[openssh-commits] [openssh] branch V_10_0 updated: Backport Github runner config changes from master.

git+noreply at mindrot.org git+noreply at mindrot.org
Tue Jul 29 19:45:54 AEST 2025 

This is an automated email from the git hooks/post-receive script.

dtucker pushed a commit to branch V_10_0
in repository openssh.

The following commit(s) were added to refs/heads/V_10_0 by this push:
     new 06d6c932a Backport Github runner config changes from master.
06d6c932a is described below

commit 06d6c932a1c68737dbafd1bc7a50976d910797d2
Author: Darren Tucker <dtucker at dtucker.net>
AuthorDate: Tue Jul 29 19:44:39 2025 +1000

    Backport Github runner config changes from master.
    
    This updates the V_10_0 branch to (largely) match recent changes to the
    Github runner environment.
---
 .github/configs                  | 11 +++++++++++
 .github/setup_ci.sh              | 26 ++++++++++++++++++++------
 .github/workflows/c-cpp.yml      | 29 ++++++++++++++++++-----------
 .github/workflows/selfhosted.yml |  4 ++--
 .github/workflows/upstream.yml   |  5 +++--
 5 files changed, 54 insertions(+), 21 deletions(-)

diff --git a/.github/configs b/.github/configs
index 2526e3ef4..aa363be7d 100755
--- a/.github/configs
+++ b/.github/configs
@@ -13,6 +13,10 @@ if [ "$config" = "" ]; then
 	config="default"
 fi
 
+if [ ! -z "${LTESTS}" ]; then
+	OVERRIDE_LTESTS="${LTESTS}"
+fi
+
 unset CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
 
 TEST_TARGET="tests compat-tests"
@@ -144,6 +148,8 @@ case "$config" in
 	TCMALLOC_STACKTRACE_METHOD=generic_fp
 	TEST_SSH_SSHD_ENV="TCMALLOC_STACKTRACE_METHOD=generic_fp"
 	export TCMALLOC_STACKTRACE_METHOD TEST_SSH_SSHD_ENV
+
+	SKIP_LTESTS="agent-restrict"
 	;;
     krb5|heimdal)
 	CONFIGFLAGS="--with-kerberos5"
@@ -392,5 +398,10 @@ if [ -x "$(which plink 2>/dev/null)" ]; then
 	export REGRESS_INTEROP_PUTTY
 fi
 
+if [ ! -z "${OVERRIDE_LTESTS}" ]; then
+	echo >&2 "Overriding LTESTS, was '${LTESTS}', now '${OVERRIDE_LTESTS}'"
+	LTESTS="${OVERRIDE_LTESTS}"
+fi
+
 export CC CFLAGS CPPFLAGS LDFLAGS LTESTS SUDO
 export TEST_TARGET TEST_SSH_UNSAFE_PERMISSIONS TEST_SSH_FAIL_FATAL
diff --git a/.github/setup_ci.sh b/.github/setup_ci.sh
index 5bac2d0ba..8ed1d1783 100755
--- a/.github/setup_ci.sh
+++ b/.github/setup_ci.sh
@@ -5,6 +5,12 @@ target="$2"
 
 PACKAGES=""
 
+echo Running as:
+id
+
+echo Environment:
+set
+
  . .github/configs ${config}
 
 host=`./config.guess`
@@ -293,12 +299,20 @@ if [ ! -z "${INSTALL_PUTTY}" ]; then
     /usr/local/bin/plink -V
 fi
 
-# This is the github "target" as specificed in the yml file.
-case "${target}" in
-ubuntu-latest)
-	echo ubuntu-latest target: setting random password string.
-	pw=$(openssl rand -base64 9)
+# If we're running on an ephemeral VM, set a random password and set
+# up to run the password auth test.
+if [ ! -z "${EPHEMERAL_VM}" ]; then
+
+    # This is the github "target" as specified in the yml file.
+    # In particular, ubuntu-latest sets the password field to the locked
+    # value, so unless we reset it here most of the tests will fail.
+    case "${target}" in
+    ubuntu-*)
+	echo ${target} target: setting random password.
+	openssl rand -base64 9 >regress/password
+	pw=$(tr -d '\n' <regress/password | openssl passwd -6 -stdin)
 	sudo usermod --password "${pw}" runner
 	sudo usermod --unlock runner
 	;;
-esac
+    esac
+fi
diff --git a/.github/workflows/c-cpp.yml b/.github/workflows/c-cpp.yml
index a3994d710..3b9d676b7 100644
--- a/.github/workflows/c-cpp.yml
+++ b/.github/workflows/c-cpp.yml
@@ -1,5 +1,15 @@
 name: C/C++ CI
 
