxy-dev regtests:stable:debian: - needs: *deps-debian + needs: [ "dependencies:debian" ] <<: *job-debian <<: *haproxy-regtests variables: <<: *default-variables <<: *build-resources-m <<: *haproxy-stable + HAPROXY_OPTIMIZATION: "-Og" regtests:dev:debian: - needs: *deps-debian + needs: [ "dependencies:debian" ] <<: *job-debian <<: *haproxy-regtests variables: <<: *default-variables <<: *build-resources-m <<: *haproxy-dev + HAPROXY_OPTIMIZATION: "-Og" regtests:stable:rockylinux: - needs: *deps-rockylinux + needs: [ "dependencies:rockylinux" ] <<: *job-rockylinux <<: *haproxy-regtests variables: <<: *default-variables <<: *build-resources-m <<: *haproxy-stable + HAPROXY_OPTIMIZATION: "-Og" regtests:dev:rockylinux: - needs: *deps-rockylinux + needs: [ "dependencies:rockylinux" ] <<: *job-rockylinux <<: *haproxy-regtests variables: <<: *default-variables <<: *build-resources-m <<: *haproxy-dev + HAPROXY_OPTIMIZATION: "-Og" #haproxy-tarball:stable: # <<: *haproxy-tarball diff --git a/haproxy/Makefile b/haproxy/Makefile index 5d3736e..861fd13 100644 --- a/haproxy/Makefile +++ b/haproxy/Makefile @@ -1,9 +1,17 @@ -HAPROXY_GITREPO = https://git.haproxy.org/?p=haproxy-3.1.git -HAPROXY_VERSION = 3.1-stable -HAPROXY_GITREF = v3.1.3 +# source inputs +HAPROXY_GITREPO ?= https://git.haproxy.org/?p=haproxy-3.1.git +HAPROXY_VERSION ?= 3.1-stable +HAPROXY_GITREF ?= v3.1.3 + +# build flavour options +BUILD_PATCHES_DIR ?= $(shell realpath patches-stable) +HAPROXY_LIBASAN ?= false +HAPROXY_LIBUBSAN ?= false +HAPROXY_OPTIMIZATION ?= -O2 + +# resolved configuration HAPROXY_SHORTSHA = $(shell echo "$(HAPROXY_GITREF)" | grep -Eo '^.{7}' || echo "$(HAPROXY_GITREF)") HAPROXY_VERSION_MINOR = $(shell echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2) - HAPROXY_SOURCES = $(HAPROXY_GITREPO);a=snapshot;h=$(HAPROXY_GITREF);sf=tgz HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).tar.gz HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).orig.tar.gz @@ -20,7 +28,6 @@ DEP_DIST_ROOT_VTEST = $(shell realpath ../deps/vtest/dist) BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) -BUILD_PATCHES_DIR = $(shell realpath patches-stable) # re-deref ensures overrides using relative paths get expanded BUILD_PATCHES_DIR_ABS = $(shell realpath $(BUILD_PATCHES_DIR)) BUILD_PATCHES_FILES = $(shell ls -1 $(BUILD_PATCHES_DIR_ABS)) @@ -28,10 +35,8 @@ DEBIAN_PATCHES_DIR = "$(HAPROXY_BUILDIR)/debian/patches" EXTRA_CFLAGS = -g -ggdb3 -gdwarf-4 -Wall -Wextra -HAPROXY_OPTIMIZATION = -O2 OPT_CFLAGS = $(HAPROXY_OPTIMIZATION) -HAPROXY_LIBUBSAN = false ifeq ($(HAPROXY_LIBUBSAN),true) # set -Og (-O1 and some extra debug compat features) rather than the default -O2, since UBsan builds are for debug OPT_CFLAGS = -Og @@ -39,7 +44,6 @@ ifeq ($(HAPROXY_LIBUBSAN),true) EXTRA_CFLAGS += -static-libsan endif -HAPROXY_LIBASAN = false ifeq ($(HAPROXY_LIBASAN),true) # set -Og (-O1 and some extra debug compat features) rather than the default -O2, since LibAsan builds are for debug OPT_CFLAGS = -Og diff --git a/tool/check-docker-ulimit.sh b/tool/check-docker-ulimit.sh new file mode 100755 index 0000000..a100555 --- /dev/null +++ b/tool/check-docker-ulimit.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +if [ "$(ulimit -n)" = "1073741816" ]; then + echo "Bad Docker ulimit: $(ulimit -n)..." + exit 1 +else + echo "ulimit -n = $(ulimit -n)" +fi From b723cb3411210c28980e9a9a32059c0a9b15b6e5 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 27 Apr 2025 03:59:24 +0100 Subject: [PATCH 10/53] add GLCI collapsible sections usage --- .gitlab-ci.yml | 28 ++++++++++++++++++---------- tool/ci-tools.sh | 15 +++++++++++++++ 2 files changed, 33 insertions(+), 10 deletions(-) create mode 100755 tool/ci-tools.sh diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index e2bafa7..93176c0 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -18,6 +18,7 @@ default: variables: &default-variables TZ: "UTC" GIT_DEPTH: "1" + FF_TIMESTAMPS: true .build-resources-xs: &build-resources-xs KUBERNETES_MEMORY_REQUEST: 512Mi @@ -53,11 +54,15 @@ variables: &default-variables .job-debian: &job-debian image: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" - before_script: "./tool/setup-debian.sh" + before_script: + - "source ./tool/ci-tools.sh" + - "section_start 'tools' 'Setup Debian build dependencies' && ./tool/setup-debian.sh && section_end 'tools'" .job-rockylinux: &job-rockylinux image: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" - before_script: "./tool/setup-rockylinux.sh" + before_script: + - "source ./tool/ci-tools.sh" + - "section_start 'tools' 'Setup Rocky Linux build dependencies' && ./tool/setup-rockylinux.sh && section_end 'tools'" #---------------------- # Common dependencies @@ -66,10 +71,10 @@ variables: &default-variables .dependencies-common: &dependencies-common stage: "dependencies" script: - - "make deps/awslc" - - "make deps/lua" - - "make deps/pcre2" - - "make deps/vtest" + - "section_start 'awslc' 'Build AWS-LC' && make deps/awslc && section_end 'awslc'" + - "section_start 'lua' 'Build LUA' && make deps/lua && section_end 'lua'" + - "section_start 'pcre2' 'Build PCRE2' && make deps/pcre2 && section_end 'pcre2'" + - "section_start 'vtest' 'Build Vtest' && make deps/vtest && section_end 'vtest'" variables: <<: *default-variables <<: *build-resources-m @@ -118,17 +123,19 @@ dataplaneapi: | #!/usr/env/bin bash set -euo pipefail - echo "Importing dependencies built from previous stages..." + + section_start 'import-artifacts' 'Importing dependencies built from previous stages...' mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz - mkdir deps/vtest/dist && tar -C deps/vtest/dist -xf deps/pcre2/vtest-dist.tar.gz + mkdir deps/vtest/dist && tar -C deps/vtest/dist -xf deps/vtest/vtest-dist.tar.gz + section_end 'import-artifacts' .haproxy-build: &haproxy-build stage: "build" script: - *haproxy-build-import-artifacts - - set -euo pipefail && make -C haproxy + - make -C haproxy artifacts: expire_in: 7 days paths: [ "haproxy/dist", "haproxy/haproxy-dist.tar.gz" ] @@ -137,7 +144,8 @@ dataplaneapi: stage: "test" script: - *haproxy-build-import-artifacts - - set -euo pipefail && ./tool/check-docker-ulimit.sh && make -C haproxy build test + - section_start 'validate-ulimit' 'Validate ulimit is not stupid' && ./tool/check-docker-ulimit.sh && section_end 'validate-ulimit' + - make -C haproxy build test artifacts: expire_in: 7 days paths: [ "/tmp/vtest" ] diff --git a/tool/ci-tools.sh b/tool/ci-tools.sh new file mode 100755 index 0000000..d75c0e1 --- /dev/null +++ b/tool/ci-tools.sh @@ -0,0 +1,15 @@ +#!/usr/bin/env bash + +function section_start () { + local section_title="${1}" + local section_description="${2:-$section_title}" + + echo -e "section_start:$(date +%s):${section_title}[collapsed=true]\r\e[0K${section_description}" +} + +# Function for ending the section +function section_end () { + local section_title="${1}" + + echo -e "section_end:$(date +%s):${section_title}\r\e[0K" +} From fc850b1e34d737d6881df69ab29e4b2e2acc092d Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 10 May 2025 02:38:17 +0100 Subject: [PATCH 11/53] foo --- .gitlab-ci-2.yml | 417 +++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 417 insertions(+) create mode 100644 .gitlab-ci-2.yml diff --git a/.gitlab-ci-2.yml b/.gitlab-ci-2.yml new file mode 100644 index 0000000..0d95692 --- /dev/null +++ b/.gitlab-ci-2.yml @@ -0,0 +1,417 @@ +stages: + - "dependencies" + - "build" + - "test" + - "publish" + +default: + retry: + max: 2 + when: + - "api_failure" + - "runner_system_failure" + - "scheduler_failure" + - "stale_schedule" + - "stuck_or_timeout_failure" + - "unknown_failure" + +variables: &default-variables + TZ: "UTC" + GIT_DEPTH: "1" + FF_TIMESTAMPS: true + +.build-resources-xs: &build-resources-xs + KUBERNETES_MEMORY_REQUEST: "512Mi" + KUBERNETES_MEMORY_LIMIT: "512Mi" + +.build-resources-s: &build-resources-s + KUBERNETES_MEMORY_REQUEST: "1Gi" + KUBERNETES_MEMORY_LIMIT: "1Gi" + +.build-resources-m: &build-resources-m + KUBERNETES_MEMORY_REQUEST: "2Gi" + KUBERNETES_MEMORY_LIMIT: "2Gi" + +# https://git.haproxy.org/?p=haproxy-3.1.git;a=commit;h=v3.1.3 +.vars-haproxy_stable: &vars-haproxy-stable + HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy-3.1.git" + HAPROXY_VERSION: "3.1-stable" + HAPROXY_GITREF: "v3.1.3" + +# https://git.haproxy.org/?p=haproxy.git;a=commit;h=8235a24782e528b9bf8ca9dd69c0a147556dfcb5 +.vars-haproxy_dev: &vars-haproxy-dev + HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy.git" + HAPROXY_VERSION: "3.2-dev" + HAPROXY_GITREF: "8235a24782e528b9bf8ca9dd69c0a147556dfcb5" + HAPROXY_OPTIMIZATION: "-Og" + +.job-debian: &job-debian + image: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" + before_script: + - "source ./tool/ci-tools.sh" + - "section_start 'tools' 'Setup Debian build dependencies' && ./tool/setup-debian.sh && section_end 'tools'" + +.job-rockylinux: &job-rockylinux + image: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" + before_script: + - "source ./tool/ci-tools.sh" + - "section_start 'tools' 'Setup Rocky Linux build dependencies' && ./tool/setup-rockylinux.sh && section_end 'tools'" + +#---------------------- +# Dependencies +#---------------------- + +.dependencies-common: &dependencies-common + stage: "dependencies" + script: + - "section_start 'awslc' 'Build AWS-LC' && make deps/awslc && section_end 'awslc'" + - "section_start 'lua' 'Build LUA' && make deps/lua && section_end 'lua'" + - "section_start 'pcre2' 'Build PCRE2' && make deps/pcre2 && section_end 'pcre2'" + - "section_start 'vtest' 'Build Vtest' && make deps/vtest && section_end 'vtest'" + variables: + <<: *default-variables + <<: *build-resources-m + artifacts: + expire_in: "7 days" + paths: + - "deps/awslc/awslc-dist.tar.gz" + - "deps/lua/lua-dist.tar.gz" + - "deps/pcre2/pcre2-dist.tar.gz" + - "deps/vtest/vtest-dist.tar.gz" + +dependencies:debian: + <<: *job-debian + <<: *dependencies-common + +dependencies:rockylinux: + <<: *job-rockylinux + <<: *dependencies-common + +dataplaneapi: + image: "docker.io/library/golang:1.24-alpine" + needs: [ ] + stage: "build" + before_script: + - "apk add --no-cache curl bzip2 git make tar" + - "git config --global --add safe.directory $CI_PROJECT_DIR" # stupid stupid stupid + script: "make deps/dataplaneapi" + variables: + <<: *default-variables + KUBERNETES_MEMORY_REQUEST: "3Gi" + KUBERNETES_MEMORY_LIMIT: "3Gi" + GOMEMLIMIT: "2097152" # 2GiB + artifacts: + expire_in: 7 days + paths: [ "deps/dataplaneapi/dataplaneapi-dist.tar.gz" ] + +.dependencies-fetch: &dependencies-fetch + | + #!/usr/env/bin bash + set -euo pipefail + + section_start 'import-artifacts' 'Importing dependencies built from previous stages...' + mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz + mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz + mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz + mkdir deps/vtest/dist && tar -C deps/vtest/dist -xf deps/vtest/vtest-dist.tar.gz + section_end 'import-artifacts' + +#---------------------- +# Build & Test +#---------------------- + +.haproxy-build: &haproxy-build + stage: "build" + script: + - *dependencies-fetch + - "make -C haproxy" + artifacts: + expire_in: "7 days" + paths: [ "haproxy/dist", "haproxy/haproxy-dist.tar.gz" ] + +.haproxy-regtests: &haproxy-regtests + stage: "test" + script: + - *dependencies-fetch + - "section_start 'validate-ulimit' 'Validate ulimit is not stupid' && ./tool/check-docker-ulimit.sh && section_end 'validate-ulimit'" + - "make -C haproxy build test" + artifacts: + expire_in: "7 days" + paths: [ "/tmp/vtest" ] + +build:stable:debian: + needs: [ "dependencies:debian" ] + <<: *job-debian + <<: *haproxy-build + variables: + <<: *default-variables + <<: *build-resources-s + <<: *vars-haproxy-stable + +build:dev:debian: + needs: [ "dependencies:debian" ] + <<: *job-debian + <<: *haproxy-build + variables: + <<: *default-variables + <<: *build-resources-s + <<: *vars-haproxy-dev + +build:stable:rockylinux: + needs: [ "dependencies:rockylinux" ] + <<: *job-rockylinux + <<: *haproxy-build + variables: + <<: *default-variables + <<: *build-resources-s + <<: *vars-haproxy-stable + +build:dev:rockylinux: + needs: [ "dependencies:rockylinux" ] + <<: *job-rockylinux + <<: *haproxy-build + variables: + <<: *default-variables + <<: *build-resources-s + <<: *vars-haproxy-dev + +regtests:stable:debian: + needs: [ "dependencies:debian" ] + <<: *job-debian + <<: *haproxy-regtests + variables: + <<: *default-variables + <<: *build-resources-m + <<: *vars-haproxy-stable + HAPROXY_OPTIMIZATION: "-Og" + +regtests:dev:debian: + needs: [ "dependencies:debian" ] + <<: *job-debian + <<: *haproxy-regtests + variables: + <<: *default-variables + <<: *build-resources-m + <<: *vars-haproxy-dev + +regtests:stable:rockylinux: + needs: [ "dependencies:rockylinux" ] + <<: *job-rockylinux + <<: *haproxy-regtests + variables: + <<: *default-variables + <<: *build-resources-m + <<: *vars-haproxy-stable + HAPROXY_OPTIMIZATION: "-Og" + +regtests:dev:rockylinux: + needs: [ "dependencies:rockylinux" ] + <<: *job-rockylinux + <<: *haproxy-regtests + variables: + <<: *default-variables + <<: *build-resources-m + <<: *vars-haproxy-dev + +#---------------------- +# Package & Publish +#---------------------- + +.haproxy-set-package-version: &haproxy-set-package-version + +.haproxy-debian: &haproxy-debian + stage: "publish" + script: + - *dependencies-fetch + - export BUILD_MESSAGE="$CI_COMMIT_MESSAGE" + - make -C haproxy dist-deb + - | + set -euo pipefail + + PACKAGE_NAME="haproxy-debian" + DEB_VERSION="$(cat haproxy/*.dsc | grep -E '^Version:' | cut -d' ' -f2-)" + if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then + export PACKAGE_NAME="haproxy-debian-branches" + export DEB_VERSION="branch-$CI_COMMIT_REF_SLUG" + echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting coordinates to $PACKAGE_NAME/$DEB_VERSION" + fi + + GITLAB_PACKAGE_VERSION=$(echo "${DEB_VERSION}" | tr '~' '-') + echo "Publishing Debian package version ${DEB_VERSION} to haproxy-debian@${GITLAB_PACKAGE_VERSION}" + + for artifact in haproxy/haproxy*.deb; do + artifact_filename=$(basename "${artifact}") + gitlab_is_lame_artifact_filename=$(echo "${artifact_filename}" | tr '~' '-' | tr '+' '-') + echo "Uploading to haproxy-debian@${DEB_VERSION}... ${artifact_filename} -> ${gitlab_is_lame_artifact_filename}" + curl -fsSL -H"JOB-TOKEN: $CI_JOB_TOKEN" \ + --upload-file "${artifact}" \ + "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${GITLAB_PACKAGE_VERSION}/${gitlab_is_lame_artifact_filename}" + echo "OK" + done + artifacts: + expire_in: 7 days + paths: [ "haproxy/haproxy*" ] + +.haproxy-tarball: &haproxy-tarball + image: docker.io/curlimages/curl:latest + stage: publish + script: | + set -eu + + PKG_VER=$HAPROXY_VERSION + if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then + export PKG_VER="branch-$CI_COMMIT_REF_SLUG-$HAPROXY_VERSION-$HAPROXY_GITREF" + echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER" + fi + + curl -fsSL \ + -H"JOB-TOKEN: $CI_JOB_TOKEN" \ + --upload-file "haproxy/haproxy-dist.tar.gz" \ + "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/$PKG_VER/haproxy-$HAPROXY_VERSION.tar.gz" + +.haproxy-docker: &haproxy-docker + stage: publish + image: + name: gcr.io/kaniko-project/executor:debug + entrypoint: [ "" ] + before_script: + - mkdir -p /kaniko/.docker + - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"gitlab-ci-token\",\"password\":\"$CI_JOB_TOKEN\"}}}" > /kaniko/.docker/config.json + script: | + set -eu + + export DEBIAN_CODENAME="bookworm" + export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')" + + # A.B.C -> A.B, otherwise preserve original (eg 2.x-dev -> 2.x-dev) + if echo "$HAPROXY_VERSION" | grep -E '([0-9]\.){2}[0-9]'; then + export HAPROXY_SHORTVER="$(echo "$HAPROXY_VERSION" | cut -d'.' -f1-2)" + else + export HAPROXY_SHORTVER=$HAPROXY_VERSION + fi + + echo "Building image with" + echo " -> haproxy version: $HAPROXY_VERSION ($HAPROXY_SHORTVER)" + echo " -> debian codename: $DEBIAN_CODENAME" + echo " -> git commit hash: $CI_COMMIT_SHORT_SHA" + echo " -> build timestamp: $JOB_TIMESTAMP" + + export IMAGE_TAG_UNIQUE="$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP-$HAPROXY_SHORTVER-$HAPROXY_GITREF" + export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA-$HAPROXY_VERSION" + export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG-$HAPROXY_VERSION" + + export IMAGE_TAG_VERSIONS="$HAPROXY_VERSION-$DEBIAN_CODENAME" + export IMAGE_TAG_SHORTVER="$HAPROXY_SHORTVER-$DEBIAN_CODENAME" + if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then + export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS" + export IMAGE_TAG_SHORTVER="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_SHORTVER" + echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS / $IMAGE_TAG_SHORTVER" + fi + + echo "***" + echo "Will build and push image as:" + echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_UNIQUE" + echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" + echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" + echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" + echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" + echo "***" + + ( + set -x; + /kaniko/executor \ + --context . \ + --dockerfile Dockerfile \ + --build-arg "CANONICAL_VERSION=$IMAGE_TAG_UNIQUE" \ + --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_UNIQUE" \ + --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" \ + --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" \ + --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" \ + --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" \ + --single-snapshot + ) + +#---------------------- +# HAProxy jobs +#---------------------- + + +haproxy-tarball:stable: + <<: *haproxy-tarball + variables: + <<: *default-variables + <<: *build-resources-xs + <<: *vars-haproxy-stable + needs: + - job: "regtests:stable" + artifacts: false + - job: "build:stable" + artifacts: true + +haproxy-tarball:dev: + <<: *haproxy-tarball + variables: + <<: *default-variables + <<: *build-resources-xs + <<: *vars-haproxy-dev + needs: + - job: "regtests:dev" + artifacts: false + - job: "build:dev" + artifacts: true + +#debian:stable: +# <<: *haproxy-debian +# variables: +# <<: *default-variables +# <<: *build-resources-m +# <<: *haproxy-stable +# allow_failure: true +# needs: +# - *needs-dependencies +# - job: "regtests:stable" +# artifacts: false + +#debian:dev: +# <<: *haproxy-debian +# variables: +# <<: *default-variables +# <<: *build-resources-m +# <<: *haproxy-dev +# needs: +# - *needs-dependencies +# - job: "regtests:dev" +# artifacts: false + + +#docker:stable: +# <<: *haproxy-docker +# variables: +# <<: *default-variables +# <<: *build-resources-m +# <<: *haproxy-stable +# needs: +# - job: "awslc" +# artifacts: true +# - job: "dataplaneapi" +# artifacts: true +# - job: "regtests:stable" +# artifacts: false +# - job: "build:stable" +# artifacts: true + +#docker:dev: +# <<: *haproxy-docker +# variables: +# <<: *default-variables +# <<: *build-resources-m +# <<: *haproxy-dev +# needs: +# - job: "awslc" +# artifacts: true +# - job: "dataplaneapi" +# artifacts: true +# - job: "regtests:dev" +# artifacts: false +# - job: "build:dev" +# artifacts: true From 676ad0304adde3147631af782a0b71fbfcb03fc1 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 17:59:41 +0100 Subject: [PATCH 12/53] trial --- .editorconfig | 2 +- .gitlab-ci-2.yml | 204 ------- .gitlab-ci.yml | 445 +------------- .gitlab/ci-base.pkl | 19 + .gitlab/ci-debian.pkl | 4 + .gitlab/ci-rockylinux.pkl | 4 + .gitlab/lib/deps.pkl | 29 + .gitlab/lib/inputs.pkl | 12 + .gitlab/lib/pipeline.pkl | 133 +++++ .gitlab/lib/schema/Ci.pkl | 1083 ++++++++++++++++++++++++++++++++++ .gitlab/lib/schema/schema.sh | 8 + .gitlab/lib/util/k8s.pkl | 25 + .gitlab/lib/util/shell.pkl | 5 + build-vars.sh | 30 + tool/ci-tools.sh | 0 15 files changed, 1381 insertions(+), 622 deletions(-) create mode 100644 .gitlab/ci-base.pkl create mode 100644 .gitlab/ci-debian.pkl create mode 100644 .gitlab/ci-rockylinux.pkl create mode 100644 .gitlab/lib/deps.pkl create mode 100644 .gitlab/lib/inputs.pkl create mode 100644 .gitlab/lib/pipeline.pkl create mode 100644 .gitlab/lib/schema/Ci.pkl create mode 100755 .gitlab/lib/schema/schema.sh create mode 100644 .gitlab/lib/util/k8s.pkl create mode 100644 .gitlab/lib/util/shell.pkl create mode 100755 build-vars.sh mode change 100755 => 100644 tool/ci-tools.sh diff --git a/.editorconfig b/.editorconfig index e60cc2d..64774f5 100644 --- a/.editorconfig +++ b/.editorconfig @@ -8,7 +8,7 @@ max_line_length = 120 tab_width = 4 trim_trailing_whitespace = true -[*.{md,yaml,yml}] +[*.{md,yaml,yml,sh}] indent_size = 2 tab_width = 2 diff --git a/.gitlab-ci-2.yml b/.gitlab-ci-2.yml index 0d95692..999b842 100644 --- a/.gitlab-ci-2.yml +++ b/.gitlab-ci-2.yml @@ -1,37 +1,3 @@ -stages: - - "dependencies" - - "build" - - "test" - - "publish" - -default: - retry: - max: 2 - when: - - "api_failure" - - "runner_system_failure" - - "scheduler_failure" - - "stale_schedule" - - "stuck_or_timeout_failure" - - "unknown_failure" - -variables: &default-variables - TZ: "UTC" - GIT_DEPTH: "1" - FF_TIMESTAMPS: true - -.build-resources-xs: &build-resources-xs - KUBERNETES_MEMORY_REQUEST: "512Mi" - KUBERNETES_MEMORY_LIMIT: "512Mi" - -.build-resources-s: &build-resources-s - KUBERNETES_MEMORY_REQUEST: "1Gi" - KUBERNETES_MEMORY_LIMIT: "1Gi" - -.build-resources-m: &build-resources-m - KUBERNETES_MEMORY_REQUEST: "2Gi" - KUBERNETES_MEMORY_LIMIT: "2Gi" - # https://git.haproxy.org/?p=haproxy-3.1.git;a=commit;h=v3.1.3 .vars-haproxy_stable: &vars-haproxy-stable HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy-3.1.git" @@ -45,180 +11,10 @@ variables: &default-variables HAPROXY_GITREF: "8235a24782e528b9bf8ca9dd69c0a147556dfcb5" HAPROXY_OPTIMIZATION: "-Og" -.job-debian: &job-debian - image: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" - before_script: - - "source ./tool/ci-tools.sh" - - "section_start 'tools' 'Setup Debian build dependencies' && ./tool/setup-debian.sh && section_end 'tools'" - -.job-rockylinux: &job-rockylinux - image: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" - before_script: - - "source ./tool/ci-tools.sh" - - "section_start 'tools' 'Setup Rocky Linux build dependencies' && ./tool/setup-rockylinux.sh && section_end 'tools'" - -#---------------------- -# Dependencies -#---------------------- - -.dependencies-common: &dependencies-common - stage: "dependencies" - script: - - "section_start 'awslc' 'Build AWS-LC' && make deps/awslc && section_end 'awslc'" - - "section_start 'lua' 'Build LUA' && make deps/lua && section_end 'lua'" - - "section_start 'pcre2' 'Build PCRE2' && make deps/pcre2 && section_end 'pcre2'" - - "section_start 'vtest' 'Build Vtest' && make deps/vtest && section_end 'vtest'" - variables: - <<: *default-variables - <<: *build-resources-m - artifacts: - expire_in: "7 days" - paths: - - "deps/awslc/awslc-dist.tar.gz" - - "deps/lua/lua-dist.tar.gz" - - "deps/pcre2/pcre2-dist.tar.gz" - - "deps/vtest/vtest-dist.tar.gz" - -dependencies:debian: - <<: *job-debian - <<: *dependencies-common - -dependencies:rockylinux: - <<: *job-rockylinux - <<: *dependencies-common - -dataplaneapi: - image: "docker.io/library/golang:1.24-alpine" - needs: [ ] - stage: "build" - before_script: - - "apk add --no-cache curl bzip2 git make tar" - - "git config --global --add safe.directory $CI_PROJECT_DIR" # stupid stupid stupid - script: "make deps/dataplaneapi" - variables: - <<: *default-variables - KUBERNETES_MEMORY_REQUEST: "3Gi" - KUBERNETES_MEMORY_LIMIT: "3Gi" - GOMEMLIMIT: "2097152" # 2GiB - artifacts: - expire_in: 7 days - paths: [ "deps/dataplaneapi/dataplaneapi-dist.tar.gz" ] - -.dependencies-fetch: &dependencies-fetch - | - #!/usr/env/bin bash - set -euo pipefail - - section_start 'import-artifacts' 'Importing dependencies built from previous stages...' - mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz - mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz - mkdir deps/vtest/dist && tar -C deps/vtest/dist -xf deps/vtest/vtest-dist.tar.gz - section_end 'import-artifacts' - -#---------------------- -# Build & Test -#---------------------- - -.haproxy-build: &haproxy-build - stage: "build" - script: - - *dependencies-fetch - - "make -C haproxy" - artifacts: - expire_in: "7 days" - paths: [ "haproxy/dist", "haproxy/haproxy-dist.tar.gz" ] - -.haproxy-regtests: &haproxy-regtests - stage: "test" - script: - - *dependencies-fetch - - "section_start 'validate-ulimit' 'Validate ulimit is not stupid' && ./tool/check-docker-ulimit.sh && section_end 'validate-ulimit'" - - "make -C haproxy build test" - artifacts: - expire_in: "7 days" - paths: [ "/tmp/vtest" ] - -build:stable:debian: - needs: [ "dependencies:debian" ] - <<: *job-debian - <<: *haproxy-build - variables: - <<: *default-variables - <<: *build-resources-s - <<: *vars-haproxy-stable - -build:dev:debian: - needs: [ "dependencies:debian" ] - <<: *job-debian - <<: *haproxy-build - variables: - <<: *default-variables - <<: *build-resources-s - <<: *vars-haproxy-dev - -build:stable:rockylinux: - needs: [ "dependencies:rockylinux" ] - <<: *job-rockylinux - <<: *haproxy-build - variables: - <<: *default-variables - <<: *build-resources-s - <<: *vars-haproxy-stable - -build:dev:rockylinux: - needs: [ "dependencies:rockylinux" ] - <<: *job-rockylinux - <<: *haproxy-build - variables: - <<: *default-variables - <<: *build-resources-s - <<: *vars-haproxy-dev - -regtests:stable:debian: - needs: [ "dependencies:debian" ] - <<: *job-debian - <<: *haproxy-regtests - variables: - <<: *default-variables - <<: *build-resources-m - <<: *vars-haproxy-stable - HAPROXY_OPTIMIZATION: "-Og" - -regtests:dev:debian: - needs: [ "dependencies:debian" ] - <<: *job-debian - <<: *haproxy-regtests - variables: - <<: *default-variables - <<: *build-resources-m - <<: *vars-haproxy-dev - -regtests:stable:rockylinux: - needs: [ "dependencies:rockylinux" ] - <<: *job-rockylinux - <<: *haproxy-regtests - variables: - <<: *default-variables - <<: *build-resources-m - <<: *vars-haproxy-stable - HAPROXY_OPTIMIZATION: "-Og" - -regtests:dev:rockylinux: - needs: [ "dependencies:rockylinux" ] - <<: *job-rockylinux - <<: *haproxy-regtests - variables: - <<: *default-variables - <<: *build-resources-m - <<: *vars-haproxy-dev - #---------------------- # Package & Publish #---------------------- -.haproxy-set-package-version: &haproxy-set-package-version - .haproxy-debian: &haproxy-debian stage: "publish" script: diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 93176c0..c669c9e 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,422 +1,33 @@ -stages: - - dependencies - - build - - test - - publish - -default: - retry: - max: 2 - when: - - api_failure - - runner_system_failure - - scheduler_failure - - stale_schedule - - stuck_or_timeout_failure - - unknown_failure - -variables: &default-variables - TZ: "UTC" - GIT_DEPTH: "1" - FF_TIMESTAMPS: true - -.build-resources-xs: &build-resources-xs - KUBERNETES_MEMORY_REQUEST: 512Mi - KUBERNETES_MEMORY_LIMIT: 512Mi - -.build-resources-s: &build-resources-s - KUBERNETES_MEMORY_REQUEST: 1Gi - KUBERNETES_MEMORY_LIMIT: 1Gi - -.build-resources-m: &build-resources-m - KUBERNETES_MEMORY_REQUEST: 2Gi - KUBERNETES_MEMORY_LIMIT: 2Gi - -.haproxy_stable: &haproxy-stable - HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy-3.1.git" - HAPROXY_VERSION: 3.1-stable - # https://git.haproxy.org/?p=haproxy-3.1.git;a=commit;h=v3.1.3 - HAPROXY_GITREF: "v3.1.3" - BUILD_PATCHES_DIR: "patches-stable" - HAPROXY_LIBASAN: "false" - HAPROXY_LIBUBSAN: "false" - HAPROXY_OPTIMIZATION: "-O2" - -.haproxy_dev: &haproxy-dev - HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy.git" - HAPROXY_VERSION: 3.2-dev - # https://git.haproxy.org/?p=haproxy.git;a=commit;h=8235a24782e528b9bf8ca9dd69c0a147556dfcb5 - HAPROXY_GITREF: "8235a24782e528b9bf8ca9dd69c0a147556dfcb5" - BUILD_PATCHES_DIR: "patches-dev" - HAPROXY_LIBASAN: "false" - HAPROXY_LIBUBSAN: "false" - HAPROXY_OPTIMIZATION: "-Og" - -.job-debian: &job-debian - image: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" - before_script: - - "source ./tool/ci-tools.sh" - - "section_start 'tools' 'Setup Debian build dependencies' && ./tool/setup-debian.sh && section_end 'tools'" - -.job-rockylinux: &job-rockylinux - image: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" - before_script: - - "source ./tool/ci-tools.sh" - - "section_start 'tools' 'Setup Rocky Linux build dependencies' && ./tool/setup-rockylinux.sh && section_end 'tools'" - -#---------------------- -# Common dependencies -#---------------------- - -.dependencies-common: &dependencies-common - stage: "dependencies" - script: - - "section_start 'awslc' 'Build AWS-LC' && make deps/awslc && section_end 'awslc'" - - "section_start 'lua' 'Build LUA' && make deps/lua && section_end 'lua'" - - "section_start 'pcre2' 'Build PCRE2' && make deps/pcre2 && section_end 'pcre2'" - - "section_start 'vtest' 'Build Vtest' && make deps/vtest && section_end 'vtest'" - variables: - <<: *default-variables - <<: *build-resources-m - artifacts: - expire_in: 7 days - paths: - - "deps/awslc/awslc-dist.tar.gz" - - "deps/lua/lua-dist.tar.gz" - - "deps/pcre2/pcre2-dist.tar.gz" - - "deps/vtest/vtest-dist.tar.gz" - -dependencies:debian: - <<: *job-debian - <<: *dependencies-common - -dependencies:rockylinux: - <<: *job-rockylinux - <<: *dependencies-common - -#---------------------- -# Dataplane API -#---------------------- - -dataplaneapi: - image: "docker.io/library/golang:1.24-alpine" - needs: [ ] - stage: "build" - before_script: - - "apk add --no-cache curl bzip2 git make tar" - - "git config --global --add safe.directory $CI_PROJECT_DIR" # stupid stupid stupid - script: "make deps/dataplaneapi" - variables: - <<: *default-variables - KUBERNETES_MEMORY_REQUEST: 3Gi - KUBERNETES_MEMORY_LIMIT: 3Gi - GOMEMLIMIT: 2097152 # 2GiB - artifacts: - expire_in: 7 days - paths: [ "deps/dataplaneapi/dataplaneapi-dist.tar.gz" ] - -#---------------------- -# HAProxy job templates -#---------------------- - -.haproxy-build-import-artifacts: &haproxy-build-import-artifacts - | - #!/usr/env/bin bash - set -euo pipefail - - section_start 'import-artifacts' 'Importing dependencies built from previous stages...' - mkdir deps/awslc/dist && tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz - mkdir deps/lua/dist && tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - mkdir deps/pcre2/dist && tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz - mkdir deps/vtest/dist && tar -C deps/vtest/dist -xf deps/vtest/vtest-dist.tar.gz - section_end 'import-artifacts' - -.haproxy-build: &haproxy-build - stage: "build" - script: - - *haproxy-build-import-artifacts - - make -C haproxy - artifacts: - expire_in: 7 days - paths: [ "haproxy/dist", "haproxy/haproxy-dist.tar.gz" ] - -.haproxy-regtests: &haproxy-regtests - stage: "test" - script: - - *haproxy-build-import-artifacts - - section_start 'validate-ulimit' 'Validate ulimit is not stupid' && ./tool/check-docker-ulimit.sh && section_end 'validate-ulimit' - - make -C haproxy build test - artifacts: - expire_in: 7 days - paths: [ "/tmp/vtest" ] - -.haproxy-debian: &haproxy-debian - stage: "publish" - script: - - *haproxy-build-import-artifacts - - export BUILD_MESSAGE="$CI_COMMIT_MESSAGE" - - make -C haproxy dist-deb HAPROXY_GITREPO="$HAPROXY_GITREPO" HAPROXY_VERSION="$HAPROXY_VERSION" HAPROXY_GITREF="$HAPROXY_GITREF" BUILD_PATCHES_DIR="$BUILD_PATCHES_DIR" HAPROXY_LIBASAN="$HAPROXY_LIBASAN" HAPROXY_OPTIMIZATION="$HAPROXY_OPTIMIZATION" - - | - set -euo pipefail - - PACKAGE_NAME="haproxy-debian" - DEB_VERSION="$(cat haproxy/*.dsc | grep -E '^Version:' | cut -d' ' -f2-)" - if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then - export PACKAGE_NAME="haproxy-debian-branches" - export DEB_VERSION="branch-$CI_COMMIT_REF_SLUG" - echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting coordinates to $PACKAGE_NAME/$DEB_VERSION" - fi - - GITLAB_PACKAGE_VERSION=$(echo "${DEB_VERSION}" | tr '~' '-') - echo "Publishing Debian package version ${DEB_VERSION} to haproxy-debian@${GITLAB_PACKAGE_VERSION}" - - for artifact in haproxy/haproxy*.deb; do - artifact_filename=$(basename "${artifact}") - gitlab_is_lame_artifact_filename=$(echo "${artifact_filename}" | tr '~' '-' | tr '+' '-') - echo "Uploading to haproxy-debian@${DEB_VERSION}... ${artifact_filename} -> ${gitlab_is_lame_artifact_filename}" - curl -fsSL -H"JOB-TOKEN: $CI_JOB_TOKEN" \ - --upload-file "${artifact}" \ - "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${GITLAB_PACKAGE_VERSION}/${gitlab_is_lame_artifact_filename}" - echo "OK" - done - artifacts: - expire_in: 7 days - paths: [ "haproxy/haproxy*" ] - -.haproxy-tarball: &haproxy-tarball - image: docker.io/curlimages/curl:latest - stage: publish - script: | - set -eu - - PKG_VER=$HAPROXY_VERSION - if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then - export PKG_VER="branch-$CI_COMMIT_REF_SLUG-$HAPROXY_VERSION-$HAPROXY_GITREF" - echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER" - fi - - curl -fsSL \ - -H"JOB-TOKEN: $CI_JOB_TOKEN" \ - --upload-file "haproxy/haproxy-dist.tar.gz" \ - "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/$PKG_VER/haproxy-$HAPROXY_VERSION.tar.gz" - -.haproxy-docker: &haproxy-docker - stage: publish - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [ "" ] - before_script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"gitlab-ci-token\",\"password\":\"$CI_JOB_TOKEN\"}}}" > /kaniko/.docker/config.json +render-pipeline: + stage: "prepare" + image: "alpine:latest" script: | - set -eu - - export DEBIAN_CODENAME="bookworm" - export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')" - - # A.B.C -> A.B, otherwise preserve original (eg 2.x-dev -> 2.x-dev) - if echo "$HAPROXY_VERSION" | grep -E '([0-9]\.){2}[0-9]'; then - export HAPROXY_SHORTVER="$(echo "$HAPROXY_VERSION" | cut -d'.' -f1-2)" - else - export HAPROXY_SHORTVER=$HAPROXY_VERSION - fi - - echo "Building image with" - echo " -> haproxy version: $HAPROXY_VERSION ($HAPROXY_SHORTVER)" - echo " -> debian codename: $DEBIAN_CODENAME" - echo " -> git commit hash: $CI_COMMIT_SHORT_SHA" - echo " -> build timestamp: $JOB_TIMESTAMP" - - export IMAGE_TAG_UNIQUE="$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP-$HAPROXY_SHORTVER-$HAPROXY_GITREF" - export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA-$HAPROXY_VERSION" - export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG-$HAPROXY_VERSION" + set -euo pipefail - export IMAGE_TAG_VERSIONS="$HAPROXY_VERSION-$DEBIAN_CODENAME" - export IMAGE_TAG_SHORTVER="$HAPROXY_SHORTVER-$DEBIAN_CODENAME" - if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then - export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS" - export IMAGE_TAG_SHORTVER="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_SHORTVER" - echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS / $IMAGE_TAG_SHORTVER" + if ! [ -f "/opt/pkl" ]; then + echo "Install PKL v${PKL_VERSION}" + wget -O /opt/pkl "https://github.com/apple/pkl/releases/download/${PKL_VERSION}/pkl-alpine-linux-amd64" + chmod +x /opt/pkl fi - echo "***" - echo "Will build and push image as:" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_UNIQUE" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" - echo "***" - - ( - set -x; - /kaniko/executor \ - --context . \ - --dockerfile Dockerfile \ - --build-arg "CANONICAL_VERSION=$IMAGE_TAG_UNIQUE" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_UNIQUE" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" \ - --single-snapshot - ) - -#---------------------- -# HAProxy jobs -#---------------------- - -build:stable:debian: - needs: [ "dependencies:debian" ] - <<: *job-debian - <<: *haproxy-build - variables: - <<: *default-variables - <<: *build-resources-s - <<: *haproxy-stable - -build:dev:debian: - needs: [ "dependencies:debian" ] - <<: *job-debian - <<: *haproxy-build - variables: - <<: *default-variables - <<: *build-resources-s - <<: *haproxy-dev - -build:stable:rockylinux: - needs: [ "dependencies:rockylinux" ] - <<: *job-rockylinux - <<: *haproxy-build + /opt/pkl eval -w ".gitlab" -f yaml "ci-debian.pkl" | tee ".gitlab/debian.ci.yml" + /opt/pkl eval -w ".gitlab" -f yaml "ci-rockylinux.pkl" | tee ".gitlab/rockylinux.ci.yml" variables: - <<: *default-variables - <<: *build-resources-s - <<: *haproxy-stable - -build:dev:rockylinux: - needs: [ "dependencies:rockylinux" ] - <<: *job-rockylinux - <<: *haproxy-build - variables: - <<: *default-variables - <<: *build-resources-s - <<: *haproxy-dev - -regtests:stable:debian: - needs: [ "dependencies:debian" ] - <<: *job-debian - <<: *haproxy-regtests - variables: - <<: *default-variables - <<: *build-resources-m - <<: *haproxy-stable - HAPROXY_OPTIMIZATION: "-Og" - -regtests:dev:debian: - needs: [ "dependencies:debian" ] - <<: *job-debian - <<: *haproxy-regtests - variables: - <<: *default-variables - <<: *build-resources-m - <<: *haproxy-dev - HAPROXY_OPTIMIZATION: "-Og" - -regtests:stable:rockylinux: - needs: [ "dependencies:rockylinux" ] - <<: *job-rockylinux - <<: *haproxy-regtests - variables: - <<: *default-variables - <<: *build-resources-m - <<: *haproxy-stable - HAPROXY_OPTIMIZATION: "-Og" - -regtests:dev:rockylinux: - needs: [ "dependencies:rockylinux" ] - <<: *job-rockylinux - <<: *haproxy-regtests - variables: - <<: *default-variables - <<: *build-resources-m - <<: *haproxy-dev - HAPROXY_OPTIMIZATION: "-Og" - -#haproxy-tarball:stable: -# <<: *haproxy-tarball -# variables: -# <<: *default-variables -# <<: *build-resources-xs -# <<: *haproxy-stable -# needs: -# - job: "regtests:stable" -# artifacts: false -# - job: "build:stable" -# artifacts: true - -#haproxy-tarball:dev: -# <<: *haproxy-tarball -# variables: -# <<: *default-variables -# <<: *build-resources-xs -# <<: *haproxy-dev -# needs: -# - job: "regtests:dev" -# artifacts: false -# - job: "build:dev" -# artifacts: true - -#docker:stable: -# <<: *haproxy-docker -# variables: -# <<: *default-variables -# <<: *build-resources-m -# <<: *haproxy-stable -# needs: -# - job: "awslc" -# artifacts: true -# - job: "dataplaneapi" -# artifacts: true -# - job: "regtests:stable" -# artifacts: false -# - job: "build:stable" -# artifacts: true - -#docker:dev: -# <<: *haproxy-docker -# variables: -# <<: *default-variables -# <<: *build-resources-m -# <<: *haproxy-dev -# needs: -# - job: "awslc" -# artifacts: true -# - job: "dataplaneapi" -# artifacts: true -# - job: "regtests:dev" -# artifacts: false -# - job: "build:dev" -# artifacts: true - -#debian:stable: -# <<: *haproxy-debian -# variables: -# <<: *default-variables -# <<: *build-resources-m -# <<: *haproxy-stable -# allow_failure: true -# needs: -# - *needs-dependencies -# - job: "regtests:stable" -# artifacts: false - -#debian:dev: -# <<: *haproxy-debian -# variables: -# <<: *default-variables -# <<: *build-resources-m -# <<: *haproxy-dev -# needs: -# - *needs-dependencies -# - job: "regtests:dev" -# artifacts: false + PKL_VERSION: "0.28.2" + cache: + key: "pkl-${PKL_VERSION}" + paths: [ "/opt/pkl" ] + artifacts: + paths: [ ".gitlab/ci.rendered.yml" ] + +trigger-dynamic: + stage: "run" + needs: [ "render-pipeline" ] + parallel: + matrix: + - OS_FAMILY: [ "debian", "rockylinux" ] + trigger: + strategy: "depend" + include: + - job: "render-pipeline" + artifact: ".gitlab/$OS_FAMILY.ci.yml" diff --git a/.gitlab/ci-base.pkl b/.gitlab/ci-base.pkl new file mode 100644 index 0000000..eef5447 --- /dev/null +++ b/.gitlab/ci-base.pkl @@ -0,0 +1,19 @@ +abstract module CIBase extends "lib/pipeline.pkl" + +fixed stable { + name = "stable" + params { + git_repo = "https://git.haproxy.org/?p=haproxy-3.1.git" + git_ref = "v3.1.7" + version = git_ref + } +} + +fixed dev { + name = "dev" + params { + git_repo = "https://git.haproxy.org/?p=haproxy.git" + git_ref = "master" + version = git_ref + } +} diff --git a/.gitlab/ci-debian.pkl b/.gitlab/ci-debian.pkl new file mode 100644 index 0000000..3b1388c --- /dev/null +++ b/.gitlab/ci-debian.pkl @@ -0,0 +1,4 @@ +module Debian extends "ci-base.pkl" + +fixed os_family = "debian" +fixed os_image = "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" diff --git a/.gitlab/ci-rockylinux.pkl b/.gitlab/ci-rockylinux.pkl new file mode 100644 index 0000000..41c679e --- /dev/null +++ b/.gitlab/ci-rockylinux.pkl @@ -0,0 +1,4 @@ +module RockyLinux extends "ci-base.pkl" + +fixed os_family = "rockylinux" +fixed os_image = "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" diff --git a/.gitlab/lib/deps.pkl b/.gitlab/lib/deps.pkl new file mode 100644 index 0000000..7716e40 --- /dev/null +++ b/.gitlab/lib/deps.pkl @@ -0,0 +1,29 @@ +module Dependencies + +import "schema/Ci.pkl" +import "util/shell.pkl" + +class Dependency { + name: String + nameCanonical: String = name.replaceAll("-", "").toLowerCase() + + path: String = "deps/\(nameCanonical)" + + buildSh: String = shell.section(nameCanonical, name, new Listing { "make \(path)" }) + artifact: String = "\(path)/\(nameCanonical)-dist.tar.gz" + + fetchSh: String = shell.section(nameCanonical, "Fetch \(name) artifact", new Listing { + "mkdir \(path)" + "tar -C \(path)/dist -xf \(artifact)" + }) +} + +function dependencies(defaultJob: Ci.JobTemplate, dependencies: List): Ci.JobTemplate = (defaultJob) { + needs = new {} + stage = "dependencies" + script = dependencies.map((dep) -> dep.buildSh).toListing() + artifacts { + expire_in = "7 days" + paths = dependencies.map((dep) -> dep.artifact).toListing() + } +} diff --git a/.gitlab/lib/inputs.pkl b/.gitlab/lib/inputs.pkl new file mode 100644 index 0000000..9e6b6f4 --- /dev/null +++ b/.gitlab/lib/inputs.pkl @@ -0,0 +1,12 @@ +module Build + +class BuildVars { + git_repo: String + git_ref: String + version: String +} + +class Build { + name: String + params: BuildVars +} diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl new file mode 100644 index 0000000..a0d00e2 --- /dev/null +++ b/.gitlab/lib/pipeline.pkl @@ -0,0 +1,133 @@ +abstract module Pipeline + +import "deps.pkl" +import "inputs.pkl" +import "schema/Ci.pkl" +import "util/k8s.pkl" +import "util/shell.pkl" + +// input properties +hidden fixed os_family: String +hidden fixed os_image: String +hidden fixed stable: inputs.Build +hidden fixed dev: inputs.Build + +// rendered pipeline +variables = new Mapping { + ["TZ"] = "UTC" + ["GIT_DEPTH"] = "1" + ["FF_TIMESTAMPS"] = true +} + +stages { + "dependencies" + "build" + "test" + "package" +} + +local resolveDeps = new Listing { + "section_start 'tools' 'Setup build dependencies'" + "./tool/setup-\(os_family).sh" + "section_end 'tools'" +} + +local defaultJob = new Ci.JobTemplate { + image = os_image + before_script = new Listing { + "source ./tool/ci-tools.sh" + resolveDeps.join(" && ") + } + variables = module.variables +} + +local dependencyList = List( + new deps.Dependency { name = "AWS-LC" }, + new deps.Dependency { name = "LUA" }, + new deps.Dependency { name = "PCRE2" }, + new deps.Dependency { name = "VTest" } +) + +dependencies = (deps.dependencies(defaultJob, dependencyList)) { + variables { + ...k8s.resources.md + } +} + +dataplaneapi = (defaultJob) { + image = "docker.io/library/golang:1.24-alpine" + needs = new {} + stage = "dependencies" + before_script { + "apk add --no-cache curl bzip2 git make tar" + "git config --global --add safe.directory $CI_PROJECT_DIR" + } + script = "make deps/dataplaneapi" + variables { + ["GOMEMLIMIT"] = "2097152" + ...k8s.resources.lg + } + artifacts { + expire_in = "7 days" + paths { "deps/dataplaneapi/dataplaneapi-dist.tar.gz" } + } +} + +function haproxyVars(target: inputs.Build) = (k8s.resources.sm) { + ["HAPROXY_GITREPO"] = target.params.git_repo + ["HAPROXY_GITREF"] = target.params.git_ref + ["HAPROXY_VERSION"] = target.params.version + + when (target.name == "dev") { + ["HAPROXY_OPTIMIZATION"] = "-Og" + } +} + +local buildJob = (defaultJob) { + stage = "build" + script = new Listing { + ...dependencyList.map((dep) -> dep.fetchSh) + "make -C haproxy" + } + artifacts { + expire_in = "7 days" + paths { "haproxy/haproxy-dist.tar.gz" } + } +} + +local regtestJob = (defaultJob) { + stage = "test" + script = new Listing { + ...dependencyList.map((dep) -> dep.fetchSh) + shell.section("ulimit", "Validate ulimit", new Listing { "./tool/check-docker-ulimit.sh" }) + "make -C haproxy build test" + } + artifacts { + expire_in = "7 days" + paths { "/tmp/vtest" } + } +} + +`build:stable` = (buildJob) { + variables { + ...haproxyVars(stable) + } +} + +`regtests:stable` = (regtestJob) { + variables { + ...haproxyVars(stable) + } +} + +`build:dev` = (buildJob) { + variables { + ...haproxyVars(dev) + } +} + +`regtests:dev` = (regtestJob) { + variables { + ...haproxyVars(dev) + } +} diff --git a/.gitlab/lib/schema/Ci.pkl b/.gitlab/lib/schema/Ci.pkl new file mode 100644 index 0000000..6f57bfe --- /dev/null +++ b/.gitlab/lib/schema/Ci.pkl @@ -0,0 +1,1083 @@ +/// This module was generated from JSON Schema from +/// . +/// +/// WARN: both properties and at least one of additionalProperties and patternProperties are set. This is +/// ambiguously defined; can either be defined as a `Mapping` or a class. +module Ci + +$schema: Uri? + +spec: Spec? + +image: Image? + +services: Services? + +before_script: (If|Listing>)? + +after_script: (If|Listing>)? + +variables: GlobalVariables? + +cache: Cache? + +`!reference`: refType? + +default: Default? + +/// Default if undefined: `{ "build" "test" "deploy" }` +stages: Listing>(!isEmpty, isDistinct)? + +include: (IncludeItem|Listing)? + +pages: Job? + +workflow: Workflow? + +class Spec { + inputs: InputParameters? +} + +class Default { + after_script: (If|Listing>)? + + artifacts: Artifacts? + + before_script: (If|Listing>)? + + hooks: Hooks? + + cache: Cache? + + image: Image? + + interruptible: Interruptible? + + id_tokens: ItemIdTokens? + + identity: Identity? + + retry: Retry? + + services: Services? + + tags: Tags? + + timeout: StartIn? + + `!reference`: refType? +} + +class Workflow { + name: WorkflowName? + + auto_cancel: WorkflowAutoCancel? + + rules: Listing? +} + +class Rule { + `if`: If? + + changes: Changes? + + exists: Exists? + + variables: RulesVariables? + + `when`: ("always"|"never")? + + auto_cancel: WorkflowAutoCancel? +} + +class Artifacts { + paths: Listing(!isEmpty)? + + exclude: Listing(!isEmpty)? + + expose_as: If? + + name: If? + + /// Default if undefined: `false` + untracked: Interruptible? + + /// Default if undefined: `"on_success"` + `when`: ("on_success"|"on_failure"|"always")? + + /// Default if undefined: `"all"` + access: ("none"|"developer"|"all")? + + /// Default if undefined: `"30 days"` + expire_in: String? + + reports: Reports? +} + +class Reports { + /// Path to JSON file with annotations report. + annotations: String? + + /// Path for file(s) that should be parsed as JUnit XML result + junit: (String|Listing(!isEmpty))? + + /// Path to a single file with browser performance metric report(s). + browser_performance: String? + + /// Used to collect coverage reports from the job. + coverage_report: CoverageReport? + + /// Path to file or list of files with code quality report(s) (such as Code Climate). + codequality: StringFileList? + + /// Path to file or list of files containing runtime-created variables for this job. + dotenv: StringFileList? + + /// Path to file or list of files containing code intelligence (Language Server Index Format). + lsif: StringFileList? + + /// Path to file or list of files with SAST vulnerabilities report(s). + sast: StringFileList? + + /// Path to file or list of files with Dependency scanning vulnerabilities report(s). + dependency_scanning: StringFileList? + + /// Path to file or list of files with Container scanning vulnerabilities report(s). + container_scanning: StringFileList? + + /// Path to file or list of files with DAST vulnerabilities report(s). + dast: StringFileList? + + /// Deprecated in 12.8: Path to file or list of files with license report(s). + license_management: StringFileList? + + /// Path to file or list of files with license report(s). + license_scanning: StringFileList? + + /// Path to file or list of files with requirements report(s). + requirements: StringFileList? + + /// Path to file or list of files with secret detection report(s). + secret_detection: StringFileList? + + /// Path to file or list of files with custom metrics report(s). + metrics: StringFileList? + + /// Path to file or list of files with terraform plan(s). + terraform: StringFileList? + + cyclonedx: StringFileList? + + load_performance: StringFileList? + + /// Path to file or list of files with Repository X-Ray report(s). + repository_xray: StringFileList? +} + +/// Used to collect coverage reports from the job. +class CoverageReport { + /// Code coverage format used by the test framework. + coverage_format: ("cobertura"|"jacoco")? + + /// Path to the coverage report file that should be parsed. + path: String(!isEmpty)? +} + +class InputParametersAlternate0 { + /// Default if undefined: `"string"` + type: ("array"|"boolean"|"number"|"string")? + + description: String(length <= 1024)? + + options: Listing? + + regex: If? + + default: Any? +} + +class IncludeItemAlternate1 { + /// Relative path from local repository root (`/`) to the `yaml`/`yml` file template. The file must be + /// on the same branch, and does not work across git submodules. + `local`: String(matches(Regex(#"\.ya?ml$"#))) + + rules: IncludeRules? + + inputs: Inputs? +} + +class IncludeItemAlternate2 { + /// Path to the project, e.g. `group/project`, or `group/sub-group/project` [Learn + /// more](https://docs.gitlab.com/ci/yaml/#includeproject). + project: String(matches(Regex(#"(?:\S/\S|\$\S+)"#))) + + /// Branch/Tag/Commit-hash for the target project. + ref: String? + + file: String(matches(Regex(#"\.ya?ml$"#)))|Listing + + rules: IncludeRules? + + inputs: Inputs? +} + +class IncludeItemAlternate3 { + /// Use a `.gitlab-ci.yml` template as a base, e.g. `Nodejs.gitlab-ci.yml`. + template: String(matches(Regex(#"\.ya?ml$"#))) + + rules: IncludeRules? + + inputs: Inputs? +} + +class IncludeItemAlternate4 { + /// Local path to component directory or full path to external component directory. + component: String + + rules: IncludeRules? + + inputs: Inputs? +} + +class IncludeItemAlternate5 { + /// URL to a `yaml`/`yml` template file using HTTP/HTTPS. + remote: String(matches(Regex(#"^https?://.+\.ya?ml$"#))) + + /// SHA256 integrity hash of the remote file content. + integrity: String(matches(Regex("^sha256-[A-Za-z0-9+/]{43}=$")))? + + rules: IncludeRules? + + inputs: Inputs? +} + +/// Specifies the docker image to use for the job or globally for all jobs. Job configuration takes +/// precedence over global setting. Requires a certain kind of GitLab runner executor. +class ImageAlternate1 { + /// Full name of the image that should be used. It should contain the Registry part if needed. + name: String(!isEmpty) + + /// Command or script that should be executed as the container's entrypoint. It will be translated to + /// Docker's --entrypoint option while creating the container. The syntax is similar to Dockerfile's + /// ENTRYPOINT directive, where each shell token is a separate string in the array. + entrypoint: Listing(!isEmpty)? + + docker: `[]Alternate1Docker`? + + kubernetes: `[]Alternate1Kubernetes`? + + /// Default if undefined: `"always"` + pull_policy: ("always"|"never"|"if-not-present"|Listing<"always"|"never"|"if-not-present">(!isEmpty, isDistinct))? +} + +class `[]Alternate1Docker` { + /// Image architecture to pull. + platform: String(!isEmpty)? + + /// Username or UID to use for the container. + user: String(length.isBetween(1, 255))? +} + +class `[]Alternate1Kubernetes` { + /// Username or UID to use for the container. It also supports the UID:GID format. + user: String(length.isBetween(1, 255))? +} + +class `[]Alternate1` { + /// Full name of the image that should be used. It should contain the Registry part if needed. + name: String(!isEmpty) + + entrypoint: Listing(!isEmpty)? + + docker: `[]Alternate1Docker`? + + kubernetes: `[]Alternate1Kubernetes`? + + /// Default if undefined: `"always"` + pull_policy: ("always"|"never"|"if-not-present"|Listing<"always"|"never"|"if-not-present">(!isEmpty, isDistinct))? + + command: Listing(!isEmpty)? + + alias: StartIn? + + variables: JobVariables? +} + +class IdTokens { + aud: If|Listing(!isEmpty, isDistinct) +} + +class Secrets { + vault: (If|VaultAlternate1)? + + gcp_secret_manager: GcpSecretManager? + + azure_key_vault: AzureKeyVault? + + akeyless: Akeyless? + + /// Default if undefined: `true` + file: Boolean? + + /// Specifies the JWT variable that should be used to authenticate with the secret provider. + token: String? +} + +class VaultAlternate1 { + engine: Engine + + path: If + + field: If +} + +class Engine { + name: If + + path: If +} + +class GcpSecretManager { + name: If + + /// Default if undefined: `"version"` + version: (If|Int)? +} + +class AzureKeyVault { + name: If + + version: If? +} + +class Akeyless { + name: If? + + data_key: If? + + cert_user_name: If? + + public_key_data: If? + + csr_data: If? +} + +class `[]Alternate0` { + `if`: If? + + changes: Changes? + + exists: Exists? + + variables: RulesVariables? + + `when`: When? + + start_in: StartIn? + + allow_failure: AllowFailure? + + needs: RulesNeeds? + + interruptible: Interruptible? +} + +class `IncludeRule[]Alternate0` { + `if`: If? + + changes: Changes? + + exists: Exists? + + `when`: ("never"|"always"|Any)? +} + +/// Define the rules for when pipeline should be automatically cancelled. +class WorkflowAutoCancel { + /// Default if undefined: `"none"` + on_job_failure: ("none"|"all")? + + on_new_commit: ("conservative"|"interruptible"|"none")? +} + +class GlobalVariablesAlternate1 { + value: If? + + options: Listing(!isEmpty, isDistinct)? + + description: If? + + expand: Boolean? +} + +class JobVariablesAlternate1 { + value: If? + + expand: Boolean? +} + +class ChangesAlternate0 { + /// List of file paths. + paths: Listing + + /// Ref for comparing changes. + compare_to: String? +} + +class ExistsAlternate1 { + /// List of file paths. + paths: Listing + + /// Path of the project to search in. + project: String? +} + +class ExistsAlternate2 { + /// List of file paths. + paths: Listing + + /// Path of the project to search in. + project: String + + /// Ref of the project to search in. + ref: String? +} + +class `RulesNeed[]Alternate1` { + /// Name of a job that is defined in the pipeline. + job: String(!isEmpty) + + /// Download artifacts of the job in needs. + artifacts: Boolean? + + /// Whether the job needs to be present in the pipeline to run ahead of the current job. + optional: Boolean? +} + +/// Exit code that are not considered failure. The job fails for any other exit code. +class AllowFailureAlternate1 { + exit_codes: Int +} + +/// You can list which exit codes are not considered failures. The job fails for any other exit code. +class AllowFailureAlternate2 { + exit_codes: Listing(!isEmpty, isDistinct) +} + +class ParallelMatrixAlternate0 { + /// Defines different variables for jobs that are running in parallel. + matrix: Listing>(length <= 200) +} + +class CacheItem { + key: (String(matches(Regex("^[^/]*[^./][^/]*$")))|KeyAlternate1)? + + paths: Listing? + + /// Default if undefined: `"pull-push"` + policy: String(matches(Regex(#"pull-push|pull|push|\$\w{1,255}"#)))? + + /// Default if undefined: `false` + unprotect: Interruptible? + + /// Default if undefined: `false` + untracked: Interruptible? + + /// Default if undefined: `"on_success"` + `when`: ("on_success"|"on_failure"|"always")? + + fallback_keys: Listing(length <= 5)? +} + +class KeyAlternate1 { + files: Listing(length.isBetween(1, 2))? + + prefix: If? +} + +class FilterAlternate2 { + refs: FilterRefs? + + /// Filter job based on if Kubernetes integration is active. + kubernetes: "active"? + + variables: Listing? + + /// Filter job creation based on files that were modified in a git push. + changes: Listing? +} + +class RetryAlternate1 { + max: RetryMax? + + `when`: (RetryErrors|Listing)? + + exit_codes: (Listing(!isEmpty, isDistinct)|Int)? +} + +class JobTemplate { + image: Image? + + services: Services? + + before_script: (If|Listing>)? + + after_script: (If|Listing>)? + + hooks: Hooks? + + rules: Rules? + + variables: JobVariables? + + cache: Cache? + + id_tokens: ItemIdTokens? + + identity: Identity? + + secrets: ItemSecrets? + + script: Script? + + run: Steps? + + /// Define what stage the job will run in. + stage: (StartIn|Listing(!isEmpty))? + + /// Job will run *only* when these filtering options match. + only: Filter? + + /// The name of one or more jobs to inherit configuration from. + `extends`: (If|Listing(!isEmpty))? + + /// The list of jobs in previous stages whose sole completion is needed to start the current job. + needs: Listing? + + /// Job will run *except* for when these filtering options match. + except: Filter? + + tags: Tags? + + allow_failure: AllowFailure? + + timeout: StartIn? + + `when`: When? + + start_in: StartIn? + + manual_confirmation: If? + + /// Specify a list of job names from earlier stages from which artifacts should be loaded. By default, + /// all previous artifacts are passed. Use an empty array to skip downloading artifacts. + dependencies: Listing? + + artifacts: Artifacts? + + /// Used to associate environment metadata with a deploy. Environment can have a name and URL attached + /// to it, and will be displayed under /environments under the project. + environment: (If|EnvironmentAlternate1)? + + /// Indicates that the job creates a Release. + release: Release? + + /// Must be a regular expression, optionally but recommended to be quoted, and must be surrounded with + /// '/'. Example: '/Code coverage: \d+\.\d+/' + coverage: String(matches(Regex("^/.+/$")), isRegex)? + + retry: Retry? + + parallel: Parallel? + + interruptible: Interruptible? + + /// Limit job concurrency. Can be used to ensure that the Runner will not run certain jobs + /// simultaneously. + resource_group: String? + + trigger: (TriggerAlternate0|TriggerAlternate1|String(matches(Regex(#"(?:\S/\S|\$\S+)"#))))? + + inherit: Inherit? + + /// Deprecated. Use `pages.publish` instead. A path to a directory that contains the files to be + /// published with Pages. + publish: String? + + pages: (PagesAlternate0|Interruptible)? +} + +class `Need[]Alternate1` { + job: If + + artifacts: Boolean? + + optional: Boolean? + + parallel: ParallelMatrix? +} + +class `[]Alternate2` { + pipeline: If + + job: If + + artifacts: Boolean? + + parallel: ParallelMatrix? +} + +class `[]Alternate3` { + job: If + + project: If + + ref: If + + artifacts: Boolean? + + parallel: ParallelMatrix? +} + +class EnvironmentAlternate1 { + /// The name of the environment, e.g. 'qa', 'staging', 'production'. + name: String(!isEmpty) + + /// When set, this will expose buttons in various places for the current environment in GitLab, that + /// will take you to the defined URL. + url: Uri(matches(Regex(#"^(https?://.+|\$[A-Za-z]+)"#)))? + + /// The name of a job to execute when the environment is about to be stopped. + on_stop: String? + + /// Specifies what this job will do. 'start' (default) indicates the job will start the deployment. + /// 'prepare'/'verify'/'access' indicates this will not affect the deployment. 'stop' indicates this + /// will stop the deployment. + /// + /// Default if undefined: `"start"` + action: ("start"|"prepare"|"stop"|"verify"|"access")? + + /// The amount of time it should take before GitLab will automatically stop the environment. Supports a + /// wide variety of formats, e.g. '1 week', '3 mins 4 sec', '2 hrs 20 min', '2h20min', '6 mos 1 day', + /// '47 yrs 6 mos and 4d', '3 weeks and 2 days'. + auto_stop_in: String? + + /// Used to configure the kubernetes deployment for this environment. This is currently not supported + /// for kubernetes clusters that are managed by GitLab. + kubernetes: Kubernetes? + + /// Explicitly specifies the tier of the deployment environment if non-standard environment name is + /// used. + deployment_tier: ("production"|"staging"|"testing"|"development"|"other")? +} + +/// Used to configure the kubernetes deployment for this environment. This is currently not supported for +/// kubernetes clusters that are managed by GitLab. +class Kubernetes { + /// The kubernetes namespace where this environment should be deployed to. + namespace: String(!isEmpty)? + + /// Specifies the GitLab Agent for Kubernetes. The format is `path/to/agent/project:agent-name`. + agent: String? + + /// The Flux resource path to associate with this environment. This must be the full resource path. For + /// example, 'helm.toolkit.fluxcd.io/v2/namespaces/gitlab-agent/helmreleases/gitlab-agent'. + flux_resource_path: String? +} + +/// Indicates that the job creates a Release. +class Release { + /// The tag_name must be specified. It can refer to an existing Git tag or can be specified by the + /// user. + tag_name: String(!isEmpty) + + /// Message to use if creating a new annotated tag. + tag_message: String? + + /// Specifies the longer description of the Release. + description: String(!isEmpty) + + /// The Release name. If omitted, it is populated with the value of release: tag_name. + name: String? + + /// If the release: tag_name doesn’t exist yet, the release is created from ref. ref can be a commit + /// SHA, another tag name, or a branch name. + ref: String? + + /// The title of each milestone the release is associated with. + milestones: Listing? + + /// The date and time when the release is ready. Defaults to the current date and time if not defined. + /// Should be enclosed in quotes and expressed in ISO 8601 format. + released_at: String(matches(Regex(#"^(?:[1-9]\d{3}-(?:(?:0[1-9]|1[0-2])-(?:0[1-9]|1\d|2[0-8])|(?:0[13-9]|1[0-2])-(?:29|30)|(?:0[13578]|1[02])-31)|(?:[1-9]\d(?:0[48]|[2468][048]|[13579][26])|(?:[2468][048]|[13579][26])00)-02-29)T(?:[01]\d|2[0-3]):[0-5]\d:[0-5]\d(?:Z|[+-][01]\d:[0-5]\d)$"#)))? + + assets: Assets? +} + +class Assets { + /// Include asset links in the release. + links: Listing(!isEmpty) +} + +class Link { + /// The name of the link. + name: String(!isEmpty) + + /// The URL to download a file. + url: String(!isEmpty) + + /// The redirect link to the url. + filepath: String? + + /// The content kind of what users can download via url. + link_type: ("runbook"|"package"|"image"|"other")? +} + +class TriggerAlternate0 { + /// Path to the project, e.g. `group/project`, or `group/sub-group/project`. + project: String(matches(Regex(#"(?:\S/\S|\$\S+)"#))) + + /// The branch name that a downstream pipeline will use + branch: String? + + /// You can mirror the pipeline status from the triggered pipeline to the source bridge job by using + /// strategy: depend + strategy: "depend"? + + inputs: Inputs? + + /// Specify what to forward to the downstream pipeline. + forward: TriggerAlternate1Forward? +} + +/// Specify what to forward to the downstream pipeline. +class TriggerAlternate1Forward { + /// Variables defined in the trigger job are passed to downstream pipelines. + /// + /// Default if undefined: `true` + yaml_variables: Boolean? + + /// Variables added for manual pipeline runs and scheduled pipelines are passed to downstream + /// pipelines. + /// + /// Default if undefined: `false` + pipeline_variables: Boolean? +} + +/// Trigger a child pipeline. [Learn +/// More](https://docs.gitlab.com/ci/pipelines/downstream_pipelines/#parent-child-pipelines). +class TriggerAlternate1 { + include: ( + String(matches(Regex(#"\.ya?ml$"#))) + |Listing< + `IncludeAlternate1[]Alternate0` + |`IncludeAlternate1[]Alternate1` + |`IncludeAlternate1[]Alternate2` + |`IncludeAlternate1[]Alternate3` + |`[]Alternate4` + |`[]Alternate5`>(length <= 3))? + + /// You can mirror the pipeline status from the triggered pipeline to the source bridge job by using + /// strategy: depend + strategy: "depend"? + + /// Specify what to forward to the downstream pipeline. + forward: TriggerAlternate1Forward? +} + +class `IncludeAlternate1[]Alternate0` { + /// Relative path from local repository root (`/`) to the local YAML file to define the pipeline + /// configuration. + `local`: String(matches(Regex(#"\.ya?ml$"#))) + + inputs: Inputs? +} + +class `IncludeAlternate1[]Alternate1` { + /// Name of the template YAML file to use in the pipeline configuration. + template: String(matches(Regex(#"\.ya?ml$"#))) + + inputs: Inputs? +} + +class `IncludeAlternate1[]Alternate2` { + /// Relative path to the generated YAML file which is extracted from the artifacts and used as the + /// configuration for triggering the child pipeline. + artifact: String(matches(Regex(#"\.ya?ml$"#))) + + /// Job name which generates the artifact + job: String + + inputs: Inputs? +} + +class `IncludeAlternate1[]Alternate3` { + /// Path to another private project under the same GitLab instance, like `group/project` or + /// `group/sub-group/project`. + project: String(matches(Regex(#"(?:\S/\S|\$\S+)"#))) + + /// Branch/Tag/Commit hash for the target project. + ref: String(!isEmpty)? + + /// Relative path from repository root (`/`) to the pipeline configuration YAML file. + file: String(matches(Regex(#"\.ya?ml$"#))) + + inputs: Inputs? +} + +class `[]Alternate4` { + /// Local path to component directory or full path to external component directory. + component: String + + inputs: Inputs? +} + +class `[]Alternate5` { + /// URL to a `yaml`/`yml` template file using HTTP/HTTPS. + remote: String(matches(Regex(#"^https?://.+\.ya?ml$"#))) + + inputs: Inputs? +} + +class Inherit { + default: ( + Boolean + |Listing< + "after_script" + |"artifacts" + |"before_script" + |"cache" + |"image" + |"interruptible" + |"retry" + |"services" + |"tags" + |"timeout">)? + + variables: (Boolean|Listing)? +} + +class PagesAlternate0 { + path_prefix: If? + + expire_in: If? + + publish: If? +} + +class JobTemplateAlternate0 { + `when`: "delayed" +} + +class JobTemplateAlternate1 { + `when`: Any(this != "delayed")? +} + +class Hooks { + pre_get_sources_script: OptionalScript? +} + +/// Run a referenced step. +class StepAlternate0 { + name: StepName + + env: StepNamedStrings? + + inputs: StepNamedValues? + + step: If|StepGitReference|StepOciReference +} + +/// Run an action. +class StepAlternate2 { + name: StepName + + env: StepNamedStrings? + + inputs: StepNamedValues? + + action: StartIn +} + +/// Run a script. +class StepAlternate3 { + name: StepName + + env: StepNamedStrings? + + script: StartIn +} + +/// Exec a binary. +class StepAlternate4 { + env: StepNamedStrings? + + /// Exec is a command to run. + exec: StepExec +} + +/// GitReference is a reference to a step in a Git repository. +class StepGitReference { + git: Git +} + +class Git { + url: If + + dir: If? + + rev: If + + file: If? +} + +/// OCIReference is a reference to a step hosted in an OCI repository. +class StepOciReference { + oci: Oci +} + +class Oci { + /// The [:] of the container registry server. + registry: String + + /// A path within the registry containing related OCI images. Typically the namespace, project, and + /// image name. + repository: String + + /// A pointer to the image manifest hosted in the OCI repository. + tag: String + + /// A directory inside the OCI image where the step can be found. + dir: String? + + /// The name of the file that defines the step, defaults to step.yml. + file: String? +} + +class StepExec { + /// Command are the parameters to the system exec API. It does not invoke a shell. + command: Listing(!isEmpty) + + /// WorkDir is the working directly in which `command` will be exec'ed. + work_dir: String? +} + +typealias StringFileList = If|Listing + +typealias InputParameters = Mapping + +typealias IncludeItem = + (Any)(matches(Regex(#"\w\.ya?ml$"#))) + |IncludeItemAlternate1 + |IncludeItemAlternate2 + |IncludeItemAlternate3 + |IncludeItemAlternate4 + |IncludeItemAlternate5 + +typealias refType = Listing + +typealias Image = String(!isEmpty)|ImageAlternate1 + +typealias Services = Listing + +typealias ItemIdTokens = Mapping + +typealias Identity = "google_cloud" + +typealias ItemSecrets = Mapping + +typealias Script = StartIn|Listing>(!isEmpty) + +typealias Steps = Listing + +typealias OptionalScript = If|Listing> + +typealias Rules = Listing<`[]Alternate0`|StartIn|Listing(!isEmpty)>? + +typealias IncludeRules = Listing<`IncludeRule[]Alternate0`|StartIn|Listing(!isEmpty)>? + +typealias WorkflowName = String(length.isBetween(1, 255)) + +typealias GlobalVariables = Mapping + +typealias JobVariables = Mapping + +typealias RulesVariables = Mapping + +typealias If = String + +typealias Changes = ChangesAlternate0|Listing + +typealias Exists = Listing|ExistsAlternate1|ExistsAlternate2 + +typealias StartIn = String(!isEmpty) + +typealias RulesNeeds = Listing + +typealias AllowFailure = Boolean|AllowFailureAlternate1|AllowFailureAlternate2 + +/// Splits up a single job into multiple that run in parallel. Provides `CI_NODE_INDEX` and +/// `CI_NODE_TOTAL` environment variables to the jobs. +typealias Parallel = Int(isBetween(1, 200))|ParallelMatrixAlternate0 + +/// Use the `needs:parallel:matrix` keyword to specify parallelized jobs needed to be completed for the +/// job to run. [Learn More](https://docs.gitlab.com/ci/yaml/#needsparallelmatrix) +typealias ParallelMatrix = ParallelMatrixAlternate0 + +/// Default if undefined: `"on_success"` +typealias When = "on_success"|"on_failure"|"always"|"never"|"manual"|"delayed" + +typealias Cache = CacheItem|Listing + +/// Filter job by different keywords that determine origin or state, or by supplying string/regex to +/// check against branch/tag names. +typealias FilterRefs = Listing<"branches"|"tags"|"api"|"external"|"pipelines"|"pushes"|"schedules"|"triggers"|"web"|String> + +typealias Filter = Any|FilterRefs|FilterAlternate2 + +typealias Retry = RetryMax|RetryAlternate1 + +/// The number of times the job will be retried if it fails. Defaults to 0 and can max be retried 2 times +/// (3 times total). +/// +/// Default if undefined: `0` +typealias RetryMax = Int(isBetween(0, 2)) + +typealias RetryErrors = + "always" + |"unknown_failure" + |"script_failure" + |"api_failure" + |"stuck_or_timeout_failure" + |"runner_system_failure" + |"runner_unsupported" + |"stale_schedule" + |"job_execution_timeout" + |"archived_failure" + |"unmet_prerequisites" + |"scheduler_failure" + |"data_integrity_failure" + +/// Default if undefined: `false` +typealias Interruptible = Boolean + +typealias Inputs = Mapping|Listing>> + |Mapping + |Any> + +typealias Job = JobTemplateAlternate0|JobTemplateAlternate1 + +typealias Tags = Listing(!isEmpty)>(!isEmpty) + +/// Any of these step use cases are valid. +typealias Step = StepAlternate0|StepAlternate2|StepAlternate3|StepAlternate4 + +typealias StepName = String(matches(Regex("^[a-zA-Z_][a-zA-Z0-9_]*$"))) + +typealias StepNamedStrings = Mapping + +typealias StepNamedValues = Mapping diff --git a/.gitlab/lib/schema/schema.sh b/.gitlab/lib/schema/schema.sh new file mode 100755 index 0000000..23377a8 --- /dev/null +++ b/.gitlab/lib/schema/schema.sh @@ -0,0 +1,8 @@ +#!/usr/bin/env bash + +set -euo pipefail + +pkl \ + eval "package://pkg.pkl-lang.org/pkl-pantry/org.json_schema.contrib@1.1.4#/generate.pkl" \ + -m . \ + -p source="https://gitlab.com/gitlab-org/gitlab/-/raw/master/app/assets/javascripts/editor/schema/ci.json" diff --git a/.gitlab/lib/util/k8s.pkl b/.gitlab/lib/util/k8s.pkl new file mode 100644 index 0000000..a4b08c0 --- /dev/null +++ b/.gitlab/lib/util/k8s.pkl @@ -0,0 +1,25 @@ +typealias CPUAmount = String(matches(Regex("^\\d+m?"))) +typealias MemoryAmount = String(matches(Regex("^\\d+(Mi|Gi)$"))) + +class Resources { + cpu: CPUAmount? + memory: MemoryAmount? + + fixed vars: Mapping = new { + when (cpu != null) { + ["KUBERNETES_CPU_LIMIT"] = cpu + } + + when (memory != null) { + ["KUBERNETES_MEMORY_REQUEST"] = memory + ["KUBERNETES_MEMORY_LIMIT"] = memory + } + } +} + +hidden resources = new { + xs = new Resources { memory = "512Mi" }.vars + sm = new Resources { memory = "1Gi" }.vars + md = new Resources { memory = "2Gi" }.vars + lg = new Resources { memory = "3Gi" }.vars +} diff --git a/.gitlab/lib/util/shell.pkl b/.gitlab/lib/util/shell.pkl new file mode 100644 index 0000000..0b8ab7b --- /dev/null +++ b/.gitlab/lib/util/shell.pkl @@ -0,0 +1,5 @@ +function section(sectionId: String, sectionName: String, commands: Listing): String = new Listing { + "section_start '\(sectionId)' '\(sectionName)'" + ...commands + "section_end '\(sectionId)'" +}.join(" && ") diff --git a/build-vars.sh b/build-vars.sh new file mode 100755 index 0000000..67e33d3 --- /dev/null +++ b/build-vars.sh @@ -0,0 +1,30 @@ +set -euo pipefail + +function set_build_vars_dev() { + export HAPROXY_GITREPO="https://git.haproxy.org/?p=haproxy.git" + export HAPROXY_VERSION="3.2-dev" + echo "Import build vars for dev profile ($HAPROXY_VERSION)" + + # https://git.haproxy.org/?p=haproxy.git;a=commit;h=8235a24782e528b9bf8ca9dd69c0a147556dfcb5 + export HAPROXY_GITREF="8235a24782e528b9bf8ca9dd69c0a147556dfcb5" + + export BUILD_PATCHES_DIR="patches-dev" + export HAPROXY_LIBASAN="false" + export HAPROXY_LIBUBSAN="false" + export HAPROXY_OPTIMIZATION="-Og" + +} + +function set_build_vars_stable() { + export HAPROXY_GITREPO="https://git.haproxy.org/?p=haproxy-3.1.git" + export HAPROXY_VERSION="3.1-stable" + echo "Import build vars for stable profile ($HAPROXY_VERSION)" + + # https://git.haproxy.org/?p=haproxy-3.1.git;a=commit;h=v3.1.3 + export HAPROXY_GITREF="v3.1.3" + + export BUILD_PATCHES_DIR="patches-stable" + export HAPROXY_LIBASAN="false" + export HAPROXY_LIBUBSAN="false" + export HAPROXY_OPTIMIZATION="-O2" +} diff --git a/tool/ci-tools.sh b/tool/ci-tools.sh old mode 100755 new mode 100644 From 436991cecdda2127af8cee102754f1894eaca0b7 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:00:24 +0100 Subject: [PATCH 13/53] trial 2 --- .gitlab-ci.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c669c9e..f40a9ad 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,5 @@ render-pipeline: - stage: "prepare" + stage: ".pre" image: "alpine:latest" script: | set -euo pipefail @@ -21,7 +21,7 @@ render-pipeline: paths: [ ".gitlab/ci.rendered.yml" ] trigger-dynamic: - stage: "run" + stage: ".post" needs: [ "render-pipeline" ] parallel: matrix: From dac7e88663c981c6184a0b3488e36bd6b84d7ad2 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:01:11 +0100 Subject: [PATCH 14/53] trial 3 --- .gitlab-ci.yml | 8 ++++++-- 1 file changed, 6 insertions(+), 2 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index f40a9ad..69022d2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1,5 +1,9 @@ +stages: + - "render" + - "trigger" + render-pipeline: - stage: ".pre" + stage: "render" image: "alpine:latest" script: | set -euo pipefail @@ -21,7 +25,7 @@ render-pipeline: paths: [ ".gitlab/ci.rendered.yml" ] trigger-dynamic: - stage: ".post" + stage: "trigger" needs: [ "render-pipeline" ] parallel: matrix: From 838bdf7cc6781ed57b8cfcc2458ee0ab048bbd26 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:02:34 +0100 Subject: [PATCH 15/53] trial 4 --- .gitlab-ci.