mirror/curl
2
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-01-24 14:15:18 +08:00
Code Issues Packages Projects Releases Wiki Activity

GHA/macos: improve, fix gcc/llvm, add new test matrix

Browse Source 
This PR began as an attempt to drop GCC support, after repeated reports
on fallouts when trying to use it on macOS.

Then it transformed into a 3-week project turning up the issues causing
the fallouts, ending up including llvm and all available Xcode / macOS
SDK, macOS runner image, build tools and compiler vendors and versions.
Accumulating 400 sub-commits.

I developed and tested all fixes under this PR, then merged them as
separate patches.

This PR retained CI jobs updates, extensively reworking and extending
them: [1]

At first it seemed GCC and the Apple SDK is "naturally" growing more
incompatible, as Apple added further non-standard features to their
headers. This is partly true, but reality is more complicated.

Besides some issues local to curl, there were bugs in Apple SDK
headers, Homebrew GCC builds, feature missing in the old llvm version
pre-installed on GitHub CI runner images, and subtle incompatibilities
between GCC and llvm/clang when handling language extensions.

Resulting compiler errors seldom pointed to a useful direction, and
internet search was silent about these issues too. Thus, I had to peel
them off layer by layer, using trial and error, and by recognizing
patterns of failures accross 150-200 builds combinations. Exposing
configure logs, and curl_config.h in the CI logs helped too.

1. GCC header compatibility layer ("hack" as GCC calls it)

The toughest issue is GCC's built-in compatibility layer:
  https://github.com/gcc-mirror/gcc/tree/master/fixincludes

This patch layer is further patched by a "Darwin compatibility" project
applied on top by Homebrew GCC via:
  https://github.com/iains/gcc-12-branch
  https://github.com/iains/gcc-13-branch
  https://github.com/iains/gcc-14-branch

The hack layer is designed in a way that breaks more builds than it
fixes, esp. in context of GHA runners. The idea is to build GCC
specifically for the SDK for the target macOS version. The problem with
this approach is that the Xcode + SDK installed on the local/CI machine
often does not match with the SDK used on while building GCC on
Homebrew's build machines. In these cases the GCC compatibility layer
turns into an "uncompatibility" layer and consistently breaks builds.
curl cannot offer a fix for this, because the solution (I found) is to
patch the toolchain on the local machine. I implemented this for our CI
builds and curl-for-win. In other case the user must do this patching
manually, or choose a compatible GCC + Xcode/SDK combination.

An upstream fix doesn't seem trivial either, because the issue is
ingrained in the compatibility layer's design. Offering an `-fapplesdk`
(or recognizing `-target`) option and/or fixing them within the compiler
would seem like a more robust option, and also how mainline llvm solves
this.

Here's a table summarizing the GCC + SDK combinations and curl build
failures: [2]

More info: https://github.com/curl/curl/issues/10356#issuecomment-2222734103

db135f8d72 #14119 macos: add workaround for gcc, non-c-ares, IPv6, compile error
Ref: e2db3c475f
Ref: f5c58d7fef

2. Homebrew GCC's `availability` extension

A recent minor Homebrew GCC upgrade caused major breakage. The "Darwin
compatibility" patch applied to GCC implemented the `availability`
compiler attribute in GCC. Apple SDK detected this and enabled using
them, but as it turns out GCC accepts compiler attributes with slightly
different rules than llvm/clang, and how the Apple SDK uses them,
breaking builds.

Affected Homebrew GCC versions are: 12.4.0, 13.3.0 and 14.1.0.

Possibly tracked here: https://gcc.gnu.org/bugzilla/show_bug.cgi?id=108796
More info: https://github.com/llvm/llvm-project/issues/81767

Commit implementing the `availability` macro:
gcc-12: fd5530b7cb
gcc-13: cb7e4eca68
gcc-14: ff62a10886

That applied to Homebrew GCC (12.4.0):
b904223d98 (diff-89dd0b4176eca7fcc24b591943509bf8a8d6ea904d71e5dfcd6b78fed62fc574R44-R48)

Ref: #13700
More info: https://github.com/curl/curl/pull/14091#issuecomment-2222703468

e91fcbac7d #14155 macos: undo `availability` macro enabled by Homebrew gcc

3. Proprietary Apple SDK macros

Apple SDK expects certain macros predefined by the compiler. Missing
them may causes odd issues. Mainline llvm is keeping up with Apple
clang, but it needs a fresh version, while the one installed on GitHub
runners is old (v15). I patched these in `lib/curl_setup.h`.

baa3270846 #14134 build: fix llvm 16 or older + Xcode 15 or newer, and gcc

4. Apple SDK header bug

Without certain predefined macros, SDK headers can take a codepath where
it mis-defines its own `TARGET_OS_OSX` macro, which make it break its
own headers later. I patched it in `lib/curl_setup.h`.

ff784af461 #14159 build: fix llvm 17 and older + macOS SDK 14.4 and newer

5. `TargetConditionals.h` requires `sys/types.h`

Fixed in curl. It caused feature-detection failurs with autotools, and
could break builds in certain configurations.

e1f6192939 #14130 configure: fix `SystemConfiguration` detection

6. Differences between autotools and CMake compiler options

Fixed it by syncing compiler warning options.

59cadacfcc #14128 build: sync warning options between autotools, cmake & compilers

7. Differences between autotools and CMake dependency detection

Fixed it by improving detection of libidn2, with some more fixes
pending for the next feature window.

f43adc2c49 #14137 cmake: detect `libidn2` also via `pkg-config`
Ref: #14136 cmake: detect `nghttp2` via `pkg-config`, enable by default

8. libidn2 detection bug with CMake

Fixed the root cause and also the trigger in the CI config.

764fbabf6e #14175 cmake: fix builds with detected libidn2 lib but undetected header

9. Suppressed compiler warnings inside Apple-specific curl code

Fixed these warnings, which allowed to stop silencing them.

b05dc7eb35 #14122 sectransp: fix `HAVE_BUILTIN_AVAILABLE` checks to not emit warnings
5fa534b0da #14162 sectransp: fix clang compiler warnings, stop silencing them

10. CMake mis-detecting a CA bundle path on macOS

d2ef6255f4 #14182 cmake: sync CA bundle/path detection with autotools

11. Failure to build tests with LibreSSL or wolfSSL with CMake

Fixed by dropping unnecessary includes, makign test builds dependent
on dependency headers.