+# For testing, you can set variables in your repo (Repo -> Settings ->
+# Security -> Actions -> Variables) to restrict the tests that are run.
+# The supported variables are:
+#
+# RUN_ONLY_TARGET_CONFIG: Run only the single matching target and config,
+#   separated by spaces, eg "ubuntu-latest default".  All other tests will
+#   fail immediately.
+#
+# LTESTS: Override the set of tests run.
+
 on:
   push:
     paths: [ '**.c', '**.h', '**.m4', '**.sh', '**/Makefile.in', 'configure.ac', '.github/configs', '.github/workflows/c-cpp.yml' ]
@@ -110,12 +120,9 @@ jobs:
           - { target: macos-15, config: pam }
     runs-on: ${{ matrix.target }}
     steps:
-    - name: check RUN_ONLY_TEST
-      # For testing, you can set the repo variable RUN_ONLY_TEST in your repo
-      # (Repo -> Settings -> Security -> Actions -> Variables) to run only
-      # that test config.
-      if: vars.RUN_ONLY_TEST != ''
-      run: sh -c 'if [ "${{ vars.RUN_ONLY_TEST }}" != "${{ matrix.target }} ${{matrix.config }}" ]; then exit 1; else exit 0; fi'
+    - name: check RUN_ONLY_TARGET_CONFIG
+      if: vars.RUN_ONLY_TARGET_CONFIG != ''
+      run: sh -c 'if [ "${{ vars.RUN_ONLY_TARGET_CONFIG }}" != "${{ matrix.target }} ${{matrix.config }}" ]; then exit 1; else exit 0; fi'
     - name: set cygwin git params
       if: ${{ startsWith(matrix.target, 'windows') }}
       run: git config --global core.autocrlf input
@@ -148,9 +155,13 @@ jobs:
       env:
         TEST_SSH_UNSAFE_PERMISSIONS: 1
         TEST_SSH_HOSTBASED_AUTH: yes
+        LTESTS: ${{ vars.LTESTS }}
     - name: show logs
       if: failure()
       run: for i in regress/failed*.log; do echo ====; echo logfile $i; echo =====; cat $i; done
+    - name: chown logs
+      if: failure()
+      run: test -x "$(which sudo 2>&1)" && sudo chown -R "${LOGNAME}" regress
     - name: save logs
       if: failure()
       uses: actions/upload-artifact at main
@@ -159,8 +170,4 @@ jobs:
         path: |
           config.h
           config.log
-          regress/*.log
-          regress/valgrind-out/
-          regress/asan.log.*
-          regress/msan.log.*
-          regress/log/*
+          regress/
diff --git a/.github/workflows/selfhosted.yml b/.github/workflows/selfhosted.yml
index 9f2bd99eb..281b2fc84 100644
--- a/.github/workflows/selfhosted.yml
+++ b/.github/workflows/selfhosted.yml
@@ -11,7 +11,6 @@ jobs:
     runs-on: ${{ matrix.host }}
     timeout-minutes: 600
     env:
-      DEBUG_ACTIONS: false
       HOST: ${{ matrix.host }}
       TARGET_HOST: ${{ matrix.target }}
       TARGET_CONFIG: ${{ matrix.config }}
@@ -49,8 +48,9 @@ jobs:
           - obsd51
           - obsd67
           - obsd72
-          - obsd73
           - obsd74
+          - obsd76
+          - obsd77
           - obsdsnap
           - obsdsnap-i386
           - omnios
diff --git a/.github/workflows/upstream.yml b/.github/workflows/upstream.yml
index 615a7763f..e9e431373 100644
--- a/.github/workflows/upstream.yml
+++ b/.github/workflows/upstream.yml
@@ -11,7 +11,6 @@ jobs:
     if: github.repository == 'openssh/openssh-portable-selfhosted'
     runs-on: ${{ matrix.host }}
     env:
-      DEBUG_ACTIONS: true
       EPHEMERAL: true
       HOST:  ${{ matrix.host }}
       TARGET_HOST: ${{ matrix.target }}
@@ -43,7 +42,9 @@ jobs:
       run: sshfs_mount
       working-directory: ${{ runner.temp }}
     - name: update source
-      run: vmrun "cd /usr/src && cvs up -dPA usr.bin/ssh regress/usr.bin/ssh"
+      run: vmrun "cd /usr/src && cvs -q up -dPA usr.bin/ssh regress/usr.bin/ssh usr.bin/nc"
+    - name: update netcat
+      run: vmrun "cd /usr/src/usr.bin/nc && make clean all && sudo make install"
     - name: make clean
       run: vmrun "cd /usr/src/usr.bin/ssh && make obj && make clean && cd /usr/src/regress/usr.bin/ssh && make obj && make clean && sudo chmod -R g-w /usr/src /usr/obj"
     - name: make

-- 
To stop receiving notification emails like this one, please contact
djm at mindrot.org.

More information about the openssh-commits mailing list