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 69022d2..c382262 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -22,7 +22,9 @@ render-pipeline: key: "pkl-${PKL_VERSION}" paths: [ "/opt/pkl" ] artifacts: - paths: [ ".gitlab/ci.rendered.yml" ] + paths: + - ".gitlab/debian.ci.yml" + - ".gitlab/rockylinux.ci.yml" trigger-dynamic: stage: "trigger" From 4157ab4c8c11ab7e3c8e84c2c86134c4f25c50ec Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:08:46 +0100 Subject: [PATCH 16/53] fix dataplaneapi build ignore default before_script and make sure to install bash --- .gitlab/lib/pipeline.pkl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index a0d00e2..43cecf2 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -58,8 +58,8 @@ dataplaneapi = (defaultJob) { image = "docker.io/library/golang:1.24-alpine" needs = new {} stage = "dependencies" - before_script { - "apk add --no-cache curl bzip2 git make tar" + before_script = new Listing { + "apk add --no-cache bash bzip2 curl git make tar" "git config --global --add safe.directory $CI_PROJECT_DIR" } script = "make deps/dataplaneapi" From 57489ffb0da822d88c307fd69b8c146f795bfb22 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:14:55 +0100 Subject: [PATCH 17/53] fix import script directory handling --- .gitlab/lib/deps.pkl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab/lib/deps.pkl b/.gitlab/lib/deps.pkl index 7716e40..b9af36d 100644 --- a/.gitlab/lib/deps.pkl +++ b/.gitlab/lib/deps.pkl @@ -13,8 +13,8 @@ class Dependency { artifact: String = "\(path)/\(nameCanonical)-dist.tar.gz" fetchSh: String = shell.section(nameCanonical, "Fetch \(name) artifact", new Listing { - "mkdir \(path)" - "tar -C \(path)/dist -xf \(artifact)" + "if ! [ -d '\(path)' ]; then mkdir -v '\(path)'; fi" + "tar -C '\(path)/dist' -xf '\(artifact)'" }) } From c2006ab3bbc9c46bbbd4604a32733ec23986f291 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:20:01 +0100 Subject: [PATCH 18/53] move pkl binary to project build root for caching --- .gitlab-ci.yml | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index c382262..3e4f750 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,17 +10,17 @@ render-pipeline: if ! [ -f "/opt/pkl" ]; then echo "Install PKL v${PKL_VERSION}" - wget -O /opt/pkl "https://github.com/apple/pkl/releases/download/${PKL_VERSION}/pkl-alpine-linux-amd64" - chmod +x /opt/pkl + wget -O ./pkl-${PKL_VERSION} "https://github.com/apple/pkl/releases/download/${PKL_VERSION}/pkl-alpine-linux-amd64" + chmod +x ./pkl-${PKL_VERSION} fi - /opt/pkl eval -w ".gitlab" -f yaml "ci-debian.pkl" | tee ".gitlab/debian.ci.yml" - /opt/pkl eval -w ".gitlab" -f yaml "ci-rockylinux.pkl" | tee ".gitlab/rockylinux.ci.yml" + ./pkl-${PKL_VERSION} eval -w ".gitlab" -f yaml "ci-debian.pkl" | tee ".gitlab/debian.ci.yml" + ./pkl-${PKL_VERSION} eval -w ".gitlab" -f yaml "ci-rockylinux.pkl" | tee ".gitlab/rockylinux.ci.yml" variables: PKL_VERSION: "0.28.2" cache: key: "pkl-${PKL_VERSION}" - paths: [ "/opt/pkl" ] + paths: [ "pkl-${PKL_VERSION}" ] artifacts: paths: - ".gitlab/debian.ci.yml" From f9f015836c73bab8f3d3cb1416dfb5b5beec2210 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:24:02 +0100 Subject: [PATCH 19/53] fix extract logic setup --- .gitlab/lib/deps.pkl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/lib/deps.pkl b/.gitlab/lib/deps.pkl index b9af36d..2ef65be 100644 --- a/.gitlab/lib/deps.pkl +++ b/.gitlab/lib/deps.pkl @@ -13,7 +13,7 @@ class Dependency { artifact: String = "\(path)/\(nameCanonical)-dist.tar.gz" fetchSh: String = shell.section(nameCanonical, "Fetch \(name) artifact", new Listing { - "if ! [ -d '\(path)' ]; then mkdir -v '\(path)'; fi" + "if ! [ -d '\(path)' ]; then mkdir -pv '\(path)/dist'; fi" "tar -C '\(path)/dist' -xf '\(artifact)'" }) } From 07f3b253ab67cab0718c5c12c5afed07af5f6d99 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:32:59 +0100 Subject: [PATCH 20/53] remove dataplaneapi & fix deps paths AGAIN --- .gitlab/lib/deps.pkl | 2 +- .gitlab/lib/pipeline.pkl | 21 ++------------------- 2 files changed, 3 insertions(+), 20 deletions(-) diff --git a/.gitlab/lib/deps.pkl b/.gitlab/lib/deps.pkl index 2ef65be..632eb7d 100644 --- a/.gitlab/lib/deps.pkl +++ b/.gitlab/lib/deps.pkl @@ -13,7 +13,7 @@ class Dependency { artifact: String = "\(path)/\(nameCanonical)-dist.tar.gz" fetchSh: String = shell.section(nameCanonical, "Fetch \(name) artifact", new Listing { - "if ! [ -d '\(path)' ]; then mkdir -pv '\(path)/dist'; fi" + "if ! [ -d '\(path)/dist' ]; then mkdir -pv '\(path)/dist'; fi" "tar -C '\(path)/dist' -xf '\(artifact)'" }) } diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 43cecf2..ed60a28 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -54,25 +54,6 @@ dependencies = (deps.dependencies(defaultJob, dependencyList)) { } } -dataplaneapi = (defaultJob) { - image = "docker.io/library/golang:1.24-alpine" - needs = new {} - stage = "dependencies" - before_script = new Listing { - "apk add --no-cache bash bzip2 curl git make tar" - "git config --global --add safe.directory $CI_PROJECT_DIR" - } - script = "make deps/dataplaneapi" - variables { - ["GOMEMLIMIT"] = "2097152" - ...k8s.resources.lg - } - artifacts { - expire_in = "7 days" - paths { "deps/dataplaneapi/dataplaneapi-dist.tar.gz" } - } -} - function haproxyVars(target: inputs.Build) = (k8s.resources.sm) { ["HAPROXY_GITREPO"] = target.params.git_repo ["HAPROXY_GITREF"] = target.params.git_ref @@ -85,6 +66,7 @@ function haproxyVars(target: inputs.Build) = (k8s.resources.sm) { local buildJob = (defaultJob) { stage = "build" + needs { "dependencies" } script = new Listing { ...dependencyList.map((dep) -> dep.fetchSh) "make -C haproxy" @@ -97,6 +79,7 @@ local buildJob = (defaultJob) { local regtestJob = (defaultJob) { stage = "test" + needs { "dependencies" } script = new Listing { ...dependencyList.map((dep) -> dep.fetchSh) shell.section("ulimit", "Validate ulimit", new Listing { "./tool/check-docker-ulimit.sh" }) From 0f1527eab94951517421ceb3150125091469abff Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:37:34 +0100 Subject: [PATCH 21/53] when untarring deps, be verbose now that we're in a collapsible pipeline it's ok --- .gitlab/lib/deps.pkl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/lib/deps.pkl b/.gitlab/lib/deps.pkl index 632eb7d..11808a8 100644 --- a/.gitlab/lib/deps.pkl +++ b/.gitlab/lib/deps.pkl @@ -14,7 +14,7 @@ class Dependency { fetchSh: String = shell.section(nameCanonical, "Fetch \(name) artifact", new Listing { "if ! [ -d '\(path)/dist' ]; then mkdir -pv '\(path)/dist'; fi" - "tar -C '\(path)/dist' -xf '\(artifact)'" + "tar -C '\(path)/dist' -xvf '\(artifact)'" }) } From 706835c2918987eece2456cbfe5ae534c55a4f84 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:47:24 +0100 Subject: [PATCH 22/53] fix missing pipefail in some shell scripts --- .gitlab/lib/pipeline.pkl | 12 +++--------- .gitlab/lib/util/shell.pkl | 7 ++++--- 2 files changed, 7 insertions(+), 12 deletions(-) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index ed60a28..291c500 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -26,18 +26,12 @@ stages { "package" } -local resolveDeps = new Listing { - "section_start 'tools' 'Setup build dependencies'" - "./tool/setup-\(os_family).sh" - "section_end 'tools'" -} - local defaultJob = new Ci.JobTemplate { image = os_image - before_script = new Listing { + before_script = shell.section("tools", "Setup build dependencies", new Listing { "source ./tool/ci-tools.sh" - resolveDeps.join(" && ") - } + "./tool/setup-\(os_family).sh" + }) variables = module.variables } diff --git a/.gitlab/lib/util/shell.pkl b/.gitlab/lib/util/shell.pkl index 0b8ab7b..507af15 100644 --- a/.gitlab/lib/util/shell.pkl +++ b/.gitlab/lib/util/shell.pkl @@ -1,5 +1,6 @@ -function section(sectionId: String, sectionName: String, commands: Listing): String = new Listing { - "section_start '\(sectionId)' '\(sectionName)'" +function section(id: String, name: String, commands: Listing): String = new Listing { + "set -euo pipefail" + "section_start '\(id)' '\(name)'" ...commands - "section_end '\(sectionId)'" + "section_end '\(id)'" }.join(" && ") From 30debb9883597c20df847564f6dd068aefb19aca Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:52:18 +0100 Subject: [PATCH 23/53] cleanup shell command wrapping --- .gitlab/lib/deps.pkl | 4 ++-- .gitlab/lib/pipeline.pkl | 8 ++++---- .gitlab/lib/util/shell.pkl | 6 ++++-- 3 files changed, 10 insertions(+), 8 deletions(-) diff --git a/.gitlab/lib/deps.pkl b/.gitlab/lib/deps.pkl index 11808a8..6f0b34f 100644 --- a/.gitlab/lib/deps.pkl +++ b/.gitlab/lib/deps.pkl @@ -9,10 +9,10 @@ class Dependency { path: String = "deps/\(nameCanonical)" - buildSh: String = shell.section(nameCanonical, name, new Listing { "make \(path)" }) + buildSh: String = shell.command(nameCanonical, name, "make \(path)") artifact: String = "\(path)/\(nameCanonical)-dist.tar.gz" - fetchSh: String = shell.section(nameCanonical, "Fetch \(name) artifact", new Listing { + fetchSh: String = shell.commands(nameCanonical, "Fetch \(name) artifact", new Listing { "if ! [ -d '\(path)/dist' ]; then mkdir -pv '\(path)/dist'; fi" "tar -C '\(path)/dist' -xvf '\(artifact)'" }) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 291c500..18422e0 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -28,10 +28,10 @@ stages { local defaultJob = new Ci.JobTemplate { image = os_image - before_script = shell.section("tools", "Setup build dependencies", new Listing { + before_script = new Listing { "source ./tool/ci-tools.sh" - "./tool/setup-\(os_family).sh" - }) + shell.command("tools", "Setup build dependencies", "./tool/setup-\(os_family).sh") + } variables = module.variables } @@ -76,7 +76,7 @@ local regtestJob = (defaultJob) { needs { "dependencies" } script = new Listing { ...dependencyList.map((dep) -> dep.fetchSh) - shell.section("ulimit", "Validate ulimit", new Listing { "./tool/check-docker-ulimit.sh" }) + shell.command("ulimit", "Validate ulimit", "./tool/check-docker-ulimit.sh") "make -C haproxy build test" } artifacts { diff --git a/.gitlab/lib/util/shell.pkl b/.gitlab/lib/util/shell.pkl index 507af15..90e5c83 100644 --- a/.gitlab/lib/util/shell.pkl +++ b/.gitlab/lib/util/shell.pkl @@ -1,6 +1,8 @@ -function section(id: String, name: String, commands: Listing): String = new Listing { +function commands(id: String, name: String, cmds: Listing): String = new Listing { "set -euo pipefail" "section_start '\(id)' '\(name)'" - ...commands + ...cmds "section_end '\(id)'" }.join(" && ") + +function command(id: String, name: String, cmd: String): String = commands(id, name, new Listing { cmd }) From 56cb43b181e4b5ea40ea02008acae6de7ea02561 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 18:53:48 +0100 Subject: [PATCH 24/53] fix pkl binary fetch laziness --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3e4f750..30afb88 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,7 +8,7 @@ render-pipeline: script: | set -euo pipefail - if ! [ -f "/opt/pkl" ]; then + if ! [ -f "./pkl-${PKL_VERSION}" ]; then echo "Install PKL v${PKL_VERSION}" wget -O ./pkl-${PKL_VERSION} "https://github.com/apple/pkl/releases/download/${PKL_VERSION}/pkl-alpine-linux-amd64" chmod +x ./pkl-${PKL_VERSION} From 38f4d99b89df1a483a9c3004c0a6e9307b6a7a64 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 19:21:02 +0100 Subject: [PATCH 25/53] remove dataplaneapi stuff --- Makefile | 6 +----- deps/dataplaneapi/Makefile | 40 -------------------------------------- haproxy/Makefile | 11 ++++------- haproxy/rules.debian | 3 --- 4 files changed, 5 insertions(+), 55 deletions(-) delete mode 100644 deps/dataplaneapi/Makefile mode change 100755 => 100644 haproxy/rules.debian diff --git a/Makefile b/Makefile index 6801c60..1c107c8 100644 --- a/Makefile +++ b/Makefile @@ -1,13 +1,10 @@ all: deps haproxy -deps: deps/awslc deps/dataplaneapi deps/lua deps/pcre2 deps/quictls deps/vtest +deps: deps/awslc deps/lua deps/pcre2 deps/quictls deps/vtest deps/awslc: $(MAKE) -C "deps/awslc" -deps/dataplaneapi: - $(MAKE) -C "deps/dataplaneapi" - deps/lua: $(MAKE) -C "deps/lua" @@ -25,7 +22,6 @@ haproxy: clean: $(MAKE) -C "deps/awslc" clean - $(MAKE) -C "deps/dataplaneapi" clean $(MAKE) -C "deps/lua" clean $(MAKE) -C "deps/pcre2" clean $(MAKE) -C "deps/quictls" clean diff --git a/deps/dataplaneapi/Makefile b/deps/dataplaneapi/Makefile deleted file mode 100644 index 62f02da..0000000 --- a/deps/dataplaneapi/Makefile +++ /dev/null @@ -1,40 +0,0 @@ -DATAPLANEAPI_VERSION = v3.0 -DATAPLANEAPI_SOURCES = https://codeload.github.com/haproxytech/dataplaneapi/tar.gz/$(DATAPLANEAPI_VERSION) -DATAPLANEAPI_TARBALL = dataplaneapi-$(DATAPLANEAPI_VERSION).tar.gz -DATAPLANEAPI_BUILDIR = src -DATAPLANEAPI_DESTDIR = dist -DATAPLANEAPI_DESTDIR_ABS = $(shell realpath $(DATAPLANEAPI_DESTDIR)) -DATAPLANEAPI_ARCHIVE = dataplaneapi-dist.tar.gz - -BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) - -all: build $(DATAPLANEAPI_DESTDIR) $(DATAPLANEAPI_ARCHIVE) - -$(DATAPLANEAPI_TARBALL): - curl -fsSL -o "$(DATAPLANEAPI_TARBALL)" "$(DATAPLANEAPI_SOURCES)" - -$(DATAPLANEAPI_BUILDIR): $(DATAPLANEAPI_TARBALL) - @if ! [ -d "$(DATAPLANEAPI_BUILDIR)" ]; then mkdir -v "$(DATAPLANEAPI_BUILDIR)"; fi - tar -C $(DATAPLANEAPI_BUILDIR) --strip-components=1 -xf "$(DATAPLANEAPI_TARBALL)" - -build: $(DATAPLANEAPI_BUILDIR) - cd "$(DATAPLANEAPI_BUILDIR)" && make \ - GIT_HEAD_COMMIT="$(DATAPLANEAPI_VERSION)" \ - GIT_MODIFIED="+mangadex-$(BUILD_VERSION_REPOSHA)" \ - GIT_REPO="mangadex-pub/haproxy@git{hub, lab}" - "$(DATAPLANEAPI_BUILDIR)/build/dataplaneapi" --version - -$(DATAPLANEAPI_DESTDIR): build - if ! [ -d "$(DATAPLANEAPI_DESTDIR)/usr/sbin" ]; then mkdir -pv "$(DATAPLANEAPI_DESTDIR)/usr/sbin"; fi - cp -fv "$(DATAPLANEAPI_BUILDIR)/build/dataplaneapi" "$(DATAPLANEAPI_DESTDIR)/usr/sbin/dataplaneapi" - -$(DATAPLANEAPI_ARCHIVE): $(DATAPLANEAPI_DESTDIR) - tar -C "$(DATAPLANEAPI_DESTDIR)" -cjf "$(DATAPLANEAPI_ARCHIVE)" "usr" - -clean: - rm -fv "$(DATAPLANEAPI_TARBALL)" - rm -rf "$(DATAPLANEAPI_BUILDIR)" - rm -rf "$(DATAPLANEAPI_DESTDIR)" - rm -fv "$(DATAPLANEAPI_ARCHIVE)" - -.PHONY: clean build diff --git a/haproxy/Makefile b/haproxy/Makefile index 861fd13..f917fb6 100644 --- a/haproxy/Makefile +++ b/haproxy/Makefile @@ -110,10 +110,7 @@ MAKEARGS_DARWIN = $(MAKEARGS) \ USE_PCRE2=1 \ TARGET=osx -all: dist-bin - -dist-bin: build $(HAPROXY_DESTDIR) $(HAPROXY_ARCHIVE) -dist-deb: build-deb +all: build $(HAPROXY_TARBALL): curl -sfS -o "$(HAPROXY_TARBALL)" "$(HAPROXY_SOURCES)" @@ -173,7 +170,7 @@ $(HAPROXY_ARCHIVE): $(HAPROXY_DESTDIR) $(HAPROXY_DEBORIG): $(HAPROXY_TARBALL) cp -fv "$(HAPROXY_TARBALL)" "$(HAPROXY_DEBORIG)" -prepare-deb: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR) +prepare-debian: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR) cp -rf debian $(HAPROXY_BUILDIR)/ @for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR_ABS)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done @for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done @@ -185,7 +182,7 @@ prepare-deb: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR) envsubst < changelog.debian | tee "$(HAPROXY_BUILDIR)/debian/changelog" && \ cat debian/changelog >> "$(HAPROXY_BUILDIR)/debian/changelog" -build-deb: prepare-deb +dist-debian: prepare-debian cd $(HAPROXY_BUILDIR) && \ debuild -us -uc --lintian-opts --no-lintian rm -fv $(HAPROXY_TARBALL) @@ -199,4 +196,4 @@ clean: rm -fv "haproxy_"* rm -fv "haproxy-dbgsym_"* -.PHONY: clean patches build test prepare-deb +.PHONY: clean patches build test diff --git a/haproxy/rules.debian b/haproxy/rules.debian old mode 100755 new mode 100644 index ec5b7dd..2ef90f1 --- a/haproxy/rules.debian +++ b/haproxy/rules.debian @@ -3,7 +3,6 @@ DH_VERBOSE = 1 DH_OPTIONS = -v -DEP_DIST_ROOT_DATAPLANEAPI = $(shell realpath ../../deps/dataplaneapi/dist) DEP_DIST_ROOT_LUA = $(shell realpath ../../deps/lua/dist) DEP_DIST_ROOT_PCRE2 = $(shell realpath ../../deps/pcre2/dist) DEP_DIST_ROOT_AWSLC = $(shell realpath ../../deps/awslc/dist) @@ -118,7 +117,6 @@ override_dh_auto_clean: override_dh_auto_install-arch: cp -rf $(SSL_LIB_ROOT)/opt debian/haproxy/opt - cp -rf $(DEP_DIST_ROOT_DATAPLANEAPI)/usr debian/haproxy/usr $(MAKE) -j $(shell nproc) $(MAKEARGS_LINUX) install if [ -f "dev/haring/haring" ]; then install -m 0755 -D dev/haring/haring debian/haproxy/usr/sbin/haring; fi install -m 0644 -D debian/rsyslog.conf debian/haproxy/etc/rsyslog.d/49-haproxy.conf @@ -148,6 +146,5 @@ override_dh_dwz: dh_dwz \ --no-dwz-multifile \ --exclude="bssl" \ - --exclude="dataplaneapi" \ --exclude="haring" \ --exclude="openssl" From b8c3941a24002386bc36961b85ba5e01c4eb33c9 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 19:23:14 +0100 Subject: [PATCH 26/53] replace build with arch-local packaging --- .gitlab/lib/pipeline.pkl | 21 +++++++++++++-------- 1 file changed, 13 insertions(+), 8 deletions(-) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 18422e0..422fcf9 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -21,7 +21,6 @@ variables = new Mapping { stages { "dependencies" - "build" "test" "package" } @@ -58,12 +57,12 @@ function haproxyVars(target: inputs.Build) = (k8s.resources.sm) { } } -local buildJob = (defaultJob) { - stage = "build" +local packageJob = (defaultJob) { + stage = "package" needs { "dependencies" } script = new Listing { ...dependencyList.map((dep) -> dep.fetchSh) - "make -C haproxy" + "make -C haproxy dist-\(os_family)" } artifacts { expire_in = "7 days" @@ -85,25 +84,31 @@ local regtestJob = (defaultJob) { } } -`build:stable` = (buildJob) { +`regtests:stable` = (regtestJob) { variables { ...haproxyVars(stable) } } -`regtests:stable` = (regtestJob) { +`package:stable` = (packageJob) { + needs { + "regtests:stable" + } variables { ...haproxyVars(stable) } } -`build:dev` = (buildJob) { +`regtests:dev` = (regtestJob) { variables { ...haproxyVars(dev) } } -`regtests:dev` = (regtestJob) { +`package:dev` = (packageJob) { + needs { + "regtests:dev" + } variables { ...haproxyVars(dev) } From 48cc136472c4d4cfc903b96bccb099b8085c3f5e Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 19:35:42 +0100 Subject: [PATCH 27/53] fix package version prefix for packaging --- .gitlab/ci-base.pkl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.gitlab/ci-base.pkl b/.gitlab/ci-base.pkl index eef5447..683a3a9 100644 --- a/.gitlab/ci-base.pkl +++ b/.gitlab/ci-base.pkl @@ -5,7 +5,7 @@ fixed stable { params { git_repo = "https://git.haproxy.org/?p=haproxy-3.1.git" git_ref = "v3.1.7" - version = git_ref + version = "3.1-stable" } } @@ -14,6 +14,6 @@ fixed dev { params { git_repo = "https://git.haproxy.org/?p=haproxy.git" git_ref = "master" - version = git_ref + version = "3.2-dev" } } From 7cd415f558a0fd3d438eae4917d0a33f51903d49 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 22:48:13 +0100 Subject: [PATCH 28/53] add fpm usage for packaging on redhat family and soon on deb one too, because holy fuck --- .gitignore | 6 ++---- .gitlab/ci-debian.pkl | 1 + .gitlab/ci-rockylinux.pkl | 1 + .gitlab/lib/pipeline.pkl | 7 ++++++- haproxy/Makefile | 38 ++++++++++++++++++++++++++++++++++++-- tool/setup-debian.sh | 2 ++ tool/setup-rockylinux.sh | 9 ++++++++- 7 files changed, 56 insertions(+), 8 deletions(-) diff --git a/.gitignore b/.gitignore index b13b548..eef7d43 100644 --- a/.gitignore +++ b/.gitignore @@ -1,11 +1,9 @@ **/dist **/src **/*.build +**/*.deb **/*.dsc +**/*.rpm **/*.tar.gz **/*.xz **/*.zip - -# deb build artifacts -haproxy/haproxy_*~* -haproxy/haproxy-dbg*_*~* diff --git a/.gitlab/ci-debian.pkl b/.gitlab/ci-debian.pkl index 3b1388c..8c44af4 100644 --- a/.gitlab/ci-debian.pkl +++ b/.gitlab/ci-debian.pkl @@ -2,3 +2,4 @@ module Debian extends "ci-base.pkl" fixed os_family = "debian" fixed os_image = "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" +fixed os_packaging = "deb" diff --git a/.gitlab/ci-rockylinux.pkl b/.gitlab/ci-rockylinux.pkl index 41c679e..1b04d63 100644 --- a/.gitlab/ci-rockylinux.pkl +++ b/.gitlab/ci-rockylinux.pkl @@ -2,3 +2,4 @@ module RockyLinux extends "ci-base.pkl" fixed os_family = "rockylinux" fixed os_image = "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" +fixed os_packaging = "rpm" diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 422fcf9..e5f0c8c 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -9,6 +9,7 @@ import "util/shell.pkl" // input properties hidden fixed os_family: String hidden fixed os_image: String +hidden fixed os_packaging: String hidden fixed stable: inputs.Build hidden fixed dev: inputs.Build @@ -30,6 +31,7 @@ local defaultJob = new Ci.JobTemplate { before_script = new Listing { "source ./tool/ci-tools.sh" shell.command("tools", "Setup build dependencies", "./tool/setup-\(os_family).sh") + "git config --global --add safe.directory '*'" } variables = module.variables } @@ -62,11 +64,14 @@ local packageJob = (defaultJob) { needs { "dependencies" } script = new Listing { ...dependencyList.map((dep) -> dep.fetchSh) + "gem install fpm" "make -C haproxy dist-\(os_family)" } artifacts { expire_in = "7 days" - paths { "haproxy/haproxy-dist.tar.gz" } + paths { + "haproxy/*.\(os_packaging)" + } } } diff --git a/haproxy/Makefile b/haproxy/Makefile index f917fb6..3c2868b 100644 --- a/haproxy/Makefile +++ b/haproxy/Makefile @@ -28,6 +28,11 @@ DEP_DIST_ROOT_VTEST = $(shell realpath ../deps/vtest/dist) BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) +# rpm versioning +RPM_UPSTREAM_VERSION = $(shell tr -d '-' <<< $(HAPROXY_VERSION)+$(HAPROXY_GITREF)) +RPM_RELEASE_VERSION = mangadex+$(BUILD_VERSION_REPOSHA) +RPM_FULL_VERSION = $(RPM_UPSTREAM_VERSION)~$(RPM_RELEASE_VERSION) + # re-deref ensures overrides using relative paths get expanded BUILD_PATCHES_DIR_ABS = $(shell realpath $(BUILD_PATCHES_DIR)) BUILD_PATCHES_FILES = $(shell ls -1 $(BUILD_PATCHES_DIR_ABS)) @@ -80,6 +85,7 @@ ifeq ($(HAPROXY_SSL_LIB),quictls) ADDLIB += -Wl,-rpath,/opt/quictls/lib MAKEARGS += SSL_INC="$(DEP_DIST_ROOT_QUICTLS)/opt/quictls/include" \ SSL_LIB="$(DEP_DIST_ROOT_QUICTLS)/opt/quictls/lib" +DEP_DIST_SSL_CURRENT=$(DEP_DIST_ROOT_QUICTLS) endif ifeq ($(HAPROXY_SSL_LIB),awslc) ADDLIB += -Wl,-rpath,/opt/awslc/lib @@ -90,6 +96,7 @@ ADDLIB += -Wl,-rpath,/opt/awslc/lib MAKEARGS += USE_OPENSSL_AWSLC=1 \ SSL_INC="$(DEP_DIST_ROOT_AWSLC)/opt/awslc/include" \ SSL_LIB="$(DEP_DIST_ROOT_AWSLC)/opt/awslc/lib" +DEP_DIST_SSL_CURRENT=$(DEP_DIST_ROOT_AWSLC) endif ADDLIB += -ljemalloc @@ -127,6 +134,7 @@ build: $(HAPROXY_BUILDIR) patches $(info Enabling address sanitizer: $(HAPROXY_LIBASAN)) $(MAKE) build_$(shell uname -s) if [ -d "$(HAPROXY_BUILDIR)/dev/haring" ]; then $(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" dev/haring/haring; fi + if [ -d "$(HAPROXY_BUILDIR)/admin/systemd" ]; then $(MAKE) -C "$(HAPROXY_BUILDIR)/admin/systemd" -j "$(shell nproc)"; fi .PHONY: build_Linux build_Linux: @@ -160,7 +168,11 @@ $(HAPROXY_DESTDIR): @if [ -d "$(HAPROXY_DESTDIR)" ]; then rm -rf $(HAPROXY_DESTDIR); fi @mkdir -pv "$(HAPROXY_DESTDIR)" $(MAKE) -C "$(HAPROXY_BUILDIR)" -j "$(shell nproc)" DESTDIR="$(HAPROXY_DESTDIR_ABS)" install + + @# install haring and systemd integration if [ -f "$(HAPROXY_BUILDIR)/dev/haring/haring" ]; then install -m 0755 -D "$(HAPROXY_BUILDIR)/dev/haring/haring" "$(HAPROXY_DESTDIR_ABS)/usr/local/sbin/haring"; fi + if [ -f "$(HAPROXY_BUILDIR)/admin/systemd/haproxy.service" ]; then install -m 0644 -D "$(HAPROXY_BUILDIR)/admin/systemd/haproxy.service" "$(HAPROXY_DESTDIR_ABS)/usr/lib/systemd/system/haproxy.service"; fi + if ! $(HAPROXY_DESTDIR_ABS)/usr/local/sbin/haproxy -vv; then ls -alh; fi ldd $(HAPROXY_DESTDIR_ABS)/usr/local/sbin/haproxy @@ -170,7 +182,7 @@ $(HAPROXY_ARCHIVE): $(HAPROXY_DESTDIR) $(HAPROXY_DEBORIG): $(HAPROXY_TARBALL) cp -fv "$(HAPROXY_TARBALL)" "$(HAPROXY_DEBORIG)" -prepare-debian: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR) +prepare-deb: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR) cp -rf debian $(HAPROXY_BUILDIR)/ @for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR_ABS)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done @for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done @@ -182,12 +194,33 @@ prepare-debian: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR) envsubst < changelog.debian | tee "$(HAPROXY_BUILDIR)/debian/changelog" && \ cat debian/changelog >> "$(HAPROXY_BUILDIR)/debian/changelog" -dist-debian: prepare-debian +dist-deb: prepare-deb cd $(HAPROXY_BUILDIR) && \ debuild -us -uc --lintian-opts --no-lintian rm -fv $(HAPROXY_TARBALL) rm -rf $(HAPROXY_BUILDIR) +prepare-rpm: build $(HAPROXY_DESTDIR) + @if ! command -v fpm >/dev/null; then echo "fpm not found, install it 'gem install fpm'"; exit 1; else fpm --version; fi + cp -rf $(DEP_DIST_SSL_CURRENT)/* $(HAPROXY_DESTDIR)/ + +dist-rpm: prepare-rpm + @if [ -f "haproxy-$(RPM_FULL_VERSION).rpm" ]; then rm -v "haproxy-$(RPM_FULL_VERSION).rpm"; fi + fpm --input-type dir \ + --output-type rpm \ + --package "haproxy-$(RPM_FULL_VERSION).rpm" \ + --name "haproxy" \ + --architecture "native" \ + --license "mit+gpl2+lgpl" \ + --version "$(RPM_FULL_VERSION)" \ + --depends "jemalloc" \ + --description "HAProxy mainline build with QUIC (via $(HAPROXY_SSL_LIB))" \ + --url "https://gitlab.com/mangadex-pub/haproxy" \ + --maintainer "MangaDex " \ + "$(HAPROXY_DESTDIR)/opt/=/opt" "$(HAPROXY_DESTDIR)/usr/=/usr" + + rpm -qpl "haproxy-$(RPM_FULL_VERSION).rpm" + clean: rm -fv "$(HAPROXY_ARCHIVE)" rm -rf "$(HAPROXY_BUILDIR)" @@ -195,5 +228,6 @@ clean: rm -rf "$(HAPROXY_DESTDIR)" rm -fv "haproxy_"* rm -fv "haproxy-dbgsym_"* + rm -fv "haproxy"*.rpm .PHONY: clean patches build test diff --git a/tool/setup-debian.sh b/tool/setup-debian.sh index 4c0f72f..32873c0 100755 --- a/tool/setup-debian.sh +++ b/tool/setup-debian.sh @@ -22,6 +22,8 @@ apt -qq -y --no-install-recommends install \ libpcre2-dev \ libreadline-dev \ pkg-config \ + ruby \ + rubygems \ tar \ zip unzip \ zlib1g-dev diff --git a/tool/setup-rockylinux.sh b/tool/setup-rockylinux.sh index 1fa9279..d1e1ab4 100755 --- a/tool/setup-rockylinux.sh +++ b/tool/setup-rockylinux.sh @@ -9,6 +9,13 @@ dnf -y install \ jemalloc \ jemalloc-devel \ pcre2 \ - pcre2-devel + pcre2-devel \ + perl-FindBin \ + rpmdevtools \ + rpmlint \ + ruby \ + ruby-devel \ + rubygems \ + rubygem-json cc --version From 4499f12e3214bb9280b57722c72bebd95f5288ca Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 22:55:38 +0100 Subject: [PATCH 29/53] fix make target for packaging --- .gitlab/lib/pipeline.pkl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index e5f0c8c..76598c3 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -65,7 +65,7 @@ local packageJob = (defaultJob) { script = new Listing { ...dependencyList.map((dep) -> dep.fetchSh) "gem install fpm" - "make -C haproxy dist-\(os_family)" + "make -C haproxy dist-\(os_packaging)" } artifacts { expire_in = "7 days" From 6f6e5b2b63d02a515c91f3d21f848bd27d1bdec2 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 22:57:31 +0100 Subject: [PATCH 30/53] add optimization args where relevant --- .gitlab/lib/pipeline.pkl | 7 +++---- 1 file changed, 3 insertions(+), 4 deletions(-) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 76598c3..f71cf22 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -53,10 +53,6 @@ function haproxyVars(target: inputs.Build) = (k8s.resources.sm) { ["HAPROXY_GITREPO"] = target.params.git_repo ["HAPROXY_GITREF"] = target.params.git_ref ["HAPROXY_VERSION"] = target.params.version - - when (target.name == "dev") { - ["HAPROXY_OPTIMIZATION"] = "-Og" - } } local packageJob = (defaultJob) { @@ -92,6 +88,7 @@ local regtestJob = (defaultJob) { `regtests:stable` = (regtestJob) { variables { ...haproxyVars(stable) + ["HAPROXY_OPTIMIZATION"] = "-Og" } } @@ -107,6 +104,7 @@ local regtestJob = (defaultJob) { `regtests:dev` = (regtestJob) { variables { ...haproxyVars(dev) + ["HAPROXY_OPTIMIZATION"] = "-Og" } } @@ -116,5 +114,6 @@ local regtestJob = (defaultJob) { } variables { ...haproxyVars(dev) + ["HAPROXY_OPTIMIZATION"] = "-Og" } } From fc2fbbe228966018f1117933d853ba9101c3f9d9 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 23:32:30 +0100 Subject: [PATCH 31/53] cleanup pipeline generation --- .gitlab-ci.yml | 11 +++++++++-- .gitlab/lib/deps.pkl | 3 +-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 30afb88..62ce9b2 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -8,14 +8,21 @@ render-pipeline: script: | set -euo pipefail + source ./tool/ci-tools.sh + + section_start 'install-pkl' 'Install Pkl v${PKL_VERSION}' if ! [ -f "./pkl-${PKL_VERSION}" ]; then echo "Install PKL v${PKL_VERSION}" wget -O ./pkl-${PKL_VERSION} "https://github.com/apple/pkl/releases/download/${PKL_VERSION}/pkl-alpine-linux-amd64" chmod +x ./pkl-${PKL_VERSION} fi + section_end 'install-pkl' - ./pkl-${PKL_VERSION} eval -w ".gitlab" -f yaml "ci-debian.pkl" | tee ".gitlab/debian.ci.yml" - ./pkl-${PKL_VERSION} eval -w ".gitlab" -f yaml "ci-rockylinux.pkl" | tee ".gitlab/rockylinux.ci.yml" + for distribution in debian rockylinux; do + section_start "render-$distribution" "Render pipeline for $distribution" + ./pkl-${PKL_VERSION} eval -w ".gitlab" -f "yaml" "ci-$distribution.pkl" | tee ".gitlab/$distribution.ci.yml" + section_end "render-$distribution" + done variables: PKL_VERSION: "0.28.2" cache: diff --git a/.gitlab/lib/deps.pkl b/.gitlab/lib/deps.pkl index 6f0b34f..9c2d884 100644 --- a/.gitlab/lib/deps.pkl +++ b/.gitlab/lib/deps.pkl @@ -6,12 +6,11 @@ import "util/shell.pkl" class Dependency { name: String nameCanonical: String = name.replaceAll("-", "").toLowerCase() - path: String = "deps/\(nameCanonical)" buildSh: String = shell.command(nameCanonical, name, "make \(path)") - artifact: String = "\(path)/\(nameCanonical)-dist.tar.gz" + artifact: String = "\(path)/\(nameCanonical)-dist.tar.gz" fetchSh: String = shell.commands(nameCanonical, "Fetch \(name) artifact", new Listing { "if ! [ -d '\(path)/dist' ]; then mkdir -pv '\(path)/dist'; fi" "tar -C '\(path)/dist' -xvf '\(artifact)'" From 22df4311342e5954192b93c21579e8d48a843583 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 23:33:59 +0100 Subject: [PATCH 32/53] fix missing interpolation in pkl step name --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 62ce9b2..32842ed 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -10,16 +10,16 @@ render-pipeline: source ./tool/ci-tools.sh - section_start 'install-pkl' 'Install Pkl v${PKL_VERSION}' + section_start "install-pkl" "Install Pkl (version = ${PKL_VERSION})" if ! [ -f "./pkl-${PKL_VERSION}" ]; then echo "Install PKL v${PKL_VERSION}" wget -O ./pkl-${PKL_VERSION} "https://github.com/apple/pkl/releases/download/${PKL_VERSION}/pkl-alpine-linux-amd64" chmod +x ./pkl-${PKL_VERSION} fi - section_end 'install-pkl' + section_end "install-pkl" for distribution in debian rockylinux; do - section_start "render-$distribution" "Render pipeline for $distribution" + section_start "render-$distribution" "Render pipeline (distribution = $distribution)" ./pkl-${PKL_VERSION} eval -w ".gitlab" -f "yaml" "ci-$distribution.pkl" | tee ".gitlab/$distribution.ci.yml" section_end "render-$distribution" done From eebec184f2512c315a60cc07879253711c786dd5 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sun, 11 May 2025 23:36:25 +0100 Subject: [PATCH 33/53] shorter render/trigger job names ironically... the same names as a result :) --- .gitlab-ci.yml | 6 +++--- 1 file changed, 3 insertions(+), 3 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 32842ed..0d0feaf 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -2,7 +2,7 @@ stages: - "render" - "trigger" -render-pipeline: +render: stage: "render" image: "alpine:latest" script: | @@ -33,9 +33,9 @@ render-pipeline: - ".gitlab/debian.ci.yml" - ".gitlab/rockylinux.ci.yml" -trigger-dynamic: +trigger: stage: "trigger" - needs: [ "render-pipeline" ] + needs: [ "render" ] parallel: matrix: - OS_FAMILY: [ "debian", "rockylinux" ] From 3ea1e8aa7369d44144844edba5fd746f8c06fe20 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 12 May 2025 04:05:16 +0100 Subject: [PATCH 34/53] waouh --- .gitlab/lib/pipeline.pkl | 65 +- debian.dockerfile | 36 +- haproxy/Makefile | 82 +- haproxy/changelog.debian | 6 - haproxy/debian/NEWS | 35 - haproxy/debian/README.md | 12 - haproxy/debian/changelog | 2361 ----------------- haproxy/debian/control | 25 - haproxy/debian/copyright | 941 ------- haproxy/debian/haproxy.README.Debian | 29 - haproxy/debian/haproxy.dirs | 4 - haproxy/debian/haproxy.docs | 8 - haproxy/debian/haproxy.examples | 1 - haproxy/debian/haproxy.init | 197 -- haproxy/debian/haproxy.install | 3 - haproxy/debian/haproxy.maintscript | 1 - haproxy/debian/haproxy.manpages | 1 - haproxy/debian/haproxy.postinst | 22 - haproxy/debian/haproxy.postrm | 16 - haproxy/debian/logrotate.conf | 11 - .../haproxy.service-add-documentation.patch | 23 - ...e-systemd-bind-dev-log-inside-chroot.patch | 21 - .../haproxy.service-start-after-syslog.patch | 27 - haproxy/debian/patches/series | 3 - haproxy/debian/rsyslog.conf | 9 - haproxy/debian/source/format | 1 - haproxy/{debian => }/haproxy.cfg | 8 - haproxy/{debian => }/haproxy.default | 0 haproxy/{debian => }/haproxy.tmpfile | 0 haproxy/rules.debian | 150 -- haproxy/toil/deb-adduser.sh | 12 + haproxy/toil/deb-deluser.sh | 6 + haproxy/toil/rpm-adduser.sh | 10 + haproxy/toil/rpm-deluser.sh | 6 + rockylinux.dockerfile | 43 +- 35 files changed, 163 insertions(+), 4012 deletions(-) delete mode 100644 haproxy/changelog.debian delete mode 100644 haproxy/debian/NEWS delete mode 100644 haproxy/debian/README.md delete mode 100644 haproxy/debian/changelog delete mode 100644 haproxy/debian/control delete mode 100644 haproxy/debian/copyright delete mode 100644 haproxy/debian/haproxy.README.Debian delete mode 100644 haproxy/debian/haproxy.dirs delete mode 100644 haproxy/debian/haproxy.docs delete mode 100644 haproxy/debian/haproxy.examples delete mode 100644 haproxy/debian/haproxy.init delete mode 100644 haproxy/debian/haproxy.install delete mode 100644 haproxy/debian/haproxy.maintscript delete mode 100644 haproxy/debian/haproxy.manpages delete mode 100644 haproxy/debian/haproxy.postinst delete mode 100644 haproxy/debian/haproxy.postrm delete mode 100644 haproxy/debian/logrotate.conf delete mode 100644 haproxy/debian/patches/haproxy.service-add-documentation.patch delete mode 100644 haproxy/debian/patches/haproxy.service-make-systemd-bind-dev-log-inside-chroot.patch delete mode 100644 haproxy/debian/patches/haproxy.service-start-after-syslog.patch delete mode 100644 haproxy/debian/patches/series delete mode 100644 haproxy/debian/rsyslog.conf delete mode 100644 haproxy/debian/source/format rename haproxy/{debian => }/haproxy.cfg (73%) rename haproxy/{debian => }/haproxy.default (100%) rename haproxy/{debian => }/haproxy.tmpfile (100%) delete mode 100644 haproxy/rules.debian create mode 100755 haproxy/toil/deb-adduser.sh create mode 100755 haproxy/toil/deb-deluser.sh create mode 100755 haproxy/toil/rpm-adduser.sh create mode 100755 haproxy/toil/rpm-deluser.sh diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index f71cf22..e05b947 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -24,6 +24,7 @@ stages { "dependencies" "test" "package" + "publish" } local defaultJob = new Ci.JobTemplate { @@ -55,6 +56,20 @@ function haproxyVars(target: inputs.Build) = (k8s.resources.sm) { ["HAPROXY_VERSION"] = target.params.version } +local regtestJob = (defaultJob) { + stage = "test" + needs { "dependencies" } + script = new Listing { + ...dependencyList.map((dep) -> dep.fetchSh) + shell.command("ulimit", "Validate ulimit", "./tool/check-docker-ulimit.sh") + "make -C haproxy build test" + } + artifacts { + expire_in = "7 days" + paths { "/tmp/vtest" } + } +} + local packageJob = (defaultJob) { stage = "package" needs { "dependencies" } @@ -67,21 +82,47 @@ local packageJob = (defaultJob) { expire_in = "7 days" paths { "haproxy/*.\(os_packaging)" + "haproxy/*.tar.gz" } } } -local regtestJob = (defaultJob) { - stage = "test" - needs { "dependencies" } - script = new Listing { - ...dependencyList.map((dep) -> dep.fetchSh) - shell.command("ulimit", "Validate ulimit", "./tool/check-docker-ulimit.sh") - "make -C haproxy build test" +local mainBranch = read?("env:CI_DEFAULT_BRANCH") ?? "main" +local buildBranch = read?("env:CI_COMMIT_REF_NAME") ?? "local" +local buildSha = read?("env:CI_COMMIT_SHORT_SHA") ?? "SNAPSHOT" + +function dockerJob(build: inputs.Build) = (defaultJob) { + stage = "publish" + needs { "package:\(build.name)" } + before_script = new Listing { + "mkdir -p /kaniko/.docker" + """ + echo "{\\\"auths\\\":{\\\"$CI_REGISTRY\\\":{\\\"username\\\":\\\"gitlab-ci-token\\\",\\\"password\\\":\\\"$CI_JOB_TOKEN\\\"}}}" > /kaniko/.docker/config.json + """ } - artifacts { - expire_in = "7 days" - paths { "/tmp/vtest" } + script = new Listing { + local canonical = "\(build.params.version)-\(os_family)-hap-\(build.params.git_ref)-mdx-\(buildSha)" + local tags = List( + canonical, // 3.2-dev-debian-hap-123beef-mdx-456foof + "\(build.params.version)-\(os_family)" // 3.2-dev-debian + ) + + local tagArgs = tags + .map((tag) -> (if (mainBranch == buildBranch) "" else ("branch-\(buildBranch)-")) + tag) + .map((tag) -> "--destination \"$CI_REGISTRY_IMAGE:\(tag)\"") + .join(" ") + + """ + ( + set -x; + /kaniko/executor \\ + --context . \\ + --dockerfile \(os_family).dockerfile \\ + --build-arg "CANONICAL_VERSION=\(canonical)" \\ + --single-snapshot \\ + \(tagArgs) + ) + """ } } @@ -101,6 +142,8 @@ local regtestJob = (defaultJob) { } } +`docker:stable` = dockerJob(stable) + `regtests:dev` = (regtestJob) { variables { ...haproxyVars(dev) @@ -117,3 +160,5 @@ local regtestJob = (defaultJob) { ["HAPROXY_OPTIMIZATION"] = "-Og" } } + +`docker:dev` = dockerJob(dev) diff --git a/debian.dockerfile b/debian.dockerfile index 1876fa3..97e9764 100644 --- a/debian.dockerfile +++ b/debian.dockerfile @@ -1,24 +1,4 @@ -FROM docker.io/library/debian:bookworm AS base - -# This stage is mostly to import and unpack the dists in a docker-friendly fashion -FROM base AS dists - -RUN apt -qq update && apt install -qq -y bzip2 - -WORKDIR /tmp/dataplaneapi -COPY ./deps/dataplaneapi/dataplaneapi-dist.tar.gz /tmp/dataplaneapi/dataplaneapi.tar.gz -RUN ls -alh && tar xf dataplaneapi.tar.gz - -ARG HAPROXY_SSL_LIB="awslc" -WORKDIR /tmp/${HAPROXY_SSL_LIB} -COPY ./deps/${HAPROXY_SSL_LIB}/${HAPROXY_SSL_LIB}-dist.tar.gz /tmp/${HAPROXY_SSL_LIB}/${HAPROXY_SSL_LIB}.tar.gz -RUN ls -alh && tar xf ${HAPROXY_SSL_LIB}.tar.gz - -WORKDIR /tmp/haproxy -COPY ./haproxy/haproxy-dist.tar.gz /tmp/haproxy/haproxy.tar.gz -RUN ls -alh && tar xf haproxy.tar.gz - -FROM base +FROM docker.io/library/debian:bookworm LABEL Name="HAProxy" LABEL Vendor="MangaDex" @@ -27,10 +7,7 @@ LABEL Maintainer="MangaDex " ARG CANONICAL_VERSION="local-SNAPSHOT" LABEL Version="${CANONICAL_VERSION}" -ARG HAPROXY_SSL_LIB="awslc" -COPY --chown=root:root --from=dists /tmp/${HAPROXY_SSL_LIB}/opt /opt -COPY --chown=root:root --from=dists /tmp/dataplaneapi/usr /usr -COPY --chown=root:root --from=dists /tmp/haproxy/usr /usr +COPY --chown=root:root haproxy/*.deb /tmp RUN apt -q update && \ apt -qq -y --no-install-recommends install \ @@ -42,10 +19,17 @@ RUN apt -q update && \ procps \ socat \ zlib1g && \ + dpkg -i /tmp/*.deb && \ + rm -v /tmp/*.deb && \ + apt -qq -y install -f && \ apt -qq -y --purge autoremove && \ apt -qq -y clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/* && \ - groupadd "haproxy" && useradd -g "haproxy" "haproxy" && \ /usr/local/sbin/haproxy -vv +# slight docker-specific working around +RUN rm -v /etc/default/haproxy && rm -rf /etc/haproxy +RUN mkdir -v /run/haproxy && chown haproxy:haproxy /run/haproxy +COPY --chown=root haproxy/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg + CMD [ "/usr/local/sbin/haproxy", "-W", "-db", "-f", "/usr/local/etc/haproxy/haproxy.cfg" ] diff --git a/haproxy/Makefile b/haproxy/Makefile index 3c2868b..bdd8935 100644 --- a/haproxy/Makefile +++ b/haproxy/Makefile @@ -28,10 +28,10 @@ DEP_DIST_ROOT_VTEST = $(shell realpath ../deps/vtest/dist) BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) -# rpm versioning -RPM_UPSTREAM_VERSION = $(shell tr -d '-' <<< $(HAPROXY_VERSION)+$(HAPROXY_GITREF)) -RPM_RELEASE_VERSION = mangadex+$(BUILD_VERSION_REPOSHA) -RPM_FULL_VERSION = $(RPM_UPSTREAM_VERSION)~$(RPM_RELEASE_VERSION) +# distfile versioning +DIST_UPSTREAM_VERSION = $(shell echo "$(HAPROXY_VERSION)+$(HAPROXY_GITREF)" | tr -d "-") +DIST_RELEASE_VERSION = mangadex+$(BUILD_VERSION_REPOSHA) +DIST_FULL_VERSION = $(DIST_UPSTREAM_VERSION)~$(DIST_RELEASE_VERSION) # re-deref ensures overrides using relative paths get expanded BUILD_PATCHES_DIR_ABS = $(shell realpath $(BUILD_PATCHES_DIR)) @@ -173,6 +173,10 @@ $(HAPROXY_DESTDIR): if [ -f "$(HAPROXY_BUILDIR)/dev/haring/haring" ]; then install -m 0755 -D "$(HAPROXY_BUILDIR)/dev/haring/haring" "$(HAPROXY_DESTDIR_ABS)/usr/local/sbin/haring"; fi if [ -f "$(HAPROXY_BUILDIR)/admin/systemd/haproxy.service" ]; then install -m 0644 -D "$(HAPROXY_BUILDIR)/admin/systemd/haproxy.service" "$(HAPROXY_DESTDIR_ABS)/usr/lib/systemd/system/haproxy.service"; fi + install -m 0644 -D "haproxy.default" "$(HAPROXY_DESTDIR_ABS)/etc/default/haproxy" + install -m 0644 -D "haproxy.cfg" "$(HAPROXY_DESTDIR_ABS)/etc/haproxy/haproxy.cfg" + install -m 0644 -D "haproxy.tmpfile" "$(HAPROXY_DESTDIR_ABS)/usr/lib/tmpfiles.d/haproxy.conf" + if ! $(HAPROXY_DESTDIR_ABS)/usr/local/sbin/haproxy -vv; then ls -alh; fi ldd $(HAPROXY_DESTDIR_ABS)/usr/local/sbin/haproxy @@ -182,52 +186,66 @@ $(HAPROXY_ARCHIVE): $(HAPROXY_DESTDIR) $(HAPROXY_DEBORIG): $(HAPROXY_TARBALL) cp -fv "$(HAPROXY_TARBALL)" "$(HAPROXY_DEBORIG)" -prepare-deb: $(HAPROXY_DEBORIG) $(HAPROXY_BUILDIR) - cp -rf debian $(HAPROXY_BUILDIR)/ - @for patch in $(BUILD_PATCHES_FILES); do cp -v "$(BUILD_PATCHES_DIR_ABS)/$${patch}" "$(DEBIAN_PATCHES_DIR)/$${patch}"; done - @for patch in $(BUILD_PATCHES_FILES); do echo "$${patch}" >> "$(DEBIAN_PATCHES_DIR)/series"; done - export BUILD_DATE="$(shell date -u +'%a, %e %b %Y %H:%m:%S %z')" && \ - export BUILD_VERSION="$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA)-1~mangadex+$(BUILD_VERSION_REPOSHA)" && \ - export BUILD_MESSAGE="$(shell echo "$${BUILD_MESSAGE:-"No build message"}" | head -n1)" && \ - export HAPROXY_OPTIMIZATION="$(HAPROXY_OPTIMIZATION)" && \ - envsubst < rules.debian > "$(HAPROXY_BUILDIR)/debian/rules" && \ - envsubst < changelog.debian | tee "$(HAPROXY_BUILDIR)/debian/changelog" && \ - cat debian/changelog >> "$(HAPROXY_BUILDIR)/debian/changelog" - -dist-deb: prepare-deb - cd $(HAPROXY_BUILDIR) && \ - debuild -us -uc --lintian-opts --no-lintian - rm -fv $(HAPROXY_TARBALL) - rm -rf $(HAPROXY_BUILDIR) - -prepare-rpm: build $(HAPROXY_DESTDIR) +prepare-dist: build $(HAPROXY_DESTDIR) @if ! command -v fpm >/dev/null; then echo "fpm not found, install