From 5008c8f8afebec01e0effda32dbd21697093dc67 Mon Sep 17 00:00:00 2001 From: Thomas Waldmann Date: Mon, 11 May 2026 20:25:10 +0200 Subject: [PATCH] temp: for now, remove all ubuntu based testing, we need 26.04! --- .github/workflows/ci.yml | 111 +-------------------------------------- 1 file changed, 1 insertion(+), 110 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b45af630..fc5223ab7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -29,104 +29,6 @@ permissions: contents: read jobs: - lint: - - runs-on: ubuntu-24.04 - timeout-minutes: 5 - - steps: - - uses: actions/checkout@v6 - - uses: astral-sh/ruff-action@v3 - - security: - - runs-on: ubuntu-24.04 - timeout-minutes: 5 - - steps: - - uses: actions/checkout@v6 - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.11' - - name: Install dependencies - run: | - python -m pip install --upgrade pip - pip install bandit[toml] - - name: Run Bandit - run: | - bandit -r src/borg -c pyproject.toml - - asan_ubsan: - - runs-on: ubuntu-24.04 - timeout-minutes: 25 - needs: [lint] - - steps: - - uses: actions/checkout@v6 - with: - # Just fetching one commit is not enough for setuptools-scm, so we fetch all. - fetch-depth: 0 - fetch-tags: true - - - name: Set up Python - uses: actions/setup-python@v6 - with: - python-version: '3.12' - - - name: Install system packages - run: | - sudo apt-get update - sudo apt-get install -y pkg-config build-essential - sudo apt-get install -y libssl-dev libacl1-dev liblz4-dev - - - name: Install Python dependencies - run: | - python -m pip install --upgrade pip - pip install -r requirements.d/development.lock.txt - - - name: Build Borg with ASan/UBSan - # Build the C/Cython extensions with AddressSanitizer and UndefinedBehaviorSanitizer enabled. - # How this works: - # - The -fsanitize=address,undefined flags inject runtime checks into our native code. If a bug is hit - # (e.g., buffer overflow, use-after-free, out-of-bounds, or undefined behavior), the sanitizer prints - # a detailed error report to stderr, including a stack trace, and forces the process to exit with - # non-zero status. In CI, this will fail the step/job so you will notice. - # - ASAN_OPTIONS/UBSAN_OPTIONS configure the sanitizers' runtime behavior (see below for meanings). - env: - CFLAGS: "-O1 -g -fno-omit-frame-pointer -fsanitize=address,undefined" - CXXFLAGS: "-O1 -g -fno-omit-frame-pointer -fsanitize=address,undefined" - LDFLAGS: "-fsanitize=address,undefined" - # ASAN_OPTIONS controls AddressSanitizer runtime tweaks: - # - detect_leaks=0: Disable LeakSanitizer to avoid false positives with CPython/pymalloc in short-lived tests. - # - strict_string_checks=1: Make invalid string operations (e.g., over-reads) more likely to be detected. - # - check_initialization_order=1: Catch uses that depend on static initialization order (C++). - # - detect_stack_use_after_return=1: Detect stack-use-after-return via stack poisoning (may increase overhead). - ASAN_OPTIONS: "detect_leaks=0:strict_string_checks=1:check_initialization_order=1:detect_stack_use_after_return=1" - # UBSAN_OPTIONS controls UndefinedBehaviorSanitizer runtime: - # - print_stacktrace=1: Include a stack trace for UB reports to ease debugging. - # Note: UBSan is recoverable by default (process may continue after reporting). If you want CI to - # abort immediately and fail on the first UB, add `halt_on_error=1` (e.g., UBSAN_OPTIONS="print_stacktrace=1:halt_on_error=1"). - UBSAN_OPTIONS: "print_stacktrace=1" - # PYTHONDEVMODE enables additional Python runtime checks and warnings. - PYTHONDEVMODE: "1" - run: pip install -e . - - - name: Run tests under sanitizers - env: - ASAN_OPTIONS: "detect_leaks=0:strict_string_checks=1:check_initialization_order=1:detect_stack_use_after_return=1" - UBSAN_OPTIONS: "print_stacktrace=1" - PYTHONDEVMODE: "1" - # Ensure the ASan runtime is loaded first to avoid "ASan runtime does not come first" warnings. - # We discover libasan/libubsan paths via gcc and preload them for the Python test process. - # the remote tests are slow and likely won't find anything useful - run: | - set -euo pipefail - export LD_PRELOAD="$(gcc -print-file-name=libasan.so):$(gcc -print-file-name=libubsan.so)" - echo "Using LD_PRELOAD=$LD_PRELOAD" - pytest -v --benchmark-skip -k "not remote" - native_tests: needs: [lint] @@ -141,21 +43,10 @@ jobs: ${{ fromJSON( github.event_name == 'pull_request' && '{ "include": [ - {"os": "ubuntu-24.04", "python-version": "3.11", "toxenv": "mypy"}, - {"os": "ubuntu-24.04", "python-version": "3.11", "toxenv": "docs"}, - {"os": "ubuntu-24.04", "python-version": "3.11", "toxenv": "py311-llfuse"}, - {"os": "ubuntu-24.04", "python-version": "3.12", "toxenv": "py312-pyfuse3"}, - {"os": "ubuntu-24.04", "python-version": "3.14", "toxenv": "py314-mfusepy"} + {"os": "macos-15", "python-version": "3.11", "toxenv": "py311-none", "binary": "borg-macos-15-arm64-gh"}, ] }' || '{ "include": [ - {"os": "ubuntu-24.04", "python-version": "3.11", "toxenv": "py311-llfuse"}, - {"os": "ubuntu-24.04", "python-version": "3.12", "toxenv": "py312-pyfuse3"}, - {"os": "ubuntu-24.04", "python-version": "3.13", "toxenv": "py313-mfusepy"}, - {"os": "ubuntu-24.04", "python-version": "3.14", "toxenv": "py314-pyfuse3", "binary": "borg-linux-glibc239-x86_64-gh"}, - {"os": "ubuntu-24.04-arm", "python-version": "3.14", "toxenv": "py314-pyfuse3", "binary": "borg-linux-glibc239-arm64-gh"}, - {"os": "macos-15", "python-version": "3.14", "toxenv": "py314-none", "binary": "borg-macos-15-arm64-gh"}, - {"os": "macos-15-intel", "python-version": "3.14", "toxenv": "py314-none", "binary": "borg-macos-15-x86_64-gh"} ] }' ) }}