3765d75ce4 #14172 cmake: fix building `unit1600` due to missing `ssl/openssl.h`

12. curl tests with CMake

curl's CMake was missing bits for running the C preprocessor accurately.
It made tests 1119 and 1167 fail. I implemented the missing bits.

efc2c5184d #14124 tests: include current directory when running test Perl commands
c09db8b51b #14129 cmake: create `configurehelp.pm` like autotools does
67cc1e3400 #14125 test1119: adapt for `.md` input

13. GCC missing `__builtin_available()` support

curl source code assumes this is available to enable certain codepaths.
It's also intermixed with monotonic timer support.

14. Monotonic timer support with GCC

Detected by GCC, while it probably shouldn't be. llvm/clang detects it
depending on target OS version. I've been playing with this, but so far
without a conclusion or fix.

15. Runtime/test failures with GCC

I couldn't find the reason for most of this. A bunch of RTSP tests fail
with GCC. SecureTransport + HTTP/2 is failing a bunch of tests. With
OpenSSL it fails two of those. SecureTransport builds also fail one DoH
test.

16. Runtime/test failure in llvm/clang

AppleIDN support received a fix with two more remaining.

fd0250869f #14179 #14176 IDN: fix ß with AppleIDN

17. Other issues found and fixed while working on this:

2c15aa5765        GHA/macos: delete misplaced `CFLAGS`, drop redundant CMake option
80fb7c0bef #14126 configure: limit `SystemConfiguration` test to non-c-ares, IPv6 builds
cfd6f43d6c #14127 build: tidy up `__builtin_available` feature checks (Apple)
bae5553599 #14174 runtests: show name and keywords for failed tests in summary
09cdf7e531 #14178 cmake: delete unused `HAVE_LIBSSH2`, `HAVE_LIBSOCKET` macros
d3595c74fa #14186 configure: CA bundle/path detection fixes
58772b0e08 #14187 runtests: set `SOURCE_DATE_EPOCH` to fix failing around midnight
18f1cd7a77 #14183 tests: sync feature names with `curl -V`
4c22d97be7 #14181 build: use `#error` instead of invalid syntax

Pending merge:
This commit is contained in:
Viktor Szakats 2024-07-18 01:09:04 +02:00
parent 792a17d747
commit 1e75edd372
No known key found for this signature in database
GPG Key ID: B5ABD165E2AEF201
2 changed files with 506 additions and 530 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

383
.circleci/config.yml
View File

@ -23,9 +23,6 @@
###########################################################################
# View these jobs in the browser: https://app.circleci.com/pipelines/github/curl/curl
#
# The macOS builds use M1 (ARM) machines for platform diversity.
# See https://circleci.com/docs/configuration-reference/#macos-execution-environment
# Use the latest 2.1 version of CircleCI pipeline process engine. See: https://circleci.com/docs/configuration-reference/
version: 2.1
@ -55,177 +52,6 @@ commands:
./configure --disable-proxy --enable-werror --with-openssl \
|| { tail -1000 config.log; false; }
configure-macos-normal:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-warnings --enable-websockets --without-ssl \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-debug:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --without-ssl \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-libssh2:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --without-ssl "--with-libssh2=$(brew --prefix libssh2)" \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-libssh-c-ares:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --with-openssl --with-libssh --enable-ares \
PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-libssh:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --with-openssl --with-libssh \
PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-c-ares:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --without-ssl --enable-ares \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-http-only:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings \
--disable-dict \
--disable-file \
--disable-ftp \
--disable-gopher \
--disable-imap \
--disable-ldap \
--disable-mqtt \
--disable-pop3 \
--disable-rtsp \
--disable-shared \
--disable-smb \
--disable-smtp \
--disable-telnet \
--disable-tftp \
--disable-unix-sockets \
--without-brotli \
--without-gssapi \
--without-libidn2 \
--without-libpsl \
--without-librtmp \
--without-libssh2 \
--without-nghttp2 \
--without-ssl \
--without-zlib \
CFLAGS='-mmacosx-version-min=10.15' \
|| { tail -1000 config.log; false; }
configure-macos-securetransport-http2:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-warnings --enable-websockets --with-secure-transport \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.8' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-openssl-http2:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --with-openssl \
PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-libressl-http2:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --with-openssl \
PKG_CONFIG_PATH="$(brew --prefix libressl)/lib/pkgconfig" \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-torture:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --disable-shared --disable-threaded-resolver --with-openssl \
PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
configure-macos-torture-ftp:
steps:
- run:
command: |
autoreconf -fi
./configure --enable-debug --enable-warnings --enable-websockets --disable-shared --disable-threaded-resolver --with-openssl \
PKG_CONFIG_PATH="$(brew --prefix openssl)/lib/pkgconfig" \
CPPFLAGS="-I$(brew --prefix libpsl)/include" \
CFLAGS='-mmacosx-version-min=10.9' \
LDFLAGS="-L$(brew --prefix libpsl)/lib -L$(brew --prefix icu4c)/lib" \
LIBS='-licuuc -licudata' \
|| { tail -1000 config.log; false; }
install-cares:
steps:
- run:
@ -245,15 +71,6 @@ commands:
sudo apt-get update && sudo apt-get install -y libpsl-dev libbrotli-dev libzstd-dev zlib1g-dev python3-pip libpsl-dev
sudo python3 -m pip install impacket
install-deps-brew:
steps:
- run:
command: |
# Drop LibreSSL as long as we're not trying to build it
echo libtool autoconf automake pkg-config nghttp2 libssh2 openssl libssh c-ares libpsl icu4c | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile
while [ $? -eq 0 ]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done
sudo python3 -m pip install impacket
configure-libssh:
steps:
- run:
@ -317,28 +134,10 @@ commands:
- run: make -j3 V=1
- run: make -j3 V=1 examples
build-macos:
steps:
- run: make -j5 V=1
- run: make -j5 V=1 examples
test:
steps:
- run: make -j3 V=1 test-ci TFLAGS='-j14'
test-macos:
steps:
- run: make -j5 V=1 test-ci TFLAGS='-j10'
test-torture:
steps:
- run: make -j5 V=1 test-ci TFLAGS='-j10 -n -t --shallow=25 !FTP'
test-torture-ftp:
steps:
# Test 250 takes too long, causing Circle CI to kill the job
- run: make -j5 V=1 test-ci TFLAGS='-j10 -n -t --shallow=20 FTP !250 !251'
executors:
ubuntu:
machine:
@ -424,138 +223,6 @@ jobs:
- build
- test
macos-arm-normal:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-normal
- build-macos
- test-macos
macos-arm-debug:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-debug
- build-macos
- test-macos
macos-arm-libssh2:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-libssh2
- build-macos
- test-macos
macos-arm-libssh-c-ares:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-libssh-c-ares
- build-macos
- test-macos
macos-arm-libssh:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-libssh
- build-macos
- test-macos
macos-arm-c-ares:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-c-ares
- build-macos
- test-macos
macos-arm-http-only:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-http-only
- build-macos
- test-macos
macos-arm-http-securetransport-http2:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-securetransport-http2
- build-macos
- test-macos
macos-arm-http-openssl-http2:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-openssl-http2
- build-macos
- test-macos
macos-arm-http-libressl-http2:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-libressl-http2
- build-macos
- test-macos
macos-arm-http-torture:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-torture
- build-macos
- test-torture
macos-arm-http-torture-ftp:
macos:
xcode: 15.0.0
resource_class: macos.m1.medium.gen1
steps:
- checkout
- install-deps-brew
- configure-macos-torture-ftp
- build-macos
- test-torture-ftp
workflows:
x86-openssl:
jobs:
@ -588,53 +255,3 @@ workflows:
arm-openssl-c-ares:
jobs:
- arm-cares
macos-arm-normal:
jobs:
- macos-arm-normal
macos-arm-debug:
jobs:
- macos-arm-debug
macos-arm-libssh2:
jobs:
- macos-arm-libssh2
macos-arm-libssh-c-ares:
jobs:
- macos-arm-libssh-c-ares
macos-arm-libssh:
jobs:
- macos-arm-libssh
macos-arm-c-ares:
jobs:
- macos-arm-c-ares
macos-arm-http-only:
jobs:
- macos-arm-http-only
macos-arm-http-securetransport-http2:
jobs:
- macos-arm-http-securetransport-http2
macos-arm-http-openssl-http2:
jobs:
- macos-arm-http-openssl-http2
# There are problem linking with LibreSSL on the CI boxes that prevent this
# from working.
# macos-arm-http-libressl-http2:
# jobs:
# - macos-arm-http-libressl-http2
macos-arm-http-torture:
jobs:
- macos-arm-http-torture
macos-arm-http-torture-ftp:
jobs:
- macos-arm-http-torture-ftp