it 'gem install fpm'"; exit 1; else fpm --version; fi cp -rf $(DEP_DIST_SSL_CURRENT)/* $(HAPROXY_DESTDIR)/ + @mkdir -pv $(HAPROXY_DESTDIR)/etc/haproxy + @mkdir -pv $(HAPROXY_DESTDIR)/var/lib/haproxy + +dist-deb: prepare-dist + @if [ -f "haproxy-$(DIST_FULL_VERSION).deb" ]; then rm -v "haproxy-$(DIST_FULL_VERSION).deb"; fi + fpm --input-type dir \ + --output-type deb \ + --package "haproxy-$(DIST_FULL_VERSION).deb" \ + --name "haproxy" \ + --architecture "native" \ + --license "mit+gpl2+lgpl" \ + --version "$(DIST_FULL_VERSION)" \ + --depends "libatomic1" \ + --depends "libjemalloc2" \ + --depends "socat" \ + --depends "zlib1g" \ + --description "HAProxy mainline build with QUIC (via $(HAPROXY_SSL_LIB))" \ + --url "https://gitlab.com/mangadex-pub/haproxy" \ + --maintainer "MangaDex " \ + --config-files "/etc" \ + --before-install "toil/deb-adduser.sh" \ + --after-remove "toil/deb-deluser.sh" \ + "$(HAPROXY_DESTDIR)/etc/=/etc" \ + "$(HAPROXY_DESTDIR)/opt/=/opt" \ + "$(HAPROXY_DESTDIR)/usr/=/usr" + + dpkg -c "haproxy-$(DIST_FULL_VERSION).deb" -dist-rpm: prepare-rpm - @if [ -f "haproxy-$(RPM_FULL_VERSION).rpm" ]; then rm -v "haproxy-$(RPM_FULL_VERSION).rpm"; fi +dist-rpm: prepare-dist + @if [ -f "haproxy-$(DIST_FULL_VERSION).rpm" ]; then rm -v "haproxy-$(DIST_FULL_VERSION).rpm"; fi fpm --input-type dir \ --output-type rpm \ - --package "haproxy-$(RPM_FULL_VERSION).rpm" \ + --package "haproxy-$(DIST_FULL_VERSION).rpm" \ --name "haproxy" \ --architecture "native" \ --license "mit+gpl2+lgpl" \ - --version "$(RPM_FULL_VERSION)" \ + --version "$(DIST_FULL_VERSION)" \ --depends "jemalloc" \ + --depends "socat" \ --description "HAProxy mainline build with QUIC (via $(HAPROXY_SSL_LIB))" \ --url "https://gitlab.com/mangadex-pub/haproxy" \ --maintainer "MangaDex " \ - "$(HAPROXY_DESTDIR)/opt/=/opt" "$(HAPROXY_DESTDIR)/usr/=/usr" + --config-files "/etc" \ + --before-install "toil/rpm-adduser.sh" \ + --after-remove "toil/rpm-deluser.sh" \ + "$(HAPROXY_DESTDIR)/etc/=/etc" \ + "$(HAPROXY_DESTDIR)/opt/=/opt" \ + "$(HAPROXY_DESTDIR)/usr/=/usr" - rpm -qpl "haproxy-$(RPM_FULL_VERSION).rpm" + rpm -qpl "haproxy-$(DIST_FULL_VERSION).rpm" clean: rm -fv "$(HAPROXY_ARCHIVE)" rm -rf "$(HAPROXY_BUILDIR)" rm -rf "$(HAPROXY_DEBORIG)" rm -rf "$(HAPROXY_DESTDIR)" - rm -fv "haproxy_"* - rm -fv "haproxy-dbgsym_"* - rm -fv "haproxy"*.rpm + # rm -fv "haproxy"*.deb + # rm -fv "haproxy"*.rpm .PHONY: clean patches build test diff --git a/haproxy/changelog.debian b/haproxy/changelog.debian deleted file mode 100644 index e104792..0000000 --- a/haproxy/changelog.debian +++ /dev/null @@ -1,6 +0,0 @@ -haproxy ($BUILD_VERSION) UNRELEASED; urgency=medium - - * $BUILD_MESSAGE - - -- MangaDex $BUILD_DATE - diff --git a/haproxy/debian/NEWS b/haproxy/debian/NEWS deleted file mode 100644 index 1edb770..0000000 --- a/haproxy/debian/NEWS +++ /dev/null @@ -1,35 +0,0 @@ -haproxy (1.8.0-1) experimental; urgency=medium - - In order to upgrade to the HAProxy 1.8 new process model, a full service - restart will be performed automatically on upgrade from pre-1.8 versions - when running under systemd. This incurs (minimal) service downtime and - will only be performed once; future upgrades will reload haproxy seamlessly. - - -- Apollon Oikonomopoulos Tue, 28 Nov 2017 23:44:01 +0200 - -haproxy (1.4.23-1) unstable; urgency=low - - As of 1.4.23-1, the Debian package ships an rsyslog snippet to allow logging - via /dev/log from chrooted HAProxy processes. If you are using rsyslog, you - should restart rsyslog after installing this package to enable HAProxy to log - via rsyslog. See /usr/share/doc/haproxy/README.Debian for more details. - - Also note that as of 1.4.23-1, chrooting the HAProxy process is enabled in the - default Debian configuration. - - -- Apollon Oikonomopoulos Thu, 25 Apr 2013 23:26:35 +0300 - -haproxy (1.4.13-1) unstable; urgency=low - - Maintainer of this package has changed. - - -- Christo Buschek Mon, 10 Mar 2011 22:07:10 +0100 - -haproxy (1.3.14.2-1) unstable; urgency=low - - Configuration has moved to /etc/haproxy/haproxy.cfg. This allows to add the - configurable /etc/haproxy/errors directory. - The haproxy binary was also moved to /usr/sbin rather than /usr/bin, update - your init script or reinstall the one provided with the package. - - -- Arnaud Cornet Mon, 21 Jan 2008 23:38:15 +0100 diff --git a/haproxy/debian/README.md b/haproxy/debian/README.md deleted file mode 100644 index a6f9ae9..0000000 --- a/haproxy/debian/README.md +++ /dev/null @@ -1,12 +0,0 @@ -# About Debian packaging - -This folder is a slightly modified version of the Debian HAProxy Team's work and -essentially all credits is due to them. - -It is sourced -from [haproxy-team/haproxy:experimental-2.6](https://salsa.debian.org/haproxy-team/haproxy/-/tree/experimental-2.6) -and will be updated every now and then. - -And by that I mean that I hope someone with more experience and time in -packaging Debian archives (*wink wink, HAProxy Debian team*) figures out a -long-term solution equivalent to this repository as a whole. diff --git a/haproxy/debian/changelog b/haproxy/debian/changelog deleted file mode 100644 index 3b5aa66..0000000 --- a/haproxy/debian/changelog +++ /dev/null @@ -1,2361 +0,0 @@ -haproxy (2.6.0-a1efc04-1~mangadex+1) experimental; urgency=medium - - * Upgrade to OpenSSL 3.0.3 (QuicTLS 3.0.3+quic) - - -- MangaDex Tue, 11 Jun 2022 08:30:00 +0200 - -haproxy (2.6.0-100~mangadex+1) experimental; urgency=medium - - * Initial release. Packaging version is set to N+100 to ensure it's higher priority - - -- MangaDex Tue, 07 Jun 2022 08:49:38 +0200 - -haproxy (2.6.0-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Thu, 02 Jun 2022 08:49:38 +0200 - -haproxy (2.5.7-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Sat, 14 May 2022 12:01:07 +0200 - -haproxy (2.5.6-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Tue, 26 Apr 2022 17:59:23 +0200 - -haproxy (2.5.5-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Mon, 14 Mar 2022 19:26:46 +0100 - -haproxy (2.5.4-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Fri, 25 Feb 2022 17:39:11 +0100 - -haproxy (2.5.3-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Fri, 18 Feb 2022 20:22:25 +0100 - -haproxy (2.5.2-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Wed, 16 Feb 2022 19:09:04 +0100 - -haproxy (2.5.1-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Tue, 11 Jan 2022 19:23:50 +0100 - -haproxy (2.5.0-1) experimental; urgency=medium - - * New upstream release. - * d/patches: patch to make logging work without rsyslog with systemd - - -- Vincent Bernat Thu, 25 Nov 2021 21:20:30 +0100 - -haproxy (2.4.9-1) unstable; urgency=medium - - * New upstream release. - - -- Vincent Bernat Wed, 24 Nov 2021 19:42:28 +0100 - -haproxy (2.4.8-3) unstable; urgency=medium - - * d/logrotate: only use rsyslog-rotate if present. Closes: #1000436. - - -- Vincent Bernat Wed, 24 Nov 2021 09:29:54 +0100 - -haproxy (2.4.8-2) unstable; urgency=medium - - * Non-maintainer upload. - * Enable OpenTracing support. - - -- Stephen Gelman Tue, 09 Nov 2021 23:06:46 -0600 - -haproxy (2.4.8-1) unstable; urgency=medium - - * New upstream release. - - -- Vincent Bernat Thu, 04 Nov 2021 08:36:56 +0100 - -haproxy (2.4.7-2) unstable; urgency=medium - - * Upload to unstable. - - -- Vincent Bernat Sat, 16 Oct 2021 20:43:13 +0200 - -haproxy (2.4.7-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Thu, 07 Oct 2021 09:08:09 +0200 - -haproxy (2.4.4-1) experimental; urgency=medium - - * New upstream release. - * d/patches: remove patches applied upstream. - - -- Vincent Bernat Wed, 08 Sep 2021 08:38:05 +0200 - -haproxy (2.4.3-2) experimental; urgency=high - - * d/patches: fix missing header name length check in HTX (CVE-2021-40346). - - -- Vincent Bernat Sat, 04 Sep 2021 11:56:31 +0200 - -haproxy (2.4.3-1) experimental; urgency=medium - - * New upstream release. - * d/patches: remove patches applied upstream. - * d/patches: h2: match absolute-path not path-absolute for :path. - - -- Vincent Bernat Sat, 21 Aug 2021 16:32:25 +0200 - -haproxy (2.4.2-2) experimental; urgency=medium - - * Fix HTTP request smuggling via HTTP/2 desync attacks. - - -- Vincent Bernat Fri, 13 Aug 2021 16:12:31 +0200 - -haproxy (2.4.2-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Wed, 07 Jul 2021 21:47:17 +0200 - -haproxy (2.4.1-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Thu, 17 Jun 2021 13:57:57 +0200 - -haproxy (2.4.0-1) experimental; urgency=medium - - * New upstream release. - * d/rules: switch to SLZ instead of zlib - * d/rules: update build for contrib → admin - * d/rules: remove use of USE_REGPARM (outdated) - * d/rules: remove hack around gcc_s - * d/copyright: update - - -- Vincent Bernat Tue, 18 May 2021 22:00:05 +0200 - -haproxy (2.3.10-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Sat, 24 Apr 2021 18:22:41 +0200 - -haproxy (2.3.9-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Tue, 30 Mar 2021 19:50:42 +0200 - -haproxy (2.3.8-1) experimental; urgency=medium - - * New upstream release. - * d/logrotate: reduce log retention to 7 days. Closes: #985441. - - -- Vincent Bernat Thu, 25 Mar 2021 18:17:18 +0100 - -haproxy (2.3.7-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Tue, 16 Mar 2021 18:41:25 +0100 - -haproxy (2.3.6-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Thu, 04 Mar 2021 13:57:49 +0100 - -haproxy (2.3.5-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Sat, 06 Feb 2021 17:12:53 +0100 - -haproxy (2.3.4-1) experimental; urgency=medium - - * New upstream release: - - Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records" - - -- Vincent Bernat Fri, 15 Jan 2021 14:13:28 +0100 - -haproxy (2.3.3-1) experimental; urgency=medium - - * d/tests: sleep before test to let Apache2 start. - Closes: #976997. - * New upstream release: - - BUG/MAJOR: ring: tcp forward on ring can break the reader counter. - - BUG/MAJOR: spoa/python: Fixing return None - - BUG/MEDIUM: local log format regression. Closes: #974977. - - -- Vincent Bernat Sat, 09 Jan 2021 15:18:10 +0100 - -haproxy (2.3.2-1) experimental; urgency=medium - - * New upstream release. - - BUG/MAJOR: connection: reset conn->owner when detaching from session - list - - BUG/MAJOR: filters: Always keep all offsets up to date during data - filtering - - BUG/MAJOR: peers: fix partial message decoding - - BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer - pool - - -- Vincent Bernat Sat, 28 Nov 2020 20:25:34 +0100 - -haproxy (2.3.1-1) experimental; urgency=medium - - * New upstream release. - - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe - applet - * d/patches: remove patches applied upstream. - - -- Vincent Bernat Sat, 14 Nov 2020 23:17:20 +0100 - -haproxy (2.3.0-1) experimental; urgency=medium - - * New upstream release. - * d/gbp, d/watch: prepare for 2.3.0 release - - -- Vincent Bernat Wed, 11 Nov 2020 16:30:10 +0100 - -haproxy (2.2.17-1) unstable; urgency=medium - - * New upstream release. - * d/patches: remove upstream-applied patch. - - -- Vincent Bernat Thu, 09 Sep 2021 19:42:08 +0200 - -haproxy (2.2.16-3) unstable; urgency=high - - * d/patches: fix missing header name length check in HTX (CVE-2021-40346). - - -- Vincent Bernat Sat, 04 Sep 2021 16:14:51 +0200 - -haproxy (2.2.16-2) unstable; urgency=medium - - * d/patches: h2: match absolute-path not path-absolute for :path - - -- Vincent Bernat Sat, 21 Aug 2021 16:19:52 +0200 - -haproxy (2.2.16-1) unstable; urgency=high - - * New upstream release. - * Fix CVE-2021-39240, CVE-2021-39241, CVE-2021-39242. - * d/patches: remove upstream-applied patch. - - -- Vincent Bernat Thu, 19 Aug 2021 07:22:05 +0200 - -haproxy (2.2.15-1) UNRELEASED; urgency=medium - - * New upstream release. - - -- Vincent Bernat Fri, 16 Jul 2021 11:18:32 +0200 - -haproxy (2.2.14-1) UNRELEASED; urgency=medium - - * New upstream release. - - -- Vincent Bernat Thu, 29 Apr 2021 15:32:49 +0200 - -haproxy (2.2.13-1) UNRELEASED; urgency=medium - - * New upstream release. - - -- Vincent Bernat Fri, 02 Apr 2021 21:18:28 +0200 - -haproxy (2.2.12-1) UNRELEASED; urgency=medium - - * New upstream release. - - -- Vincent Bernat Wed, 31 Mar 2021 20:31:24 +0200 - -haproxy (2.2.11-1) UNRELEASED; urgency=medium - - * New upstream release. - - -- Vincent Bernat Thu, 18 Mar 2021 21:34:40 +0100 - -haproxy (2.2.10-1) UNRELEASED; urgency=medium - - * New upstream release. - - -- Vincent Bernat Thu, 04 Mar 2021 19:08:41 +0100 - -haproxy (2.2.9-2) unstable; urgency=medium - - * d/patches: fix agent-check regression putting down servers. - Closes: #988779. - - -- Vincent Bernat Thu, 27 May 2021 15:00:01 +0200 - -haproxy (2.2.9-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: connection: reset conn->owner when detaching from session - list - - -- Vincent Bernat Sat, 06 Feb 2021 18:52:20 +0100 - -haproxy (2.2.8-1) unstable; urgency=medium - - * New upstream release. - - Revert "BUG/MINOR: dns: SRV records ignores duplicated AR records" - - -- Vincent Bernat Thu, 14 Jan 2021 11:48:52 +0100 - -haproxy (2.2.7-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: ring: tcp forward on ring can break the reader counter. - - BUG/MAJOR: spoa/python: Fixing return None - - -- Vincent Bernat Sat, 09 Jan 2021 15:31:08 +0100 - -haproxy (2.2.6-2) unstable; urgency=medium - - * d/tests: sleep before test to let Apache2 start. - Closes: #976997. - - -- Vincent Bernat Thu, 07 Jan 2021 07:56:14 +0100 - -haproxy (2.2.6-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: filters: Always keep all offsets up to date during data - filtering - - BUG/MAJOR: peers: fix partial message decoding - - BUG/MAJOR: spoe: Be sure to remove all references on a released spoe - applet - - BUG/MAJOR: tcpcheck: Allocate input and output buffers from the buffer - pool - * d/patches: remove patches applied upstream - - -- Vincent Bernat Mon, 30 Nov 2020 20:02:49 +0100 - -haproxy (2.2.5-2) unstable; urgency=medium - - * Upload to unstable. - - -- Vincent Bernat Wed, 11 Nov 2020 16:21:12 +0100 - -haproxy (2.2.5-1) experimental; urgency=medium - - * New upstream release. - - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer - possible - * d/patches: warn if payload of an errorfile doesn't match the C-L - - -- Vincent Bernat Sun, 08 Nov 2020 19:12:02 +0100 - -haproxy (2.2.4-1) experimental; urgency=medium - - * New upstream release. - * d/patches: drop patch for ARM32 - - -- Vincent Bernat Fri, 02 Oct 2020 21:29:56 +0200 - -haproxy (2.2.3-2) experimental; urgency=medium - - * d/patches: add upstream patch to fix build on ARM32 - - -- Vincent Bernat Wed, 09 Sep 2020 19:38:52 +0200 - -haproxy (2.2.3-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: dns: disabled servers through SRV records never recover - - -- Vincent Bernat Tue, 08 Sep 2020 23:12:05 +0200 - -haproxy (2.2.2-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: dns: don't treat Authority records as an error - - BUG/MAJOR: dns: fix null pointer dereference in - snr_update_srv_status - - -- Vincent Bernat Sat, 01 Aug 2020 17:06:42 +0200 - -haproxy (2.2.1-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: tasks: don't requeue global tasks into the local - queue - - BUG/MAJOR: dns: Make the do-resolve action thread-safe - - -- Vincent Bernat Thu, 23 Jul 2020 13:39:14 +0200 - -haproxy (2.2.0-1) experimental; urgency=medium - - * New upstream version. - * Upload to experimental - * Update d/watch to look for 2.2 stable releases - * d/gbp.conf: set branch names for 2.2 - * d/patches: refresh patches - - -- Vincent Bernat Tue, 14 Jul 2020 16:53:23 +0200 - -haproxy (2.1.7-1) experimental; urgency=medium - - * New upstream version. - - -- Vincent Bernat Fri, 12 Jun 2020 07:50:48 +0200 - -haproxy (2.1.5-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: mux-fcgi: Stop sending loop if FCGI stream is blocked for - any reason - - Revert "BUG/MINOR: connection: always send address-less LOCAL PROXY - connections" - - Revert "BUG/MINOR: connection: make sure to correctly tag local - PROXY connections" - - -- Vincent Bernat Mon, 01 Jun 2020 08:52:56 +0200 - -haproxy (2.1.4-1) experimental; urgency=medium - - * New upstream version. - - BUG/CRITICAL: hpack: never index a header into the headroom after - wrapping - - BUG/MAJOR: http-ana: Always abort the request when a tarpit is - triggered - - BUG/MAJOR: list: fix invalid element address calculation - - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths - * d/control: fix maintainer address. Closes: #955553. - - -- Vincent Bernat Sun, 12 Apr 2020 13:29:54 +0200 - -haproxy (2.1.3-3) experimental; urgency=medium - - * d/copryight: document OpenSSL exception. Closes: #951782. - * d/haproxy.cfg: use "ssl-min-ver" to set minimum version. - * d/patches: fix an overflow in HTTP/2 header handling. - Fix CVE-2020-11100. - - -- Vincent Bernat Wed, 01 Apr 2020 21:18:57 +0200 - -haproxy (2.1.3-2) experimental; urgency=medium - - * d/dconv: use Python 3 to build the documentation. - Closes: #948296, #950435. - * d/dconv: replace cgi.escape by html.escape. Closes: #951416. - - -- Vincent Bernat Wed, 19 Feb 2020 07:53:53 +0100 - -haproxy (2.1.3-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: hashes: fix the signedness of the hash inputs - - BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is - empty. - - -- Vincent Bernat Mon, 20 Jan 2020 06:53:23 +0100 - -haproxy (2.1.2-1) experimental; urgency=medium - - * New upstream version 2.1.2. - - BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreign requeuing - * d/logrotate.conf: use rsyslog helper instead of SysV init script. - Closes: #946973. - - -- Vincent Bernat Fri, 20 Dec 2019 08:20:33 +0100 - -haproxy (2.1.1-1) experimental; urgency=medium - - * New upstream version 2.1.1. - - BUG/MAJOR: dns: add minimalist error processing on the Rx path - - -- Vincent Bernat Sat, 14 Dec 2019 11:20:32 +0100 - -haproxy (2.1.0-2) experimental; urgency=medium - - * Link against libatomic on riscv64 - - -- Apollon Oikonomopoulos Fri, 29 Nov 2019 14:03:49 +0200 - -haproxy (2.1.0-1) experimental; urgency=medium - - * New upstream version 2.1.0 - * Upload to experimental - * Update d/watch to look for 2.1 stable releases - * d/gbp.conf: set branch names for 2.1 - * Bump Standards-Version to 4.4.1; no changes needed - * Bump dh compat level to 12 - + B-D on debhelper-compat and remove debian/compat - + Override dh_installsystemd with the same args as dh_installinit - + Add ${misc:Pre-Depends} to haproxy's Pre-Depends - - -- Apollon Oikonomopoulos Wed, 27 Nov 2019 23:30:30 +0200 - -haproxy (2.0.19-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: mux-h2: Don't try to send data if we know it is no longer - possible - - -- Vincent Bernat Fri, 06 Nov 2020 19:33:59 +0100 - -haproxy (2.0.18-1) unstable; urgency=medium - - * New upstream release. - - -- Vincent Bernat Wed, 30 Sep 2020 13:41:09 +0200 - -haproxy (2.0.17-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: dns: Make the do-resolve action thread-safe - - -- Vincent Bernat Sat, 01 Aug 2020 20:05:01 +0200 - -haproxy (2.0.16-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: stream: Mark the server address as unset on new outgoing - connection - * d/patches: refresh patches. - - -- Vincent Bernat Sat, 18 Jul 2020 13:50:56 +0200 - -haproxy (2.0.15-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: stream-int: always detach a faulty endpoint on connect - failure - - -- Vincent Bernat Sat, 13 Jun 2020 18:48:25 +0200 - -haproxy (2.0.14-1) unstable; urgency=medium - - * New upstream release. - - BUG/CRITICAL: hpack: never index a header into the headroom after - wrapping - - BUG/MAJOR: http-ana: Always abort the request when a tarpit is - triggered - - BUG/MAJOR: list: fix invalid element address calculation - - BUG/MAJOR: proxy_protocol: Properly validate TLV lengths - * d/control: fix maintainer address. Closes: #955553. - - -- Vincent Bernat Thu, 16 Apr 2020 18:34:22 +0200 - -haproxy (2.0.13-2) unstable; urgency=medium - - * d/dconv: replace cgi.escape by html.escape. Closes: #951416. - * d/copryight: document OpenSSL exception. Closes: #951782. - * d/haproxy.cfg: use "ssl-min-ver" to set minimum version. - * Apply one patch to fix an overflow in HTTP/2 header handling. - Fix CVE-2020-11100. - - -- Vincent Bernat Wed, 01 Apr 2020 21:49:32 +0200 - -haproxy (2.0.13-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: hashes: fix the signedness of the hash inputs - - BUG/MAJOR: memory: Don't forget to unlock the rwlock if the pool is - empty. - * d/dconv: use Python 3 to build the documentation. - Closes: #948296, #950435. - - -- Vincent Bernat Sat, 15 Feb 2020 15:32:32 +0100 - -haproxy (2.0.12-1) unstable; urgency=medium - - * New upstream version. - - BUG/MAJOR: task: add a new TASK_SHARED_WQ flag to fix foreign requeuing - * d/logrotate.conf: use rsyslog helper instead of SysV init script. - Closes: #946973. - - -- Vincent Bernat Fri, 20 Dec 2019 08:20:33 +0100 - -haproxy (2.0.11-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: dns: add minimalist error processing on the Rx path - - -- Vincent Bernat Fri, 13 Dec 2019 19:22:03 +0100 - -haproxy (2.0.10-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: h2: make header field name filtering stronger - - BUG/MAJOR: h2: reject header values containing invalid chars - - BUG/MAJOR: mux-h2: don't try to decode a response HEADERS frame in - idle state - - -- Vincent Bernat Tue, 26 Nov 2019 13:22:17 +0100 - -haproxy (2.0.9-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: stream-int: Don't receive data from mux until SI_ST_EST - is reached - - -- Vincent Bernat Sat, 16 Nov 2019 17:38:51 +0100 - -haproxy (2.0.8-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: idle conns: schedule the cleanup task on the correct - threads - - -- Vincent Bernat Wed, 23 Oct 2019 08:55:55 +0200 - -haproxy (2.0.7-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: mux-h2: Handle HEADERS frames received after a RST_STREAM - frame - - BUG/MAJOR: mux_h2: Don't consume more payload than received for - skipped frames - - BUG/MEDIUM: checks: make sure the connection is ready before trying - to recv - - -- Vincent Bernat Fri, 27 Sep 2019 19:14:12 +0200 - -haproxy (2.0.6-2) unstable; urgency=medium - - * d/patches: fix regression with checks. - - -- Vincent Bernat Wed, 18 Sep 2019 08:02:53 +0200 - -haproxy (2.0.6-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: ssl: ssl_sock was not fully initialized. - - -- Vincent Bernat Fri, 13 Sep 2019 21:25:38 +0200 - -haproxy (2.0.5-1) unstable; urgency=medium - - * New upstream release. - - BUG/MEDIUM: mux_h1: Don't bother subscribing in recv if we're not - connected. - - BUG/MEDIUM: mux_pt: Don't call unsubscribe if we did not subscribe. - - BUG/MEDIUM: proxy: Don't forget the SF_HTX flag when upgrading - TCP=>H1+HTX. - - BUG/MEDIUM: proxy: Don't use cs_destroy() when freeing the - conn_stream. - - BUG/MEDIUM: stick-table: Wrong stick-table backends parsing. - - -- Vincent Bernat Fri, 16 Aug 2019 19:51:24 +0200 - -haproxy (2.0.4-1) unstable; urgency=medium - - * New upstream release. Upload to unstable. - - BUG/MAJOR: http/sample: use a static buffer for raw -> htx - conversion - - BUG/MAJOR: queue/threads: avoid an AB/BA locking issue in - process_srv_queue() - * d/haproxy.cfg: update default cipher lists to more secure defaults. - TLSv1.0 and TLSv1.1 are disabled, as well as TLS tickets (they are - breaking forward secrecy unless correctly rotated). - Closes: #932763. - - -- Vincent Bernat Fri, 09 Aug 2019 14:22:23 +0200 - -haproxy (2.0.3-1) experimental; urgency=medium - - * New upstream version. - - BUG/CRITICAL: http_ana: Fix parsing of malformed cookies which start by - a delimiter (CVE-2019-14241) - - BUG/MEDIUM: checks: Don't attempt to receive data if we already - subscribed. - - BUG/MEDIUM: http/htx: unbreak option http_proxy - - DOC: htx: Update comments in HTX files - - BUG/MEDIUM: mux-h1: Trim excess server data at the end of a transaction - - BUG/MEDIUM: tcp-checks: do not dereference inexisting conn_stream - * Bump Standards-Version to 4.4.0; no changes needed - - -- Apollon Oikonomopoulos Tue, 23 Jul 2019 13:31:31 -0300 - -haproxy (2.0.2-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: listener: fix thread safety in resume_listener() - - -- Vincent Bernat Wed, 17 Jul 2019 12:19:54 +0200 - -haproxy (2.0.1-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: sample: Wrong stick-table name parsing in "if/unless" ACL - condition. - - BUG/MAJOR: mux-h1: Don't crush trash chunk area when outgoing - message is formatted - * d/rules: fix crash during reload due to libgcc_s.so missing when - chrooted. - - -- Vincent Bernat Mon, 24 Jun 2019 19:28:26 +0200 - -haproxy (2.0.0-1) experimental; urgency=medium - - * New upstream version. - * d/watch: update to follow 2.0. - * d/gbp.conf: update for 2.0 and experimental. - * d/rules: update to use linux-glibc target. - * d/rules: enable prometheus exporter. - * d/patches: refresh patches. - * d/vim-haproxy.install: update path to vim syntax file. - * d/README.Debian: remove outdated information. - - -- Vincent Bernat Thu, 20 Jun 2019 11:40:19 +0200 - -haproxy (1.9.8-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: map/acl: real fix segfault during show map/acl on CLI - - BUG/MAJOR: mux-h2: do not add a stream twice to the send list - - -- Vincent Bernat Thu, 16 May 2019 01:50:10 +0200 - -haproxy (1.9.7-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: http_fetch: Get the channel depending on the keyword used - - BUG/MAJOR: lb/threads: fix AB/BA locking issue in round-robin LB - - BUG/MAJOR: lb/threads: fix insufficient locking on round-robin LB - - BUG/MAJOR: muxes: Use the HTX mode to find the best mux for HTTP - proxies only - - BUG/MAJOR: task: make sure never to delete a queued task - - -- Vincent Bernat Sun, 28 Apr 2019 17:37:04 +0200 - -haproxy (1.9.6-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: checks: segfault during tcpcheck_main - - -- Vincent Bernat Sat, 30 Mar 2019 12:43:33 +0100 - -haproxy (1.9.5-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: cache/htx: Set the start-line offset when a cached object - is served - - BUG/MAJOR: fd/threads, task/threads: ensure all spin locks are - unlocked - - BUG/MAJOR: listener: Make sure the listener exist before using it. - - BUG/MAJOR: mux-h2: fix race condition between close on both ends - - BUG/MAJOR: spoe: Don't try to get agent config during SPOP - healthcheck - - BUG/MAJOR: spoe: Fix initialization of thread-dependent fields - - BUG/MAJOR: stats: Fix how huge POST data are read from the channel - - BUG/MAJOR: stream: avoid double free on unique_id - - BUG/MAJOR: tasks: Use the TASK_GLOBAL flag to know if we're in the - global rq. - - -- Vincent Bernat Tue, 19 Mar 2019 20:13:48 +0100 - -haproxy (1.9.4-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: config: verify that targets of track-sc and stick rules - are present - - BUG/MAJOR: htx/backend: Make all tests on HTTP messages compatible - with HTX - - BUG/MAJOR: spoe: verify that backends used by SPOE cover all their - callers' processes - - -- Vincent Bernat Thu, 07 Feb 2019 12:48:42 +0100 - -haproxy (1.9.3-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: mux-h2: don't destroy the stream on failed allocation in - h2_snd_buf() - - BUG/MEDIUM: checks: fix recent regression on agent-check making it - crash - - BUG/MEDIUM: ssl: Fix handling of TLS 1.3 KeyUpdate messages - - -- Vincent Bernat Tue, 29 Jan 2019 12:59:10 +0100 - -haproxy (1.9.2-1) experimental; urgency=medium - - * New upstream version. - - BUG/MAJOR: cache: fix confusion between zero and uninitialized cache - key - - BUG/MEDIUM: checks: Avoid having an associated server for email - checks. - - BUG/MEDIUM: connection: properly unregister the mux on failed - initialization - - BUG/MEDIUM: h1: Get the h1m state when restarting the headers - parsing - - BUG/MEDIUM: h1: Make sure we destroy an inactive connectin that did - shutw. - - BUG/MEDIUM: init: Initialize idle_orphan_conns for first server in - server-template - - BUG/MEDIUM: mux-h2: decode trailers in HEADERS frames - - BUG/MEDIUM: ssl: Disable anti-replay protection and set max data - with 0RTT. - - BUG/MEDIUM: ssl: missing allocation failure checks loading tls key - file - - BUG/MEDIUM: stats: Get the right scope pointer depending on HTX is - used or not - * d/patches: removal of CVE-2018-20615.patch (applied upstream) - - -- Vincent Bernat Thu, 17 Jan 2019 19:19:27 +0100 - -haproxy (1.9.0-2) experimental; urgency=medium - - * Fix out-of-bounds read in HTTP2 mux (CVE-2018-20615). - Possible crash in H2 HEADERS frame decoder when the PRIORITY flag - is present, due to a missing frame size check. - * Bump Standards-Version to 4.3.0; no changes needed. - - -- Apollon Oikonomopoulos Thu, 03 Jan 2019 12:41:02 +0200 - -haproxy (1.9.0-1) experimental; urgency=medium - - * New upstream version 1.9.0. - See https://www.haproxy.com/blog/haproxy-1-9-has-arrived/. - * d/watch: update to follow 1.9. - * d/gbp.conf: update for 1.9 and experimental. - * d/rules: do not override CFLAGS, hijack DEBUG_CFLAGS for this instead. - * d/patches: add regression fix for DNS. - - -- Vincent Bernat Fri, 21 Dec 2018 11:13:41 +0100 - -haproxy (1.8.15-1) unstable; urgency=high - - [ Vincent Bernat ] - * d/rules: switch to pcre2. Closes: #911933. - - [ Apollon Oikonomopoulos ] - * New upstream version 1.8.15 - - BUG: dns: Fix off-by-one write in dns_validate_dns_response() ( - - BUG: dns: Fix out-of-bounds read via signedness error in - dns_validate_dns_response() - - BUG: dns: Prevent out-of-bounds read in dns_read_name() - - BUG: dns: Prevent out-of-bounds read in dns_validate_dns_response() - (CVE-2018-20102, closes: #916308) - - BUG: dns: Prevent stack-exhaustion via recursion loop in dns_read_name - (CVE-2018-20103, closes: #916307) - - BUG/MAJOR: http: http_txn_get_path() may deference an inexisting buffer - - -- Apollon Oikonomopoulos Fri, 14 Dec 2018 15:31:04 +0200 - -haproxy (1.8.14-1) unstable; urgency=medium - - * New upstream version. - - BUG/CRITICAL: hpack: fix improper sign check on the header index - value (already fixed in 1.8.13-2) - - BUG/MAJOR: kqueue: Don't reset the changes number by accident. - - BUG/MAJOR: thread: lua: Wrong SSL context initialization. - - -- Vincent Bernat Sun, 23 Sep 2018 12:25:03 +0200 - -haproxy (1.8.13-2) unstable; urgency=high - - * Fix improper sign check on the HPACK header index value (CVE-2018-14645) - * Bump Standards-Version to 4.2.1; no changes needed - - -- Apollon Oikonomopoulos Wed, 19 Sep 2018 22:46:58 +0300 - -haproxy (1.8.13-1) unstable; urgency=medium - - * New upstream version. - - BUG/MEDIUM: h2: don't accept new streams if conn_streams are still - in excess - - BUG/MEDIUM: h2: make sure the last stream closes the connection - after a timeout - - BUG/MEDIUM: h2: never leave pending data in the output buffer on close - - BUG/MEDIUM: h2: prevent orphaned streams from blocking a connection - forever - - BUG/MEDIUM: stats: don't ask for more data as long as we're responding - - BUG/MEDIUM: stream-int: don't immediately enable reading when the - buffer was reportedly full - - BUG/MEDIUM: threads/sync: use sched_yield when available - - BUG/MEDIUM: threads: Fix the exit condition of the thread barrier - - BUG/MEDIUM: threads: properly fix nbthreads == MAX_THREADS - - BUG/MEDIUM: threads: unbreak "bind" referencing an incorrect thread - number - * d/patches: drop systemd exit status patch (applied upstream). - - -- Vincent Bernat Wed, 01 Aug 2018 11:36:20 +0200 - -haproxy (1.8.12-1) unstable; urgency=medium - - * New upstream version. - - BUG/MAJOR: stick_table: Complete incomplete SEGV fix - - -- Vincent Bernat Wed, 27 Jun 2018 20:05:50 +0200 - -haproxy (1.8.11-1) unstable; urgency=medium - - * New upstream version. - - BUG/MAJOR: Stick-tables crash with segfault when the key is not in - the stick-table - - -- Vincent Bernat Tue, 26 Jun 2018 18:26:05 +0200 - -haproxy (1.8.10-1) unstable; urgency=medium - - * New upstream version. - - BUG/MAJOR: lua: Dead lock with sockets - - BUG/MAJOR: map: fix a segfault when using http-request set-map - - BUG/MAJOR: ssl: OpenSSL context is stored in non-reserved memory slot - - BUG/MAJOR: ssl: Random crash with cipherlist capture - - BUG/MEDIUM: cache: don't cache when an Authorization header is present - - BUG/MEDIUM: dns: Delay the attempt to run a DNS resolution on check - failure. - - BUG/MEDIUM: fd: Don't modify the update_mask in fd_dodelete(). - - BUG/MEDIUM: fd: Only check update_mask against all_threads_mask. - - BUG/MEDIUM: servers: Add srv_addr default placeholder to the state file - - BUG/MEDIUM: stick-tables: Decrement ref_cnt in table_* converters - - BUG/MEDIUM: threads: Use the sync point to check active jobs and exit - - BUG/MEDIUM: threads: handle signal queue only in thread 0 - * Remove patch from CVE. Included upstream. - * d/patches: add a patch for clean stop with systemd. - - -- Vincent Bernat Fri, 22 Jun 2018 20:21:37 +0200 - -haproxy (1.8.9-2) unstable; urgency=high - - * d/patches: fix CVE-2018-11469: do not cache when an Authorization - header is present. Closes: #900084. - - -- Vincent Bernat Sat, 26 May 2018 16:05:07 +0200 - -haproxy (1.8.9-1) unstable; urgency=medium - - * New upstream version. - - BUG/MAJOR: channel: Fix crash when trying to read from a closed socket - - BUG/MEDIUM: h2: implement missing support for chunked encoded uploads - - BUG/MEDIUM: http: don't always abort transfers on CF_SHUTR - - BUG/MEDIUM: lua: Fix segmentation fault if a Lua task exits - - BUG/MEDIUM: pollers: Use a global list for fd shared between threads - - BUG/MEDIUM: ssl: properly protect SSL cert generation - - BUG/MEDIUM: task: Don't free a task that is about to be run - - BUG/MEDIUM: threads: Fix the sync point for more than 32 threads - * d/rsyslog.conf: use modern syntax and statements, thanks to Guillem - Jover. Closes: #897914. - - -- Vincent Bernat Sat, 19 May 2018 15:00:17 +0200 - -haproxy (1.8.8-1) unstable; urgency=high - - * New upstream version. - - BUG/CRITICAL: h2: fix incorrect frame length check - - -- Vincent Bernat Thu, 19 Apr 2018 17:51:55 +0200 - -haproxy (1.8.7-1) unstable; urgency=medium - - * New upstream version. - - BUG/MAJOR: cache: always initialize newly created objects - * d/control: switch maintainer address to tracker.debian.org. - - -- Vincent Bernat Sat, 07 Apr 2018 07:58:34 +0200 - -haproxy (1.8.6-1) unstable; urgency=medium - - * New upstream version. - - BUG/MAJOR: cache: fix random crashes caused by incorrect delete() on - non-first blocks - - BUG/MAJOR: h2: remove orphaned streams from the send list before closing - - BUG/MEDIUM: h2/threads: never release the task outside of the task - handler - - BUG/MEDIUM: h2: always add a stream to the send or fctl list when - blocked - - BUG/MEDIUM: h2: don't consider pending data on detach if connection - is in error - - -- Vincent Bernat Thu, 05 Apr 2018 21:08:12 +0200 - -haproxy (1.8.5-1) unstable; urgency=medium - - * New upstream version. - - BUG/MAJOR: threads/queue: Fix thread-safety issues on the queues - management - - BUG/MEDIUM: buffer: Fix the wrapping case in bi_putblk - - BUG/MEDIUM: buffer: Fix the wrapping case in bo_putblk - - BUG/MEDIUM: fix a 100% cpu usage with cpu-map and nbthread/nbproc - - BUG/MEDIUM: h2: also arm the h2 timeout when sending - - BUG/MEDIUM: h2: always consume any trailing data after end of output - buffers - - BUG/MEDIUM: h2: properly account for DATA padding in flow control - - BUG/MEDIUM: http: Switch the HTTP response in tunnel mode as earlier - as possible - - BUG/MEDIUM: spoe: Remove idle applets from idle list when HAProxy is - stopping - - BUG/MEDIUM: ssl/sample: ssl_bc_* fetch keywords are broken. - - BUG/MEDIUM: ssl: Don't always treat SSL_ERROR_SYSCALL as - unrecovarable. - - BUG/MEDIUM: ssl: Shutdown the connection for reading on - SSL_ERROR_SYSCALL - - BUG/MEDIUM: tcp-check: single connect rule can't detect DOWN servers - - BUG/MEDIUM: threads/queue: wake up other threads upon dequeue - - BUG/MEDIUM: threads/unix: Fix a deadlock when a listener is - temporarily disabled - * Upload to unstable. - * d/control: update Vcs-* fields to salsa.debian.org. - - -- Vincent Bernat Sun, 25 Mar 2018 11:31:25 +0200 - -haproxy (1.8.4-1) experimental; urgency=medium - - * New upstream stable release. - * d/patches: document why dconv patch is not in series. - * d/docs: ship NOTICE file in haproxy-doc. - - -- Vincent Bernat Sat, 10 Feb 2018 08:43:36 +0100 - -haproxy (1.8.3-1) experimental; urgency=medium - - * New upstream stable release. - * Change default configuration of stats socket to support hitless - reload. - - -- Vincent Bernat Tue, 02 Jan 2018 18:48:24 +0100 - -haproxy (1.8.2-1) experimental; urgency=medium - - * New upstream stable release - * Refresh patches - * Bump Standards-Version to 4.1.2; no changes needed - - -- Apollon Oikonomopoulos Sun, 24 Dec 2017 14:28:28 +0200 - -haproxy (1.8.1-1) experimental; urgency=medium - - * New upstream stable release. - * Enable PCRE JIT. - * systemd: replace Wants/After=syslog.service with After=rsyslog.service - (Closes: #882610) - - -- Apollon Oikonomopoulos Sun, 03 Dec 2017 23:59:03 +0200 - -haproxy (1.8.0-2) experimental; urgency=medium - - * Use libatomic on platforms without 64-bit atomics. Fixes FTBFS on armel, - mips, mipsel, powerpc, powerpcspe, sh4 and m68k. - * d/rules: use variables defined in architecture.mk and buildflags.mk - * d/rules: drop unreachable else case. - - -- Apollon Oikonomopoulos Wed, 29 Nov 2017 01:21:40 +0200 - -haproxy (1.8.0-1) experimental; urgency=medium - - * New upstream stable series. Notable new features include: - + HTTP/2 support - + Support for multiple worker threads to allow scalability across CPUs - (e.g. for SSL termination) - + Seamless reloads - + HTTP small object caching - + Dynamic backend server configuration - See https://www.haproxy.com/blog/whats-new-haproxy-1-8/ and - https://www.mail-archive.com/haproxy@formilux.org/msg28004.html for more - detailed descriptions of the new features. - * Upload to experimental - * Refresh all patches. - * d/watch: switch to the 1.8.x upstream stable series - * Bump Standards to 4.1.1 - + Switch haproxy-doc to Priority: optional from extra. - * Bump compat to 10: - + B-D on debhelper (>= 10) - + Drop explicit dh-systemd dependency and invocation - + Replace --no-restart-on-upgrade with --no-restart-after-upgrade - --no-stop-on-upgrade to make up for DH 10 defaults. - * B-D on libsystemd-dev and enable sd_notify() support on Linux. - * B-D on python3-sphinx instead of python-sphinx. - * d/rules: do not call dpkg-parsechangelog directly. - * d/copyright: drop obsolete section. - * Drop obsolete lintian overrides. - * Do a full-service restart when upgrading from pre-1.8 versions and running - under systemd, to migrate to the new process model and service type. - + Document this in d/NEWS as well. - - -- Apollon Oikonomopoulos Tue, 28 Nov 2017 22:25:11 +0200 - -haproxy (1.7.10-1) unstable; urgency=medium - - * New upstream version release (see CHANGELOG): - - BUG/MAJOR: stream-int: don't re-arm recv if send fails - - BUG/MAJOR: stream: ensure analysers are always called upon close - - BUG/MEDIUM: compression: Fix check on txn in smp_fetch_res_comp_algo - - BUG/MEDIUM: connection: remove useless flag CO_FL_DATA_RD_SH - - BUG/MEDIUM: deinit: correctly deinitialize the proxy and global - listener tasks - - BUG/MEDIUM: deviceatlas: ignore not valuable HTTP request data - - BUG/MEDIUM: epoll: ensure we always consider HUP and ERR - - BUG/MEDIUM: http: Close streams for connections closed before a - redirect - - BUG/MEDIUM: http: Fix a regression bug when a HTTP response is in - TUNNEL mode - - BUG/MEDIUM: http: Return an error when url_dec sample converter - failed - - BUG/MEDIUM: http: don't automatically forward request close - - BUG/MEDIUM: http: don't disable lingering on requests with tunnelled - responses - - BUG/MEDIUM: kqueue: Don't bother closing the kqueue after fork. - - BUG/MEDIUM: lua: HTTP services must take care of body-less status - codes - - BUG/MEDIUM: lua: fix crash when using bogus mode in - register_service() - - BUG/MEDIUM: peers: set NOLINGER on the outgoing stream interface - - BUG/MEDIUM: prevent buffers being overwritten during build_logline() - execution - - BUG/MEDIUM: ssl: fix OCSP expiry calculation - - BUG/MEDIUM: stream: don't ignore res.analyse_exp anymore - - BUG/MEDIUM: stream: properly set the required HTTP analysers on - use-service - - BUG/MEDIUM: tcp-check: don't call tcpcheck_main() from the I/O - handlers! - - BUG/MEDIUM: tcp-check: properly indicate polling state before - performing I/O - - BUG/MEDIUM: tcp/http: set-dst-port action broken - * Fix VERDATE build argument to really use changelog date. - * Bump compat to 10. - * d/control: B-D on python3-sphinx instead of python-sphinx. - * d/control: make haproxy-doc Priority: optional. - * d/rules: enable PCRE JIT. - * d/rules: use variables defined in *.mk. - * d/patches: refresh and replace Wants/After=syslog.service with - After=rsyslog.service. Closes: #882610. - - -- Vincent Bernat Wed, 03 Jan 2018 08:29:48 +0100 - -haproxy (1.7.9-1) unstable; urgency=medium - - * New upstream version release (see CHANGELOG): - - BUG/MAJOR: lua/socket: resources not destroyed when the socket is - aborted - - BUG/MEDIUM: lua: bad memory access - - BUG/MEDIUM: http: Switch HTTP responses in TUNNEL mode when body - length is undefined - - -- Vincent Bernat Sat, 19 Aug 2017 12:05:02 +0200 - -haproxy (1.7.8-1) unstable; urgency=medium - - * New upstream version release (see CHANGELOG): - - BUG/MAJOR: cli: fix custom io_release was crushed by NULL. - - BUG/MAJOR: compression: Be sure to release the compression state in - all cases - - BUG/MAJOR: map: fix segfault during 'show map/acl' on cli. - - BUG/MEDIUM: filters: Be sure to call flt_end_analyze for both - channels - - BUG/MEDIUM: map/acl: fix unwanted flags inheritance. - * Bump Standards-Version to 4.0.0. No changes needed. - * Update d/watch to use https. - - -- Vincent Bernat Sat, 08 Jul 2017 08:24:35 +0200 - -haproxy (1.7.7-1) unstable; urgency=medium - - * New upstream version release (see CHANGELOG): - - BUG/MEDIUM: http: Drop the connection establishment when a redirect - is performed - - BUG/MEDIUM: cfgparse: Check if tune.http.maxhdr is in the range - 1..32767 - - -- Vincent Bernat Mon, 26 Jun 2017 14:06:48 +0200 - -haproxy (1.7.6-1) unstable; urgency=medium - - * New upstream version release (see CHANGELOG): - - BUG/MAJOR: Use -fwrapv. - - BUG/MAJOR: http: call manage_client_side_cookies() before erasing - the buffer - - BUG/MAJOR: server: Segfault after parsing server state file. - - BUG/MEDIUM: acl: don't free unresolved args in prune_acl_expr() - - BUG/MEDIUM: acl: proprely release unused args in prune_acl_expr() - - BUG/MEDIUM: arg: ensure that we properly unlink unresolved arguments - on error - - BUG/MEDIUM: lua: memory leak - - BUG/MEDIUM: lua: segfault if a converter or a sample doesn't return - anything - - BUG/MEDIUM: peers: Peers CLOSE_WAIT issue. - - BUG/MEDIUM: unix: never unlink a unix socket from the file system - - -- Vincent Bernat Sun, 18 Jun 2017 12:34:40 +0200 - -haproxy (1.7.5-2) unstable; urgency=medium - - * Enable getaddrinfo() support, allowing resolution of hostnames to IPv6 - addresses (Closes: #862780). Thanks to Anton Eliasson - ! - - -- Apollon Oikonomopoulos Wed, 17 May 2017 13:01:45 +0300 - -haproxy (1.7.5-1) unstable; urgency=medium - - * New upstream version release (see CHANGELOG): - - BUG/MEDIUM: peers: fix buffer overflow control in intdecode. - - BUG/MEDIUM: buffers: Fix how input/output data are injected into buffers - - BUG/MEDIUM: http: Fix blocked HTTP/1.0 responses when compression is - enabled - - -- Apollon Oikonomopoulos Tue, 04 Apr 2017 14:25:38 +0300 - -haproxy (1.7.4-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - - BUG/MAJOR: connection: update CO_FL_CONNECTED before calling the - data layer - - BUG/MAJOR: http: fix typo in http_apply_redirect_rule - - BUG/MAJOR: stream-int: do not depend on connection flags to detect - connection - - BUG/MEDIUM: cli: Prevent double free in CLI ACL lookup - - BUG/MEDIUM: connection: ensure to always report the end of handshakes - - BUG/MEDIUM: listener: do not try to rebind another process' socket - - BUG/MEDIUM: stream: fix client-fin/server-fin handling - - BUG/MEDIUM: tcp: don't require privileges to bind to device - - -- Vincent Bernat Fri, 31 Mar 2017 11:01:14 +0200 - -haproxy (1.7.3-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - - BUG/MAJOR: lua segmentation fault when the request is like 'GET - ?arg=val HTTP/1.1' - - BUG/MAJOR: dns: restart sockets after fork() - - BUG/MEDIUM: tcp: don't poll for write when connect() succeeds - - BUG/MEDIUM: http: prevent redirect from overwriting a buffer - - BUG/MEDIUM: filters: Do not truncate HTTP response when body length - is undefined - - BUG/MEDIUM: http: Prevent replace-header from overwriting a buffer - - BUG/MEDIUM: config: reject anything but "if" or "unless" after a - use-backend rule - - -- Vincent Bernat Wed, 01 Mar 2017 20:03:12 +0100 - -haproxy (1.7.2-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - + Fix a regression whereby fragmented requests were randomly flagged as - bad requests depending on previous buffer contents; this was noticable - under low load with authenticated requests. - + Fix dynamic address resolution for IPv6-only hosts. - + Make sure SSL sessions are not reused when the SNI changes. This makes - SNI and SSL health checks play nice together. - + Minor improvements: - - Add the ability to perform actions on multiple servers via the stats - page. - - Add the ability to specify a custom HTTP reason field in generated - responses. - - New sample fetch function, `fc_rcvd_proxy', indicating wheter the - PROXY protocol was used on the frontend for a connection or not. - - -- Apollon Oikonomopoulos Fri, 13 Jan 2017 14:49:05 +0200 - -haproxy (1.7.1-1) unstable; urgency=medium - - * New upstream stable release. - * Upload to unstable. - * Notable new features since 1.6: - + SPOE (stream processing offload engine) : ability to delegate some - slow, unreliable or dangerous processing to external processes. - + More statistics in the CSV output. - + Support of directories for config files: if the argument to -f - is a directory, all files found there are loaded in alphabetical order. - + It is now possible to set/unset/preset environment variables directly in - the global section and query them through the CLI. - + The CLI makes it possible to change a server's address, port, maxconn, - check address and port at runtime, without reloading haproxy. - + Support for multiple certificates: different certificates for the same - domain so that the best one can be picked according to browser support. - The main use is to be able to deliver ECDSA certificates to clients - supporting them, without breaking compatibility with older clients. - + SO_REUSEPORT is now configurable and can be disabled. - + Updates to the Lua API, including new classes to access many internal - objects like listeners, servers, proxies etc. - + Support for a new type of maps consisting of regular expressions with - replacement values. - - -- Apollon Oikonomopoulos Tue, 13 Dec 2016 12:32:32 +0200 - -haproxy (1.7.0-1) experimental; urgency=medium - - * New upstream stable series. - - -- Apollon Oikonomopoulos Fri, 25 Nov 2016 18:00:55 +0200 - -haproxy (1.7~dev6-1) experimental; urgency=medium - - * New upstream development release (Closes: #828337) - * Upload to experimental - * d/watch: look for 1.7 - * B-D on zlib1g-dev - * haproxy: Depend on lsb-base for the initscript - * Ship additional plain-text documentation - * haproxy-doc: ship HTML version of management.txt - * Update the default SSL cipher list and add a link to Mozilla's SSL - configuration generator (Closes: #840735) - * d/rules: use SUBVERS to pass the Debian revision to HAPROXY_VERSION - - -- Apollon Oikonomopoulos Thu, 10 Nov 2016 16:02:27 +0200 - -haproxy (1.6.10-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - + Fix retransmits in proxy mode and rare cases of unkillable tasks. - + systemd wrapper: do not leave old processes behind when reloading too - fast. - + systemd wrapper: correctly set the status code. - + Fix two bugs in the peers' task management possibly causing some - CLOSE_WAIT connection after some rare race conditions. - + Make SO_REUSEPORT use configurable via the "-dR" command line switch - or the "noreuseport" config option in the global section. - * B-D on libssl1.0-dev (Closes: #828337); upstream does not currently - support OpenSSL 1.1 for the 1.6 series. - * haproxy: depend on lsb-base for the initscript's use of - /lib/lsb/init-functions. - - -- Apollon Oikonomopoulos Mon, 21 Nov 2016 11:46:16 +0200 - -haproxy (1.6.9-2) unstable; urgency=medium - - * Enable Linux namespace support. - * Pass the full Debian version and package release date from d/changelog to - the build system. - * initscript: reorder the reload command arguments to always parse EXTRAOPTS - properly. - - -- Apollon Oikonomopoulos Wed, 28 Sep 2016 10:45:43 +0300 - -haproxy (1.6.9-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - + BUG/MAJOR: stream: properly mark the server address as unset on - connect retry - - -- Vincent Bernat Wed, 31 Aug 2016 07:44:27 +0200 - -haproxy (1.6.8-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - + BUG/MAJOR: compression: initialize avail_in/next_in even during - flush - + BUG/MAJOR: server: the "sni" directive could randomly cause trouble - + BUG/MAJOR: stick-counters: possible crash when using sc_trackers - with wrong table - - -- Vincent Bernat Sun, 14 Aug 2016 14:17:08 +0200 - -haproxy (1.6.7-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - + BUG/MAJOR: fix use-after-free crash on start - + BUG/MEDIUM: dns: fix alignment issues in the DNS response parser - - -- Vincent Bernat Thu, 14 Jul 2016 08:29:43 +0200 - -haproxy (1.6.6-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - + BUG/MAJOR: fix listening IP address storage for frontends - + BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes - + BUG/MEDIUM: stick-tables: fix breakage in table converters - + BUG/MEDIUM: dns: unbreak DNS resolver after header fix - + BUG/MEDIUM: stats: show servers state may show an servers from another - backend - + BUG/MEDIUM: fix risk of segfault with "show tls-keys" - + BUG/MEDIUM: sticktables: segfault in some configuration error cases - + BUG/MEDIUM: lua: converters doesn't work - + BUG/MEDIUM: http: add-header: buffer overwritten - + BUG/MEDIUM: external-checks: close all FDs right after the fork() - + BUG/MAJOR: external-checks: use asynchronous signal delivery - * Drop haproxy.service-check-config-before-reload.patch. Applied - upstream. - - -- Vincent Bernat Tue, 28 Jun 2016 10:13:33 +0200 - -haproxy (1.6.5-2) unstable; urgency=high - - * Add a patch to fix CVE-2016-5360. Closes: #826869. - + BUG/MAJOR: http: fix breakage of "reqdeny" causing random crashes - - -- Vincent Bernat Sat, 11 Jun 2016 22:23:50 +0200 - -haproxy (1.6.5-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - + BUG/MAJOR: channel: fix miscalculation of available buffer space - + BUG/MAJOR: Fix crash in http_get_fhdr with exactly MAX_HDR_HISTORY - headers - + BUG/MEDIUM: channel: don't allow to overwrite the reserve until - connected - + BUG/MEDIUM: channel: fix inconsistent handling of 4GB-1 transfers - + BUG/MEDIUM: channel: incorrect polling condition may delay event - delivery - + BUG/MEDIUM: dns: fix alignment issue when building DNS queries - + BUG/MEDIUM: fix maxaccept computation on per-process listeners - + BUG/MEDIUM: Fix RFC5077 resumption when more than TLS_TICKETS_NO are - present - + BUG/MEDIUM: http: fix risk of CPU spikes with pipelined requests from - dead client - + BUG/MEDIUM: log: fix risk of segfault when logging HTTP fields in TCP - mode - + BUG/MEDIUM: lua: protects the upper boundary of the argument list for - converters/fetches. - + BUG/MEDIUM: peers: fix incorrect age in frequency counters - + BUG/MEDIUM: sample: initialize the pointer before parse_binary call. - + BUG/MEDIUM: stats: show backend may show an empty or incomplete result - + BUG/MEDIUM: stats: show servers state may show an empty or incomplete - result - + BUG/MEDIUM: stick-tables: some sample-fetch doesn't work in the - connection state. - + BUG/MEDIUM: stream: ensure the SI_FL_DONT_WAKE flag is properly cleared - + BUG/MEDIUM: trace.c: rdtsc() is defined in two files - + MEDIUM: unblock signals on startup. - * Bump standards to 3.9.8; no changes needed. - - -- Apollon Oikonomopoulos Wed, 11 May 2016 11:07:24 +0300 - -haproxy (1.6.4-3) unstable; urgency=medium - - * d/init: remove support for dynamic script name. This enable haproxy to - be started on boot. - - -- Vincent Bernat Thu, 24 Mar 2016 20:36:08 +0100 - -haproxy (1.6.4-2) unstable; urgency=medium - - * d/init: fix SysV init script w/ respect to handling EXTRAOPTS on check. - * d/control: add Pre-Depends for dpkg-maintscript-helper support of - dir_to_symlink. - - -- Vincent Bernat Sat, 19 Mar 2016 16:35:20 +0100 - -haproxy (1.6.4-1) unstable; urgency=medium - - * New upstream release (see CHANGELOG): - + BUG/MAJOR: http-reuse: fix risk of orphaned connections. - + BUG/MAJOR: lua: applets can't sleep. - + BUG/MAJOR: samples: check smp->strm before using it. - + BUG/MAJOR: servers state: server port is erased when dns resolution is - enabled on a server. - + BUG/MAJOR: vars: always retrieve the stream and session from the sample - + BUG/MEDIUM: buffers: do not round up buffer size during allocation - + BUG/MEDIUM: dns: no DNS resolution happens if no ports provided to the - nameserver - + BUG/MEDIUM: servers state: server port is used uninitialized - + BUG/MEDIUM: config: Adding validation to stick-table expire value. - + BUG/MEDIUM: sample: http_date() doesn't provide the right day of the - week - + BUG/MEDIUM: channel: fix miscalculation of available buffer space. - + BUG/MEDIUM: http-reuse: do not share private connections across backends - + BUG/MEDIUM: ssl: fix off-by-one in ALPN list allocation - + BUG/MEDIUM: ssl: fix off-by-one in NPN list allocation - + BUG/MEDIUM: stats: stats bind-process doesn't propagate the process mask - correctly - + BUG/MEDIUM: chunks: always reject negative-length chunks - + BUG/MEDIUM: cfgparse: wrong argument offset after parsing server "sni" - keyword - - [ Vincent Bernat ] - * haproxy.init: append ${EXTRAOPTS} when verifying configuration file. - * haproxy.init: move EXTRAOPTS after all other parameters. - * haproxy.init: management of multiple HAProxy instances with SysV - init.d script, courtesy of Ivan Savcic. - - [ Apollon Oikonomopoulos ] - * Bump standards to 3.9.7: - + haproxy-doc: move the additional documentation from - /usr/share/doc/haproxy-doc to /usr/share/doc/haproxy, as per the - recommendation in Policy §12.3. - + Add compatibility symlinks from /usr/share/doc/haproxy-doc to - /usr/share/doc/haproxy. - * Enable all hardening flags. - * d/control: use HTTPS for Vcs-* - * Use www.haproxy.org as the project's homepage in d/control and - d/copyright. - * d/copyright: adjust debian/* years. - * Add basic DEP-8 tests. - * Drop the haproxy-dbg binary package in favor of ddebs. - * haproxy-doc: - + Use dpkg-maintscript-helper dir_to_symlink for the compatibility - symlinks. - + Add Lua documentation doc-base entry. - - -- Apollon Oikonomopoulos Tue, 15 Mar 2016 21:04:11 +0200 - -haproxy (1.6.3-1) unstable; urgency=medium - - [ Apollon Oikonomopoulos ] - * haproxy.init: use s-s-d's --pidfile option. - Thanks to Louis Bouchard (Closes: 804530) - - [ Vincent Bernat ] - * watch: fix d/watch to look for 1.6 version - * Imported Upstream version 1.6.3 - - -- Vincent Bernat Thu, 31 Dec 2015 08:10:10 +0100 - -haproxy (1.6.2-2) unstable; urgency=medium - - * Enable USE_REGPARM on amd64 as well. - - -- Vincent Bernat Tue, 03 Nov 2015 21:21:30 +0100 - -haproxy (1.6.2-1) unstable; urgency=medium - - * New upstream release. - - BUG/MAJOR: dns: first DNS response packet not matching queried - hostname may lead to a loop - - BUG/MAJOR: http: don't requeue an idle connection that is already - queued - * Upload to unstable. - - -- Vincent Bernat Tue, 03 Nov 2015 13:36:22 +0100 - -haproxy (1.6.1-2) experimental; urgency=medium - - * Build the Lua manpage in -arch, fixes FTBFS in binary-only builds. - - -- Apollon Oikonomopoulos Thu, 22 Oct 2015 12:19:41 +0300 - -haproxy (1.6.1-1) experimental; urgency=medium - - [ Vincent Bernat ] - * New upstream release. - - BUG/MAJOR: ssl: free the generated SSL_CTX if the LRU cache is - disabled - * Drop 0001-BUILD-install-only-relevant-and-existing-documentati.patch. - - [ Apollon Oikonomopoulos ] - * Ship and generate Lua API documentation. - - -- Vincent Bernat Thu, 22 Oct 2015 10:45:55 +0200 - -haproxy (1.6.0+ds1-1) experimental; urgency=medium - - * New upstream release! - * Add a patch to fix documentation installation: - + 0001-BUILD-install-only-relevant-and-existing-documentati.patch - * Update HAProxy documentation converter to a more recent version. - - -- Vincent Bernat Wed, 14 Oct 2015 17:29:19 +0200 - -haproxy (1.6~dev7-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Tue, 06 Oct 2015 16:01:26 +0200 - -haproxy (1.6~dev5-1) experimental; urgency=medium - - * New upstream release. - - -- Vincent Bernat Mon, 14 Sep 2015 15:50:28 +0200 - -haproxy (1.6~dev4-1) experimental; urgency=medium - - * New upstream release. - * Refresh debian/copyright. - - -- Vincent Bernat Sun, 30 Aug 2015 23:54:10 +0200 - -haproxy (1.6~dev3-1) experimental; urgency=medium - - * New upstream release. - * Enable Lua support. - - -- Vincent Bernat Sat, 15 Aug 2015 17:51:29 +0200 - -haproxy (1.5.15-1) unstable; urgency=medium - - * New upstream stable release including the following fix: - - BUG/MAJOR: http: don't call http_send_name_header() after an error - - -- Vincent Bernat Mon, 02 Nov 2015 07:34:19 +0100 - -haproxy (1.5.14-1) unstable; urgency=high - - * New upstream version. Fix an information leak (CVE-2015-3281): - - BUG/MAJOR: buffers: make the buffer_slow_realign() function - respect output data. - * Add $named as a dependency for init script. Closes: #790638. - - -- Vincent Bernat Fri, 03 Jul 2015 19:49:02 +0200 - -haproxy (1.5.13-1) unstable; urgency=medium - - * New upstream stable release including the following fixes: - - MAJOR: peers: allow peers section to be used with nbproc > 1 - - BUG/MAJOR: checks: always check for end of list before proceeding - - MEDIUM: ssl: replace standards DH groups with custom ones - - BUG/MEDIUM: ssl: fix tune.ssl.default-dh-param value being overwritten - - BUG/MEDIUM: cfgparse: segfault when userlist is misused - - BUG/MEDIUM: stats: properly initialize the scope before dumping stats - - BUG/MEDIUM: http: don't forward client shutdown without NOLINGER - except for tunnels - - BUG/MEDIUM: checks: do not dereference head of a tcp-check at the end - - BUG/MEDIUM: checks: do not dereference a list as a tcpcheck struct - - BUG/MEDIUM: peers: apply a random reconnection timeout - - BUG/MEDIUM: config: properly compute the default number of processes - for a proxy - - -- Vincent Bernat Sat, 27 Jun 2015 20:52:07 +0200 - -haproxy (1.5.12-1) unstable; urgency=medium - - * New upstream stable release including the following fixes: - - BUG/MAJOR: http: don't read past buffer's end in http_replace_value - - BUG/MAJOR: http: prevent risk of reading past end with balance - url_param - - BUG/MEDIUM: Do not consider an agent check as failed on L7 error - - BUG/MEDIUM: patern: some entries are not deleted with case - insensitive match - - BUG/MEDIUM: buffer: one byte miss in buffer free space check - - BUG/MEDIUM: http: thefunction "(req|res)-replace-value" doesn't - respect the HTTP syntax - - BUG/MEDIUM: peers: correctly configure the client timeout - - BUG/MEDIUM: http: hdr_cnt would not count any header when called - without name - - BUG/MEDIUM: listener: don't report an error when resuming unbound - listeners - - BUG/MEDIUM: init: don't limit cpu-map to the first 32 processes only - - BUG/MEDIUM: stream-int: always reset si->ops when si->end is - nullified - - BUG/MEDIUM: http: remove content-length from chunked messages - - BUG/MEDIUM: http: do not restrict parsing of transfer-encoding to - HTTP/1.1 - - BUG/MEDIUM: http: incorrect transfer-coding in the request is a bad - request - - BUG/MEDIUM: http: remove content-length form responses with bad - transfer-encoding - - BUG/MEDIUM: http: wait for the exact amount of body bytes in - wait_for_request_body - - -- Vincent Bernat Sat, 02 May 2015 16:38:28 +0200 - -haproxy (1.5.11-2) unstable; urgency=medium - - * Upload to unstable. - - -- Vincent Bernat Sun, 26 Apr 2015 17:46:58 +0200 - -haproxy (1.5.11-1) experimental; urgency=medium - - * New upstream stable release including the following fixes: - - BUG/MAJOR: log: don't try to emit a log if no logger is set - - BUG/MEDIUM: backend: correctly detect the domain when - use_domain_only is used - - BUG/MEDIUM: Do not set agent health to zero if server is disabled - in config - - BUG/MEDIUM: Only explicitly report "DOWN (agent)" if the agent health - is zero - - BUG/MEDIUM: http: fix header removal when previous header ends with - pure LF - - BUG/MEDIUM: channel: fix possible integer overflow on reserved size - computation - - BUG/MEDIUM: channel: don't schedule data in transit for leaving until - connected - - BUG/MEDIUM: http: make http-request set-header compute the string - before removal - * Upload to experimental. - - -- Vincent Bernat Sun, 01 Feb 2015 09:22:27 +0100 - -haproxy (1.5.10-1) experimental; urgency=medium - - * New upstream stable release including the following fixes: - - BUG/MAJOR: stream-int: properly check the memory allocation return - - BUG/MEDIUM: sample: fix random number upper-bound - - BUG/MEDIUM: patterns: previous fix was incomplete - - BUG/MEDIUM: payload: ensure that a request channel is available - - BUG/MEDIUM: tcp-check: don't rely on random memory contents - - BUG/MEDIUM: tcp-checks: disable quick-ack unless next rule is an expect - - BUG/MEDIUM: config: do not propagate processes between stopped - processes - - BUG/MEDIUM: memory: fix freeing logic in pool_gc2() - - BUG/MEDIUM: compression: correctly report zlib_mem - * Upload to experimental. - - -- Vincent Bernat Sun, 04 Jan 2015 13:17:56 +0100 - -haproxy (1.5.9-1) experimental; urgency=medium - - * New upstream stable release including the following fixes: - - BUG/MAJOR: sessions: unlink session from list on out - of memory - - BUG/MEDIUM: pattern: don't load more than once a pattern - list. - - BUG/MEDIUM: connection: sanitize PPv2 header length before - parsing address information - - BUG/MAJOR: frontend: initialize capture pointers earlier - - BUG/MEDIUM: checks: fix conflicts between agent checks and - ssl healthchecks - - BUG/MEDIUM: ssl: force a full GC in case of memory shortage - - BUG/MEDIUM: ssl: fix bad ssl context init can cause - segfault in case of OOM. - * Upload to experimental. - - -- Vincent Bernat Sun, 07 Dec 2014 16:37:36 +0100 - -haproxy (1.5.8-3) unstable; urgency=medium - - * Remove RC4 from the default cipher string shipped in configuration. - - -- Vincent Bernat Fri, 27 Feb 2015 11:29:23 +0100 - -haproxy (1.5.8-2) unstable; urgency=medium - - * Cherry-pick the following patches from 1.5.9 release: - - 8a0b93bde77e BUG/MAJOR: sessions: unlink session from list on out - of memory - - bae03eaad40a BUG/MEDIUM: pattern: don't load more than once a pattern - list. - - 93637b6e8503 BUG/MEDIUM: connection: sanitize PPv2 header length before - parsing address information - - 8ba50128832b BUG/MAJOR: frontend: initialize capture pointers earlier - - 1f96a87c4e14 BUG/MEDIUM: checks: fix conflicts between agent checks and - ssl healthchecks - - 9bcc01ae2598 BUG/MEDIUM: ssl: force a full GC in case of memory shortage - - 909514970089 BUG/MEDIUM: ssl: fix bad ssl context init can cause - segfault in case of OOM. - * Cherry-pick the following patches from future 1.5.10 release: - - 1e89acb6be9b BUG/MEDIUM: payload: ensure that a request channel is - available - - bad3c6f1b6d7 BUG/MEDIUM: patterns: previous fix was incomplete - - -- Vincent Bernat Sun, 07 Dec 2014 11:11:21 +0100 - -haproxy (1.5.8-1) unstable; urgency=medium - - * New upstream stable release including the following fixes: - - + BUG/MAJOR: buffer: check the space left is enough or not when input - data in a buffer is wrapped - + BUG/MINOR: ssl: correctly initialize ssl ctx for invalid certificates - + BUG/MEDIUM: tcp: don't use SO_ORIGINAL_DST on non-AF_INET sockets - + BUG/MEDIUM: regex: fix pcre_study error handling - + BUG/MEDIUM: tcp: fix outgoing polling based on proxy protocol - + BUG/MINOR: log: fix request flags when keep-alive is enabled - + BUG/MAJOR: cli: explicitly call cli_release_handler() upon error - + BUG/MEDIUM: http: don't dump debug headers on MSG_ERROR - * Also includes the following new features: - + MINOR: ssl: add statement to force some ssl options in global. - + MINOR: ssl: add fetchs 'ssl_c_der' and 'ssl_f_der' to return DER - formatted certs - * Disable SSLv3 in the default configuration file. - - -- Vincent Bernat Fri, 31 Oct 2014 13:48:19 +0100 - -haproxy (1.5.6-1) unstable; urgency=medium - - * New upstream stable release including the following fixes: - + BUG/MEDIUM: systemd: set KillMode to 'mixed' - + MINOR: systemd: Check configuration before start - + BUG/MEDIUM: config: avoid skipping disabled proxies - + BUG/MINOR: config: do not accept more track-sc than configured - + BUG/MEDIUM: backend: fix URI hash when a query string is present - * Drop systemd patches: - + haproxy.service-also-check-on-start.patch - + haproxy.service-set-killmode-to-mixed.patch - * Refresh other patches. - - -- Vincent Bernat Mon, 20 Oct 2014 18:10:21 +0200 - -haproxy (1.5.5-1) unstable; urgency=medium - - [ Vincent Bernat ] - * initscript: use start-stop-daemon to reliably terminate all haproxy - processes. Also treat stopping a non-running haproxy as success. - (Closes: #762608, LP: #1038139) - - [ Apollon Oikonomopoulos ] - * New upstream stable release including the following fixes: - + DOC: Address issue where documentation is excluded due to a gitignore - rule. - + MEDIUM: Improve signal handling in systemd wrapper. - + BUG/MINOR: config: don't propagate process binding for dynamic - use_backend - + MINOR: Also accept SIGHUP/SIGTERM in systemd-wrapper - + DOC: clearly state that the "show sess" output format is not fixed - + MINOR: stats: fix minor typo fix in stats_dump_errors_to_buffer() - + DOC: indicate in the doc that track-sc* can wait if data are missing - + MEDIUM: http: enable header manipulation for 101 responses - + BUG/MEDIUM: config: propagate frontend to backend process binding again. - + MEDIUM: config: properly propagate process binding between proxies - + MEDIUM: config: make the frontends automatically bind to the listeners' - processes - + MEDIUM: config: compute the exact bind-process before listener's - maxaccept - + MEDIUM: config: only warn if stats are attached to multi-process bind - directives - + MEDIUM: config: report it when tcp-request rules are misplaced - + MINOR: config: detect the case where a tcp-request content rule has no - inspect-delay - + MEDIUM: systemd-wrapper: support multiple executable versions and names - + BUG/MEDIUM: remove debugging code from systemd-wrapper - + BUG/MEDIUM: http: adjust close mode when switching to backend - + BUG/MINOR: config: don't propagate process binding on fatal errors. - + BUG/MEDIUM: check: rule-less tcp-check must detect connect failures - + BUG/MINOR: tcp-check: report the correct failed step in the status - + DOC: indicate that weight zero is reported as DRAIN - * Add a new patch (haproxy.service-set-killmode-to-mixed.patch) to fix the - systemctl stop action conflicting with the systemd wrapper now catching - SIGTERM. - * Bump standards to 3.9.6; no changes needed. - * haproxy-doc: link to tracker.debian.org instead of packages.qa.debian.org. - * d/copyright: move debian/dconv/* paragraph after debian/*, so that it - actually matches the files it is supposed to. - - -- Apollon Oikonomopoulos Wed, 08 Oct 2014 12:34:53 +0300 - -haproxy (1.5.4-1) unstable; urgency=high - - * New upstream version. - + Fix a critical bug that, under certain unlikely conditions, allows a - client to crash haproxy. - * Prefix rsyslog configuration file to ensure to log only to - /var/log/haproxy. Thanks to Paul Bourke for the patch. - - -- Vincent Bernat Tue, 02 Sep 2014 19:14:38 +0200 - -haproxy (1.5.3-1) unstable; urgency=medium - - * New upstream stable release, fixing the following issues: - + Memory corruption when building a proxy protocol v2 header - + Memory leak in SSL DHE key exchange - - -- Apollon Oikonomopoulos Fri, 25 Jul 2014 10:41:36 +0300 - -haproxy (1.5.2-1) unstable; urgency=medium - - * New upstream stable release. Important fixes: - + A few sample fetch functions when combined in certain ways would return - malformed results, possibly crashing the HAProxy process. - + Hash-based load balancing and http-send-name-header would fail for - requests which contain a body which starts to be forwarded before the - data is used. - - -- Apollon Oikonomopoulos Mon, 14 Jul 2014 00:42:32 +0300 - -haproxy (1.5.1-1) unstable; urgency=medium - - * New upstream stable release: - + Fix a file descriptor leak for clients that disappear before connecting. - + Do not staple expired OCSP responses. - - -- Apollon Oikonomopoulos Tue, 24 Jun 2014 12:56:30 +0300 - -haproxy (1.5.0-1) unstable; urgency=medium - - * New upstream stable series. Notable changes since the 1.4 series: - + Native SSL support on both sides with SNI/NPN/ALPN and OCSP stapling. - + IPv6 and UNIX sockets are supported everywhere - + End-to-end HTTP keep-alive for better support of NTLM and improved - efficiency in static farms - + HTTP/1.1 response compression (deflate, gzip) to save bandwidth - + PROXY protocol versions 1 and 2 on both sides - + Data sampling on everything in request or response, including payload - + ACLs can use any matching method with any input sample - + Maps and dynamic ACLs updatable from the CLI - + Stick-tables support counters to track activity on any input sample - + Custom format for logs, unique-id, header rewriting, and redirects - + Improved health checks (SSL, scripted TCP, check agent, ...) - + Much more scalable configuration supports hundreds of thousands of - backends and certificates without sweating - - * Upload to unstable, merge all 1.5 work from experimental. Most important - packaging changes since 1.4.25-1 include: - + systemd support. - + A more sane default config file. - + Zero-downtime upgrades between 1.5 releases by gracefully reloading - HAProxy during upgrades. - + HTML documentation shipped in the haproxy-doc package. - + kqueue support for kfreebsd. - - * Packaging changes since 1.5~dev26-2: - + Drop patches merged upstream: - o Fix-reference-location-in-manpage.patch - o 0001-BUILD-stats-workaround-stupid-and-bogus-Werror-forma.patch - + d/watch: look for stable 1.5 releases - + systemd: respect CONFIG and EXTRAOPTS when specified in - /etc/default/haproxy. - + initscript: test the configuration before start or reload. - + initscript: remove the ENABLED flag and logic. - - -- Apollon Oikonomopoulos Fri, 20 Jun 2014 11:05:17 +0300 - -haproxy (1.5~dev26-2) experimental; urgency=medium - - * initscript: start should not fail when haproxy is already running - + Fixes upgrades from post-1.5~dev24-1 installations - - -- Apollon Oikonomopoulos Wed, 04 Jun 2014 13:20:39 +0300 - -haproxy (1.5~dev26-1) experimental; urgency=medium - - * New upstream development version. - + Add a patch to fix compilation with -Werror=format-security - - -- Vincent Bernat Wed, 28 May 2014 20:32:10 +0200 - -haproxy (1.5~dev25-1) experimental; urgency=medium - - [ Vincent Bernat ] - * New upstream development version. - * Rename "contimeout", "clitimeout" and "srvtimeout" in the default - configuration file to "timeout connection", "timeout client" and - "timeout server". - - [ Apollon Oikonomopoulos ] - * Build on kfreebsd using the "freebsd" target; enables kqueue support. - - -- Vincent Bernat Thu, 15 May 2014 00:20:11 +0200 - -haproxy (1.5~dev24-2) experimental; urgency=medium - - * New binary package: haproxy-doc - + Contains the HTML documentation built using a version of Cyril Bonté's - haproxy-dconv (https://github.com/cbonte/haproxy-dconv). - + Add Build-Depends-Indep on python and python-mako - + haproxy Suggests: haproxy-doc - * systemd: check config file for validity on reload. - * haproxy.cfg: - + Enable the stats socket by default and bind it to - /run/haproxy/admin.sock, which is accessible by the haproxy group. - /run/haproxy creation is handled by the initscript for sysv-rc and a - tmpfiles.d config for systemd. - + Set the default locations for CA and server certificates to - /etc/ssl/certs and /etc/ssl/private respectively. - + Set the default cipher list to be used on listening SSL sockets to - enable PFS, preferring ECDHE ciphers by default. - * Gracefully reload HAProxy on upgrade instead of performing a full restart. - * debian/rules: split build into binary-arch and binary-indep. - * Build-depend on debhelper >= 9, set compat to 9. - - -- Apollon Oikonomopoulos Sun, 27 Apr 2014 13:37:17 +0300 - -haproxy (1.5~dev24-1) experimental; urgency=medium - - * New upstream development version, fixes major regressions introduced in - 1.5~dev23: - - + Forwarding of a message body (request or response) would automatically - stop after the transfer timeout strikes, and with no error. - + Redirects failed to update the msg->next offset after consuming the - request, so if they were made with keep-alive enabled and starting with - a slash (relative location), then the buffer was shifted by a negative - amount of data, causing a crash. - + The code to standardize DH parameters caused an important performance - regression for, so it was temporarily reverted for the time needed to - understand the cause and to fix it. - - For a complete release announcement, including other bugfixes and feature - enhancements, see http://deb.li/yBVA. - - -- Apollon Oikonomopoulos Sun, 27 Apr 2014 11:09:37 +0300 - -haproxy (1.5~dev23-1) experimental; urgency=medium - - * New upstream development version; notable changes since 1.5~dev22: - + SSL record size optimizations to speed up both, small and large - transfers. - + Dynamic backend name support in use_backend. - + Compressed chunked transfer encoding support. - + Dynamic ACL manipulation via the CLI. - + New "language" converter for extracting language preferences from - Accept-Language headers. - * Remove halog source and systemd unit files from - /usr/share/doc/haproxy/contrib, they are built and shipped in their - appropriate locations since 1.5~dev19-2. - - -- Apollon Oikonomopoulos Wed, 23 Apr 2014 11:12:34 +0300 - -haproxy (1.5~dev22-1) experimental; urgency=medium - - * New upstream development version - * watch: use the source page and not the main one - - -- Apollon Oikonomopoulos Mon, 03 Feb 2014 17:45:51 +0200 - -haproxy (1.5~dev21+20140118-1) experimental; urgency=medium - - * New upstream development snapshot, with the following fixes since - 1.5-dev21: - + 00b0fb9 BUG/MAJOR: ssl: fix breakage caused by recent fix abf08d9 - + 410f810 BUG/MEDIUM: map: segmentation fault with the stats's socket - command "set map ..." - + abf08d9 BUG/MAJOR: connection: fix mismatch between rcv_buf's API and - usage - + 35249cb BUG/MINOR: pattern: pattern comparison executed twice - + c920096 BUG/MINOR: http: don't clear the SI_FL_DONT_WAKE flag between - requests - + b800623 BUG/MEDIUM: stats: fix HTTP/1.0 breakage introduced in previous - patch - + 61f7f0a BUG/MINOR: stream-int: do not clear the owner upon unregister - + 983eb31 BUG/MINOR: channel: CHN_INFINITE_FORWARD must be unsigned - + a3ae932 BUG/MEDIUM: stats: the web interface must check the tracked - servers before enabling - + e24d963 BUG/MEDIUM: checks: unchecked servers could not be enabled - anymore - + 7257550 BUG/MINOR: http: always disable compression on HTTP/1.0 - + 9f708ab BUG/MINOR: checks: successful check completion must not - re-enable MAINT servers - + ff605db BUG/MEDIUM: backend: do not re-initialize the connection's - context upon reuse - + ea90063 BUG/MEDIUM: stream-int: fix the keep-alive idle connection - handler - * Update debian/copyright to reflect the license of ebtree/ - (closes: #732614) - * Synchronize debian/copyright with source - * Add Documentation field to the systemd unit file - - -- Apollon Oikonomopoulos Mon, 20 Jan 2014 10:07:34 +0200 - -haproxy (1.5~dev21-1) experimental; urgency=low - - [ Prach Pongpanich ] - * Bump Standards-Version to 3.9.5 - - [ Thomas Bechtold ] - * debian/control: Add haproxy-dbg binary package for debug symbols. - - [ Apollon Oikonomopoulos ] - * New upstream development version. - * Require syslog to be operational before starting. Closes: #726323. - - -- Vincent Bernat Tue, 17 Dec 2013 01:38:04 +0700 - -haproxy (1.5~dev19-2) experimental; urgency=low - - [ Vincent Bernat ] - * Really enable systemd support by using dh-systemd helper. - * Don't use -L/usr/lib and rely on default search path. Closes: #722777. - - [ Apollon Oikonomopoulos ] - * Ship halog. - - -- Vincent Bernat Thu, 12 Sep 2013 21:58:05 +0200 - -haproxy (1.5~dev19-1) experimental; urgency=high - - [ Vincent Bernat ] - * New upstream version. - + CVE-2013-2175: fix a possible crash when using negative header - occurrences. - + Drop 0002-Fix-typo-in-src-haproxy.patch: applied upstream. - * Enable gzip compression feature. - - [ Prach Pongpanich ] - * Drop bashism patch. It seems useless to maintain a patch to convert - example scripts from /bin/bash to /bin/sh. - * Fix reload/restart action of init script (LP: #1187469) - - -- Vincent Bernat Mon, 17 Jun 2013 22:03:58 +0200 - -haproxy (1.5~dev18-1) experimental; urgency=low - - [ Apollon Oikonomopoulos ] - * New upstream development version - - [ Vincent Bernat ] - * Add support for systemd. Currently, /etc/default/haproxy is not used - when using systemd. - - -- Vincent Bernat Sun, 26 May 2013 12:33:00 +0200 - -haproxy (1.4.25-1) unstable; urgency=medium - - [ Prach Pongpanich ] - * New upstream version. - * Update watch file to use the source page. - * Bump Standards-Version to 3.9.5. - - [ Thomas Bechtold ] - * debian/control: Add haproxy-dbg binary package for debug symbols. - - [ Apollon Oikonomopoulos ] - * Require syslog to be operational before starting. Closes: #726323. - * Document how to bind non-local IPv6 addresses. - * Add a reference to configuration.txt.gz to the manpage. - * debian/copyright: synchronize with source. - - -- Prach Pongpanich Fri, 28 Mar 2014 09:35:09 +0700 - -haproxy (1.4.24-2) unstable; urgency=low - - [ Apollon Oikonomopoulos ] - * Ship contrib/halog as /usr/bin/halog. - - [ Vincent Bernat ] - * Don't use -L/usr/lib and rely on default search path. Closes: #722777. - - -- Vincent Bernat Sun, 15 Sep 2013 14:36:27 +0200 - -haproxy (1.4.24-1) unstable; urgency=high - - [ Vincent Bernat ] - * New upstream version. - + CVE-2013-2175: fix a possible crash when using negative header - occurrences. - - [ Prach Pongpanich ] - * Drop bashism patch. It seems useless to maintain a patch to convert - example scripts from /bin/bash to /bin/sh. - * Fix reload/restart action of init script (LP: #1187469). - - -- Vincent Bernat Mon, 17 Jun 2013 21:56:26 +0200 - -haproxy (1.4.23-1) unstable; urgency=low - - [ Apollon Oikonomopoulos ] - * New upstream version (Closes: #643650, #678953) - + This fixes CVE-2012-2942 (Closes: #674447) - + This fixes CVE-2013-1912 (Closes: #704611) - * Ship vim addon as vim-haproxy (Closes: #702893) - * Check for the configuration file after sourcing /etc/default/haproxy - (Closes: #641762) - * Use /dev/log for logging by default (Closes: #649085) - - [ Vincent Bernat ] - * debian/control: - + add Vcs-* fields - + switch maintenance to Debian HAProxy team. (Closes: #706890) - + drop dependency to quilt: 3.0 (quilt) format is in use. - * debian/rules: - + don't explicitly call dh_installchangelog. - + use dh_installdirs to install directories. - + use dh_install to install error and configuration files. - + switch to `linux2628` Makefile target for Linux. - * debian/postrm: - + remove haproxy user and group on purge. - * Ship a more minimal haproxy.cfg file: no `listen` blocks but `global` - and `defaults` block with appropriate configuration to use chroot and - logging in the expected way. - - [ Prach Pongpanich ] - * debian/copyright: - + add missing copyright holders - + update years of copyright - * debian/rules: - + build with -Wl,--as-needed to get rid of unnecessary depends - * Remove useless files in debian/haproxy.