Update Actions, test certs, test code [changelog skip] #2333
Conversation
|
If you have time, could you please check and see if this PR fixes the SSL issues you've had? |
MSP-Greg
force-pushed
the
test-cert-update
branch
from
0975649 to
615c9ae
Compare
|
Last force push updated |
MSP-Greg
changed the title
.github/workflows/puma.yml
Outdated
| @@ -19,15 +19,16 @@ jobs: | |||
| strategy: | |||
| fail-fast: false | |||
| matrix: | |||
| os: [ ubuntu, macos, windows ] | |||
| ruby: [ 2.2, 2.3, 2.4, 2.5, 2.6, 2.7, head, jruby, truffleruby-head ] | |||
| os: [ ubuntu-20.04, macos-10.15, windows-2019 ] | |||
There was a problem hiding this comment.
I see the value in doing some separate Ubuntu 20/18 testing, but why pin our mac and windows tests too?
There was a problem hiding this comment.
I don't have strong feeling about it.
Right now, ubuntu-latest is 18.04. I don't like pinning Ruby versions, but I think OS's is reasonable, and for a person unfamiliar with Actions, the numeric callout is clear?
I can add some MRI Ruby to ubuntu-18.04. Thoughts?
There was a problem hiding this comment.
It's just kinda a weird situation where ubuntu "latest" is not 20.04.
I think we just test the latest MRI Ruby version on 20.04. That seems like enough coverage IMO.
There was a problem hiding this comment.
It's just kinda a weird situation where ubuntu "latest" is not 20.04.
I have a lot of Actions bookmarks, but somewhere they have listings of dates re runner OS's. etc. I'll look for it (later), and add it to the workflow. IOW, I think it's where they'd announce when 20.04 will become 'latest'. I wouldn't be surprised if they deprecate the 'latest' concept. Note that every change here was needed to get 20.04 CI to pass...
Maybe test MRI head, 2.7 & 2.5 on 20.04, and run all the tests on 18.04, as was done previously?
Or, what would you like? I'm working on #2337...
There was a problem hiding this comment.
I have a lot of Actions bookmarks
Me too :)
https://docs.github.com/en/actions/reference/software-installed-on-github-hosted-runners says "Note: The Ubuntu 20.04 virtual environment is currently provided as a preview only." (https://github.com/actions/virtual-environments#available-environments says the same thing)
According to actions/runner-images#1430 there doesn't seem to be any date set when the preview period will be over.
There was a problem hiding this comment.
I may have been mistaken, but they often pin issues (https://github.com/actions/virtual-environments/issues), I think that was the case when they thought they'd remove windows-2016, which people complained about...
nateberkopec
added
waiting-for-changes
|
The "All certs updated except examples/puma/keystore.jks" of 2nd commit is not true anymore I believe. |
I have tried to backport this PR for puma 4.3.6, but I am battling with |
|
Re JRuby, I can't get the TestPumaServerSSLClient tests to pass on Actions or locally, but the TestPumaServerSSL tests seem ok. Working on it. I think some of the JRuby OpenSSL tests weren't run when I opened this PR... |
Just FTR, I am testing on MRI |
MSP-Greg
force-pushed
the
test-cert-update
branch
from
615c9ae to
a9aaf04
Compare
|
Updated and passing (fixed a typo or two, JRuby issue, and rebased). It's running MRI 2.5, 2.7 & head on Ubuntu 20.04, and left the 18.04 jobs as is. Personally, I'd like to stop using job 'includes', so all jobs sort by OS. Thoughts? Be happy to do one more push... |
MSP-Greg
force-pushed
the
test-cert-update
branch
from
a9aaf04 to
4ab2bc4
Compare
|
See the commits listed on 'Sept 7' at https://github.com/MSP-Greg/puma/commits/4.3.6-ssl-fixtures for a 4.3.6 backport. CI passes with a few Ubuntu 20.04 jobs. |
|
It seems I have managed to make it work on Fedora Rawhide. I was probably missing this hunk: because I had some issues with previous versions of this patch. But now it LGTM. |
Running it both locally and on Actions (with Ubuntu 20.04), I did make a change recently: puma/test/test_puma_server_ssl.rb Line 278 in 4ab2bc4 puma/test/test_puma_server_ssl.rb Line 305 in 4ab2bc4 Without that, on some systems, the old assert failed, as both IPv4 & IPv6 hosts existed... Anyway, glad it's passing on Fedora Rawhide. The commits as included may cause a failure if one needed to bisect. I'll rebase & reorder them. |
Yep, I mildly remember ~3 issues with |
|
Brilliant work as usual, Greg! |
Description
Certs used for testing are outdated, and no longer work with Ubuntu 20.04. The certs also fail if
OpenSSL::SSL::SSLContext#security_levelis set to 2 or higher.PR updates Actions, updates all certs used, and provides code/instructions for updating them. Minor changes to
test_puma_server_ssl.rb.First commit is done to show that tests are failing with Ubuntu 20.04. All MRI builds using OpenSSL 1.1.1 failed. See CI:
https://github.com/puma/puma/actions/runs/199729320
After two commits added with the fixes, all Ubuntu MRI passed. See:
https://github.com/puma/puma/actions/runs/199798150
At present, both jruby and jruby-head won't compile on Ubuntu-20.04, so their CI is left on Ubuntu-18.04.
Closes #2330
Closes #2147
Your checklist for this pull request
[changelog skip]the pull request title.[ci skip]to the title of the PR.#issue" to the PR description or my commit messages.