Skip to content

Commit 02214a2

Browse files
temp: for now, remove all ubuntu based testing, we need 26.04!
1 parent 84707a7 commit 02214a2

1 file changed

Lines changed: 1 addition & 110 deletions

File tree

.github/workflows/ci.yml

Lines changed: 1 addition & 110 deletions
Original file line numberDiff line numberDiff line change
@@ -29,104 +29,6 @@ permissions:
2929
contents: read
3030

3131
jobs:
32-
lint:
33-
34-
runs-on: ubuntu-22.04
35-
timeout-minutes: 5
36-
37-
steps:
38-
- uses: actions/checkout@v6
39-
- uses: astral-sh/ruff-action@v3
40-
41-
security:
42-
43-
runs-on: ubuntu-24.04
44-
timeout-minutes: 5
45-
46-
steps:
47-
- uses: actions/checkout@v6
48-
- name: Set up Python
49-
uses: actions/setup-python@v6
50-
with:
51-
python-version: '3.10'
52-
- name: Install dependencies
53-
run: |
54-
python -m pip install --upgrade pip
55-
pip install bandit[toml]
56-
- name: Run Bandit
57-
run: |
58-
bandit -r src/borg -c pyproject.toml
59-
60-
asan_ubsan:
61-
62-
runs-on: ubuntu-24.04
63-
timeout-minutes: 25
64-
needs: [lint]
65-
66-
steps:
67-
- uses: actions/checkout@v6
68-
with:
69-
# Just fetching one commit is not enough for setuptools-scm, so we fetch all.
70-
fetch-depth: 0
71-
fetch-tags: true
72-
73-
- name: Set up Python
74-
uses: actions/setup-python@v6
75-
with:
76-
python-version: '3.12'
77-
78-
- name: Install system packages
79-
run: |
80-
sudo apt-get update
81-
sudo apt-get install -y pkg-config build-essential
82-
sudo apt-get install -y libssl-dev libacl1-dev liblz4-dev
83-
84-
- name: Install Python dependencies
85-
run: |
86-
python -m pip install --upgrade pip
87-
pip install -r requirements.d/development.lock.txt
88-
89-
- name: Build Borg with ASan/UBSan
90-
# Build the C/Cython extensions with AddressSanitizer and UndefinedBehaviorSanitizer enabled.
91-
# How this works:
92-
# - The -fsanitize=address,undefined flags inject runtime checks into our native code. If a bug is hit
93-
# (e.g., buffer overflow, use-after-free, out-of-bounds, or undefined behavior), the sanitizer prints
94-
# a detailed error report to stderr, including a stack trace, and forces the process to exit with
95-
# non-zero status. In CI, this will fail the step/job so you will notice.
96-
# - ASAN_OPTIONS/UBSAN_OPTIONS configure the sanitizers' runtime behavior (see below for meanings).
97-
env:
98-
CFLAGS: "-O1 -g -fno-omit-frame-pointer -fsanitize=address,undefined"
99-
CXXFLAGS: "-O1 -g -fno-omit-frame-pointer -fsanitize=address,undefined"
100-
LDFLAGS: "-fsanitize=address,undefined"
101-
# ASAN_OPTIONS controls AddressSanitizer runtime tweaks:
102-
# - detect_leaks=0: Disable LeakSanitizer to avoid false positives with CPython/pymalloc in short-lived tests.
103-
# - strict_string_checks=1: Make invalid string operations (e.g., over-reads) more likely to be detected.
104-
# - check_initialization_order=1: Catch uses that depend on static initialization order (C++).
105-
# - detect_stack_use_after_return=1: Detect stack-use-after-return via stack poisoning (may increase overhead).
106-
ASAN_OPTIONS: "detect_leaks=0:strict_string_checks=1:check_initialization_order=1:detect_stack_use_after_return=1"
107-
# UBSAN_OPTIONS controls UndefinedBehaviorSanitizer runtime:
108-
# - print_stacktrace=1: Include a stack trace for UB reports to ease debugging.
109-
# Note: UBSan is recoverable by default (process may continue after reporting). If you want CI to
110-
# abort immediately and fail on the first UB, add `halt_on_error=1` (e.g., UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1").
111-
UBSAN_OPTIONS: "print_stacktrace=1"
112-
# PYTHONDEVMODE enables additional Python runtime checks and warnings.
113-
PYTHONDEVMODE: "1"
114-
run: pip install -e .
115-
116-
- name: Run tests under sanitizers
117-
env:
118-
ASAN_OPTIONS: "detect_leaks=0:strict_string_checks=1:check_initialization_order=1:detect_stack_use_after_return=1"
119-
UBSAN_OPTIONS: "print_stacktrace=1"
120-
PYTHONDEVMODE: "1"
121-
# Ensure the ASan runtime is loaded first to avoid "ASan runtime does not come first" warnings.
122-
# We discover libasan/libubsan paths via gcc and preload them for the Python test process.
123-
# the remote tests are slow and likely won't find anything useful
124-
run: |
125-
set -euo pipefail
126-
export LD_PRELOAD="$(gcc -print-file-name=libasan.so):$(gcc -print-file-name=libubsan.so)"
127-
echo "Using LD_PRELOAD=$LD_PRELOAD"
128-
pytest -v --benchmark-skip -k "not remote"
129-
13032
native_tests:
13133

13234
needs: [lint]
@@ -141,21 +43,10 @@ jobs:
14143
${{ fromJSON(
14244
github.event_name == 'pull_request' && '{
14345
"include": [
144-
{"os": "ubuntu-22.04", "python-version": "3.10", "toxenv": "mypy"},
145-
{"os": "ubuntu-22.04", "python-version": "3.11", "toxenv": "docs"},
146-
{"os": "ubuntu-22.04", "python-version": "3.10", "toxenv": "py310-llfuse"},
147-
{"os": "ubuntu-24.04", "python-version": "3.12", "toxenv": "py312-pyfuse3"},
148-
{"os": "ubuntu-24.04", "python-version": "3.14", "toxenv": "py314-mfusepy"}
46+
{"os": "macos-15", "python-version": "3.11", "toxenv": "py311-none", "binary": "borg-macos-15-arm64-gh"},
14947
]
15048
}' || '{
15149
"include": [
152-
{"os": "ubuntu-22.04", "python-version": "3.11", "toxenv": "py311-pyfuse3", "binary": "borg-linux-glibc235-x86_64-gh"},
153-
{"os": "ubuntu-22.04-arm", "python-version": "3.11", "toxenv": "py311-pyfuse3", "binary": "borg-linux-glibc235-arm64-gh"},
154-
{"os": "ubuntu-24.04", "python-version": "3.12", "toxenv": "py312-llfuse"},
155-
{"os": "ubuntu-24.04", "python-version": "3.13", "toxenv": "py313-pyfuse3"},
156-
{"os": "ubuntu-24.04", "python-version": "3.14", "toxenv": "py314-mfusepy"},
157-
{"os": "macos-15", "python-version": "3.11", "toxenv": "py311-none", "binary": "borg-macos-15-arm64-gh"},
158-
{"os": "macos-15-intel", "python-version": "3.11", "toxenv": "py311-none", "binary": "borg-macos-15-x86_64-gh"}
15950
]
16051
}'
16152
) }}

0 commit comments

Comments
 (0)