{docs,examples} - * Update debian/watch file, thanks to Bart Martens - - -- Vincent Bernat Mon, 06 May 2013 20:02:14 +0200 - -haproxy (1.4.15-1) unstable; urgency=low - - * New upstream release with critical bug fix (Closes: #631351) - - -- Christo Buschek Thu, 14 Jul 2011 18:17:05 +0200 - -haproxy (1.4.13-1) unstable; urgency=low - - * New maintainer upload (Closes: #615246) - * New upstream release - * Standards-version goes 3.9.1 (no change) - * Added patch bashism (Closes: #581109) - * Added a README.source file. - - -- Christo Buschek Thu, 11 Mar 2011 12:41:59 +0000 - -haproxy (1.4.8-1) unstable; urgency=low - - * New upstream release. - - -- Arnaud Cornet Fri, 18 Jun 2010 00:42:53 +0100 - -haproxy (1.4.4-1) unstable; urgency=low - - * New upstream release - * Add splice and tproxy support - * Add regparm optimization on i386 - * Switch to dpkg-source 3.0 (quilt) format - - -- Arnaud Cornet Thu, 15 Apr 2010 20:00:34 +0100 - -haproxy (1.4.2-1) unstable; urgency=low - - * New upstream release - * Remove debian/patches/haproxy.1-hyphen.patch gone upstream - * Tighten quilt build dep (Closes: #567087) - * standards-version goes 3.8.4 (no change) - * Add $remote_fs to init.d script required start and stop - - -- Arnaud Cornet Sat, 27 Mar 2010 15:19:48 +0000 - -haproxy (1.3.22-1) unstable; urgency=low - - * New upstream bugfix release - - -- Arnaud Cornet Mon, 19 Oct 2009 22:31:45 +0100 - -haproxy (1.3.21-1) unstable; urgency=low - - [ Michael Shuler ] - * New Upstream Version (Closes: #538992) - * Added override for example shell scripts in docs (Closes: #530096) - * Added upstream changelog to docs - * Added debian/watch - * Updated debian/copyright format - * Added haproxy.1-hyphen.patch, to fix hyphen in man page - * Upgrade Standards-Version to 3.8.3 (no change needed) - * Upgrade debian/compat to 7 (no change needed) - - [ Arnaud Cornet ] - * New upstream version. - * Merge Michael's work, few changelog fixes - * Add debian/README.source to point to quilt doc - * Depend on debhelper >= 7.0.50~ and use overrides in debian/rules - - -- Arnaud Cornet Sun, 18 Oct 2009 14:01:29 +0200 - -haproxy (1.3.18-1) unstable; urgency=low - - * New Upstream Version (Closes: #534583). - * Add contrib directory in docs - - -- Arnaud Cornet Fri, 26 Jun 2009 00:11:01 +0200 - -haproxy (1.3.15.7-2) unstable; urgency=low - - * Fix build without debian/patches directory (Closes: #515682) using - /usr/share/quilt/quilt.make. - - -- Arnaud Cornet Tue, 17 Feb 2009 08:55:12 +0100 - -haproxy (1.3.15.7-1) unstable; urgency=low - - * New Upstream Version. - * Remove upstream patches: - -use_backend-consider-unless.patch - -segfault-url_param+check_post.patch - -server-timeout.patch - -closed-fd-remove.patch - -connection-slot-during-retry.patch - -srv_dynamic_maxconn.patch - -do-not-pause-backends-on-reload.patch - -acl-in-default.patch - -cookie-capture-check.patch - -dead-servers-queue.patch - - -- Arnaud Cornet Mon, 16 Feb 2009 11:20:21 +0100 - -haproxy (1.3.15.2-2~lenny1) testing-proposed-updates; urgency=low - - * Rebuild for lenny to circumvent pcre3 shlibs bump. - - -- Arnaud Cornet Wed, 14 Jan 2009 11:28:36 +0100 - -haproxy (1.3.15.2-2) unstable; urgency=low - - * Add stable branch bug fixes from upstream (Closes: #510185). - - use_backend-consider-unless.patch: consider "unless" in use_backend - - segfault-url_param+check_post.patch: fix segfault with url_param + - check_post - - server-timeout.patch: consider server timeout in all circumstances - - closed-fd-remove.patch: drop info about closed file descriptors - - connection-slot-during-retry.patch: do not release the connection slot - during a retry - - srv_dynamic_maxconn.patch: dynamic connection throttling api fix - - do-not-pause-backends-on-reload.patch: make reload reliable - - acl-in-default.patch: allow acl-related keywords in defaults sections - - cookie-capture-check.patch: cookie capture is declared in the frontend - but checked on the backend - - dead-servers-queue.patch: make dead servers not suck pending connections - * Add quilt build-dependancy. Use quilt in debian/rules to apply - patches. - - -- Arnaud Cornet Wed, 31 Dec 2008 08:50:21 +0100 - -haproxy (1.3.15.2-1) unstable; urgency=low - - * New Upstream Version (Closes: #497186). - - -- Arnaud Cornet Sat, 30 Aug 2008 18:06:31 +0200 - -haproxy (1.3.15.1-1) unstable; urgency=low - - * New Upstream Version - * Upgrade standards version to 3.8.0 (no change needed). - * Build with TARGET=linux26 on linux, TARGET=generic on other systems. - - -- Arnaud Cornet Fri, 20 Jun 2008 00:38:50 +0200 - -haproxy (1.3.14.5-1) unstable; urgency=low - - * New Upstream Version (Closes: #484221) - * Use debhelper 7, drop CDBS. - - -- Arnaud Cornet Wed, 04 Jun 2008 19:21:56 +0200 - -haproxy (1.3.14.3-1) unstable; urgency=low - - * New Upstream Version - * Add status argument support to init-script to conform to LSB. - * Cleanup pidfile after stop in init script. Init script return code fixups. - - -- Arnaud Cornet Sun, 09 Mar 2008 21:30:29 +0100 - -haproxy (1.3.14.2-3) unstable; urgency=low - - * Add init script support for nbproc > 1 in configuration. That is, - multiple haproxy processes. - * Use 'option redispatch' instead of redispatch in debian default - config. - - -- Arnaud Cornet Sun, 03 Feb 2008 18:22:28 +0100 - -haproxy (1.3.14.2-2) unstable; urgency=low - - * Fix init scripts's reload function to use -sf instead of -st (to wait for - active session to finish cleanly). Also support dash. Thanks to - Jean-Baptiste Quenot for noticing. - - -- Arnaud Cornet Thu, 24 Jan 2008 23:47:26 +0100 - -haproxy (1.3.14.2-1) unstable; urgency=low - - * New Upstream Version - * Simplify DEB_MAKE_INVOKE, as upstream now supports us overriding - CFLAGS. - * Move haproxy to usr/sbin. - - -- Arnaud Cornet Mon, 21 Jan 2008 22:42:51 +0100 - -haproxy (1.3.14.1-1) unstable; urgency=low - - * New upstream release. - * Drop dfsg list and hash code rewrite (merged upstream). - * Add a HAPROXY variable in init script. - * Drop makefile patch, fix debian/rules accordingly. Drop build-dependancy - on quilt. - * Manpage now upstream. Ship upstream's and drop ours. - - -- Arnaud Cornet Tue, 01 Jan 2008 22:50:09 +0100 - -haproxy (1.3.12.dfsg2-1) unstable; urgency=low - - * New upstream bugfix release. - * Use new Homepage tag. - * Bump standards-version (no change needed). - * Add build-depend on quilt and add patch to allow proper CFLAGS passing to - make. - - -- Arnaud Cornet Tue, 25 Dec 2007 21:52:59 +0100 - -haproxy (1.3.12.dfsg-1) unstable; urgency=low - - * Initial release (Closes: #416397). - * The DFSG removes files with GPL-incompabitle license and adds a - re-implementation by me. - - -- Arnaud Cornet Fri, 17 Aug 2007 09:33:41 +0200 diff --git a/haproxy/debian/control b/haproxy/debian/control deleted file mode 100644 index 3cf43c3..0000000 --- a/haproxy/debian/control +++ /dev/null @@ -1,25 +0,0 @@ -Source: haproxy -Section: net -Priority: optional -Maintainer: MangaDex -Uploaders: Tristan -Standards-Version: 4.4.1 -Build-Depends: debhelper-compat (= 12), - libjemalloc-dev, - pkgconf -Homepage: http://www.haproxy.org/ -Vcs-Git: https://gitlab.com/mangadex-pub/haproxy.git -Vcs-Browser: https://gitlab.com/mangadex-pub/haproxy - -Package: haproxy -Architecture: any -Depends: ${perl:Depends}, ${shlibs:Depends}, ${misc:Depends}, adduser, lsb-base (>= 3.0-6) -Pre-Depends: dpkg (>= 1.17.14), ${misc:Pre-Depends} -Description: fast and reliable load balancing reverse proxy - HAProxy is a TCP/HTTP reverse proxy which is particularly suited for high - availability environments. It features connection persistence through HTTP - cookies, load balancing, header addition, modification, deletion both ways. It - has request blocking capabilities and provides interface to display server - status. - This package specifically adds the AWS-LC fork of OpenSSL and enables QUIC - frontend support in HAProxy diff --git a/haproxy/debian/copyright b/haproxy/debian/copyright deleted file mode 100644 index 7eb0d9a..0000000 --- a/haproxy/debian/copyright +++ /dev/null @@ -1,941 +0,0 @@ -Format: https://www.debian.org/doc/packaging-manuals/copyright-format/1.0/ -Upstream-Name: haproxy -Upstream-Contact: Willy Tarreau -Source: http://www.haproxy.org/ - -Files: * -Copyright: Copyright 2000-2021 Willy Tarreau . -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: .github/matrix.py -Copyright: 2020, Tim Duesterhus - 2019, Ilya Shipitsin -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: addons/51degrees/dummy/* -Copyright: 51Degrees Mobile Experts Limited. / 2019, 51Degrees Mobile Experts Limited, 5 Charlotte Close -License: MPL-2.0 -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: addons/ot/* -Copyright: 2017, 2020, HAProxy Technologies -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: addons/promex/service-prometheus.c -Copyright: 2018, 2019, Christopher Faulet -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: addons/wurfl/dummy/* -Copyright: ScientiaMobile, Inc. -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: addons/wurfl/dummy/Makefile -Copyright: Copyright 2000-2021 Willy Tarreau . -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: admin/halog/fgets2.c -Copyright: 2000-2012, Willy Tarreau -License: LGPL-2.1 -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: admin/halog/halog.c -Copyright: 2000-2020, Willy Tarreau -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: admin/iprange/* -Copyright: 2000-2021, Willy Tarreau -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: admin/netsnmp-perl/* -Copyright: 2007-2010, Krzysztof Piotr Oledzki -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: admin/release-estimator/release-estimator.py -Copyright: 2020, HAProxy Technologies, Daniel Corbett -License: GPL-3+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: admin/wireshark-dissectors/peers/packet-happp.c -Copyright: 2016, Frédéric Lécaille - 1998, Gerald Combs -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: debian/* -Copyright: Copyright (C) 2007-2011, Arnaud Cornet - Copyright (C) 2011, Christo Buschek - Copyright (C) 2013, Prach Pongpanich - Copyright (C) 2013-2016, Apollon Oikonomopoulos - Copyright (C) 2013-2016, Vincent Bernat -License: GPL-2 - -Files: debian/dconv/* -Copyright: 2012, Cyril Bonté -License: Apache-2.0 -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: debian/dconv/js/* -Copyright: 2013-2015, Twitter, Inc. and other contributors; Licensed MIT -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: debian/dconv/js/typeahead.bundle.js -Copyright: Copyright 2013-2015 Twitter, Inc. and other contributors -License: Expat - -Files: dev/base64/* -Copyright: 2009, 2010, Krzysztof Piotr Oledzki -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: dev/tcploop/tcploop.c -Copyright: 2012-2017, Willy Tarreau -License: Expat -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: include/* -Copyright: 2000-2020, Willy Tarreau - w@1wt.eu -License: LGPL-2.1 - -Files: include/haproxy/api-t.h - include/haproxy/api.h - include/haproxy/buf-t.h - include/haproxy/buf.h - include/haproxy/bug.h - include/haproxy/initcall.h - include/haproxy/istbuf.h -Copyright: 2000-2020, Willy Tarreau - w@1wt.eu -License: Expat - -Files: include/haproxy/arg-t.h - include/haproxy/arg.h - include/haproxy/protobuf-t.h - include/haproxy/protobuf.h -Copyright: 2012, Willy Tarreau -License: LGPL-2.1 - -Files: include/haproxy/atomic.h - include/haproxy/thread-t.h - include/haproxy/thread.h -Copyright: 2020, Willy Tarreau - w@1wt.eu - 2017, Christopher Faulet - cfaulet@haproxy.com -License: LGPL-2.1 - -Files: include/haproxy/auth-t.h - include/haproxy/auth.h -Copyright: 2009, 2010, Krzysztof Piotr Oledzki -License: GPL-2+ - -Files: include/haproxy/base64.h - include/haproxy/signal-t.h - include/haproxy/signal.h - include/haproxy/uri_auth-t.h - include/haproxy/uri_auth.h -Copyright: 2000-2020, Willy Tarreau -License: GPL-2+ - -Files: include/haproxy/check-t.h -Copyright: 2008, 2009, Krzysztof Piotr Oledzki - 2000-2020, Willy Tarreau - w@1wt.eu -License: GPL-2+ - -Files: include/haproxy/compression-t.h -Copyright: 2012, Exceliance, David Du Colombier -License: LGPL-2.1 - -Files: include/haproxy/compression.h -Copyright: 2012, (C) Exceliance, David Du Colombier -License: LGPL-2.1 - -Files: include/haproxy/counters-t.h -Copyright: 2011-2014, Willy Tarreau - 2008, 2009, Krzysztof Piotr Oledzki -License: LGPL-2.1 - -Files: include/haproxy/dgram-t.h - include/haproxy/dgram.h - include/haproxy/dns-t.h - include/haproxy/fix-t.h - include/haproxy/fix.h - include/haproxy/mqtt-t.h - include/haproxy/mqtt.h - include/haproxy/resolvers-t.h - include/haproxy/resolvers.h -Copyright: 2014, 2020, Baptiste Assmann -License: LGPL-2.1 - -Files: include/haproxy/dict-t.h - include/haproxy/dict.h -Copyright: 2019, Frédéric Lécaille -License: Expat - -Files: include/haproxy/dns.h -Copyright: 2020, HAProxy Technologies -License: LGPL-2.1 - -Files: include/haproxy/extcheck.h -Copyright: 2014, Horms Solutions Ltd, Simon Horman - 2000-2009, 2020, Willy Tarreau -License: LGPL-2.1 - -Files: include/haproxy/fcgi-app-t.h - include/haproxy/fcgi-app.h - include/haproxy/fcgi.h - include/haproxy/h1_htx.h - include/haproxy/http_htx-t.h - include/haproxy/http_htx.h - include/haproxy/htx-t.h - include/haproxy/htx.h - include/haproxy/spoe-t.h - include/haproxy/spoe.h -Copyright: 2017-2019, HAProxy Technologies, Christopher Faulet -License: LGPL-2.1 - -Files: include/haproxy/filters-t.h - include/haproxy/filters.h - include/haproxy/flt_http_comp.h -Copyright: 2015, Qualys Inc., Christopher Faulet -License: LGPL-2.1 - -Files: include/haproxy/h2.h -Copyright: 2017, HAProxy Technologies - 2000-2017, Willy Tarreau - w@1wt.eu -License: Expat - -Files: include/haproxy/hlua-t.h - include/haproxy/hlua.h - include/haproxy/hlua_fcn.h -Copyright: 2015, 2016, Thierry Fournier -License: LGPL-2.1 - -Files: include/haproxy/hpack-dec.h - include/haproxy/hpack-enc.h - include/haproxy/hpack-huff.h - include/haproxy/hpack-tbl-t.h - include/haproxy/hpack-tbl.h - include/haproxy/http-hdr-t.h - include/haproxy/http-hdr.h -Copyright: 2017, HAProxy Technologies - 2014-2020, Willy Tarreau -License: Expat - -Files: include/haproxy/mailers-t.h -Copyright: 2015, Horms Solutions Ltd., Simon Horman - 2010, EXCELIANCE, Emeric Brun -License: LGPL-2.1 - -Files: include/haproxy/mailers.h -Copyright: 2020, Willy Tarreau - 2015, Horms Solutions Ltd., Simon Horman - 2010, EXCELIANCE, Emeric Brun -License: LGPL-2.1 - -Files: include/haproxy/mworker-t.h - include/haproxy/mworker.h -Copyright: HAProxy Technologies 2019, - William Lallemand -License: GPL-2+ - -Files: include/haproxy/namespace-t.h - include/haproxy/namespace.h -Copyright: 2015-2020, Willy Tarreau - 2014, Tamas Kovacs, Sarkozi Laszlo, Krisztian Kovacs -License: LGPL-2.1 - -Files: include/haproxy/net_helper.h -Copyright: 2017-2020, Willy Tarreau - 2017, Olivier Houchard -License: Expat - -Files: include/haproxy/openssl-compat.h -Copyright: Copyright 2000-2013 Willy Tarreau - w@1wt.eu -License: LGPL-2.1 - -Files: include/haproxy/peers-t.h - include/haproxy/peers.h - include/haproxy/ssl_sock-t.h - include/haproxy/ssl_sock.h -Copyright: 2010, 2012, EXCELIANCE, Emeric Brun -License: LGPL-2.1 - -Files: include/haproxy/proto_quic.h - include/haproxy/quic_sock.h -Copyright: 2020, Frédéric Lécaille -License: LGPL-2.1 - -Files: include/haproxy/proto_sockpair.h -Copyright: HAProxy Technologies - William Lallemand -License: LGPL-2.1 - -Files: include/haproxy/proto_udp.h - include/haproxy/quic_cc-t.h - include/haproxy/quic_cc.h - include/haproxy/quic_frame-t.h - include/haproxy/quic_frame.h - include/haproxy/quic_loss-t.h - include/haproxy/quic_loss.h - include/haproxy/xprt_quic-t.h - include/haproxy/xprt_quic.h -Copyright: 2019, 2020, HAProxy Technologies, Frédéric Lécaille -License: LGPL-2.1 - -Files: include/haproxy/qpack-tbl-t.h -Copyright: 2020, HAProxy Technologies, Frédéric Lécaille -License: Expat - -Files: include/haproxy/quic_tls-t.h - include/haproxy/quic_tls.h -Copyright: 2019, 2020, HAProxy Technologies, Frédéric Lécaille -License: GPL-2+ - -Files: include/haproxy/sample-t.h - include/haproxy/sample.h - include/haproxy/sample_data-t.h - include/haproxy/stick_table-t.h - include/haproxy/stick_table.h -Copyright: 2010, 2012, 2013, 2020, Willy Tarreau - 2009, 2010, EXCELIANCE, Emeric Brun -License: LGPL-2.1 - -Files: include/haproxy/shctx-t.h - include/haproxy/shctx.h -Copyright: 2011, 2012, EXCELIANCE -License: GPL-2+ - -Files: include/haproxy/ssl_ckch-t.h - include/haproxy/ssl_ckch.h - include/haproxy/ssl_crtlist-t.h - include/haproxy/ssl_crtlist.h -Copyright: 2020, HAProxy Technologies, William Lallemand -License: LGPL-2.1 - -Files: include/haproxy/ssl_utils.h -Copyright: 2020, HAProxy Technologies, William Lallemand - 2012, EXCELIANCE, Emeric Brun -License: LGPL-2.1 - -Files: include/haproxy/tcpcheck-t.h -Copyright: 2020, Gaetan Rivet - 2020, Christopher Faulet - 2013, Baptiste Assmann - 2007-2010, Krzysztof Piotr Oledzki - 2000-2009, 2020, Willy Tarreau -License: GPL-2+ - -Files: include/haproxy/tcpcheck.h -Copyright: 2020, Gaetan Rivet - 2020, Christopher Faulet - 2013, Baptiste Assmann - 2007-2010, Krzysztof Piotr Oledzki - 2000-2009, 2020, Willy Tarreau -License: LGPL-2.1 - -Files: include/haproxy/uri_normalizer-t.h - include/haproxy/uri_normalizer.h -Copyright: 2021, Tim Duesterhus -License: GPL-2+ - -Files: include/haproxy/vars-t.h - include/haproxy/vars.h -Copyright: 2015, Thierry FOURNIER -License: LGPL-2.1 - -Files: include/haproxy/xref-t.h - include/haproxy/xref.h -Copyright: 2020, Willy Tarreau - w@1wt.eu - 2017, Thierry Fournier -License: Expat - -Files: include/import/* -Copyright: 2002-2011, - Willy Tarreau -License: LGPL-2.1 - -Files: include/import/atomic-ops.h -Copyright: Copyright 2000-2013 Willy Tarreau - w@1wt.eu -License: LGPL-2.1 - -Files: include/import/eb32sctree.h -Copyright: 2002-2017, - Willy Tarreau -License: LGPL-2.1 - -Files: include/import/ist.h -Copyright: 2000-2020, Willy Tarreau - w@1wt.eu -License: Expat - -Files: include/import/lru.h - include/import/plock.h - include/import/slz.h -Copyright: 2012-2017, Willy Tarreau -License: Expat - -Files: include/import/mjson.h -Copyright: 2018-2020, Cesanta Software Limited -License: Expat - -Files: include/import/sha1.h -Copyright: 2009-2015, Linus Torvalds and others. -License: LGPL-2.1 - -Files: include/import/xxhash.h -Copyright: 2012-2020, Yann Collet -License: BSD-2-clause - -Files: src/* -Copyright: 2000-2020, Willy Tarreau -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/action.c - src/fcgi-app.c - src/flt_spoe.c - src/h1_htx.c - src/http_ana.c - src/http_htx.c - src/htx.c - src/mux_fcgi.c - src/server_state.c -Copyright: 2016-2019, 2021, HAProxy Technologies, Christopher Faulet -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/auth.c -Copyright: 2009, 2010, Krzysztof Piotr Oledzki -License: GPL-2+ - -Files: src/base64.c - src/server.c - src/stats.c -Copyright: 2007-2010, Krzysztof Piotr Oledzki - 2000-2012, Willy Tarreau -License: GPL-2+ - -Files: src/cache.c -Copyright: 2017, 2020, HAProxy Technologies -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/cfgparse-global.c - src/cfgparse-listen.c - src/dict.c - src/namespace.c - src/vars.c - src/version.c -Copyright: Copyright 2000-2015 Willy Tarreau . -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/cfgparse-ssl.c - src/ssl_sample.c - src/ssl_utils.c -Copyright: 2020, HAProxy Technologies, William Lallemand - 2012, EXCELIANCE, Emeric Brun -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/check.c - src/cli.c -Copyright: 2007-2010, Krzysztof Piotr Oledzki - 2000-2012, Willy Tarreau -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/compression.c -Copyright: 2012, Exceliance, David Du Colombier -License: GPL-2+ - -Files: src/debug.c - src/haproxy.c - src/wdt.c -Copyright: 2000-2021, Willy Tarreau . -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/dgram.c - src/fix.c - src/mqtt.c - src/resolvers.c -Copyright: 2014, 2020, Baptiste Assmann -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/dns.c -Copyright: 2017, 2020, HAProxy Technologies -License: GPL-2+ - -Files: src/eb32sctree.c - src/eb32tree.c - src/eb64tree.c - src/ebimtree.c - src/ebistree.c - src/ebmbtree.c - src/ebpttree.c - src/ebsttree.c - src/ebtree.c -Copyright: 2002-2011, - Willy Tarreau -License: LGPL-2.1 -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/ev_evports.c -Copyright: 2018, Joyent, Inc. -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/extcheck.c -Copyright: 2014, Horms Solutions Ltd, Simon Horman - 2000-2009, 2020, Willy Tarreau -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/fcgi.c -Copyright: 2019, HAProxy Technologies, Christopher Faulet -License: Expat -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/filters.c - src/flt_http_comp.c - src/flt_trace.c -Copyright: 2015, Qualys Inc., Christopher Faulet -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/h2.c -Copyright: 2017, Willy Tarreau - 2017, HAProxy Technologies -License: Expat -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/hlua.c - src/hlua_fcn.c -Copyright: 2015, 2016, Thierry Fournier -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/hpack-dec.c - src/hpack-enc.c - src/hpack-huff.c - src/hpack-tbl.c -Copyright: 2017, HAProxy Technologies - 2014-2020, Willy Tarreau -License: Expat -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/lru.c -Copyright: 2012-2017, Willy Tarreau -License: Expat - -Files: src/mailers.c -Copyright: 2020, Willy Tarreau - 2015, Horms Solutions Ltd, Simon Horman -License: GPL-2+ - -Files: src/mjson.c -Copyright: 2018-2020, Cesanta Software Limited -License: Expat -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/mux_h1.c -Copyright: 2018, 2019, Christopher Faulet -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/mworker-prog.c - src/proto_sockpair.c -Copyright: HAProxy Technologies - William Lallemand -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/mworker.c -Copyright: HAProxy Technologies 2019, - William Lallemand -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/peers.c - src/ssl_sock.c -Copyright: 2010, 2012, EXCELIANCE, Emeric Brun -License: GPL-2+ - -Files: src/proto_quic.c -Copyright: 2020, Frédéric Lécaille -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/proto_udp.c - src/quic_frame.c - src/quic_sock.c - src/xprt_quic.c -Copyright: 2019, 2020, HAProxy Technologies, Frédéric Lécaille -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/proto_uxdg.c -Copyright: 2020, HAProxy Technologies, Emeric Brun -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/qpack-tbl.c -Copyright: 2020, HAProxy Technologies, Frédéric Lécaille -License: Expat -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/quic_cc.c - src/quic_cc_newreno.c -Copyright: 2019, 2020, HAProxy Technologies, Frédéric Lécaille -License: LGPL-2.1 -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/ring.c - src/sink.c - src/trace.c -Copyright: 2000-2020, Willy Tarreau - w@1wt.eu -License: LGPL-2.1 -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/sample.c - src/stick_table.c -Copyright: 2010, 2012, Willy Tarreau - 2009, 2010, EXCELIANCE, Emeric Brun -License: GPL-2+ - -Files: src/sha1.c -Copyright: 2009-2015, Linus Torvalds and others. -License: LGPL-2.1 -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/shctx.c -Copyright: 2011, 2012, EXCELIANCE -License: GPL-2+ - -Files: src/slz.c -Copyright: 2012-2017, Willy Tarreau -License: Expat -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/ssl_ckch.c - src/ssl_crtlist.c -Copyright: 2020, HAProxy Technologies, William Lallemand -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/tcpcheck.c -Copyright: 2020, Gaetan Rivet - 2020, Christopher Faulet - 2013, Baptiste Assmann - 2007-2010, Krzysztof Piotr Oledzki - 2000-2009, 2020, Willy Tarreau -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/thread.c -Copyright: 2017, Christopher Fauet - cfaulet@haproxy.com -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/uri_normalizer.c -Copyright: 2021, Tim Duesterhus -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: src/xprt_handshake.c -Copyright: 2019, HAProxy Technologies, Olivier Houchard -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -Files: tests/exp/filltab25.c -Copyright: 2007, willy tarreau. -License: GPL-2+ -Comment: - An OpenSSL exception is present in the LICENSE file: "This program is - released under the GPL with the additional exemption that compiling, - linking, and/or using OpenSSL is allowed." - -License: Apache-2.0 - Licensed under the Apache License, Version 2.0 (the "License"); - you may not use this file except in compliance with the License. - You may obtain a copy of the License at - . - http://www.apache.org/licenses/LICENSE-2.0 - . - Unless required by applicable law or agreed to in writing, software - distributed under the License is distributed on an "AS IS" BASIS, - WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. - See the License for the specific language governing permissions and - limitations under the License. - . - On Debian systems, the full text of the Apache License version 2.0 can be - found in the file `/usr/share/common-licenses/Apache-2.0'. - -License: BSD-2-clause - Redistribution and use in source and binary forms, with or without - modification, are permitted provided that the following conditions are - met: - . - * Redistributions of source code must retain the above copyright - notice, this list of conditions and the following disclaimer. - * Redistributions in binary form must reproduce the above - copyright notice, this list of conditions and the following disclaimer - in the documentation and/or other materials provided with the - distribution. - . - THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS - "AS IS" AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT - LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR - A PARTICULAR PURPOSE ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT - OWNER OR CONTRIBUTORS BE LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, - SPECIAL, EXEMPLARY, OR CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT - LIMITED TO, PROCUREMENT OF SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, - DATA, OR PROFITS; OR BUSINESS INTERRUPTION) HOWEVER CAUSED AND ON ANY - THEORY OF LIABILITY, WHETHER IN CONTRACT, STRICT LIABILITY, OR TORT - (INCLUDING NEGLIGENCE OR OTHERWISE) ARISING IN ANY WAY OUT OF THE USE - OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF SUCH DAMAGE. - -License: Expat - Permission is hereby granted, free of charge, to any person obtaining - a copy of this software and associated documentation files (the - "Software"), to deal in the Software without restriction, including - without limitation the rights to use, copy, modify, merge, publish, - distribute, sublicense, and/or sell copies of the Software, and to - permit persons to whom the Software is furnished to do so, subject to - the following conditions: - . - The above copyright notice and this permission notice shall be - included in all copies or substantial portions of the Software. - . - THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, - EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF - MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND - NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE - LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION - OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION - WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. - -License: GPL-2 - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License version 2 as - published by the Free Software Foundation. - . - On Debian systems, the complete text of the GNU General Public License, version - 2, can be found in /usr/share/common-licenses/GPL-2. - -License: GPL-2+ - This program is free software; you can redistribute it - and/or modify it under the terms of the GNU General Public - License as published by the Free Software Foundation; either - version 2 of the License, or (at your option) any later - version. - . - This program is distributed in the hope that it will be - useful, but WITHOUT ANY WARRANTY; without even the implied - warranty of MERCHANTABILITY or FITNESS FOR A PARTICULAR - PURPOSE. See the GNU General Public License for more - details. - . - You should have received a copy of the GNU General Public - License along with this package; if not, write to the Free - Software Foundation, Inc., 51 Franklin St, Fifth Floor, - Boston, MA 02110-1301 USA - . - On Debian systems, the full text of the GNU General Public - License version 2 can be found in the file - `/usr/share/common-licenses/GPL-2'. - -License: GPL-3+ - This software is Copyright (c) 2020 by X. Ample. - . - This is free software, licensed under: - . - The GNU General Public License, Version 3, June 2007 - . - This program is free software; you can redistribute it and/or modify - it under the terms of the GNU General Public License as published by - the Free Software Foundation; version 3 dated June, 2007, or (at - your option) any later version. - On Debian systems, the complete text of version 3 of the GNU General - Public License can be found in '/usr/share/common-licenses/GPL-3'. - -License: LGPL-2.1 - This library is free software; you can redistribute it and/or - modify it under the terms of the GNU Lesser General Public - License as published by the Free Software Foundation; either - version 2.1 of the License, or (at your option) any later version. - . - This library is distributed in the hope that it will be useful, - but WITHOUT ANY WARRANTY; without even the implied warranty of - MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the GNU - Lesser General Public License for more details. - . - You should have received a copy of the GNU Lesser General Public - License along with this library; if not, write to the Free Software - Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02110-1301 USA - . - On Debian systems, the complete text of the GNU Lesser General Public License, - version 2.1, can be found in /usr/share/common-licenses/LGPL-2.1. - -License: MPL-2.0 - This software is Copyright (c) 2020 by X. Ample. - . - This is free software, licensed under: - . - Mozilla Public License Version 2.0 - . - This Source Code Form is subject to the terms of the Mozilla Public - License, v. 2.0. - On Debian systems, the complete text of Mozilla Public License v 2.0 - can be found in '/usr/share/common-licenses/MPL-2.0'. diff --git a/haproxy/debian/haproxy.README.Debian b/haproxy/debian/haproxy.README.Debian deleted file mode 100644 index 6e3e3ab..0000000 --- a/haproxy/debian/haproxy.README.Debian +++ /dev/null @@ -1,29 +0,0 @@ -Syslog support --------------- -Upstream recommends using syslog over UDP to log from HAProxy processes, as -this allows seamless logging from chroot'ed processes without access to -/dev/log. However, many syslog implementations do not enable UDP syslog by -default. - -The default HAProxy configuration in Debian uses /dev/log for logging and -ships an rsyslog snippet that creates /dev/log in HAProxy's chroot and logs all -HAProxy messages to /var/log/haproxy.log. To take advantage of this, you must -restart rsyslog after installing this package. For other syslog daemons you -will have to take manual measures to enable UDP logging or create /dev/log -under HAProxy's chroot: -a. For sysklogd, add SYSLOG="-a /var/lib/haproxy/dev/log" to - /etc/default/syslog. -b. For inetutils-syslogd, add SYSLOGD_OPTS="-a /var/lib/haproxy/dev/log" to - /etc/default/inetutils-syslogd. - -Prometheus exporter -------------------- -HAProxy is shipped with a builtin Prometheus exporter. To enable it, -you need to configure the Prometheus endpoint: - - frontend stats - bind *:8404 - http-request use-service prometheus-exporter if { path /metrics } - stats enable - stats uri /stats - stats refresh 10s diff --git a/haproxy/debian/haproxy.dirs b/haproxy/debian/haproxy.dirs deleted file mode 100644 index b2e3c52..0000000 --- a/haproxy/debian/haproxy.dirs +++ /dev/null @@ -1,4 +0,0 @@ -etc/haproxy -etc/haproxy/errors -var/lib/haproxy -var/lib/haproxy/dev diff --git a/haproxy/debian/haproxy.docs b/haproxy/debian/haproxy.docs deleted file mode 100644 index 8268773..0000000 --- a/haproxy/debian/haproxy.docs +++ /dev/null @@ -1,8 +0,0 @@ -doc/configuration.txt -doc/intro.txt -doc/lua.txt -doc/management.txt -doc/network-namespaces.txt -doc/SPOE.txt -admin -README.md diff --git a/haproxy/debian/haproxy.examples b/haproxy/debian/haproxy.examples deleted file mode 100644 index 08088cb..0000000 --- a/haproxy/debian/haproxy.examples +++ /dev/null @@ -1 +0,0 @@ -examples/*.cfg diff --git a/haproxy/debian/haproxy.init b/haproxy/debian/haproxy.init deleted file mode 100644 index 6f4096b..0000000 --- a/haproxy/debian/haproxy.init +++ /dev/null @@ -1,197 +0,0 @@ -#!/bin/sh -### BEGIN INIT INFO -# Provides: haproxy -# Required-Start: $local_fs $network $remote_fs $syslog $named -# Required-Stop: $local_fs $remote_fs $syslog $named -# Default-Start: 2 3 4 5 -# Default-Stop: 0 1 6 -# Short-Description: fast and reliable load balancing reverse proxy -# Description: This file should be used to start and stop haproxy. -### END INIT INFO - -# Author: Arnaud Cornet - -PATH=/sbin:/usr/sbin:/bin:/usr/bin -BASENAME=haproxy -PIDFILE=/var/run/${BASENAME}.pid -CONFIG=/etc/${BASENAME}/${BASENAME}.cfg -HAPROXY=/usr/sbin/haproxy -RUNDIR=/run/${BASENAME} -EXTRAOPTS= - -test -x $HAPROXY || exit 0 - -if [ -e /etc/default/${BASENAME} ]; then - . /etc/default/${BASENAME} -fi - -test -f "$CONFIG" || exit 0 - -[ -f /etc/default/rcS ] && . /etc/default/rcS -. /lib/lsb/init-functions - - -check_haproxy_config() -{ - $HAPROXY -c -f "$CONFIG" $EXTRAOPTS >/dev/null - if [ $? -eq 1 ]; then - log_end_msg 1 - exit 1 - fi -} - -haproxy_start() -{ - [ -d "$RUNDIR" ] || mkdir "$RUNDIR" - chown haproxy:haproxy "$RUNDIR" - chmod 2775 "$RUNDIR" - - check_haproxy_config - - start-stop-daemon --quiet --oknodo --start --pidfile "$PIDFILE" \ - --exec $HAPROXY -- -f "$CONFIG" -D -p "$PIDFILE" \ - $EXTRAOPTS || return 2 - return 0 -} - -haproxy_stop() -{ - if [ ! -f $PIDFILE ] ; then - # This is a success according to LSB - return 0 - fi - - ret=0 - tmppid="$(mktemp)" - - # HAProxy's pidfile may contain multiple PIDs, if nbproc > 1, so loop - # over each PID. Note that start-stop-daemon has a --pid option, but it - # was introduced in dpkg 1.17.6, post wheezy, so we use a temporary - # pidfile instead to ease backports. - for pid in $(cat $PIDFILE); do - echo "$pid" > "$tmppid" - start-stop-daemon --quiet --oknodo --stop \ - --retry 5 --pidfile "$tmppid" --exec $HAPROXY || ret=$? - done - - rm -f "$tmppid" - [ $ret -eq 0 ] && rm -f $PIDFILE - - return $ret -} - -haproxy_reload() -{ - check_haproxy_config - - $HAPROXY -f "$CONFIG" -p $PIDFILE -sf $(cat $PIDFILE) -D $EXTRAOPTS \ - || return 2 - return 0 -} - -haproxy_status() -{ - if [ ! -f $PIDFILE ] ; then - # program not running - return 3 - fi - - for pid in $(cat $PIDFILE) ; do - if ! ps --no-headers p "$pid" | grep haproxy > /dev/null ; then - # program running, bogus pidfile - return 1 - fi - done - - return 0 -} - - -case "$1" in -start) - log_daemon_msg "Starting haproxy" "${BASENAME}" - haproxy_start - ret=$? - case "$ret" in - 0) - log_end_msg 0 - ;; - 1) - log_end_msg 1 - echo "pid file '$PIDFILE' found, ${BASENAME} not started." - ;; - 2) - log_end_msg 1 - ;; - esac - exit $ret - ;; -stop) - log_daemon_msg "Stopping haproxy" "${BASENAME}" - haproxy_stop - ret=$? - case "$ret" in - 0|1) - log_end_msg 0 - ;; - 2) - log_end_msg 1 - ;; - esac - exit $ret - ;; -reload|force-reload) - log_daemon_msg "Reloading haproxy" "${BASENAME}" - haproxy_reload - ret=$? - case "$ret" in - 0|1) - log_end_msg 0 - ;; - 2) - log_end_msg 1 - ;; - esac - exit $ret - ;; -restart) - log_daemon_msg "Restarting haproxy" "${BASENAME}" - haproxy_stop - haproxy_start - ret=$? - case "$ret" in - 0) - log_end_msg 0 - ;; - 1) - log_end_msg 1 - ;; - 2) - log_end_msg 1 - ;; - esac - exit $ret - ;; -status) - haproxy_status - ret=$? - case "$ret" in - 0) - echo "${BASENAME} is running." - ;; - 1) - echo "${BASENAME} dead, but $PIDFILE exists." - ;; - *) - echo "${BASENAME} not running." - ;; - esac - exit $ret - ;; -*) - echo "Usage: /etc/init.d/${BASENAME} {start|stop|reload|restart|status}" - exit 2 - ;; -esac - -: diff --git a/haproxy/debian/haproxy.install b/haproxy/debian/haproxy.install deleted file mode 100644 index fa41e38..0000000 --- a/haproxy/debian/haproxy.install +++ /dev/null @@ -1,3 +0,0 @@ -debian/haproxy.cfg etc/haproxy -examples/errorfiles/*.http etc/haproxy/errors -admin/systemd/haproxy.service lib/systemd/system diff --git a/haproxy/debian/haproxy.maintscript b/haproxy/debian/haproxy.maintscript deleted file mode 100644 index 7a45edb..0000000 --- a/haproxy/debian/haproxy.maintscript +++ /dev/null @@ -1 +0,0 @@ -mv_conffile /etc/rsyslog.d/haproxy.conf /etc/rsyslog.d/49-haproxy.conf 1.5.3-2~ diff --git a/haproxy/debian/haproxy.manpages b/haproxy/debian/haproxy.manpages deleted file mode 100644 index 196ce88..0000000 --- a/haproxy/debian/haproxy.manpages +++ /dev/null @@ -1 +0,0 @@ -doc/haproxy.1 diff --git a/haproxy/debian/haproxy.postinst b/haproxy/debian/haproxy.postinst deleted file mode 100644 index 08feb12..0000000 --- a/haproxy/debian/haproxy.postinst +++ /dev/null @@ -1,22 +0,0 @@ -#!