653
.github/workflows/macos.yml vendored
View File

@ -39,124 +39,129 @@ concurrency:
permissions: {}
# Deprecated Apple APIs and the macos-version-min value required to avoid
# deprecation warnings with llvm/clang:
#
# - 10.7 Lion (2011) - GSS
# - 10.8 Mountain Lion (2012) - CFURLCreateDataAndPropertiesFromResource (used by curl SecureTransport code)
# - 10.9 Maverick (2013) - LDAP
# - 10.14 Mojave (2018) - SecureTransport
#
# For SecureTransport, curl implements features that require a target
# newer than the 10.8 required by `CFURLCreateDataAndPropertiesFromResource`.
# In this case `-Wno-deprecated-declarations` still comes handy to pacify
# deprecation warnings, though the real solution would be to avoid calling
# that function.
env:
DEVELOPER_DIR: /Applications/Xcode.app/Contents/Developer
LDFLAGS: -w # suppress 'object file was built for newer macOS version than being linked' warnings
MAKEFLAGS: -j 4
jobs:
autotools:
name: ${{ matrix.build.name }}
name: 'AM ${{ matrix.compiler }} ${{ matrix.name }}'
runs-on: 'macos-latest'
timeout-minutes: 60
env:
DEVELOPER_DIR: "/Applications/Xcode${{ matrix.xcode && format('_{0}', matrix.xcode) || '' }}.app/Contents/Developer"
CC: ${{ matrix.compiler }}
CFLAGS: '-mmacosx-version-min=${{ matrix.macos-version-min }}'
strategy:
fail-fast: false
matrix:
build:
- name: normal
install: nghttp2
include:
- name: '!ssl !debug'
compiler: clang
configure: --without-ssl --enable-websockets
macosx-version-min: 10.9
- name: debug
install: nghttp2
macos-version-min: '10.9'
- name: '!ssl !debug'
compiler: gcc-12
configure: --without-ssl --enable-websockets
macos-version-min: '10.9'
- name: '!ssl'
compiler: clang
configure: --enable-debug --without-ssl --enable-websockets
macosx-version-min: 10.9
- name: libssh2
install: nghttp2 libssh2
configure: --enable-debug --with-libssh2=$(brew --prefix)/opt/libssh2 --without-ssl --enable-websockets
macosx-version-min: 10.9
- name: libssh-c-ares
install: openssl nghttp2 libssh
configure: --enable-debug --with-libssh --with-openssl=$(brew --prefix)/opt/openssl --enable-ares --enable-websockets
macosx-version-min: 10.9
- name: libssh
install: openssl nghttp2 libssh
configure: --enable-debug --with-libssh --with-openssl=$(brew --prefix)/opt/openssl --enable-websockets
macosx-version-min: 10.9
- name: c-ares
install: nghttp2
macos-version-min: '10.9'
- name: '!ssl libssh2'
compiler: clang
configure: --enable-debug --with-libssh2=$(brew --prefix libssh2) --without-ssl --enable-websockets
macos-version-min: '10.9'
- name: 'OpenSSL libssh c-ares'
compiler: clang
install: libssh
configure: --enable-debug --with-libssh --with-openssl=$(brew --prefix openssl) --enable-ares --enable-websockets
macos-version-min: '10.9'
- name: 'OpenSSL libssh'
compiler: llvm@15
install: libssh
configure: --enable-debug --with-libssh --with-openssl=$(brew --prefix openssl) --enable-websockets
macos-version-min: '10.9'
- name: '!ssl c-ares'
compiler: clang
configure: --enable-debug --enable-ares --without-ssl --enable-websockets
macosx-version-min: 10.9
- name: HTTP only
install: nghttp2
macos-version-min: '10.9'
- name: '!ssl HTTP-only'
compiler: clang
configure: |
--enable-debug \
--enable-maintainer-mode \
--disable-alt-svc \
--disable-dict \
--disable-file \
--disable-ftp \
--disable-gopher \
--disable-imap \
--disable-ldap \
--disable-pop3 \
--disable-rtmp \
--disable-rtsp \
--disable-scp \
--disable-sftp \
--disable-shared \
--disable-smb \
--disable-smtp \
--disable-telnet \
--disable-tftp \
--disable-unix-sockets \
--without-brotli \
--without-gssapi \
--without-libidn2 \
--without-libpsl \
--without-librtmp \
--without-libssh2 \
--without-nghttp2 \
--without-ntlm-auth \
--without-ssl \
--without-zlib \
--without-zstd
--disable-alt-svc --disable-dict --disable-file --disable-ftp --disable-gopher --disable-imap \
--disable-ldap --disable-pop3 --disable-rtmp --disable-rtsp --disable-scp --disable-sftp \
--disable-shared --disable-smb --disable-smtp --disable-telnet --disable-tftp --disable-unix-sockets \
--without-brotli --without-gssapi --without-libidn2 --without-libpsl --without-librtmp --without-libssh2 \
--without-nghttp2 --without-ntlm-auth --without-ssl --without-zlib --without-zstd
macosx-version-min: 10.15
- name: SecureTransport http2
install: nghttp2
configure: --enable-debug --with-secure-transport --enable-websockets
macosx-version-min: 10.8
# fails now with linker error on missing symbols, macos no longer old enough?
# - name: gcc SecureTransport
# configure: CC=gcc-12 --enable-debug --with-secure-transport --enable-websockets --without-libpsl
# macosx-version-min: 10.8
- name: OpenSSL http2
install: nghttp2 openssl
configure: --enable-debug --with-openssl=$(brew --prefix)/opt/openssl --enable-websockets
macosx-version-min: 10.9
- name: LibreSSL http2
