From f6fe85149fedbcdf395023626c776b6b8a53ed04 Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Tue, 28 Oct 2025 21:37:25 -0500 Subject: [PATCH 1/2] Refactored github workflows to use a shared dependencies script to ease maintenance of workflows Ticket: ENT-13016 Changelog: none --- .github/workflows/acceptance_tests.yml | 2 +- .github/workflows/asan_unit_tests.yml | 2 +- .github/workflows/codeql.yml | 2 +- .github/workflows/shellcheck.yml | 4 +++- .github/workflows/unit_tests.yml | 2 +- .github/workflows/valgrind.yml | 4 +++- ci/build.sh | 10 ++-------- ci/configure.sh | 13 +++++++++++++ ci/dependencies.sh | 3 +++ ci/install.sh | 1 + 10 files changed, 29 insertions(+), 14 deletions(-) create mode 100755 ci/configure.sh diff --git a/.github/workflows/acceptance_tests.yml b/.github/workflows/acceptance_tests.yml index 60132de1f0..166492e9d6 100644 --- a/.github/workflows/acceptance_tests.yml +++ b/.github/workflows/acceptance_tests.yml @@ -11,7 +11,7 @@ jobs: with: submodules: recursive - name: Install dependencies - run: sudo apt-get update -y && sudo apt-get install -y libssl-dev libpam0g-dev liblmdb-dev byacc curl libyaml-dev librsync-dev + run: ./ci/dependencies.sh - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) diff --git a/.github/workflows/asan_unit_tests.yml b/.github/workflows/asan_unit_tests.yml index 5958e1998d..6c3dec8517 100644 --- a/.github/workflows/asan_unit_tests.yml +++ b/.github/workflows/asan_unit_tests.yml @@ -11,7 +11,7 @@ jobs: with: submodules: recursive - name: Install dependencies - run: sudo apt-get update -y && sudo apt-get install -y libssl-dev libpam0g-dev liblmdb-dev byacc curl librsync-dev + run: ./ci/dependencies.sh - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index e9381fdb77..18d404cc1f 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -41,7 +41,7 @@ jobs: - name: Install dependencies (C) if: ${{ matrix.language == 'cpp' }} - run: sudo apt-get update -y && sudo apt-get install -y libssl-dev libpam0g-dev liblmdb-dev byacc curl librsync-dev + run: ./ci/dependencies.sh - name: Build (C) if: ${{ matrix.language == 'cpp' }} diff --git a/.github/workflows/shellcheck.yml b/.github/workflows/shellcheck.yml index b5de17ec7c..bbe1c10218 100644 --- a/.github/workflows/shellcheck.yml +++ b/.github/workflows/shellcheck.yml @@ -12,7 +12,9 @@ jobs: with: submodules: recursive - name: Install dependencies - run: sudo apt-get update -y && sudo apt-get install -y libssl-dev libpam0g-dev liblmdb-dev byacc curl shellcheck librsync-dev + run: | + ./ci/dependencies.sh + sudo apt install -y shellcheck - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Run shellcheck diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml index 8115a911b6..ad142ac402 100644 --- a/.github/workflows/unit_tests.yml +++ b/.github/workflows/unit_tests.yml @@ -12,7 +12,7 @@ jobs: with: submodules: recursive - name: Install dependencies - run: sudo apt-get update -y && sudo apt-get install -y libssl-dev libpam0g-dev liblmdb-dev byacc curl librsync-dev + run: ./ci/dependencies.sh - name: Run autotools / configure run: ./autogen.sh --enable-debug - name: Compile and link (make) diff --git a/.github/workflows/valgrind.yml b/.github/workflows/valgrind.yml index 6b0f780708..38b0e71b34 100644 --- a/.github/workflows/valgrind.yml +++ b/.github/workflows/valgrind.yml @@ -27,7 +27,9 @@ jobs: path: masterfiles submodules: recursive - name: Install dependencies - run: sudo apt-get update -y && sudo apt-get install -y libssl-dev libpam0g-dev liblmdb-dev byacc curl libyaml-dev valgrind librsync-dev + run: | + ./ci/dependencies.sh + sudo apt install -y valgrind - name: Run autotools / configure run: ./autogen.sh --enable-debug --with-systemd-service - name: Compile and link (make) diff --git a/ci/build.sh b/ci/build.sh index 2cb55a9845..8ecc958d32 100755 --- a/ci/build.sh +++ b/ci/build.sh @@ -1,14 +1,8 @@ #!