.github/workflows/linux_ci.yml

name: Linux CI

on:
  push:
    branches:
      - master
  pull_request:

jobs:
  linux_ci:
    runs-on: ubuntu-22.04
    strategy:
      fail-fast: true
      matrix:
        sanitize: [ubsan, asan, tsan, msan]
    steps:
      - uses: actions/checkout@v4
      - name: Setup
        shell: bash
        run: |
          mkdir -p ~/.ssh/
          echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
          sudo apt-get update
          sudo DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -y curl zip unzip tar libssl-dev libcurl4-openssl-dev libunwind-dev git cmake ninja-build gdb protobuf-compiler libsodium-dev libgflags-dev libprotobuf-dev libutempter-dev g++

          echo "Host localhost\n  Port 2222\n\n" >> ~/.ssh/config

          sudo /usr/sbin/sshd -p 2222

          ssh-keygen -t rsa -f ~/.ssh/id_rsa -P "" -N ""
          cat ~/.ssh/id_rsa.pub >> ~/.ssh/authorized_keys
          cat ~/.ssh/id_rsa.pub >> ~/.ssh/known_hosts
          ssh -vvvvvvv -o "StrictHostKeyChecking no" -o 'PreferredAuthentications=publickey' localhost "echo foobar" # Fails if we can't ssh into localhost without a password
          if [[ -z "${ACT}" ]]; then auth_header="$(git config --local --get http.https://github.com/.extraheader)"; fi

          git submodule sync --recursive
          git submodule update --init --force --recursive

      # Restore both vcpkg and its artifacts from the GitHub cache service.
      - name: Restore vcpkg and its artifacts.
        uses: actions/cache@v4
        with:
          # The first path is where vcpkg generates artifacts while consuming the vcpkg.json manifest file.
          # The second path is the location of vcpkg (it contains the vcpkg executable and data files).
          # The other paths starting with '!' are exclusions: they contain temporary files generated during the build of the installed packages.
          path: |
            ${{ env.CMAKE_BUILD_DIR }}/vcpkg_installed/
            ${{ env.VCPKG_ROOT }}
            !${{ env.VCPKG_ROOT }}/buildtrees
            !${{ env.VCPKG_ROOT }}/packages
            !${{ env.VCPKG_ROOT }}/downloads
          # The key is composed in a way that it gets properly invalidated: this must happen whenever vcpkg's Git commit id changes, or the list of packages changes. In this case a cache miss must happen and a new entry with a new key with be pushed to GitHub the cache service.
          # The key includes: hash of the vcpkg.json file, the hash of the vcpkg Git commit id, and the used vcpkg's triplet. The vcpkg's commit id would suffice, but computing an hash out it does not harm.
          # Note: given a key, the cache content is immutable. If a cache entry has been created improperly, in order the recreate the right content the key must be changed as well, and it must be brand new (i.e. not existing already).
          key: |
            et-vcpkg-${{ hashFiles( 'vcpkg.json' ) }}-${{ hashFiles( '.git/modules/external/vcpkg/HEAD' )}}-linux-${{ matrix.sanitize }}

      - name: Test with ubsan
        run: |
          mkdir build
          pushd build
          cmake -DSANITIZE_UNDEFINED=ON ../
          make -j`nproc`
          TSAN_OPTIONS="suppressions=../test/test_tsan.suppression" ./et-test
          popd
          rm -Rf build
        if: matrix.sanitize == 'ubsan'

      - name: Test with asan
        run: |
          mkdir build
          pushd build
          cmake -DSANITIZE_ADDRESS=ON ../
          make -j`nproc`
          popd
          ./test/system_tests/connect_with_jumphost.sh
          TSAN_OPTIONS="suppressions=../test/test_tsan.suppression" ./build/et-test
          rm -Rf build
        if: matrix.sanitize == 'asan'

      - name: Test with msan
        run: |
          mkdir build
          pushd build
          cmake -DSANITIZE_MEMORY=ON ../
          make -j`nproc`
          TSAN_OPTIONS="suppressions=../test/test_tsan.suppression" ./et-test
          popd
          rm -Rf build
        if: matrix.sanitize == 'msan'

      - name: Test with tsan
        run: |
          mkdir build
          pushd build
          cmake -DSANITIZE_THREAD=ON -DSANITIZE_LINK_STATIC=ON ../
          make -j`nproc`
          TSAN_OPTIONS="suppressions=../test/test_tsan.suppression" ./et-test
          popd
          rm -Rf build
        if: matrix.sanitize == 'tsan'

  codecov:
    runs-on: ubuntu-22.04

    steps:
      - uses: actions/checkout@v4
      - name: Setup
        shell: bash
        run: |
          mkdir -p ~/.ssh/
          echo -e "Host github.com\n\tStrictHostKeyChecking no\n" >> ~/.ssh/config
          sudo apt-get update
          sudo DEBIAN_FRONTEND=noninteractive ACCEPT_EULA=Y apt-get install -y curl zip unzip tar libssl-dev libcurl4-openssl-dev libunwind-dev git cmake ninja-build gdb protobuf-compiler libsodium-dev libgflags-dev libprotobuf-dev libutempter-dev g++ lcov
          if [[ -z "${ACT}" ]]; then auth_header="$(git config --local --get http.https://github.com/.extraheader)"; fi
          git submodule sync --recursive
          git submodule update --init --force --recursive

      # Restore both vcpkg and its artifacts from the GitHub cache service.
      - name: Restore vcpkg and its artifacts.
        uses: actions/cache@v4
        with:
          # The first path is where vcpkg generates artifacts while consuming the vcpkg.json manifest file.
          # The second path is the location of vcpkg (it contains the vcpkg executable and data files).
          # The other paths starting with '!' are exclusions: they contain temporary files generated during the build of the installed packages.
          path: |
            ${{ env.CMAKE_BUILD_DIR }}/vcpkg_installed/
            ${{ env.VCPKG_ROOT }}
            !${{ env.VCPKG_ROOT }}/buildtrees
            !${{ env.VCPKG_ROOT }}/packages
            !${{ env.VCPKG_ROOT }}/downloads
          # The key is composed in a way that it gets properly invalidated: this must happen whenever vcpkg's Git commit id changes, or the list of packages changes. In this case a cache miss must happen and a new entry with a new key with be pushed to GitHub the cache service.
          # The key includes: hash of the vcpkg.json file, the hash of the vcpkg Git commit id, and the used vcpkg's triplet. The vcpkg's commit id would suffice, but computing an hash out it does not harm.
          # Note: given a key, the cache content is immutable. If a cache entry has been created improperly, in order the recreate the right content the key must be changed as well, and it must be brand new (i.e. not existing already).
          key: |
            et-vcpkg-${{ hashFiles( 'vcpkg.json' ) }}-${{ hashFiles( '.git/modules/external/vcpkg/HEAD' )}}-linux

      - name: Test with code coverage
        run: |
          mkdir build
          pushd build
          cmake -DCODE_COVERAGE=ON ../
          make -j`nproc`
          ./et-test
          lcov --capture --directory . --output-file coverage.info
          lcov --remove coverage.info '/usr/*' --output-file coverage.info # filter system-files
          lcov --list coverage.info # debug info
          # Uploading report to CodeCov
          bash <(curl -s https://codecov.io/bash) -f coverage.info || echo "Codecov did not collect coverage reports"
          popd