install: nghttp2 libressl
configure: --enable-debug --with-openssl=$(brew --prefix)/opt/libressl --enable-websockets
macosx-version-min: 10.9
- name: torture
install: nghttp2 openssl
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=$(brew --prefix)/opt/openssl --enable-websockets
macos-version-min: '10.15' # Catalina (2019)
- name: 'SecureTransport libssh2'
compiler: clang
configure: --enable-debug --with-secure-transport --enable-websockets --with-libssh2=$(brew --prefix libssh2)
macos-version-min: '10.8'
- name: 'SecureTransport libssh2 10.12'
compiler: clang
configure: --enable-debug --with-secure-transport --enable-websockets --with-libssh2=$(brew --prefix libssh2)
macos-version-min: '10.12' # for monotonic timers
cflags: '-Wno-deprecated-declarations'
- name: 'SecureTransport libssh2'
compiler: gcc-12
configure: --enable-debug --with-secure-transport --enable-websockets --with-libssh2=$(brew --prefix libssh2)
macos-version-min: '10.8'
- name: 'LibreSSL'
compiler: clang
install: libressl
configure: --enable-debug --with-openssl=$(brew --prefix libressl) --enable-websockets
macos-version-min: '10.9'
- name: 'OpenSSL'
compiler: clang
configure: --enable-debug --with-openssl=$(brew --prefix openssl) --enable-websockets
macos-version-min: '10.9'
- name: 'OpenSSL torture !FTP'
compiler: clang
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=$(brew --prefix openssl) --enable-websockets
tflags: -n -t --shallow=25 !FTP
macosx-version-min: 10.9
- name: torture-ftp
install: nghttp2 openssl
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=$(brew --prefix)/opt/openssl --enable-websockets
macos-version-min: '10.9'
- name: 'OpenSSL torture FTP'
compiler: clang
configure: --enable-debug --disable-shared --disable-threaded-resolver --with-openssl=$(brew --prefix openssl) --enable-websockets
tflags: -n -t --shallow=20 FTP
macosx-version-min: 10.9
- name: macOS 10.15
install: nghttp2 libssh2 openssl
configure: --enable-debug --disable-ldap --with-openssl=$(brew --prefix)/opt/openssl --enable-websockets
macosx-version-min: 10.15
macos-version-min: '10.9'
- name: 'OpenSSL libssh2 !ldap 10.15'
compiler: clang
configure: --enable-debug --disable-ldap --with-openssl=$(brew --prefix openssl) --enable-websockets
macos-version-min: '10.15'
steps:
- run: echo libtool autoconf automake pkg-config libpsl ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile
name: 'brew bundle'
- name: 'brew install'
# Run this command with retries because of spurious failures seen
# while running the tests, for example
# https://github.com/curl/curl/runs/4095721123?check_suite_focus=true
run: |
echo libtool autoconf automake pkg-config libpsl libssh2 nghttp2 openssl ${{ matrix.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile
while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done
# Run this command with retries because of spurious failures seen
# while running the tests, for example
# https://github.com/curl/curl/runs/4095721123?check_suite_focus=true
- run: "while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done"
name: 'brew install'
- run: |
case "${{ matrix.build.install }}" in
- name: 'brew unlink openssl'
run: |
case "${{ matrix.install }}" in
*openssl*)
(
cd $(brew --prefix)/opt/openssl/lib/pkgconfig/
cd $(brew --prefix openssl)/lib/pkgconfig/
for i in libssl.pc libcrypto.pc; do
sudo cp $i $i.orig
sudo sed s,libdir=$(brew --prefix)'/Cellar/openssl@3/3.3.0$',libdir=$(brew --prefix)/Cellar/openssl@3/3.3.0/lib,g < $i.orig > /tmp/$i
@ -170,77 +175,139 @@ jobs:
brew unlink openssl
fi;;
esac
name: 'brew unlink openssl'
- run: |
- name: 'pip3 install'
run: |
python3 -m venv $HOME/venv
source $HOME/venv/bin/activate
python3 -m pip install impacket
name: 'pip3 install'
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- run: rm -f $HOME/.curlrc
name: remove $HOME/.curlrc
- name: 'toolchain versions'
run: |
[[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang"
[[ '${{ matrix.compiler }}' = 'gcc'* ]] && \
grep -h -r -E -o '.+[0-9.]+\.sdk/' "$(dirname "$("${CC}" -print-libgcc-file-name)")/include-fixed" | sed -E 's/^\t+//g' | tr -d '"' | sort -u || true
which "${CC}"; "${CC}" --version || true
xcodebuild -version || true
xcrun -sdk macosx --show-sdk-path 2>/dev/null || true
echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::'
echo '::group::brew packages preinstalled'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::'
- run: autoreconf -fi
name: 'autoreconf'
- name: 'autoreconf'
run: autoreconf -fi
- run: ./configure --disable-dependency-tracking --enable-warnings --enable-werror ${{ matrix.build.configure }}
name: 'configure'
env:
CFLAGS: "-mmacosx-version-min=${{ matrix.build.macosx-version-min }}"
- name: 'configure'
run: |
[[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang"