/usr/bin/env bash -# build.sh runs autogen/configure and then builds CFEngine core +# build.sh runs after dependencies and configure scripts and builds CFEngine core # the script should take into account the operating system environment and adjust, such as --without-pam on termux, BSDs and such set -ex thisdir="$(dirname "$0")" cd "$thisdir"/.. -OPTS="--enable-debug" -if [ -n "$TERMUX_VERSION" ]; then - OPTS="$OPTS --without-pam" -fi - -./autogen.sh $OPTS -make +make -j8 CFLAGS="-Werror -Wall" diff --git a/ci/configure.sh b/ci/configure.sh new file mode 100755 index 0000000000..816fff6133 --- /dev/null +++ b/ci/configure.sh @@ -0,0 +1,13 @@ +#!/usr/bin/env bash +# configure.sh runs autotools/configure as appropriate for the current environment +# the script should take into account the operating system environment and adjust, such as --without-pam on termux, BSDs and such +set -ex +thisdir="$(dirname "$0")" +cd "$thisdir"/.. +OPTS="--enable-debug" + +if [ -n "$TERMUX_VERSION" ]; then + OPTS="$OPTS --without-pam" +fi + +./autogen.sh $OPTS diff --git a/ci/dependencies.sh b/ci/dependencies.sh index ea31dbeeb2..6c9f56ff21 100755 --- a/ci/dependencies.sh +++ b/ci/dependencies.sh @@ -41,6 +41,9 @@ if [ -f /etc/os-release ]; then echo "Unsupported version of redhat for $0" exit 1 fi + elif [ "$ID" = "ubuntu" ]; then + sudo apt update -y + sudo apt install -y libssl-dev libpam0g-dev liblmdb-dev byacc curl librsync-dev else echo "Unsupported distribution based on /etc/os-release." fi diff --git a/ci/install.sh b/ci/install.sh index 587836d0ef..6f186a95ca 100755 --- a/ci/install.sh +++ b/ci/install.sh @@ -3,6 +3,7 @@ set -ex thisdir=$(dirname $0) "$thisdir"/dependencies.sh +"$thisdir"/configure.sh "$thisdir"/build.sh cd "$thisdir"/.. GAINROOT="" From 081fef11e5f0f4ec1de3228965373ea2e7c6ab8e Mon Sep 17 00:00:00 2001 From: Craig Comstock Date: Thu, 30 Oct 2025 10:50:32 -0500 Subject: [PATCH 2/2] Adjusted ci/*.sh scripts to work with debian and handle root/sudo properly Ticket: ENT-13164 Changelog: none --- ci/dependencies.sh | 36 +++++++++++++++++++++++------------- ci/install.sh | 8 +++++++- 2 files changed, 30 insertions(+), 14 deletions(-) diff --git a/ci/dependencies.sh b/ci/dependencies.sh index 6c9f56ff21..297ebe52c1 100755 --- a/ci/dependencies.sh +++ b/ci/dependencies.sh @@ -1,6 +1,16 @@ #!/usr/bin/env bash # dependencies.sh is called by install.sh to install libraries and packages needed to build and install CFEngine from source. set -ex + +GAINROOT="" +if [ "$(id -u)" != "0" ]; then + GAINROOT="sudo" + if ! command -v sudo >/dev/null; then + echo "Sorry, either run $0 as root or install sudo." + exit 1 + fi +fi + # limited support here, focused on rhel-like on aarch64 which has no previous CFEngine version to leverage: ENT-13016 if [ -f /etc/os-release ]; then source /etc/os-release @@ -9,17 +19,17 @@ if [ -f /etc/os-release ]; then if [ "$VERSION_MAJOR" -ge "10" ]; then # note that having