/bin/sh - -set -e - -adduser --system --disabled-password --disabled-login --home /var/lib/haproxy \ - --no-create-home --quiet --force-badname --group haproxy - -#DEBHELPER# - -if [ -n "$2" ]; then - if dpkg --compare-versions "$2" lt "1.8.0-1~" && [ -d /run/systemd/system ]; then - # Do a full restart when upgrading to 1.8 series on systemd, as - # the systemd wrapper is no longer there. - invoke-rc.d haproxy restart || true - elif dpkg --compare-versions "$2" gt "1.5~dev24-2~"; then - # Reload already running instances. Since 1.5~dev24-2 we do not stop - # haproxy in prerm during upgrades. - invoke-rc.d haproxy reload || true - fi -fi - -exit 0 diff --git a/haproxy/debian/haproxy.postrm b/haproxy/debian/haproxy.postrm deleted file mode 100644 index 5e41016..0000000 --- a/haproxy/debian/haproxy.postrm +++ /dev/null @@ -1,16 +0,0 @@ -#!/bin/sh - -set -e - -#DEBHELPER# - -case "$1" in - purge) - deluser --system haproxy || true - delgroup --system haproxy || true - ;; - *) - ;; -esac - -exit 0 diff --git a/haproxy/debian/logrotate.conf b/haproxy/debian/logrotate.conf deleted file mode 100644 index 0086ee1..0000000 --- a/haproxy/debian/logrotate.conf +++ /dev/null @@ -1,11 +0,0 @@ -/var/log/haproxy.log { - daily - rotate 7 - missingok - notifempty - compress - delaycompress - postrotate - [ ! -x /usr/lib/rsyslog/rsyslog-rotate ] || /usr/lib/rsyslog/rsyslog-rotate - endscript -} diff --git a/haproxy/debian/patches/haproxy.service-add-documentation.patch b/haproxy/debian/patches/haproxy.service-add-documentation.patch deleted file mode 100644 index a60b0d1..0000000 --- a/haproxy/debian/patches/haproxy.service-add-documentation.patch +++ /dev/null @@ -1,23 +0,0 @@ -From: Debian HAProxy Maintainers - -Date: Sun, 25 Mar 2018 11:31:50 +0200 -Subject: Add documentation field to the systemd unit - -Forwarded: no -Last-Update: 2014-01-03 ---- - admin/systemd/haproxy.service.in | 2 ++ - 1 file changed, 2 insertions(+) - -diff --git a/admin/systemd/haproxy.service.in b/admin/systemd/haproxy.service.in -index 243acf2..ac88c37 100644 ---- a/admin/systemd/haproxy.service.in -+++ b/admin/systemd/haproxy.service.in -@@ -1,5 +1,7 @@ - [Unit] - Description=HAProxy Load Balancer -+Documentation=man:haproxy(1) -+Documentation=file:/usr/share/doc/haproxy/configuration.txt.gz - After=network-online.target rsyslog.service - Wants=network-online.target - diff --git a/haproxy/debian/patches/haproxy.service-make-systemd-bind-dev-log-inside-chroot.patch b/haproxy/debian/patches/haproxy.service-make-systemd-bind-dev-log-inside-chroot.patch deleted file mode 100644 index aab6e36..0000000 --- a/haproxy/debian/patches/haproxy.service-make-systemd-bind-dev-log-inside-chroot.patch +++ /dev/null @@ -1,21 +0,0 @@ -From: Vincent Bernat -Date: Thu, 25 Nov 2021 21:35:48 +0100 -Subject: haproxy.service: make systemd bind /dev/log inside chroot - -This enables logging to work without rsyslog being present. ---- - admin/systemd/haproxy.service.in | 1 + - 1 file changed, 1 insertion(+) - -diff --git a/admin/systemd/haproxy.service.in b/admin/systemd/haproxy.service.in -index 0288568..20824df 100644 ---- a/admin/systemd/haproxy.service.in -+++ b/admin/systemd/haproxy.service.in -@@ -8,6 +8,7 @@ Wants=network-online.target - [Service] - EnvironmentFile=-/etc/default/haproxy - EnvironmentFile=-/etc/sysconfig/haproxy -+BindReadOnlyPaths=/dev/log:/var/lib/haproxy/dev/log - Environment="CONFIG=/etc/haproxy/haproxy.cfg" "PIDFILE=/run/haproxy.pid" "EXTRAOPTS=-S /run/haproxy-master.sock" - ExecStart=@SBINDIR@/haproxy -Ws -f $CONFIG -p $PIDFILE $EXTRAOPTS - ExecReload=@SBINDIR@/haproxy -Ws -f $CONFIG -c $EXTRAOPTS diff --git a/haproxy/debian/patches/haproxy.service-start-after-syslog.patch b/haproxy/debian/patches/haproxy.service-start-after-syslog.patch deleted file mode 100644 index 14577bd..0000000 --- a/haproxy/debian/patches/haproxy.service-start-after-syslog.patch +++ /dev/null @@ -1,27 +0,0 @@ -From: Apollon Oikonomopoulos -Date: Sun, 25 Mar 2018 11:31:50 +0200 -Subject: Start after rsyslog.service - -As HAProxy is running chrooted by default, we rely on an additional syslog -socket created by rsyslog inside the chroot for logging. As this socket cannot -trigger syslog activation, we explicitly order HAProxy after rsyslog.service. -Note that we are not using syslog.service here, since the additional socket is -rsyslog-specific. -Forwarded: no -Last-Update: 2017-12-01 ---- - admin/systemd/haproxy.service.in | 2 +- - 1 file changed, 1 insertion(+), 1 deletion(-) - -diff --git a/admin/systemd/haproxy.service.in b/admin/systemd/haproxy.service.in -index 74e66e3..243acf2 100644 ---- a/admin/systemd/haproxy.service.in -+++ b/admin/systemd/haproxy.service.in -@@ -1,6 +1,6 @@ - [Unit] - Description=HAProxy Load Balancer --After=network-online.target -+After=network-online.target rsyslog.service - Wants=network-online.target - - [Service] diff --git a/haproxy/debian/patches/series b/haproxy/debian/patches/series deleted file mode 100644 index 9babcce..0000000 --- a/haproxy/debian/patches/series +++ /dev/null @@ -1,3 +0,0 @@ -haproxy.service-start-after-syslog.patch -haproxy.service-add-documentation.patch -haproxy.service-make-systemd-bind-dev-log-inside-chroot.patch diff --git a/haproxy/debian/rsyslog.conf b/haproxy/debian/rsyslog.conf deleted file mode 100644 index 36a1261..0000000 --- a/haproxy/debian/rsyslog.conf +++ /dev/null @@ -1,9 +0,0 @@ -# Create an additional socket in haproxy's chroot in order to allow logging via -# /dev/log to chroot'ed HAProxy processes -$AddUnixListenSocket /var/lib/haproxy/dev/log - -# Send HAProxy messages to a dedicated logfile -:programname, startswith, "haproxy" { - /var/log/haproxy.log - stop -} diff --git a/haproxy/debian/source/format b/haproxy/debian/source/format deleted file mode 100644 index 163aaf8..0000000 --- a/haproxy/debian/source/format +++ /dev/null @@ -1 +0,0 @@ -3.0 (quilt) diff --git a/haproxy/debian/haproxy.cfg b/haproxy/haproxy.cfg similarity index 73% rename from haproxy/debian/haproxy.cfg rename to haproxy/haproxy.cfg index 71e45a0..9f38786 100644 --- a/haproxy/debian/haproxy.cfg +++ b/haproxy/haproxy.cfg @@ -21,14 +21,6 @@ defaults log global mode http option httplog - option dontlognull timeout connect 5000 timeout client 50000 timeout server 50000 - errorfile 400 /etc/haproxy/errors/400.http - errorfile 403 /etc/haproxy/errors/403.http - errorfile 408 /etc/haproxy/errors/408.http - errorfile 500 /etc/haproxy/errors/500.http - errorfile 502 /etc/haproxy/errors/502.http - errorfile 503 /etc/haproxy/errors/503.http - errorfile 504 /etc/haproxy/errors/504.http diff --git a/haproxy/debian/haproxy.default b/haproxy/haproxy.default similarity index 100% rename from haproxy/debian/haproxy.default rename to haproxy/haproxy.default diff --git a/haproxy/debian/haproxy.tmpfile b/haproxy/haproxy.tmpfile similarity index 100% rename from haproxy/debian/haproxy.tmpfile rename to haproxy/haproxy.tmpfile diff --git a/haproxy/rules.debian b/haproxy/rules.debian deleted file mode 100644 index 2ef90f1..0000000 --- a/haproxy/rules.debian +++ /dev/null @@ -1,150 +0,0 @@ -#!/usr/bin/make -f - -DH_VERBOSE = 1 -DH_OPTIONS = -v - -DEP_DIST_ROOT_LUA = $(shell realpath ../../deps/lua/dist) -DEP_DIST_ROOT_PCRE2 = $(shell realpath ../../deps/pcre2/dist) -DEP_DIST_ROOT_AWSLC = $(shell realpath ../../deps/awslc/dist) -DEP_DIST_ROOT_QUICTLS = $(shell realpath ../../deps/quictls/dist) - -BUILD_VERSION_REPOSHA = $(shell git rev-parse --short HEAD) - -EXTRA_CFLAGS = -g -ggdb3 -gdwarf-4 -Wall -Wextra - -OPT_CFLAGS = $HAPROXY_OPTIMIZATION - -HAPROXY_LIBUBSAN = false -ifeq ($(HAPROXY_LIBUBSAN),true) - # set -Og (-O1 and some extra debug compat features) rather than the default -O2, since UBsan builds are for debug - OPT_CFLAGS = -Og - EXTRA_CFLAGS += -fsanitize=undefined - EXTRA_CFLAGS += -static-libsan -endif - -HAPROXY_LIBASAN = false -ifeq ($(HAPROXY_LIBASAN),true) - # set -Og (-O1 and some extra debug compat features) rather than the default -O2, since LibAsan builds are for debug - OPT_CFLAGS = -Og - EXTRA_CFLAGS += -fsanitize=address - EXTRA_CFLAGS += -static-libsan - EXTRA_CFLAGS += -fsanitize-address-use-after-scope - EXTRA_CFLAGS += -fno-omit-frame-pointer - MAKEARGS += USE_OBSOLETE_LINKER="1" -endif - -MAKEARGS = CC=$(CC) \ - ERR=0 \ - DEBUG="-DDEBUG_STRICT -DDEBUG_MEMORY_POOLS -DDEBUG_DONT_SHARE_POOLS -DDEBUG_POOL_INTEGRITY" \ - OPT_CFLAGS="$(OPT_CFLAGS)" \ - DEFINE="-DMAX_SESS_STKCTR=5" \ - IGNOREGIT=true \ - ARCH_FLAGS="$(EXTRA_CFLAGS)" \ - TARGET="linux-glibc" \ - EXTRAVERSION="+mangadex-$(BUILD_VERSION_REPOSHA)" \ - VERDATE="$(shell date -u -I'minutes')" \ - USE_LIBCRYPT=1 \ - USE_LUA=1 \ - LUA_INC="$(DEP_DIST_ROOT_LUA)/include" \ - LUA_LIB="$(DEP_DIST_ROOT_LUA)/lib" \ - LUA_LIB_NAME="lua" \ - USE_NS=1 \ - USE_OPENSSL=1 \ - USE_PCRE2_JIT=1 \ - USE_PROMEX=1 \ - USE_QUIC=1 \ - USE_SLZ=1 \ - USE_TFO=1 - -HAPROXY_SSL_LIB = awslc -SSL_LIB_ROOT = $(DEP_DIST_ROOT_QUICTLS) -ifeq ($(HAPROXY_SSL_LIB),quictls) -ADDLIB += -Wl,-rpath,/opt/quictls/lib -MAKEARGS += SSL_INC="$(SSL_LIB_ROOT)/opt/quictls/include" \ - SSL_LIB="$(SSL_LIB_ROOT)/opt/quictls/lib" -endif -ifeq ($(HAPROXY_SSL_LIB),awslc) -SSL_LIB_ROOT = $(DEP_DIST_ROOT_AWSLC) -ADDLIB += -Wl,-rpath,/opt/awslc/lib -# here the SSL_LIB path *must* match the AWS-LC side distpath -# on some systems, CMAKE_INSTALL_LIBDIR=lib64 because we keep -# on complicating our life for the 0.00003% of asses still on -# 32 bits *eyeroll*; so it's explicitly set there -MAKEARGS += USE_OPENSSL_AWSLC=1 \ - SSL_INC="$(SSL_LIB_ROOT)/opt/awslc/include" \ - SSL_LIB="$(SSL_LIB_ROOT)/opt/awslc/lib" -endif - -ADDLIB += -ljemalloc -MAKEARGS += ADDLIB="$(ADDLIB)" - -MAKEARGS_LINUX = $(MAKEARGS) \ - PCRE2_LIB="$(DEP_DIST_ROOT_PCRE2)/lib64" \ - PCRE2_INC="$(DEP_DIST_ROOT_PCRE2)/include" \ - PCRE2_CONFIG="$(DEP_DIST_ROOT_PCRE2)/bin/pcre2-config" \ - USE_PCRE2_JIT=1 \ - USE_STATIC_PCRE2=1 \ - USE_NS=1 \ - TARGET=linux-glibc - -MAKEARGS_DARWIN = $(MAKEARGS) \ - CC=$(shell brew --prefix llvm)/bin/clang \ - LD=$(shell brew --prefix llvm)/bin/clang \ - TARGET=osx - -# Extra flags necessary for debian packaging -MAKEARGS += DESTDIR=debian/haproxy -MAKEARGS += PREFIX=/usr -MAKEARGS += IGNOREGIT=true -MAKEARGS += MANDIR=/usr/share/man -MAKEARGS += DOCDIR=/usr/share/doc/haproxy - -%: - dh $@ --parallel - -override_dh_auto_configure: - -override_dh_auto_build-arch: - $(info Enabling address sanitizer: $(HAPROXY_LIBASAN)) - $(MAKE) -j $(shell nproc) $(MAKEARGS_LINUX) - ./haproxy -vv - if [ -d "dev/haring" ]; then $(MAKE) dev/haring/haring $(MAKEARGS_LINUX); fi - if [ -d "admin/systemd" ]; then $(MAKE) -C admin/systemd $(MAKEARGS_LINUX); fi - -override_dh_auto_clean: - $(MAKE) -j $(shell nproc) -C admin/systemd $(MAKEARGS_LINUX) clean - dh_auto_clean - -override_dh_auto_install-arch: - cp -rf $(SSL_LIB_ROOT)/opt debian/haproxy/opt - $(MAKE) -j $(shell nproc) $(MAKEARGS_LINUX) install - if [ -f "dev/haring/haring" ]; then install -m 0755 -D dev/haring/haring debian/haproxy/usr/sbin/haring; fi - install -m 0644 -D debian/rsyslog.conf debian/haproxy/etc/rsyslog.d/49-haproxy.conf - install -m 0644 -D debian/logrotate.conf debian/haproxy/etc/logrotate.d/haproxy - ls -1 debian/haproxy - -override_dh_auto_install-indep: - -override_dh_installdocs: - dh_installdocs -Xsystemd/ - -override_dh_installexamples: - dh_installexamples -X build.cfg - -override_dh_installinit: - dh_installinit --no-restart-after-upgrade --no-stop-on-upgrade - -override_dh_installsystemd: - dh_installsystemd --no-restart-after-upgrade --no-stop-on-upgrade - -override_dh_strip: - dh_strip --dbgsym-migration="haproxy-dbg" - -# see https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=933541, still not shipped in buster -# and don't want to update to bullseye because of GCC version diff with Ubuntu 20.04... *sigh* -override_dh_dwz: - dh_dwz \ - --no-dwz-multifile \ - --exclude="bssl" \ - --exclude="haring" \ - --exclude="openssl" diff --git a/haproxy/toil/deb-adduser.sh b/haproxy/toil/deb-adduser.sh new file mode 100755 index 0000000..2150469 --- /dev/null +++ b/haproxy/toil/deb-adduser.sh @@ -0,0 +1,12 @@ +#!/usr/bin/env bash + +set -euo pipefail + +adduser \ + --system \ + --disabled-password \ + --disabled-login \ + --home /var/lib/haproxy \ + --quiet \ + --group \ + haproxy diff --git a/haproxy/toil/deb-deluser.sh b/haproxy/toil/deb-deluser.sh new file mode 100755 index 0000000..48cf6fb --- /dev/null +++ b/haproxy/toil/deb-deluser.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -euo pipefail + +deluser --system haproxy || true +delgroup --system haproxy || true diff --git a/haproxy/toil/rpm-adduser.sh b/haproxy/toil/rpm-adduser.sh new file mode 100755 index 0000000..753147b --- /dev/null +++ b/haproxy/toil/rpm-adduser.sh @@ -0,0 +1,10 @@ +#!/usr/bin/env bash + +set -euo pipefail + +adduser \ + --system \ + --create-home \ + --home-dir /var/lib/haproxy \ + --user-group \ + haproxy diff --git a/haproxy/toil/rpm-deluser.sh b/haproxy/toil/rpm-deluser.sh new file mode 100755 index 0000000..aa82bac --- /dev/null +++ b/haproxy/toil/rpm-deluser.sh @@ -0,0 +1,6 @@ +#!/usr/bin/env bash + +set -euo pipefail + +userdel -r haproxy || true +groupdel haproxy || true diff --git a/rockylinux.dockerfile b/rockylinux.dockerfile index 10654b8..78e7a12 100644 --- a/rockylinux.dockerfile +++ b/rockylinux.dockerfile @@ -1,26 +1,4 @@ -FROM ghcr.io/mangadex-pub/containers-base/rockylinux:9 AS base - -USER root - -# This stage is mostly to import and unpack the dists in a docker-friendly fashion -FROM base AS dists - -RUN dnf -y update && dnf -y install bzip2 - -WORKDIR /tmp/dataplaneapi -COPY ./deps/dataplaneapi/dataplaneapi-dist.tar.gz /tmp/dataplaneapi/dataplaneapi.tar.gz -RUN ls -alh && tar xf dataplaneapi.tar.gz - -ARG HAPROXY_SSL_LIB="awslc" -WORKDIR /tmp/${HAPROXY_SSL_LIB} -COPY ./deps/${HAPROXY_SSL_LIB}/${HAPROXY_SSL_LIB}-dist.tar.gz /tmp/${HAPROXY_SSL_LIB}/${HAPROXY_SSL_LIB}.tar.gz -RUN ls -alh && tar xf ${HAPROXY_SSL_LIB}.tar.gz - -WORKDIR /tmp/haproxy -COPY ./haproxy/haproxy-dist.tar.gz /tmp/haproxy/haproxy.tar.gz -RUN ls -alh && tar xf haproxy.tar.gz - -FROM base +FROM docker.io/rockylinux/rockylinux:9-minimal LABEL Name="HAProxy" LABEL Vendor="MangaDex" @@ -29,12 +7,13 @@ LABEL Maintainer="MangaDex " ARG CANONICAL_VERSION="local-SNAPSHOT" LABEL Version="${CANONICAL_VERSION}" -ARG HAPROXY_SSL_LIB="awslc" -COPY --chown=root:root --from=dists /tmp/${HAPROXY_SSL_LIB}/opt /opt -COPY --chown=root:root --from=dists /tmp/dataplaneapi/usr /usr -COPY --chown=root:root --from=dists /tmp/haproxy/usr /usr +COPY --chown=root:root haproxy/*.rpm /tmp -RUN dnf -y update && \ +RUN microdnf -y update && \ + microdnf -y install dnf && \ + dnf -y install epel-release && \ + /usr/bin/crb enable && \ + dnf -y distro-sync && \ dnf -y install \ ca-certificates \ curl \ @@ -43,9 +22,15 @@ RUN dnf -y update && \ procps-ng \ socat \ zlib zlib-ng && \ + dnf -y install /tmp/*.rpm && \ + rm -v /tmp/*.rpm && \ dnf -y autoremove && \ dnf -y clean all && \ - groupadd "haproxy" && useradd -g "haproxy" "haproxy" && \ /usr/local/sbin/haproxy -vv +# slight docker-specific working around +RUN rm -v /etc/default/haproxy && rm -rf /etc/haproxy +RUN mkdir -v /run/haproxy && chown haproxy:haproxy /run/haproxy +COPY --chown=root haproxy/haproxy.cfg /usr/local/etc/haproxy/haproxy.cfg + CMD [ "/usr/local/sbin/haproxy", "-W", "-db", "-f", "/usr/local/etc/haproxy/haproxy.cfg" ] From 2ea0a0ff96593ad5d71f23e3784c6db81485cdad Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 12 May 2025 04:05:53 +0100 Subject: [PATCH 35/53] waouh2 --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 0d0feaf..d162101 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -42,5 +42,5 @@ trigger: trigger: strategy: "depend" include: - - job: "render-pipeline" + - job: "render" artifact: ".gitlab/$OS_FAMILY.ci.yml" From 58edadc037c805b14c8e621e6fc1771918315b97 Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 12 May 2025 04:18:06 +0100 Subject: [PATCH 36/53] fixup --- .gitlab/lib/pipeline.pkl | 28 ++++++++++++++++------------ 1 file changed, 16 insertions(+), 12 deletions(-) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index e05b947..c5de8b0 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -93,6 +93,10 @@ local buildSha = read?("env:CI_COMMIT_SHORT_SHA") ?? "SNAPSHOT" function dockerJob(build: inputs.Build) = (defaultJob) { stage = "publish" + image = new Ci.ImageAlternate1 { // gitlab pls + name = "gcr.io/kaniko-project/executor:debug" + entrypoint = new Listing { "" } + } needs { "package:\(build.name)" } before_script = new Listing { "mkdir -p /kaniko/.docker" @@ -112,18 +116,18 @@ function dockerJob(build: inputs.Build) = (defaultJob) { .map((tag) -> "--destination \"$CI_REGISTRY_IMAGE:\(tag)\"") .join(" ") - """ - ( - set -x; - /kaniko/executor \\ - --context . \\ - --dockerfile \(os_family).dockerfile \\ - --build-arg "CANONICAL_VERSION=\(canonical)" \\ - --single-snapshot \\ - \(tagArgs) - ) - """ - } + """ + ( + set -x; + /kaniko/executor \\ + --context . \\ + --dockerfile \(os_family).dockerfile \\ + --build-arg "CANONICAL_VERSION=\(canonical)" \\ + --single-snapshot \\ + \(tagArgs) + ) + """ + }.join("") } `regtests:stable` = (regtestJob) { From 34c6ab873953350febfdd9ac49d5ba3056f2d9ee Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 12 May 2025 04:33:19 +0100 Subject: [PATCH 37/53] ensure higher ram for docker build --- .gitlab/lib/pipeline.pkl | 5 +++++ .gitlab/lib/util/k8s.pkl | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index c5de8b0..819e54d 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -128,6 +128,11 @@ function dockerJob(build: inputs.Build) = (defaultJob) { ) """ }.join("") + + variables { + // dnf struggles a lot on limited ram + ...k8s.resources.md + } } `regtests:stable` = (regtestJob) { diff --git a/.gitlab/lib/util/k8s.pkl b/.gitlab/lib/util/k8s.pkl index a4b08c0..3184c55 100644 --- a/.gitlab/lib/util/k8s.pkl +++ b/.gitlab/lib/util/k8s.pkl @@ -21,5 +21,4 @@ hidden resources = new { xs = new Resources { memory = "512Mi" }.vars sm = new Resources { memory = "1Gi" }.vars md = new Resources { memory = "2Gi" }.vars - lg = new Resources { memory = "3Gi" }.vars } From 38c5ad458d3d4cae8007e498d429f8ee106c6f9d Mon Sep 17 00:00:00 2001 From: Tristan Date: Mon, 12 May 2025 04:50:09 +0100 Subject: [PATCH 38/53] keep minimal microdnf setup after all for rocky --- rockylinux.dockerfile | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/rockylinux.dockerfile b/rockylinux.dockerfile index 78e7a12..fff33bb 100644 --- a/rockylinux.dockerfile +++ b/rockylinux.dockerfile @@ -10,11 +10,9 @@ LABEL Version="${CANONICAL_VERSION}" COPY --chown=root:root haproxy/*.rpm /tmp RUN microdnf -y update && \ - microdnf -y install dnf && \ - dnf -y install epel-release && \ - /usr/bin/crb enable && \ - dnf -y distro-sync && \ - dnf -y install \ + microdnf -y install epel-release && \ + microdnf --enablerepo=crb -y distro-sync && \ + microdnf --enablerepo=crb -y install \ ca-certificates \ curl \ libatomic \ @@ -22,10 +20,9 @@ RUN microdnf -y update && \ procps-ng \ socat \ zlib zlib-ng && \ - dnf -y install /tmp/*.rpm && \ + rpm -ivh /tmp/*.rpm && \ rm -v /tmp/*.rpm && \ - dnf -y autoremove && \ - dnf -y clean all && \ + microdnf -y clean all && \ /usr/local/sbin/haproxy -vv # slight docker-specific working around From a81e274b5554e6b087a08873cf80c25ac99370e1 Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 13 May 2025 00:24:59 +0100 Subject: [PATCH 39/53] Add deb/rpm publication --- .gitlab-ci-2.yml | 213 --------------------------------------- .gitlab/lib/pipeline.pkl | 20 ++++ haproxy/haproxy.cfg | 30 +++--- 3 files changed, 35 insertions(+), 228 deletions(-) delete mode 100644 .gitlab-ci-2.yml diff --git a/.gitlab-ci-2.yml b/.gitlab-ci-2.yml deleted file mode 100644 index 999b842..0000000 --- a/.gitlab-ci-2.yml +++ /dev/null @@ -1,213 +0,0 @@ -# https://git.haproxy.org/?p=haproxy-3.1.git;a=commit;h=v3.1.3 -.vars-haproxy_stable: &vars-haproxy-stable - HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy-3.1.git" - HAPROXY_VERSION: "3.1-stable" - HAPROXY_GITREF: "v3.1.3" - -# https://git.haproxy.org/?p=haproxy.git;a=commit;h=8235a24782e528b9bf8ca9dd69c0a147556dfcb5 -.vars-haproxy_dev: &vars-haproxy-dev - HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy.git" - HAPROXY_VERSION: "3.2-dev" - HAPROXY_GITREF: "8235a24782e528b9bf8ca9dd69c0a147556dfcb5" - HAPROXY_OPTIMIZATION: "-Og" - -#---------------------- -# Package & Publish -#---------------------- - -.haproxy-debian: &haproxy-debian - stage: "publish" - script: - - *dependencies-fetch - - export BUILD_MESSAGE="$CI_COMMIT_MESSAGE" - - make -C haproxy dist-deb - - | - set -euo pipefail - - PACKAGE_NAME="haproxy-debian" - DEB_VERSION="$(cat haproxy/*.dsc | grep -E '^Version:' | cut -d' ' -f2-)" - if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then - export PACKAGE_NAME="haproxy-debian-branches" - export DEB_VERSION="branch-$CI_COMMIT_REF_SLUG" - echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting coordinates to $PACKAGE_NAME/$DEB_VERSION" - fi - - GITLAB_PACKAGE_VERSION=$(echo "${DEB_VERSION}" | tr '~' '-') - echo "Publishing Debian package version ${DEB_VERSION} to haproxy-debian@${GITLAB_PACKAGE_VERSION}" - - for artifact in haproxy/haproxy*.deb; do - artifact_filename=$(basename "${artifact}") - gitlab_is_lame_artifact_filename=$(echo "${artifact_filename}" | tr '~' '-' | tr '+' '-') - echo "Uploading to haproxy-debian@${DEB_VERSION}... ${artifact_filename} -> ${gitlab_is_lame_artifact_filename}" - curl -fsSL -H"JOB-TOKEN: $CI_JOB_TOKEN" \ - --upload-file "${artifact}" \ - "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${PACKAGE_NAME}/${GITLAB_PACKAGE_VERSION}/${gitlab_is_lame_artifact_filename}" - echo "OK" - done - artifacts: - expire_in: 7 days - paths: [ "haproxy/haproxy*" ] - -.haproxy-tarball: &haproxy-tarball - image: docker.io/curlimages/curl:latest - stage: publish - script: | - set -eu - - PKG_VER=$HAPROXY_VERSION - if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then - export PKG_VER="branch-$CI_COMMIT_REF_SLUG-$HAPROXY_VERSION-$HAPROXY_GITREF" - echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Setting version to $PKG_VER" - fi - - curl -fsSL \ - -H"JOB-TOKEN: $CI_JOB_TOKEN" \ - --upload-file "haproxy/haproxy-dist.tar.gz" \ - "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/$PKG_VER/haproxy-$HAPROXY_VERSION.tar.gz" - -.haproxy-docker: &haproxy-docker - stage: publish - image: - name: gcr.io/kaniko-project/executor:debug - entrypoint: [ "" ] - before_script: - - mkdir -p /kaniko/.docker - - echo "{\"auths\":{\"$CI_REGISTRY\":{\"username\":\"gitlab-ci-token\",\"password\":\"$CI_JOB_TOKEN\"}}}" > /kaniko/.docker/config.json - script: | - set -eu - - export DEBIAN_CODENAME="bookworm" - export JOB_TIMESTAMP="$(date -D '%Y-%m-%dT%H:%M:%S' -d "$CI_JOB_STARTED_AT" +'%Y%m%d-%H%M')" - - # A.B.C -> A.B, otherwise preserve original (eg 2.x-dev -> 2.x-dev) - if echo "$HAPROXY_VERSION" | grep -E '([0-9]\.){2}[0-9]'; then - export HAPROXY_SHORTVER="$(echo "$HAPROXY_VERSION" | cut -d'.' -f1-2)" - else - export HAPROXY_SHORTVER=$HAPROXY_VERSION - fi - - echo "Building image with" - echo " -> haproxy version: $HAPROXY_VERSION ($HAPROXY_SHORTVER)" - echo " -> debian codename: $DEBIAN_CODENAME" - echo " -> git commit hash: $CI_COMMIT_SHORT_SHA" - echo " -> build timestamp: $JOB_TIMESTAMP" - - export IMAGE_TAG_UNIQUE="$CI_COMMIT_SHORT_SHA-$JOB_TIMESTAMP-$HAPROXY_SHORTVER-$HAPROXY_GITREF" - export IMAGE_TAG_ROLLING_COMMIT="git-$CI_COMMIT_SHORT_SHA-$HAPROXY_VERSION" - export IMAGE_TAG_ROLLING_GITREF="$CI_COMMIT_REF_SLUG-$HAPROXY_VERSION" - - export IMAGE_TAG_VERSIONS="$HAPROXY_VERSION-$DEBIAN_CODENAME" - export IMAGE_TAG_SHORTVER="$HAPROXY_SHORTVER-$DEBIAN_CODENAME" - if [ "$CI_COMMIT_REF_NAME" != "$CI_DEFAULT_BRANCH" ]; then - export IMAGE_TAG_VERSIONS="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_VERSIONS" - export IMAGE_TAG_SHORTVER="branch-$CI_COMMIT_REF_SLUG-$IMAGE_TAG_SHORTVER" - echo "Git reference $CI_COMMIT_REF_NAME is not the default branch. Rewriting git rolling tag as $IMAGE_TAG_VERSIONS / $IMAGE_TAG_SHORTVER" - fi - - echo "***" - echo "Will build and push image as:" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_UNIQUE" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" - echo "- $CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" - echo "***" - - ( - set -x; - /kaniko/executor \ - --context . \ - --dockerfile Dockerfile \ - --build-arg "CANONICAL_VERSION=$IMAGE_TAG_UNIQUE" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_UNIQUE" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_COMMIT" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_ROLLING_GITREF" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_VERSIONS" \ - --destination "$CI_REGISTRY_IMAGE:$IMAGE_TAG_SHORTVER" \ - --single-snapshot - ) - -#---------------------- -# HAProxy jobs -#---------------------- - - -haproxy-tarball:stable: - <<: *haproxy-tarball - variables: - <<: *default-variables - <<: *build-resources-xs - <<: *vars-haproxy-stable - needs: - - job: "regtests:stable" - artifacts: false - - job: "build:stable" - artifacts: true - -haproxy-tarball:dev: - <<: *haproxy-tarball - variables: - <<: *default-variables - <<: *build-resources-xs - <<: *vars-haproxy-dev - needs: - - job: "regtests:dev" - artifacts: false - - job: "build:dev" - artifacts: true - -#debian:stable: -# <<: *haproxy-debian -# variables: -# <<: *default-variables -# <<: *build-resources-m -# <<: *haproxy-stable -# allow_failure: true -# needs: -# - *needs-dependencies -# - job: "regtests:stable" -# artifacts: false - -#debian:dev: -# <<: *haproxy-debian -# variables: -# <<: *default-variables -# <<: *build-resources-m -# <<: *haproxy-dev -# needs: -# - *needs-dependencies -# - job: "regtests:dev" -# artifacts: false - - -#docker:stable: -# <<: *haproxy-docker -# variables: -# <<: *default-variables -# <<: *build-resources-m -# <<: *haproxy-stable -# needs: -# - job: "awslc" -# artifacts: true -# - job: "dataplaneapi" -# artifacts: true -# - job: "regtests:stable" -# artifacts: false -# - job: "build:stable" -# artifacts: true - -#docker:dev: -# <<: *haproxy-docker -# variables: -# <<: *default-variables -# <<: *build-resources-m -# <<: *haproxy-dev -# needs: -# - job: "awslc" -# artifacts: true -# - job: "dataplaneapi" -# artifacts: true -# - job: "regtests:dev" -# artifacts: false -# - job: "build:dev" -# artifacts: true diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 819e54d..41ce501 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -77,6 +77,26 @@ local packageJob = (defaultJob) { ...dependencyList.map((dep) -> dep.fetchSh) "gem install fpm" "make -C haproxy dist-\(os_packaging)" + + local pkgver = + if (mainBranch == buildBranch) + "$HAPROXY_VERSION-$HAPROXY_GITREF-mangadex-\(buildSha)" + else + "branch-$CI_COMMIT_REF_SLUG" + + """ + export GLREPO="haproxy-\(os_family)" + export GLVERS="\(pkgver)" + for artifact in haproxy/haproxy*.\(os_packaging); do + fname=$(basename "${artifact}") + glfname=$(echo "${fname}" | tr '~' '-' | tr '+' '-') + echo "Uploading ${GLREPO}@${GLVERS} - ${glfname} = ${fname}" + curl -fsSL -H"JOB-TOKEN: $CI_JOB_TOKEN" \\ + --upload-file "${artifact}" \\ + "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/${GLVERS}/${glfname}" + echo "OK" + done + """ } artifacts { expire_in = "7 days" diff --git a/haproxy/haproxy.cfg b/haproxy/haproxy.cfg index 9f38786..756296c 100644 --- a/haproxy/haproxy.cfg +++ b/haproxy/haproxy.cfg @@ -1,26 +1,26 @@ global - log /dev/log local0 - log /dev/log local1 notice - chroot /var/lib/haproxy - stats socket /run/haproxy/admin.sock mode 660 level admin - stats timeout 30s - user haproxy - group haproxy - daemon + log /dev/log local0 + log /dev/log local1 notice + chroot /var/lib/haproxy + stats socket /run/haproxy/admin.sock mode 660 level admin + stats timeout 30s + user haproxy + group haproxy + daemon - # Default SSL material locations - ca-base /etc/ssl/certs - crt-base /etc/ssl/private + # Default SSL material locations + ca-base /etc/ssl/certs + crt-base /etc/ssl/private - # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate + # See: https://ssl-config.mozilla.org/#server=haproxy&server-version=2.0.3&config=intermediate ssl-default-bind-ciphers ECDHE-ECDSA-AES128-GCM-SHA256:ECDHE-RSA-AES128-GCM-SHA256:ECDHE-ECDSA-AES256-GCM-SHA384:ECDHE-RSA-AES256-GCM-SHA384:ECDHE-ECDSA-CHACHA20-POLY1305:ECDHE-RSA-CHACHA20-POLY1305:DHE-RSA-AES128-GCM-SHA256:DHE-RSA-AES256-GCM-SHA384 ssl-default-bind-ciphersuites TLS_AES_128_GCM_SHA256:TLS_AES_256_GCM_SHA384:TLS_CHACHA20_POLY1305_SHA256 ssl-default-bind-options ssl-min-ver TLSv1.2 no-tls-tickets defaults - log global - mode http - option httplog + log global + mode http + option httplog timeout connect 5000 timeout client 50000 timeout server 50000 From eb6756ed61bf18e36edbebbaf397e9b9b61d9340 Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 13 May 2025 00:38:47 +0100 Subject: [PATCH 40/53] fixup deb/rpm publication --- .gitlab/lib/pipeline.pkl | 13 +++++-------- 1 file changed, 5 insertions(+), 8 deletions(-) diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 41ce501..303f505 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -78,22 +78,19 @@ local packageJob = (defaultJob) { "gem install fpm" "make -C haproxy dist-\(os_packaging)" - local pkgver = - if (mainBranch == buildBranch) - "$HAPROXY_VERSION-$HAPROXY_GITREF-mangadex-\(buildSha)" - else - "branch-$CI_COMMIT_REF_SLUG" + local glrepo = if (mainBranch == buildBranch) "haproxy" else "haproxy-branches" + local glvers = if (mainBranch == buildBranch) "$HAPROXY_VERSION-$HAPROXY_GITREF-mangadex-\(buildSha)" else "branch-$CI_COMMIT_REF_SLUG" """ - export GLREPO="haproxy-\(os_family)" - export GLVERS="\(pkgver)" + export GLREPO="\(glrepo)" + export GLVERS="\(glvers)" for artifact in haproxy/haproxy*.\(os_packaging); do fname=$(basename "${artifact}") glfname=$(echo "${fname}" | tr '~' '-' | tr '+' '-') echo "Uploading ${GLREPO}@${GLVERS} - ${glfname} = ${fname}" curl -fsSL -H"JOB-TOKEN: $CI_JOB_TOKEN" \\ --upload-file "${artifact}" \\ - "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/haproxy/${GLVERS}/${glfname}" + "${CI_API_V4_URL}/projects/${CI_PROJECT_ID}/packages/generic/${GLREPO}/${GLVERS}/${glfname}" echo "OK" done """ From aeec2f510838e6ea71a9f8fb0c0e05a6d8bf5861 Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 13 May 2025 00:57:49 +0100 Subject: [PATCH 41/53] add ci versions json file parsing dance --- .editorconfig | 2 +- .gitlab/ci-base.pkl | 21 +++++++++++---------- build-vars.sh | 30 ------------------------------ ci.json | 12 ++++++++++++ coredumps.dockerfile | 14 -------------- 5 files changed, 24 insertions(+), 55 deletions(-) delete mode 100755 build-vars.sh create mode 100755 ci.json delete mode 100644 coredumps.dockerfile diff --git a/.editorconfig b/.editorconfig index 64774f5..e2a4e1c 100644 --- a/.editorconfig +++ b/.editorconfig @@ -8,7 +8,7 @@ max_line_length = 120 tab_width = 4 trim_trailing_whitespace = true -[*.{md,yaml,yml,sh}] +[*.{json,md,yaml,yml,sh}] indent_size = 2 tab_width = 2 diff --git a/.gitlab/ci-base.pkl b/.gitlab/ci-base.pkl index 683a3a9..741dcc6 100644 --- a/.gitlab/ci-base.pkl +++ b/.gitlab/ci-base.pkl @@ -1,19 +1,20 @@ abstract module CIBase extends "lib/pipeline.pkl" +import "pkl:json" +import "lib/inputs.pkl" + +local jsonParser = new json.Parser { + useMapping = true +} + +local ciVersions = jsonParser.parse(read("file:ci.json")) as Mapping + fixed stable { name = "stable" - params { - git_repo = "https://git.haproxy.org/?p=haproxy-3.1.git" - git_ref = "v3.1.7" - version = "3.1-stable" - } + params = ciVersions["stable"].toMap().toTyped(inputs.BuildVars) } fixed dev { name = "dev" - params { - git_repo = "https://git.haproxy.org/?p=haproxy.git" - git_ref = "master" - version = "3.2-dev" - } + params = ciVersions["dev"].toMap().toTyped(inputs.BuildVars) } diff --git a/build-vars.sh b/build-vars.sh deleted file mode 100755 index 67e33d3..0000000 --- a/build-vars.sh +++ /dev/null @@ -1,30 +0,0 @@ -set -euo pipefail - -function set_build_vars_dev() { - export HAPROXY_GITREPO="https://git.haproxy.org/?p=haproxy.git" - export HAPROXY_VERSION="3.2-dev" - echo "Import build vars for dev profile ($HAPROXY_VERSION)" - - # https://git.haproxy.org/?p=haproxy.git;a=commit;h=8235a24782e528b9bf8ca9dd69c0a147556dfcb5 - export HAPROXY_GITREF="8235a24782e528b9bf8ca9dd69c0a147556dfcb5" - - export BUILD_PATCHES_DIR="patches-dev" - export HAPROXY_LIBASAN="false" - export HAPROXY_LIBUBSAN="false" - export HAPROXY_OPTIMIZATION="-Og" - -} - -function set_build_vars_stable() { - export HAPROXY_GITREPO="https://git.haproxy.org/?p=haproxy-3.1.git" - export HAPROXY_VERSION="3.1-stable" - echo "Import build vars for stable profile ($HAPROXY_VERSION)" - - # https://git.haproxy.org/?p=haproxy-3.1.git;a=commit;h=v3.1.3 - export HAPROXY_GITREF="v3.1.3" - - export BUILD_PATCHES_DIR="patches-stable" - export HAPROXY_LIBASAN="false" - export HAPROXY_LIBUBSAN="false" - export HAPROXY_OPTIMIZATION="-O2" -} diff --git a/ci.json b/ci.json new file mode 100755 index 0000000..56ccb7e --- /dev/null +++ b/ci.json @@ -0,0 +1,12 @@ +{ + "dev": { + "git_repo": "https://git.haproxy.org/?p=haproxy.git", + "git_ref": "master", + "version": "3.2-dev" + }, + "stable": { + "git_repo": "https://git.haproxy.org/?p=haproxy-3.1.git", + "git_ref": "v3.1.7", + "version": "3.1-stable" + } +} diff --git a/coredumps.dockerfile b/coredumps.dockerfile deleted file mode 100644 index f967cf7..0000000 --- a/coredumps.dockerfile +++ /dev/null @@ -1,14 +0,0 @@ -FROM ubuntu:22.04 - -RUN apt update && apt install -y \ - build-essential \ - gdb \ - wget - -ENV DEB_BINARY="https://gitlab.com/mangadex-pub/haproxy/-/jobs/4133055340/artifacts/raw/haproxy/haproxy_2.8-dev-b5efe79-1~mangadex+fc4f505_amd64.deb" -ENV DEB_DBGSYM="https://gitlab.com/mangadex-pub/haproxy/-/jobs/4133055340/artifacts/raw/haproxy/haproxy-dbgsym_2.8-dev-b5efe79-1~mangadex+fc4f505_amd64.deb" - -RUN wget -O main.deb "$DEB_BINARY" && dpkg -i main.deb -RUN wget -O dbg.deb "$DEB_DBGSYM" && dpkg -i dbg.deb - -RUN apt install -f From a532c657d951acfe6ece3827ef8e7109b41097df Mon Sep 17 00:00:00 2001 From: Tristan Date: Tue, 13 May 2025 01:03:00 +0100 Subject: [PATCH 42/53] more cleaning up --- .gitlab/ci-base.pkl | 20 -------------------- .gitlab/ci-debian.pkl | 2 +- .gitlab/ci-rockylinux.pkl | 2 +- .gitlab/lib/pipeline.pkl | 16 ++++++++++++++-- 4 files changed, 16 insertions(+), 24 deletions(-) delete mode 100644 .gitlab/ci-base.pkl diff --git a/.gitlab/ci-base.pkl b/.gitlab/ci-base.pkl deleted file mode 100644 index 741dcc6..0000000 --- a/.gitlab/ci-base.pkl +++ /dev/null @@ -1,20 +0,0 @@ -abstract module CIBase extends "lib/pipeline.pkl" - -import "pkl:json" -import "lib/inputs.pkl" - -local jsonParser = new json.Parser { - useMapping = true -} - -local ciVersions = jsonParser.parse(read("file:ci.json")) as Mapping - -fixed stable { - name = "stable" - params = ciVersions["stable"].toMap().toTyped(inputs.BuildVars) -} - -fixed dev { - name = "dev" - params = ciVersions["dev"].toMap().toTyped(inputs.BuildVars) -} diff --git a/.gitlab/ci-debian.pkl b/.gitlab/ci-debian.pkl index 8c44af4..4c4a34c 100644 --- a/.gitlab/ci-debian.pkl +++ b/.gitlab/ci-debian.pkl @@ -1,4 +1,4 @@ -module Debian extends "ci-base.pkl" +module Debian extends "lib/pipeline.pkl" fixed os_family = "debian" fixed os_image = "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" diff --git a/.gitlab/ci-rockylinux.pkl b/.gitlab/ci-rockylinux.pkl index 1b04d63..a49cc3e 100644 --- a/.gitlab/ci-rockylinux.pkl +++ b/.gitlab/ci-rockylinux.pkl @@ -1,4 +1,4 @@ -module RockyLinux extends "ci-base.pkl" +module RockyLinux extends "lib/pipeline.pkl" fixed os_family = "rockylinux" fixed os_image = "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 303f505..65160cc 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -1,5 +1,7 @@ abstract module Pipeline +import "pkl:json" + import "deps.pkl" import "inputs.pkl" import "schema/Ci.pkl" @@ -10,8 +12,18 @@ import "util/shell.pkl" hidden fixed os_family: String hidden fixed os_image: String hidden fixed os_packaging: String -hidden fixed stable: inputs.Build -hidden fixed dev: inputs.Build + +local ciVersions = (new json.Parser { useMapping = true }).parse(read("file:ci.json")) as Mapping + +local stable = new inputs.Build { + name = "stable" + params = ciVersions["stable"].toMap().toTyped(inputs.BuildVars) +} +local dev = new inputs.Build { + name = "dev" + params = ciVersions["dev"].toMap().toTyped(inputs.BuildVars) +} + // rendered pipeline variables = new Mapping { From 48e659957f75ec77649dd211a64d6edf5d1cf900 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 00:32:48 +0100 Subject: [PATCH 43/53] gh side beginning --- .github/actions/archive-deps/action.yml | 40 ++++++++++++ .github/actions/fetch-deps/action.yml | 80 ------------------------ .github/actions/retrieve-deps/action.yml | 64 +++++++++++++++++++ .github/actions/setup-os/action.yml | 20 +++--- .github/workflows/ci.yml | 39 +++--------- .github/workflows/haproxy-deps.yml | 36 ----------- .github/workflows/pipeline.yml | 60 ++++++++++++++++++ 7 files changed, 185 insertions(+), 154 deletions(-) create mode 100644 .github/actions/archive-deps/action.yml delete mode 100644 .github/actions/fetch-deps/action.yml create mode 100644 .github/actions/retrieve-deps/action.yml delete mode 100644 .github/workflows/haproxy-deps.yml create mode 100644 .github/workflows/pipeline.yml diff --git a/.github/actions/archive-deps/action.yml b/.github/actions/archive-deps/action.yml new file mode 100644 index 0000000..ae962dc --- /dev/null +++ b/.github/actions/archive-deps/action.yml @@ -0,0 +1,40 @@ +name: "Archive Dependencies" +description: "Archive dependencies for use in subsequent steps" + +inputs: + OS_FAMILY: + description: "Dependency build OS family" + required: true + +runs: + using: "composite" + steps: + - name: "Dependencies - Archive - LUA" + uses: "actions/upload-artifact@v4" + with: + name: "lua-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/lua/lua-dist.tar.gz" + + - name: "Dependencies - Archive - PCRE2" + uses: "actions/upload-artifact@v4" + with: + name: "pcre2-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/pcre2/pcre2-dist.tar.gz" + + - name: "Dependencies - Archive - AWS-LC" + uses: "actions/upload-artifact@v4" + with: + name: "awslc-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/awslc/awslc-dist.tar.gz" + + - name: "Dependencies - Archive - QuicTLS" + uses: "actions/upload-artifact@v4" + with: + name: "quictls-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/quictls/quictls-dist.tar.gz" + + - name: "Dependencies - Archive - VTest" + uses: "actions/upload-artifact@v4" + with: + name: "vtest-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/vtest/vtest-dist.tar.gz" diff --git a/.github/actions/fetch-deps/action.yml b/.github/actions/fetch-deps/action.yml deleted file