CFLAGS+=' ${{ matrix.cflags }}'
if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then
libgccdir="$(dirname "$("${CC}" -print-libgcc-file-name)")"
echo '::group::gcc include-fixed details'; find "${libgccdir}/include-fixed" | sort; echo '::endgroup::'
for f in dispatch os AvailabilityInternal.h stdio.h; do
if [ -r "${libgccdir}/include-fixed/${f}" ]; then
echo "Zap gcc hack: '${libgccdir}/include-fixed/${f}'"
mv "${libgccdir}/include-fixed/${f}" "${libgccdir}/include-fixed/${f}-BAK"
fi
done
fi
if [[ '${{ matrix.compiler }}' = 'llvm'* ]]; then
options+=" --target=$(uname -m)-apple-darwin"
CC+=" --target=$(uname -m)-apple-darwin"
fi
if [ '${{ matrix.compiler }}' != 'clang' ]; then
options+=" --with-sysroot=$(xcrun -sdk macosx --show-sdk-path 2>/dev/null)"
CFLAGS+=" --sysroot=$(xcrun -sdk macosx --show-sdk-path 2>/dev/null)"
fi
mkdir bld && cd bld && ../configure --enable-warnings --enable-werror \
--disable-dependency-tracking \
--with-libpsl=$(brew --prefix libpsl) \
${{ matrix.configure }} ${options}
- run: make V=1
name: 'make'
- name: 'configure log'
if: ${{ !cancelled() }}
run: cat bld/config.log || true
- run: make V=1 examples
name: 'make examples'
- name: 'curl_config.h'
run: |
echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::'
cat bld/lib/curl_config.h | grep -F '#define' | sort || true
- run: make V=1 -C tests
name: 'make tests'
- name: 'make'
run: make -C bld V=1
- run: make V=1 test-ci
name: 'run tests'
env:
TFLAGS: '${{ matrix.build.tflags }} -j5 ~1452'
- name: 'curl version'
run: bld/src/curl --disable --version
- name: 'make examples'
run: make -C bld V=1 examples
- name: 'make tests'
run: make -C bld V=1 -C tests
- name: 'run tests'
run: |
export TFLAGS='${{ matrix.tflags }} -j10'
if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then
TFLAGS+=' ~RTSP' # 567 568 569 570 571 572 577 689 3100
TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length
if [[ '${{ matrix.configure }}' = *'--with-secure-transport'* ]]; then
TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059
TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2
else
TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2
fi
fi
rm -f $HOME/.curlrc
make -C bld V=1 test-ci
cmake:
name: cmake ${{ matrix.compiler.CC }} ${{ matrix.build.name }}
name: 'CM ${{ matrix.compiler }} ${{ matrix.build.name }}'
runs-on: 'macos-latest'
timeout-minutes: 10
env:
CC: ${{ matrix.compiler.CC }}
CFLAGS: '-Wno-deprecated-declarations' # Required for LDAP
DEVELOPER_DIR: "/Applications/Xcode${{ matrix.xcode && format('_{0}', matrix.xcode) || '' }}.app/Contents/Developer"
CC: ${{ matrix.compiler }}
strategy:
fail-fast: false
matrix:
compiler:
- CC: clang
- CC: gcc-12
compiler: [clang, llvm@15, gcc-12]
build:
- name: OpenSSL
install: nghttp2 openssl gsasl
generate: -DOPENSSL_ROOT_DIR=$(brew --prefix)/opt/openssl -DCURL_USE_GSASL=ON
- name: LibreSSL
install: nghttp2 libressl
generate: -DOPENSSL_ROOT_DIR=$(brew --prefix)/opt/libressl -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON -DBUILD_EXAMPLES=ON
- name: wolfSSL
install: nghttp2 wolfssl
- name: 'OpenSSL ws gsasl AppleIDN'
install: gsasl
generate: -DOPENSSL_ROOT_DIR=$(brew --prefix openssl) -DCURL_USE_GSASL=ON -DUSE_APPLE_IDN=ON -DENABLE_WEBSOCKETS=ON
macos-version-min: '10.9'
tflags: '~1034 ~1035' # AppleIDN issues: https://github.com/curl/curl/issues/14176
- name: 'OpenSSL +static'
generate: -DOPENSSL_ROOT_DIR=$(brew --prefix openssl) -DBUILD_STATIC_LIBS=ON
macos-version-min: '10.9'
- name: 'SecureTransport ws debug+'
generate: -DCURL_USE_SECTRANSP=ON -DENABLE_WEBSOCKETS=ON -DENABLE_DEBUG=ON -DENABLE_CURLDEBUG=ON
macos-version-min: '10.8'
- name: 'LibreSSL !ldap'
install: libressl
generate: -DOPENSSL_ROOT_DIR=$(brew --prefix libressl) -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON -DBUILD_EXAMPLES=ON
macos-version-min: '10.15'
- name: 'wolfSSL !ldap'
install: wolfssl
generate: -DCURL_USE_WOLFSSL=ON -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON
- name: libssh2
install: nghttp2 openssl libssh2
generate: -DOPENSSL_ROOT_DIR=$(brew --prefix)/opt/openssl -DCURL_USE_LIBSSH2=ON -DBUILD_SHARED_LIBS=ON -DBUILD_STATIC_LIBS=ON
- name: GnuTLS
macos-version-min: '10.15'
- name: 'GnuTLS !ldap'
install: gnutls
generate: -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON -DCMAKE_SHARED_LINKER_FLAGS=-L$(brew --prefix)/lib -DCMAKE_EXE_LINKER_FLAGS=-L$(brew --prefix)/lib
generate: -DCURL_USE_GNUTLS=ON -DCURL_USE_OPENSSL=OFF -DCURL_DISABLE_LDAP=ON -DCURL_DISABLE_LDAPS=ON -DCMAKE_SHARED_LINKER_FLAGS=-L$(brew --prefix nettle)/lib -DCMAKE_EXE_LINKER_FLAGS=-L$(brew --prefix nettle)/lib
macos-version-min: '10.15'
exclude:
- { compiler: llvm@15, build: { macos-version-min: '10.15' } }
- { compiler: llvm@15, build: { macos-version-min: '10.9' } }
steps:
- run: echo libtool autoconf automake pkg-config ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile
name: 'brew bundle'
- name: 'brew install'
run: |
echo libtool autoconf automake pkg-config libpsl libssh2 nghttp2 openssl ${{ matrix.build.install }} | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile
while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done
- run: "while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done"
name: 'brew install'
- run: |
- name: 'brew unlink openssl'
run: |
case "${{ matrix.build.install }}" in
*openssl*)
;;
@ -249,12 +316,304 @@ jobs:
brew unlink openssl
fi;;
esac
name: 'brew unlink openssl'
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- run: cmake -B build -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON -DUSE_APPLE_IDN=ON ${{ matrix.build.generate }}
name: 'cmake generate'
- name: 'toolchain versions'
run: |
[[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang"
[[ '${{ matrix.compiler }}' = 'gcc'* ]] && \
grep -h -r -E -o '.+[0-9.]+\.sdk/' "$(dirname "$("${CC}" -print-libgcc-file-name)")/include-fixed" | sed -E 's/^\t+//g' | tr -d '"' | sort -u || true
which "${CC}"; "${CC}" --version || true
xcodebuild -version || true
xcrun -sdk macosx --show-sdk-path 2>/dev/null || true
echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::'
echo '::group::brew packages preinstalled'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::'
- run: cmake --build build --parallel 4
name: 'cmake build'
- name: 'cmake configure'
run: |
[[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang"
if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then
libgccdir="$(dirname "$("${CC}" -print-libgcc-file-name)")"
echo '::group::gcc include-fixed details'; find "${libgccdir}/include-fixed" | sort; echo '::endgroup::'
for f in dispatch os AvailabilityInternal.h stdio.h; do
if [ -r "${libgccdir}/include-fixed/${f}" ]; then
echo "Zap gcc hack: '${libgccdir}/include-fixed/${f}'"
mv "${libgccdir}/include-fixed/${f}" "${libgccdir}/include-fixed/${f}-BAK"
fi
done
fi
cmake -B bld -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON \
-DCMAKE_OSX_DEPLOYMENT_TARGET=${{ matrix.build.macos-version-min }} \
"-DCMAKE_C_COMPILER_TARGET=$(uname -m | sed 's/arm64/aarch64/')-apple-darwin$(uname -r)" \
-DUSE_NGHTTP2=ON \
${{ matrix.build.generate }}
- name: 'configure log'
if: ${{ !cancelled() }}
run: cat bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true
- name: 'curl_config.h'
run: |
echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::'
cat bld/lib/curl_config.h | grep -F '#define' | sort || true
- name: 'cmake build'
run: make -C bld VERBOSE=1
- name: 'curl version'
run: bld/src/curl --disable --version
- name: 'cmake build tests'
run: make -C bld testdeps
- name: 'cmake run tests'
run: |
export TFLAGS='${{ matrix.build.tflags }} -j10'
if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then
TFLAGS+=' ~RTSP' # 567 568 569 570 571 572 577 689 3100
TFLAGS+=' ~1156 ~1539' # HTTP Content-Range, Content-Length
if [[ '${{ matrix.build.generate }}' = *'-DCURL_USE_SECTRANSP=ON'* ]]; then
TFLAGS+=' ~2100' # 2100:'HTTP GET using DoH' https://github.com/curl/curl/actions/runs/9942146678/job/27462937524#step:15:5059
TFLAGS+=' ~HTTP/2' # 2400 2401 2402 2403 2404 2406, SecureTransport + nghttp2
else
TFLAGS+=' ~2402 ~2404' # non-SecureTransport + nghttp2
fi
fi
rm -f $HOME/.curlrc
make -C bld test-ci
combinations: # Test buildability with host OS, Xcode / SDK, compiler, target-OS, SecureTransport/not, built tool, combinations
if: true # Set to `true` to enable this test matrix. It runs quickly.
name: "${{ matrix.build == 'cmake' && 'CM' || 'AM' }} ${{ matrix.compiler }} ${{ matrix.image }} ${{ matrix.xcode }} ${{ matrix.config }}"
runs-on: ${{ matrix.image }}
timeout-minutes: 30
env:
DEVELOPER_DIR: "/Applications/Xcode${{ matrix.xcode && format('_{0}', matrix.xcode) || '' }}.app/Contents/Developer"
CC: ${{ matrix.compiler }}
strategy:
fail-fast: false
matrix:
config: [SecureTransport] # also: OpenSSL
compiler: [gcc-11, gcc-12, gcc-13, gcc-14, llvm@15, clang]
# Xcode support matrix as of 2024-07, with default macOS SDK versions and OS names, years:
# * = default Xcode on the runner.
# macos-12: 13.1, 13.2.1, 13.3.1, 13.4.1, 14.0.1, 14.1,*14.2
# macos-13: 14.1, 14.2, 14.3.1,*15.0.1, 15.1, 15.2
# macos-14: 14.3.1,*15.0.1, 15.1, 15.2, 15.3, 15.4, 16.0
# macOSSDK: 12.0, 12.1, 12.3, 12.3, 12.3, 13.0, 13.1, 13.3, 14.0, 14.2, 14.2, 14.4, 14.5, 15.0
# Monterey (2021) Ventura (2022) Sonoma (2023) Sequoia (2024)
# https://github.com/actions/runner-images/tree/main/images/macos
# https://en.wikipedia.org/wiki/MacOS_version_history
image: [macos-12, macos-13, macos-14]