a redhat subscription makes things easier: lmdb-devel and librsync-devel are available from codeready-builder repo if subscription-manager status; then - sudo subscription-manager config --rhsm.manage_repos=1 - sudo subscription-manager repos --enable codeready-builder-for-rhel-"$VERSION_MAJOR"-"$(uname -m)"-rpms - sudo dnf install --assumeyes https://dl.fedoraproject.org/pub/epel/epel-release-latest-"$VERSION_MAJOR".noarch.rpm - sudo dnf install --assumeyes flex-devel lmdb-devel librsync-devel fakeroot # only available via subscription with codeready-builder installed + $GAINROOT subscription-manager config --rhsm.manage_repos=1 + $GAINROOT subscription-manager repos --enable codeready-builder-for-rhel-"$VERSION_MAJOR"-"$(uname -m)"-rpms + $GAINROOT dnf install --assumeyes https://dl.fedoraproject.org/pub/epel/epel-release-latest-"$VERSION_MAJOR".noarch.rpm + $GAINROOT dnf install --assumeyes flex-devel lmdb-devel librsync-devel fakeroot # only available via subscription with codeready-builder installed # flex-devel, libyaml-devel and fakeroot are also only available easily from codeready-builder but are not critical to building CFEngine usable enough to configure a build host. # fakeroot is only needed for running tests but can be worked around by using GAINROOT=env with tests/acceptance/testall script else # here we assume no subscription and so must build those two dependencies from source :) - sudo yum groups install -y 'Development Tools' - sudo yum update --assumeyes - sudo yum install -y gcc gdb make git libtool autoconf automake byacc flex openssl-devel pcre2-devel pam-devel libxml2-devel + $GAINROOT yum groups install -y 'Development Tools' + $GAINROOT yum update --assumeyes + $GAINROOT yum install -y gcc gdb make git libtool autoconf automake byacc flex openssl-devel pcre2-devel pam-devel libxml2-devel tmpdir="$(mktemp -d)" echo "Building lmdb and librsync in $tmpdir" ( @@ -27,23 +37,23 @@ if [ -f /etc/os-release ]; then git clone --recursive --depth 1 https://github.com/LMDB/lmdb cd lmdb/libraries/liblmdb make - sudo make install prefix=/usr + $GAINROOT make install prefix=/usr cd - - sudo dnf install -y cmake + $GAINROOT dnf install -y cmake git clone --recursive --depth 1 https://github.com/librsync/librsync cd librsync cmake -DCMAKE_INSTALL_PREFIX=/usr -DCMAKE_BUILD_TYPE=Release . make - sudo make install + $GAINROOT make install ) fi else echo "Unsupported version of redhat for $0" exit 1 fi - elif [ "$ID" = "ubuntu" ]; then - sudo apt update -y - sudo apt install -y libssl-dev libpam0g-dev liblmdb-dev byacc curl librsync-dev + elif [ "$ID" = "debian" ] || [[ "$ID_LIKE" =~ "debian" ]]; then + $GAINROOT apt update -y + $GAINROOT apt install -y build-essential git libtool autoconf automake bison flex libssl-dev libpcre2-dev libbison-dev libacl1 libacl1-dev lmdb-utils liblmdb-dev libpam0g-dev libtool libyaml-dev libxml2-dev librsync-dev else echo "Unsupported distribution based on /etc/os-release." fi diff --git a/ci/install.sh b/ci/install.sh index 6f186a95ca..bb9ccf96a6 100755 --- a/ci/install.sh +++ b/ci/install.sh @@ -8,7 +8,13 @@ thisdir=$(dirname $0) cd "$thisdir"/.. GAINROOT="" if [ ! -n "$TERMUX_VERSION" ]; then - GAINROOT="sudo" + if [ "$(id -u)" != "0" ]; then + if ! command -v sudo >/dev/null; then + echo "Sorry, run $0 as root or install and configure sudo." + exit 1 + fi + GAINROOT="sudo" + fi fi $GAINROOT make install