mode 100644 index 331831a..0000000 --- a/.github/actions/fetch-deps/action.yml +++ /dev/null @@ -1,80 +0,0 @@ -name: Fetch HAProxy dependencies -description: "Retrieve previously compiled build-time dependencies" - -inputs: - INSTALL_NATIVE_DEPS: - description: Install native build dependencies - required: false - default: "true" - -runs: - using: "composite" - - steps: - - name: Dependencies - Fetch - LUA - uses: actions/download-artifact@v4 - with: - name: lua-dist.tar.gz - path: deps/lua - - name: Dependencies - Unpack - LUA - shell: bash - run: | - mkdir -pv deps/lua/dist - tar -C deps/lua/dist -xf deps/lua/lua-dist.tar.gz - - - name: Dependencies - Fetch - PCRE2 - uses: actions/download-artifact@v4 - with: - name: pcre2-dist.tar.gz - path: deps/pcre2 - - name: Dependencies - Unpack - PCRE2 - shell: bash - run: | - mkdir -pv deps/pcre2/dist - tar -C deps/pcre2/dist -xf deps/pcre2/pcre2-dist.tar.gz - - - name: Dependencies - Fetch - AWS-LC - uses: actions/download-artifact@v4 - with: - name: awslc-dist.tar.gz - path: deps/awslc - - name: Dependencies - Unpack - AWS-LC - shell: bash - run: | - mkdir -pv deps/awslc/dist - tar -C deps/awslc/dist -xf deps/awslc/awslc-dist.tar.gz - - - name: Dependencies - Fetch - QuicTLS - uses: actions/download-artifact@v4 - with: - name: quictls-dist.tar.gz - path: deps/quictls - - name: Dependencies - Unpack - QuicTLS - shell: bash - run: | - mkdir -pv deps/quictls/dist - tar -C deps/quictls/dist -xf deps/quictls/quictls-dist.tar.gz - - - name: Dependencies - Fetch - VTest - uses: actions/download-artifact@v4 - with: - name: vtest-dist.tar.gz - path: deps/vtest - - name: Dependencies - Unpack - VTest - shell: bash - run: | - mkdir -pv deps/vtest/dist - tar -C deps/vtest/dist -xf deps/vtest/vtest-dist.tar.gz - - - name: Install native build dependencies - if: ${{ inputs.INSTALL_NATIVE_DEPS == 'true' }} - shell: bash - run: | - apt update && apt install -y \ - bzip2 \ - devscripts \ - debhelper \ - pkg-config \ - libpcre2-dev \ - libreadline-dev \ - zlib1g-dev diff --git a/.github/actions/retrieve-deps/action.yml b/.github/actions/retrieve-deps/action.yml new file mode 100644 index 0000000..eeedaf7 --- /dev/null +++ b/.github/actions/retrieve-deps/action.yml @@ -0,0 +1,64 @@ +name: "Retrieve Dependencies" +description: "Retrieve previously built dependencies" + +inputs: + OS_FAMILY: + description: "Dependency build OS family" + required: true + +runs: + using: "composite" + steps: + - name: "Dependencies - Retrieve - LUA" + uses: "actions/download-artifact@v4" + with: + name: "lua-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/lua" + + - name: "Dependencies - Retrieve - PCRE2" + uses: "actions/download-artifact@v4" + with: + name: "pcre2-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/pcre2" + + - name: "Dependencies - Retrieve - AWS-LC" + uses: "actions/download-artifact@v4" + with: + name: "awslc-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/awslc" + + - name: "Dependencies - Retrieve - QuicTLS" + uses: "actions/download-artifact@v4" + with: + name: "quictls-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/quictls" + + - name: "Dependencies - Retrieve - VTest" + uses: "actions/download-artifact@v4" + with: + name: "vtest-dist-${{ inputs.OS_FAMILY }}.tar.gz" + path: "deps/vtest" + + - name: "Dependencies - Unpack" + shell: "bash" + run: | + set -euo pipefail + + function unpack_dep() { + local dep="$1" + local tarball="deps/$dep/$dep-dist-${{ inputs.OS_FAMILY }}.tar.gz" + echo "Unpacking dependency name=$dep tarball=$tarball" + if ! [ -f "$tarball" ]; then + echo "tarball not found in deps/$dep:" + ls -l "deps/$dep" + exit 1 + fi + mkdir -pv "deps/$dep/dist" + tar -C "deps/$dep/dist" -xf "$tarball" + } + + unpack_dep "lua" + unpack_dep "pcre2" + unpack_dep "awslc" + unpack_dep "quictls" + unpack_dep "vtest" diff --git a/.github/actions/setup-os/action.yml b/.github/actions/setup-os/action.yml index a85d51f..42a9b68 100644 --- a/.github/actions/setup-os/action.yml +++ b/.github/actions/setup-os/action.yml @@ -1,14 +1,16 @@ -name: Setup Debian-based OS dependencies -description: | - Because we live in a dumb world where I have to care about the source OS' libc version of the programs I compile... +name: Setup OS dependencies - Fuck static linking forever +inputs: + OS_FAMILY: + description: "Dependency build OS family" + required: true runs: using: "composite" - steps: - - name: Install OS dependencies - shell: bash - run: | - ./tool/setup-debian.sh + - name: "Install OS dependencies" + shell: "bash" + run: "./tool/setup-${{ inputs.OS_FAMILY }}.sh" + - name: "Ensure execution environment has sane ulimits" + shell: "bash" + run: "./tool/check-docker-ulimit.sh" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index d4d380f..3e97e88 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -4,35 +4,16 @@ on: tags: [ "*" ] jobs: - haproxy-dependencies: - uses: "./.github/workflows/haproxy-deps.yml" + debian: + uses: "./.github/workflows/pipeline.yml" with: - DEBIAN_CODENAME: "bookworm" + OS_FAMILY: "debian" + OS_IMAGE: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" + OS_PACKAGING: "deb" - dist-stable: - needs: [ "haproxy-dependencies" ] - uses: "./.github/workflows/haproxy-dist.yml" - secrets: "inherit" # for Docker image publication + rockylinux: + uses: "./.github/workflows/pipeline.yml" with: - DEBIAN_CODENAME: "bookworm" - HAPROXY_FLAVOUR: "stable" - # https://git.haproxy.org/?p=haproxy-3.1.git;a=commit;h=v3.1.3 - HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy-3.1.git" - HAPROXY_VERSION: "3.1-stable" - HAPROXY_GITREF: "v3.1.3" - HAPROXY_DATAPLANEAPI_VERSION: "v3.0" - HAPROXY_OPTIMIZATION: "-O2" - - dist-dev: - needs: [ "haproxy-dependencies" ] - uses: "./.github/workflows/haproxy-dist.yml" - secrets: "inherit" # for Docker image publication - with: - DEBIAN_CODENAME: "bookworm" - HAPROXY_FLAVOUR: "dev" - # https://git.haproxy.org/?p=haproxy.git;a=commit;h=8235a24782e528b9bf8ca9dd69c0a147556dfcb5 - HAPROXY_GITREPO: "https://git.haproxy.org/?p=haproxy.git" - HAPROXY_VERSION: "3.2-dev" - HAPROXY_GITREF: "8235a24782e528b9bf8ca9dd69c0a147556dfcb5" - HAPROXY_DATAPLANEAPI_VERSION: "master" - HAPROXY_OPTIMIZATION: "-Og" + OS_FAMILY: "rockylinux" + OS_IMAGE: "ghcr.io/mangadex-pub/containers-base/rockylinux:9-develroot" + OS_PACKAGING: "rpm" diff --git a/.github/workflows/haproxy-deps.yml b/.github/workflows/haproxy-deps.yml deleted file mode 100644 index 495b9ef..0000000 --- a/.github/workflows/haproxy-deps.yml +++ /dev/null @@ -1,36 +0,0 @@ -name: HAProxy dependencies - -on: - workflow_call: - inputs: - DEBIAN_CODENAME: - required: true - type: string - -jobs: - dependency: - runs-on: ubuntu-latest - container: "docker.io/library/debian:${{ inputs.DEBIAN_CODENAME }}" - permissions: - contents: read - packages: write - strategy: - matrix: - dependency_name: - - awslc - - lua - - pcre2 - - quictls - - vtest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Setup OS - uses: "./.github/actions/setup-os" - - name: Build ${{ matrix.dependency_name }} - run: make deps/${{ matrix.dependency_name }} - - name: Archive ${{ matrix.dependency_name }} distribution - uses: actions/upload-artifact@v4 - with: - name: ${{ matrix.dependency_name }}-dist.tar.gz - path: deps/${{ matrix.dependency_name }}/${{ matrix.dependency_name }}-dist.tar.gz diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml new file mode 100644 index 0000000..4d9065c --- /dev/null +++ b/.github/workflows/pipeline.yml @@ -0,0 +1,60 @@ +on: + workflow_call: + inputs: + OS_FAMILY: { type: "string", required: true } + OS_IMAGE: { type: "string", required: true } + OS_PACKAGING: { type: "string", required: true } + +defaults: + run: + shell: "bash" + +jobs: + dependencies: + runs-on: "ubuntu-latest" + container: "${{ inputs.OS_IMAGE }}" + permissions: + contents: "read" + packages: "write" + steps: + - { uses: "actions/checkout@v4" } + - { uses: "./.github/actions/setup-os", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } + - name: "Build dependencies" + run: "make deps" + - { uses: "./.github/actions/archive-deps", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } + + regtests: + runs-on: "ubuntu-latest" + container: "${{ inputs.OS_IMAGE }}" + needs: [ "dependencies" ] + permissions: { contents: "read" } + strategy: + matrix: { BUILD_FLAVOUR: [ "dev", "stable" ] } + steps: + - { uses: "actions/checkout@v4" } + - { uses: "./.github/actions/setup-os", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } + - { uses: "./.github/actions/retrieve-deps", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } + - name: "Run regtests" + run: "make -C haproxy build test" + env: + HAPROXY_OPTIMIZATION: "-Og" + + package: + runs-on: "ubuntu-latest" + container: "${{ inputs.OS_IMAGE }}" + needs: [ "dependencies" ] + permissions: { contents: "read", packages: "write" } + strategy: + matrix: { BUILD_FLAVOUR: [ "dev", "stable" ] } + steps: + - { uses: "actions/checkout@v4" } + - { uses: "./.github/actions/setup-os", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } + - { uses: "./.github/actions/retrieve-deps", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } + - { name: "Install FPM", run: "gem install fpm" } + - name: "Build package" + run: "make -C haproxy build dist-${{ inputs.OS_PACKAGING }}" + - name: "Archive package" + uses: "actions/upload-artifact@v4" + with: + name: "haproxy-${{ matrix.BUILD_FLAVOUR }}.${{ inputs.OS_PACKAGING }}" + path: "deps/haproxy/*.${{ inputs.OS_PACKAGING }}" From e17dbde94253bf1b1ad4bcaeebe180942256f7ad Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 00:37:31 +0100 Subject: [PATCH 44/53] fixups for gh --- .github/actions/retrieve-deps/action.yml | 2 +- .github/actions/setup-os/action.yml | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/actions/retrieve-deps/action.yml b/.github/actions/retrieve-deps/action.yml index eeedaf7..a243bae 100644 --- a/.github/actions/retrieve-deps/action.yml +++ b/.github/actions/retrieve-deps/action.yml @@ -46,7 +46,7 @@ runs: function unpack_dep() { local dep="$1" - local tarball="deps/$dep/$dep-dist-${{ inputs.OS_FAMILY }}.tar.gz" + local tarball="deps/$dep/$dep-dist.tar.gz" echo "Unpacking dependency name=$dep tarball=$tarball" if ! [ -f "$tarball" ]; then echo "tarball not found in deps/$dep:" diff --git a/.github/actions/setup-os/action.yml b/.github/actions/setup-os/action.yml index 42a9b68..7046d51 100644 --- a/.github/actions/setup-os/action.yml +++ b/.github/actions/setup-os/action.yml @@ -14,3 +14,6 @@ runs: - name: "Ensure execution environment has sane ulimits" shell: "bash" run: "./tool/check-docker-ulimit.sh" + - name: "Allow Git read operations" + shell: "bash" + run: "git config --global --add safe.directory '*'" From 3b1f5f75d0f6e737fa00a0728710eeb99677b410 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 02:22:19 +0100 Subject: [PATCH 45/53] replace debuilder with containers-base/debian develroot --- .github/workflows/ci.yml | 2 +- .gitlab/ci-debian.pkl | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 3e97e88..990a2d8 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,7 +8,7 @@ jobs: uses: "./.github/workflows/pipeline.yml" with: OS_FAMILY: "debian" - OS_IMAGE: "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" + OS_IMAGE: "ghcr.io/mangadex-pub/containers-base/debian:bookworm-develroot" OS_PACKAGING: "deb" rockylinux: diff --git a/.gitlab/ci-debian.pkl b/.gitlab/ci-debian.pkl index 4c4a34c..5ea358d 100644 --- a/.gitlab/ci-debian.pkl +++ b/.gitlab/ci-debian.pkl @@ -1,5 +1,5 @@ module Debian extends "lib/pipeline.pkl" fixed os_family = "debian" -fixed os_image = "ghcr.io/mangadex-pub/debuilder:bookworm-clang18" +fixed os_image = "ghcr.io/mangadex-pub/containers-base/debian:bookworm-develroot" fixed os_packaging = "deb" From caeb57925d6770d1b473cac8b0df32d86901a2fa Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 02:35:57 +0100 Subject: [PATCH 46/53] wire in docker image building --- .github/workflows/haproxy-dist.yml | 204 ----------------------------- .github/workflows/pipeline.yml | 72 +++++++++- 2 files changed, 66 insertions(+), 210 deletions(-) delete mode 100644 .github/workflows/haproxy-dist.yml diff --git a/.github/workflows/haproxy-dist.yml b/.github/workflows/haproxy-dist.yml deleted file mode 100644 index 3860609..0000000 --- a/.github/workflows/haproxy-dist.yml +++ /dev/null @@ -1,204 +0,0 @@ -name: Build HAProxy version - -on: - workflow_call: - inputs: - DEBIAN_CODENAME: - required: true - type: string - HAPROXY_FLAVOUR: - required: true - type: string - HAPROXY_GITREPO: - required: true - type: string - HAPROXY_OPTIMIZATION: - required: true - type: string - HAPROXY_VERSION: - required: true - type: string - HAPROXY_GITREF: - required: true - type: string - HAPROXY_DATAPLANEAPI_VERSION: - required: true - type: string - -# For Docker publication -env: - REGISTRY: "ghcr.io" - IMAGE_NAME: "${{ github.repository }}" - -jobs: - regtests: - runs-on: ubuntu-latest - container: "docker.io/library/debian:${{ inputs.DEBIAN_CODENAME }}" - permissions: - contents: read - packages: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Setup OS - uses: "./.github/actions/setup-os" - - name: Fetch build-time dependencies - uses: "./.github/actions/fetch-deps" - - name: Build and test - continue-on-error: true - run: | - make -C haproxy \ - HAPROXY_GITREPO="${{ inputs.HAPROXY_GITREPO }}" \ - HAPROXY_VERSION="${{ inputs.HAPROXY_VERSION }}" \ - HAPROXY_GITREF="${{ inputs.HAPROXY_GITREF }}" \ - HAPROXY_OPTIMIZATION="${{ inputs.HAPROXY_OPTIMIZATION }}" \ - BUILD_PATCHES_DIR="patches-${{ inputs.HAPROXY_FLAVOUR }}" \ - build test - - dataplaneapi: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Set up Go - uses: actions/setup-go@v5 - with: - go-version: '1.23' - - name: Build Dataplane API - run: | - make deps/dataplaneapi DATAPLANEAPI_VERSION=${{ inputs.HAPROXY_DATAPLANEAPI_VERSION }} - - name: Archive binary tarball - uses: actions/upload-artifact@v4 - with: - name: dataplaneapi-${{ inputs.HAPROXY_FLAVOUR }}.tar.gz - path: deps/dataplaneapi/dataplaneapi-dist.tar.gz - - dist-binary: - runs-on: ubuntu-latest - container: "docker.io/library/debian:${{ inputs.DEBIAN_CODENAME }}" - permissions: - contents: read - packages: write - needs: [ dataplaneapi, regtests ] - strategy: - matrix: - dist_type: [ bin, deb ] - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Setup OS - uses: "./.github/actions/setup-os" - - name: Fetch build-time dependencies - uses: "./.github/actions/fetch-deps" - - # Standalone as it's version-dependent - - name: Dependencies - Fetch - Data Plane API - uses: actions/download-artifact@v4 - with: - name: dataplaneapi-${{ inputs.HAPROXY_FLAVOUR }}.tar.gz - path: deps/dataplaneapi - - name: Dependencies - Unpack - Data Plane API - shell: bash - run: | - mkdir -pv deps/dataplaneapi/dist - tar -C deps/dataplaneapi/dist -xf deps/dataplaneapi/dataplaneapi-dist.tar.gz - - - name: Build distribution - env: - BUILD_MESSAGE: "${{ github.event.head_commit.message }}" - run: | - make -C haproxy \ - HAPROXY_GITREPO="${{ inputs.HAPROXY_GITREPO }}" \ - HAPROXY_VERSION="${{ inputs.HAPROXY_VERSION }}" \ - HAPROXY_GITREF="${{ inputs.HAPROXY_GITREF }}" \ - HAPROXY_OPTIMIZATION="${{ inputs.HAPROXY_OPTIMIZATION }}" \ - BUILD_PATCHES_DIR="patches-${{ inputs.HAPROXY_FLAVOUR }}" \ - dist-${{ matrix.dist_type }} - ls -l haproxy - - - name: Archive binary tarball - if: ${{ matrix.dist_type == 'bin' }} - uses: actions/upload-artifact@v4 - with: - name: haproxy-${{ inputs.HAPROXY_FLAVOUR }}.tar.gz - path: haproxy/haproxy-dist.tar.gz - - - name: Collect Debian packages - if: ${{ matrix.dist_type == 'deb' }} - run: | - echo "DEB_BIN=$(ls -1 haproxy/haproxy-dbgsym_*.deb | cut -d'/' -f2)" | tee -a $GITHUB_ENV - echo "DEB_DBG=$(ls -1 haproxy/haproxy_*.deb | cut -d'/' -f2)" | tee -a $GITHUB_ENV - - name: Archive Debian packages - binary - if: ${{ matrix.dist_type == 'deb' }} - uses: actions/upload-artifact@v4 - with: - name: ${{ env.DEB_BIN }} - path: haproxy/${{ env.DEB_BIN }} - - name: Archive Debian packages - debug symbols - if: ${{ matrix.dist_type == 'deb' }} - uses: actions/upload-artifact@v4 - with: - name: ${{ env.DEB_DBG }} - path: haproxy/${{ env.DEB_DBG }} - - dist-docker: - runs-on: ubuntu-latest - permissions: - contents: read - packages: write - needs: [ dataplaneapi, dist-binary, regtests ] - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - name: Fetch build-time dependencies - uses: "./.github/actions/fetch-deps" - with: - INSTALL_NATIVE_DEPS: "false" - - # Standalone as it's version-dependent - - name: Dependencies - Fetch - Data Plane API - uses: actions/download-artifact@v4 - with: - name: dataplaneapi-${{ inputs.HAPROXY_FLAVOUR }}.tar.gz - path: deps/dataplaneapi - - name: Dependencies - Unpack - Data Plane API - shell: bash - run: | - mkdir -pv deps/dataplaneapi/dist - tar -C deps/dataplaneapi/dist -xf deps/dataplaneapi/dataplaneapi-dist.tar.gz - - - name: Fetch HAProxy dist - uses: actions/download-artifact@v4 - with: - name: haproxy-${{ inputs.HAPROXY_FLAVOUR }}.tar.gz - path: haproxy - - - name: Set up QEMU - uses: docker/setup-qemu-action@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - - name: Log in to the Container registry - uses: docker/login-action@v3 - with: - registry: ${{ env.REGISTRY }} - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Extract metadata (tags, labels) for Docker - id: meta - uses: docker/metadata-action@v5 - with: - images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }} - tags: | - type=sha,event=push,enable=true,prefix=branch-{{ branch }}-${{ inputs.HAPROXY_VERSION }}-git-,format=short - type=sha,event=push,enable={{ is_default_branch }},prefix=${{ inputs.HAPROXY_VERSION }}-git-,format=short - type=raw,event=push,enable={{ is_default_branch }},value=${{ inputs.HAPROXY_VERSION }} - - name: Build and push Docker image - uses: docker/build-push-action@v5 - with: - context: . - push: true - tags: ${{ steps.meta.outputs.tags }} - labels: ${{ steps.meta.outputs.labels }} diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 4d9065c..d45c64b 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -9,6 +9,10 @@ defaults: run: shell: "bash" +env: + REGISTRY: "ghcr.io" + IMAGE_NAME: "${{ github.repository }}" + jobs: dependencies: runs-on: "ubuntu-latest" @@ -35,14 +39,20 @@ jobs: - { uses: "./.github/actions/setup-os", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - { uses: "./.github/actions/retrieve-deps", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - name: "Run regtests" - run: "make -C haproxy build test" - env: - HAPROXY_OPTIMIZATION: "-Og" + run: | + set -euo pipefail + + export HAPROXY_GITREPO=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.git_repo' ci.json) + export HAPROXY_GITREF=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.git_ref' ci.json) + export HAPROXY_VERSION=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.version' ci.json) + export HAPROXY_OPTIMIZATION="-Og" + + make -C haproxy build test package: runs-on: "ubuntu-latest" container: "${{ inputs.OS_IMAGE }}" - needs: [ "dependencies" ] + needs: [ "regtests" ] permissions: { contents: "read", packages: "write" } strategy: matrix: { BUILD_FLAVOUR: [ "dev", "stable" ] } @@ -52,9 +62,59 @@ jobs: - { uses: "./.github/actions/retrieve-deps", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - { name: "Install FPM", run: "gem install fpm" } - name: "Build package" - run: "make -C haproxy build dist-${{ inputs.OS_PACKAGING }}" + run: | + set -euo pipefail + + export HAPROXY_GITREPO=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.git_repo' ci.json) + export HAPROXY_GITREF=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.git_ref' ci.json) + export HAPROXY_VERSION=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.version' ci.json) + if [ "${{ matrix.BUILD_FLAVOUR }}" == "dev" ]; then + export HAPROXY_OPTIMIZATION="-Og" + fi + + make -C haproxy build dist-${{ inputs.OS_PACKAGING }} - name: "Archive package" uses: "actions/upload-artifact@v4" with: name: "haproxy-${{ matrix.BUILD_FLAVOUR }}.${{ inputs.OS_PACKAGING }}" - path: "deps/haproxy/*.${{ inputs.OS_PACKAGING }}" + path: "haproxy/*.${{ inputs.OS_PACKAGING }}" + + docker: + runs-on: "ubuntu-latest" + needs: [ "package" ] + permissions: { contents: "read", packages: "write" } + strategy: + matrix: { BUILD_FLAVOUR: [ "dev", "stable" ] } + steps: + - { uses: "actions/checkout@v4" } + - { uses: "docker/setup-qemu-action@v3" } + - { uses: "docker/setup-buildx-action@v3" } + - name: "Log in to the Container registry" + uses: "docker/login-action@v3" + with: + registry: "${{ env.REGISTRY }}" + username: "${{ github.actor }}" + password: "${{ secrets.GITHUB_TOKEN }}" + - name: "Extract metadata (tags, labels) for Docker" + id: "meta" + uses: "docker/metadata-action@v5" + with: + images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" + tags: | + type=raw,event=push,enable=true,value=branch-{{ branch }}-${{ steps.buildvars.haproxy_version }}-${{ inputs.OS_FAMILY }} + type=sha,event=push,enable=true,prefix=branch-{{ branch }}-${{ steps.buildvars.haproxy_version }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short + type=raw,event=push,enable={{ is_default_branch }},value=${{ steps.buildvars.haproxy_version }}-${{ inputs.OS_FAMILY }} + type=sha,event=push,enable={{ is_default_branch }},prefix=${{ steps.buildvars.haproxy_version }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short + - name: "Fetch package" + uses: "actions/download-artifact@v4" + with: + name: "haproxy-${{ matrix.BUILD_FLAVOUR }}.${{ inputs.OS_PACKAGING }}" + path: "haproxy" + - name: "Build and push Docker image" + uses: "docker/build-push-action@v5" + with: + context: "." + file: "${{ inputs.OS_FAMILY }}.dockerfile" + push: true + tags: "${{ steps.meta.outputs.tags }}" + labels: "${{ steps.meta.outputs.labels }}" From 9f39e0011f0cc4198afeb37bf1a9c56e050a2966 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 02:51:05 +0100 Subject: [PATCH 47/53] try setup --- .github/workflows/pipeline.yml | 49 +++++++++++++++++++--------------- 1 file changed, 27 insertions(+), 22 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index d45c64b..bb766bf 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -14,6 +14,14 @@ env: IMAGE_NAME: "${{ github.repository }}" jobs: + buildvars: + runs-on: "ubuntu-latest" + outputs: + cijson: "${{ steps.cijson.outputs.cijson }}" + steps: + - id: cijson + run: 'echo "cijson=$(jq -c . ci.json)" | tee -a "$GITHUB_OUTPUT"' + dependencies: runs-on: "ubuntu-latest" container: "${{ inputs.OS_IMAGE }}" @@ -30,7 +38,7 @@ jobs: regtests: runs-on: "ubuntu-latest" container: "${{ inputs.OS_IMAGE }}" - needs: [ "dependencies" ] + needs: [ "buildvars", "dependencies" ] permissions: { contents: "read" } strategy: matrix: { BUILD_FLAVOUR: [ "dev", "stable" ] } @@ -39,20 +47,17 @@ jobs: - { uses: "./.github/actions/setup-os", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - { uses: "./.github/actions/retrieve-deps", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - name: "Run regtests" - run: | - set -euo pipefail - - export HAPROXY_GITREPO=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.git_repo' ci.json) - export HAPROXY_GITREF=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.git_ref' ci.json) - export HAPROXY_VERSION=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.version' ci.json) - export HAPROXY_OPTIMIZATION="-Og" - - make -C haproxy build test + run: "make -C haproxy build test" + env: + HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" + HAPROXY_GITREF: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_ref'] }}" + HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" + HAPROXY_OPTIMIZATION: "-Og" package: runs-on: "ubuntu-latest" container: "${{ inputs.OS_IMAGE }}" - needs: [ "regtests" ] + needs: [ "buildvars", "regtests" ] permissions: { contents: "read", packages: "write" } strategy: matrix: { BUILD_FLAVOUR: [ "dev", "stable" ] } @@ -63,16 +68,14 @@ jobs: - { name: "Install FPM", run: "gem install fpm" } - name: "Build package" run: | - set -euo pipefail - - export HAPROXY_GITREPO=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.git_repo' ci.json) - export HAPROXY_GITREF=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.git_ref' ci.json) - export HAPROXY_VERSION=$(jq -r '.${{ matrix.BUILD_FLAVOUR }}.version' ci.json) if [ "${{ matrix.BUILD_FLAVOUR }}" == "dev" ]; then export HAPROXY_OPTIMIZATION="-Og" fi - make -C haproxy build dist-${{ inputs.OS_PACKAGING }} + env: + HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" + HAPROXY_GITREF: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_ref'] }}" + HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" - name: "Archive package" uses: "actions/upload-artifact@v4" with: @@ -81,7 +84,7 @@ jobs: docker: runs-on: "ubuntu-latest" - needs: [ "package" ] + needs: [ "buildvars", "package" ] permissions: { contents: "read", packages: "write" } strategy: matrix: { BUILD_FLAVOUR: [ "dev", "stable" ] } @@ -101,10 +104,12 @@ jobs: with: images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" tags: | - type=raw,event=push,enable=true,value=branch-{{ branch }}-${{ steps.buildvars.haproxy_version }}-${{ inputs.OS_FAMILY }} - type=sha,event=push,enable=true,prefix=branch-{{ branch }}-${{ steps.buildvars.haproxy_version }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short - type=raw,event=push,enable={{ is_default_branch }},value=${{ steps.buildvars.haproxy_version }}-${{ inputs.OS_FAMILY }} - type=sha,event=push,enable={{ is_default_branch }},prefix=${{ steps.buildvars.haproxy_version }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short + type=raw,event=push,enable=true,value=branch-{{ branch }}-${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }} + type=sha,event=push,enable=true,prefix=branch-{{ branch }}-${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short + type=raw,event=push,enable={{ is_default_branch }},value=${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }} + type=sha,event=push,enable={{ is_default_branch }},prefix=${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short + env: + HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" - name: "Fetch package" uses: "actions/download-artifact@v4" with: From c0d395e35400c0e3b2b36f17e5195cab4756d6d2 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 02:55:02 +0100 Subject: [PATCH 48/53] add missing checkout and eu shell options for buildvars step --- .github/workflows/pipeline.yml | 23 +++++++++++++++-------- 1 file changed, 15 insertions(+), 8 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index bb766bf..5e5c080 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -16,11 +16,15 @@ env: jobs: buildvars: runs-on: "ubuntu-latest" + container: "${{ inputs.OS_IMAGE }}" + steps: + - { uses: "actions/checkout@v4" } + - id: "cijson" + run: | + set -euo pipefail + echo "cijson=$(jq -c . ci.json)" | tee -a "$GITHUB_OUTPUT" outputs: cijson: "${{ steps.cijson.outputs.cijson }}" - steps: - - id: cijson - run: 'echo "cijson=$(jq -c . ci.json)" | tee -a "$GITHUB_OUTPUT"' dependencies: runs-on: "ubuntu-latest" @@ -32,7 +36,9 @@ jobs: - { uses: "actions/checkout@v4" } - { uses: "./.github/actions/setup-os", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - name: "Build dependencies" - run: "make deps" + run: | + set -euo pipefail + make deps - { uses: "./.github/actions/archive-deps", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } regtests: @@ -47,7 +53,9 @@ jobs: - { uses: "./.github/actions/setup-os", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - { uses: "./.github/actions/retrieve-deps", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - name: "Run regtests" - run: "make -C haproxy build test" + run: | + set -euo pipefail + make -C haproxy build test env: HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" HAPROXY_GITREF: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_ref'] }}" @@ -68,9 +76,8 @@ jobs: - { name: "Install FPM", run: "gem install fpm" } - name: "Build package" run: | - if [ "${{ matrix.BUILD_FLAVOUR }}" == "dev" ]; then - export HAPROXY_OPTIMIZATION="-Og" - fi + set -euo pipefail + if [ "${{ matrix.BUILD_FLAVOUR }}" == "dev" ]; then export HAPROXY_OPTIMIZATION="-Og" fi make -C haproxy build dist-${{ inputs.OS_PACKAGING }} env: HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" From 8044371283b2008373f18053150cac9e4602c52d Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 03:02:41 +0100 Subject: [PATCH 49/53] fix output ref --- .github/workflows/pipeline.yml | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 5e5c080..562c092 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -57,9 +57,9 @@ jobs: set -euo pipefail make -C haproxy build test env: - HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" - HAPROXY_GITREF: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_ref'] }}" - HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" + HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" + HAPROXY_GITREF: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['git_ref'] }}" + HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" HAPROXY_OPTIMIZATION: "-Og" package: @@ -80,9 +80,9 @@ jobs: if [ "${{ matrix.BUILD_FLAVOUR }}" == "dev" ]; then export HAPROXY_OPTIMIZATION="-Og" fi make -C haproxy build dist-${{ inputs.OS_PACKAGING }} env: - HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" - HAPROXY_GITREF: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['git_ref'] }}" - HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" + HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" + HAPROXY_GITREF: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['git_ref'] }}" + HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" - name: "Archive package" uses: "actions/upload-artifact@v4" with: @@ -116,7 +116,7 @@ jobs: type=raw,event=push,enable={{ is_default_branch }},value=${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }} type=sha,event=push,enable={{ is_default_branch }},prefix=${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short env: - HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" + HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" - name: "Fetch package" uses: "actions/download-artifact@v4" with: From 6d97c2844dc6c86b4ca47953e3b9322af37a169e Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 03:29:10 +0100 Subject: [PATCH 50/53] Add caching of build dependencies one too many times the LUA people screwed up hosting a static site somehow somebody give them funding please --- .github/workflows/pipeline.yml | 6 ++++++ .gitlab/lib/pipeline.pkl | 11 +++++++++++ deps/awslc/Makefile | 2 +- deps/lua/Makefile | 2 +- deps/pcre2/Makefile | 2 +- deps/quictls/Makefile | 2 +- deps/vtest/Makefile | 2 +- haproxy/Makefile | 2 +- 8 files changed, 23 insertions(+), 6 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 562c092..e6cf66b 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -34,6 +34,12 @@ jobs: packages: "write" steps: - { uses: "actions/checkout@v4" } + - uses: "actions/cache@v4" + with: + key: "${{ runner.os }}-${{ runner.arch }}-deps-${{ hashFiles('deps/*/Makefile') }}" + path: | + deps/*/*.src.tar.gz + deps/*/*.src.zip - { uses: "./.github/actions/setup-os", with: { OS_FAMILY: "${{ inputs.OS_FAMILY }}" } } - name: "Build dependencies" run: | diff --git a/.gitlab/lib/pipeline.pkl b/.gitlab/lib/pipeline.pkl index 65160cc..7a6087e 100644 --- a/.gitlab/lib/pipeline.pkl +++ b/.gitlab/lib/pipeline.pkl @@ -60,6 +60,17 @@ dependencies = (deps.dependencies(defaultJob, dependencyList)) { variables { ...k8s.resources.md } + cache = new Ci.CacheItem { + key = new Ci.KeyAlternate1 { + prefix = "deps-" + files { "deps/*/Makefile" } + } + paths { + "deps/*/*.src.tar.gz" + "deps/*/*.src.zip" + } + `when` = "on_success" + } } function haproxyVars(target: inputs.Build) = (k8s.resources.sm) { diff --git a/deps/awslc/Makefile b/deps/awslc/Makefile index 05907f8..ce424c3 100644 --- a/deps/awslc/Makefile +++ b/deps/awslc/Makefile @@ -4,7 +4,7 @@ AWSLC_BUILD_VERSION = mangadex-$(BUILD_VERSION_REPOSHA) AWSLC_TAG = $(AWSLC_VERSION) AWSLC_SOURCES = https://github.com/aws/aws-lc/archive/refs/tags/v$(AWSLC_VERSION).tar.gz -AWSLC_TARBALL = awslc-$(AWSLC_VERSION).tar.gz +AWSLC_TARBALL = awslc-$(AWSLC_VERSION).src.tar.gz AWSLC_BUILDIR = src AWSLC_DESTDIR = dist AWSLC_DESTDIR_ABS = $(shell realpath $(AWSLC_DESTDIR)) diff --git a/deps/lua/Makefile b/deps/lua/Makefile index b2ba166..97b6e7d 100644 --- a/deps/lua/Makefile +++ b/deps/lua/Makefile @@ -1,6 +1,6 @@ LUA_VERSION = 5.4.7 LUA_SOURCES = https://www.lua.org/ftp/lua-$(LUA_VERSION).tar.gz -LUA_TARBALL = lua-$(LUA_VERSION).tar.gz +LUA_TARBALL = lua-$(LUA_VERSION).src.tar.gz LUA_BUILDIR = src LUA_DESTDIR = dist LUA_DESTDIR_ABS = $(shell realpath $(LUA_DESTDIR)) diff --git a/deps/pcre2/Makefile b/deps/pcre2/Makefile index 1e4fd5e..fdd2bfb 100644 --- a/deps/pcre2/Makefile +++ b/deps/pcre2/Makefile @@ -1,6 +1,6 @@ PCRE2_VERSION = 10.44 PCRE2_SOURCES = https://github.com/PCRE2Project/pcre2/releases/download/pcre2-$(PCRE2_VERSION)/pcre2-$(PCRE2_VERSION).tar.gz -PCRE2_TARBALL = pcre2-$(PCRE2_VERSION).tar.gz +PCRE2_TARBALL = pcre2-$(PCRE2_VERSION).src.tar.gz PCRE2_BUILDIR = src PCRE2_DESTDIR = dist PCRE2_DESTDIR_ABS = $(shell realpath $(PCRE2_DESTDIR)) diff --git a/deps/quictls/Makefile b/deps/quictls/Makefile index fcb7b1e..0c8b9f5 100644 --- a/deps/quictls/Makefile +++ b/deps/quictls/Makefile @@ -4,7 +4,7 @@ QUICTLS_BUILD_VERSION = quic-mangadex-$(BUILD_VERSION_REPOSHA) QUICTLS_TAG = OpenSSL_$(subst .,_,$(OPENSSL_VERSION))-quic1 QUICTLS_SOURCES = https://codeload.github.com/quictls/openssl/tar.gz/$(QUICTLS_TAG) -QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).tar.gz +QUICTLS_TARBALL = quictls-$(OPENSSL_VERSION).src.tar.gz QUICTLS_BUILDIR = src QUICTLS_DESTDIR = dist QUICTLS_DESTDIR_ABS = $(shell realpath $(QUICTLS_DESTDIR)) diff --git a/deps/vtest/Makefile b/deps/vtest/Makefile index c63429e..bd19e2d 100644 --- a/deps/vtest/Makefile +++ b/deps/vtest/Makefile @@ -1,7 +1,7 @@ # Temporary edit until https://github.com/haproxy/haproxy/issues/2792 is fixed VTEST_GITREF = f374b6495079fa9333f46aa346686ea1602f2e96 VTEST_SOURCES = https://github.com/wlallemand/VTest/archive/$(VTEST_GITREF).zip -VTEST_ZIPBALL = VTest-$(VTEST_GITREF).zip +VTEST_ZIPBALL = VTest-$(VTEST_GITREF).src.zip VTEST_BUILDIR = src VTEST_DESTDIR = dist VTEST_ARCHIVE = vtest-dist.tar.gz diff --git a/haproxy/Makefile b/haproxy/Makefile index bdd8935..db5935a 100644 --- a/haproxy/Makefile +++ b/haproxy/Makefile @@ -13,7 +13,7 @@ HAPROXY_OPTIMIZATION ?= -O2 HAPROXY_SHORTSHA = $(shell echo "$(HAPROXY_GITREF)" | grep -Eo '^.{7}' || echo "$(HAPROXY_GITREF)") HAPROXY_VERSION_MINOR = $(shell echo "$(HAPROXY_VERSION)" | cut -d'.' -f1-2) HAPROXY_SOURCES = $(HAPROXY_GITREPO);a=snapshot;h=$(HAPROXY_GITREF);sf=tgz -HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).tar.gz +HAPROXY_TARBALL = haproxy-$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).src.tar.gz HAPROXY_DEBORIG = haproxy_$(HAPROXY_VERSION)-$(HAPROXY_SHORTSHA).orig.tar.gz HAPROXY_BUILDIR = src HAPROXY_DESTDIR = dist From d681631540ed0176f436e296ff04785ea2c36a9a Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 03:39:04 +0100 Subject: [PATCH 51/53] fix shell test --- .github/workflows/pipeline.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index e6cf66b..62a06da 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -83,7 +83,7 @@ jobs: - name: "Build package" run: | set -euo pipefail - if [ "${{ matrix.BUILD_FLAVOUR }}" == "dev" ]; then export HAPROXY_OPTIMIZATION="-Og" fi + if [ "${{ matrix.BUILD_FLAVOUR }}" = "dev" ]; then export HAPROXY_OPTIMIZATION="-Og"; fi make -C haproxy build dist-${{ inputs.OS_PACKAGING }} env: HAPROXY_GITREPO: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['git_repo'] }}" From d838cd529259b2b724b0e8c35ce12d4b7c8b1696 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 03:51:22 +0100 Subject: [PATCH 52/53] migrate from apt to apt-get I guess they will keep avoiding doing the sane thing for decades to come bit cringe but alas --- debian.dockerfile | 10 +++++----- tool/setup-debian.sh | 8 ++++---- 2 files changed, 9 insertions(+), 9 deletions(-) diff --git a/debian.dockerfile b/debian.dockerfile index 97e9764..8056e53 100644 --- a/debian.dockerfile +++ b/debian.dockerfile @@ -9,8 +9,8 @@ LABEL Version="${CANONICAL_VERSION}" COPY --chown=root:root haproxy/*.deb /tmp -RUN apt -q update && \ - apt -qq -y --no-install-recommends install \ +RUN apt-get -q update && \ + apt-get -qq -y --no-install-recommends install \ ca-certificates \ curl \ libatomic1 \ @@ -21,9 +21,9 @@ RUN apt -q update && \ zlib1g && \ dpkg -i /tmp/*.deb && \ rm -v /tmp/*.deb && \ - apt -qq -y install -f && \ - apt -qq -y --purge autoremove && \ - apt -qq -y clean && \ + apt-get -qq -y install -f && \ + apt-get -qq -y --purge autoremove && \ + apt-get -qq -y clean && \ rm -rf /var/lib/apt/lists/* /tmp/* /var/tmp/* /var/cache/* /var/log/* && \ /usr/local/sbin/haproxy -vv diff --git a/tool/setup-debian.sh b/tool/setup-debian.sh index 32873c0..53d8ead 100755 --- a/tool/setup-debian.sh +++ b/tool/setup-debian.sh @@ -4,10 +4,10 @@ set -euo pipefail export DEBIAN_FRONTEND=noninteractive -apt -qq update -apt -qq -y --no-install-recommends install apt-utils apt-transport-https ca-certificates -apt -qq update -apt -qq -y --no-install-recommends install \ +apt-get -q update +apt-get -qq -y --no-install-recommends install apt-utils apt-transport-https ca-certificates +apt-get -q update +apt-get -qq -y --no-install-recommends install \ build-essential \ bzip2 \ ca-certificates \ From fc2cd2ff8afaa33a715d04a48dfa38f6a3495786 Mon Sep 17 00:00:00 2001 From: Tristan Date: Sat, 24 May 2025 03:53:35 +0100 Subject: [PATCH 53/53] fix haproxy gitref injection for docker tags --- .github/workflows/pipeline.yml | 5 +++-- 1 file changed, 3 insertions(+), 2 deletions(-) diff --git a/.github/workflows/pipeline.yml b/.github/workflows/pipeline.yml index 62a06da..7a6e301 100644 --- a/.github/workflows/pipeline.yml +++ b/.github/workflows/pipeline.yml @@ -118,10 +118,11 @@ jobs: images: "${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}" tags: | type=raw,event=push,enable=true,value=branch-{{ branch }}-${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }} - type=sha,event=push,enable=true,prefix=branch-{{ branch }}-${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short + type=sha,event=push,enable=true,prefix=branch-{{ branch }}-${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }}-hap-${{ env.HAPROXY_GITREF }}-mdx-,format=short type=raw,event=push,enable={{ is_default_branch }},value=${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }} - type=sha,event=push,enable={{ is_default_branch }},prefix=${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }}-hap-${{ steps.buildvars.haproxy_gitref }}-mdx-,format=short + type=sha,event=push,enable={{ is_default_branch }},prefix=${{ env.HAPROXY_VERSION }}-${{ inputs.OS_FAMILY }}-hap-${{ env.HAPROXY_GITREF }}-mdx-,format=short env: + HAPROXY_GITREF: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['git_ref'] }}" HAPROXY_VERSION: "${{ fromJSON(needs.buildvars.outputs.cijson)[matrix.BUILD_FLAVOUR]['version'] }}" - name: "Fetch package" uses: "actions/download-artifact@v4"