# Can skip these to reduce jobs:
# 13.1, 13.2.1 are fairly old.
# 13.3.1, 14.0.1 have the same default macOS SDK as 13.4.1 and identical test results.
# 15.1 has the same default macOS SDK as 15.2 and identical test result.
# 14.1, 15.4 not revealing new fallouts.
#xcode: ['13.1', '13.2.1', '13.3.1', '13.4.1', '14.0.1', '14.1', '14.2', '14.3.1', '15.0.1', '15.1', '15.2', '15.3', '15.4', '16.0'] # all Xcode
#xcode: ['13.1', '13.2.1', '13.4.1', '14.1', '14.2', '14.3.1', '15.0.1', '15.2', '15.3', '15.4', '16.0'] # all SDK
#xcode: ['13.4.1', '14.2', '14.3.1', '15.0.1', '15.2', '15.3', '16.0'] # coverage
xcode: [''] # default Xcodes
macos-version-min: ['10.8']
build: [autotools, cmake]
exclude:
# Combinations uncovered by runner images:
- { image: macos-12, xcode: '14.3.1' }
- { image: macos-12, xcode: '15.0.1' }
- { image: macos-12, xcode: '15.1' }
- { image: macos-12, xcode: '15.2' }
- { image: macos-12, xcode: '15.3' }
- { image: macos-12, xcode: '15.4' }
- { image: macos-12, xcode: '16.0' }
- { image: macos-13, xcode: '13.1' }
- { image: macos-13, xcode: '13.2.1' }
- { image: macos-13, xcode: '13.3.1' }
- { image: macos-13, xcode: '13.4.1' }
- { image: macos-13, xcode: '14.0.1' }
- { image: macos-13, xcode: '15.3' }
- { image: macos-13, xcode: '15.4' }
- { image: macos-13, xcode: '16.0' }
- { image: macos-14, xcode: '13.1' }
- { image: macos-14, xcode: '13.2.1' }
- { image: macos-14, xcode: '13.3.1' }
- { image: macos-14, xcode: '13.4.1' }
- { image: macos-14, xcode: '14.0.1' }
- { image: macos-14, xcode: '14.1' }
- { image: macos-14, xcode: '14.2' }
# Reduce build combinations, by dropping less interesting ones
- { compiler: gcc-11, build: autotools }
- { compiler: gcc-11, image: macos-14 }
- { compiler: gcc-12, config: SecureTransport }
- { compiler: gcc-13, build: cmake }
- { compiler: gcc-13, image: macos-13 }
- { compiler: gcc-14, config: SecureTransport }
steps:
- name: 'install autotools'
if: ${{ matrix.build == 'autotools' }}
run: |
echo autoconf automake libtool openssl | xargs -Ix -n1 echo brew '"x"' > /tmp/Brewfile
while [[ $? == 0 ]]; do for i in 1 2 3; do brew update && brew bundle install --no-lock --file /tmp/Brewfile && break 2 || { echo Error: wait to try again; sleep 10; } done; false Too many retries; done
- uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4
- name: 'toolchain versions'
run: |
[[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang"
[[ '${{ matrix.compiler }}' = 'gcc'* ]] && \
grep -h -r -E -o '.+[0-9.]+\.sdk/' "$(dirname "$("${CC}" -print-libgcc-file-name)")/include-fixed" | sed -E 's/^\t+//g' | tr -d '"' | sort -u || true
which "${CC}"; "${CC}" --version || true
xcodebuild -version || true
xcrun -sdk macosx --show-sdk-path 2>/dev/null || true
echo '::group::macros predefined'; "${CC}" -dM -E - < /dev/null | sort || true; echo '::endgroup::'
echo '::group::brew packages preinstalled'; ls -l "$(brew --prefix)/opt"; echo '::endgroup::'
- name: 'autoreconf'
if: ${{ matrix.build == 'autotools' }}
run: autoreconf -fi
- name: 'configure / ${{ matrix.build }}'
run: |
[[ '${{ matrix.compiler }}' = 'llvm'* ]] && CC="$(brew --prefix ${{ matrix.compiler }})/bin/clang"
# gcc ships with an `include-fixed` header set, which overrides SDK
# headers with the intent of making them compatible with gcc. The
# source for these headers is:
# https://github.com/gcc-mirror/gcc/tree/master/fixincludes
# with extra Apple-specific patches applied from here for Homebrew:
# https://github.com/iains/gcc-12-branch
#
# They pass through a generator phase at build-time which seems to
# pick the SDK installed on the build machine (maintained by the
# Homebrew project in our case) and patches it according to a set
# of rules in `inclhack.def`.
#
# Homebrew builds and ships different binaries for different macOS
# versions and CPUs, built on machines using the same OS version as
# the target one. Each of these machines have a particular version
# of Apple CommandLineTools with a default SDK version installed with
# them.
#
# Then this binary gets installed onto the end-user machine,
# matching the OS version at the time of installation.
#
# The problem with this approach is that the SDK version picked up
# at gcc build-time has a high chance of being or becoming out of
# sync with actual SDK installed on the end-user machine. This
# can happen after upgrading the OS, Xcode, selecting an SDK version
# manually, or other reasons.
#
# When the SDK versions do not match, the gcc hacks, instead of
# improving compatibility the SDK, are actively _breaking_
# compatibility, in an unexpected, hard to diagnose way.
#
# The SDK version used for gcc-hacks is not advertised. We can
# extract the major SDK version from the generated gcc-hack header
# files, assuming someone knows what to look for and where.
#
# Basically it also means that the same `gcc-N` Homebrew package
# behaves differently depending on the OS it was built on. Causing
# an explosion of build combination. It may also mean that a minor
# gcc version bump is built against a different SDK version, and due
# to the extra patch for the hack applied by Homebrew, there may
# be extra changes as well.
#
# For GHA runners, it means that the default Xcode + OS combo is
# broken in 8 out of 12 combinations (66%) have an SDK mismatch,
# and 9 fail to build (75%). These are the 3 lucky default
# combinations that worked to build curl:
# macos-14 + Xcode 15.0.1 + gcc-11, gcc-12, gcc-14
#
# Of all possible valid GHA runner, gcc, manually selected Xcode
# combinations, 40% are broken.
#
# Compared to mainline llvm: llvm ships the same binaries regardless
# of build-OS or environent, it contains no SDK-version-specific
# hacks, and has no 3rd party patches. This still leaves some
# occasional issues, but works much closer to expectations.
#
# Some of these hacks are helpful, in particular for fixing this
# issue via math.h:
# /Applications/Xcode_14.3.1.app/Contents/Developer/Platforms/MacOSX.platform/Developer/SDKs/MacOSX.sdk/usr/include/math.h:53:5: error: #error "Unsupported value of
# 53 | # error "Unsupported value of __FLT_EVAL_METHOD__."
#
# Errors seen in available CI combinations:
# error: two or more data types in declaration specifiers # fatal error: AvailabilityInternalLegacy.h: No such file or directory
# gcc-11, gcc-13 + macos-14 + Xcode 14.3.1
# error: two or more data types in declaration specifiers
# gcc-13 + macos-12 + Xcode 14.1, 14.2
# gcc-13 + Xcode 15.0.1, 15.1, 5.2
# error: expected ';' before 'extern'
# gcc-11, gcc-12, gcc-14 + macos-12 + Xcode 14.1, 14.2
# error: unknown type name 'dispatch_queue_t'
# gcc-11, gcc-12 + macos-13 + Xcode 15.0.1, 15.1, 15.2
# error: type defaults to 'int' in declaration of 'DISPATCH_DECL_FACTORY_CLASS_SWIFT' [-Wimplicit-int]
# gcc-14 macos-13 Xcode 15.0.1, 15.1, 15.2
# error: unknown type name 'FILE'
# Xcode 16.0
#
# Unbreak Homebrew gcc builds by moving problematic SDK header overlay
# directories/files out of the way:
if [[ '${{ matrix.compiler }}' = 'gcc'* ]]; then
# E.g.:
# $(brew --prefix)/Cellar/gcc@11/11.4.0/lib/gcc/11/gcc/aarch64-apple-darwin23/11/include-fixed
# $(brew --prefix)/Cellar/gcc@11/11.4.0/lib/gcc/11/gcc/x86_64-apple-darwin21/11/include-fixed
# $(brew --prefix)/Cellar/gcc/14.1.0_1/lib/gcc/14/gcc/x86_64-apple-darwin21/14/include-fixed
libgccdir="$(dirname "$("${CC}" -print-libgcc-file-name)")"
echo '::group::gcc include-fixed details'; find "${libgccdir}/include-fixed" | sort; echo '::endgroup::'
patch_out='dispatch os AvailabilityInternal.h'
patch_out+=' stdio.h' # for Xcode 16 error: unknown type name 'FILE'
for f in ${patch_out}; do
if [ -r "${libgccdir}/include-fixed/${f}" ]; then
echo "Zap gcc hack: '${libgccdir}/include-fixed/${f}'"
mv "${libgccdir}/include-fixed/${f}" "${libgccdir}/include-fixed/${f}-BAK"
fi
done
fi
if [ '${{ matrix.build }}' = 'autotools' ]; then
export CFLAGS
if [[ '${{ matrix.compiler }}' = 'llvm'* ]]; then
options+=" --target=$(uname -m)-apple-darwin"
CC+=" --target=$(uname -m)-apple-darwin"
fi
if [ '${{ matrix.compiler }}' != 'clang' ]; then
options+=" --with-sysroot=$(xcrun -sdk macosx --show-sdk-path 2>/dev/null)"
CFLAGS+=" --sysroot=$(xcrun -sdk macosx --show-sdk-path 2>/dev/null)"
fi
[ '${{ matrix.config }}' = 'OpenSSL' ] && options+=" --with-openssl=$(brew --prefix openssl)"
[ '${{ matrix.config }}' = 'SecureTransport' ] && options+=' --with-secure-transport'
CFLAGS+=' -mmacosx-version-min=${{ matrix.macos-version-min }}'
# would pick up nghttp2, libidn2, but libssh2 is disabled by default
mkdir bld && cd bld && ../configure --enable-warnings --enable-werror \
--disable-dependency-tracking \
--disable-docs --disable-manual \
--without-nghttp2 --without-libidn2 \
${options}
else
[ '${{ matrix.config }}' = 'OpenSSL' ] && options+=' -DCURL_USE_OPENSSL=ON'
[ '${{ matrix.config }}' = 'SecureTransport' ] && options+=' -DCURL_USE_SECTRANSP=ON'
# would pick up nghttp2, libidn2, and libssh2
cmake -B bld -DCMAKE_UNITY_BUILD=ON -DCURL_WERROR=ON \
-DCMAKE_OSX_DEPLOYMENT_TARGET=${{ matrix.macos-version-min }} \
"-DCMAKE_IGNORE_PREFIX_PATH=$(brew --prefix)" \
"-DCMAKE_C_COMPILER_TARGET=$(uname -m | sed 's/arm64/aarch64/')-apple-darwin$(uname -r)" \
-DBUILD_LIBCURL_DOCS=OFF -DBUILD_MISC_DOCS=OFF -DENABLE_CURL_MANUAL=OFF \
-DUSE_APPLE_IDN=OFF \
${options}
fi
- name: 'configure log'
if: ${{ !cancelled() }}
run: cat bld/config.log bld/CMakeFiles/CMakeConfigureLog.yaml 2>/dev/null || true
- name: 'curl_config.h'
run: |
echo '::group::raw'; cat bld/lib/curl_config.h || true; echo '::endgroup::'
cat bld/lib/curl_config.h | grep -F '#define' | sort || true
- name: 'build / ${{ matrix.build }}'
run: make -C bld V=1 VERBOSE=1
- name: 'curl version'
run: bld/src/curl --disable --version