name: CI on: workflow_dispatch: push: branches: - master - staging-client - staging-server jobs: run_tests: strategy: fail-fast: false matrix: os: [ "ubuntu" ] go: [ "1.22.7" ] test-type: [ "detector", "coverage", "memory", "custom-build-tags", "code-vetting" ] runs-on: ${{ matrix.os }}-latest name: psiphon-tunnel-core ${{ matrix.test-type }} tests on ${{ matrix.os}}, Go ${{ matrix.go }} permissions: checks: write contents: read env: GOPATH: ${{ github.workspace }}/go steps: - name: Clone repository uses: actions/checkout@v4 with: path: ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core - name: Install Go uses: actions/setup-go@v4 with: go-version: ${{ matrix.go }} - name: Install networking components run: | sudo apt-get update sudo apt-get install libnetfilter-queue-dev sudo apt-get install conntrack - name: Install coverage tools if: ${{ matrix.test-type == 'coverage' }} run: | go install github.com/axw/gocov/gocov@latest go install github.com/modocache/gover@latest go install github.com/mattn/goveralls@latest go install golang.org/x/tools/cmd/cover@latest - name: Check environment run: | echo "GitHub workspace: $GITHUB_WORKSPACE" echo "Working directory: `pwd`" echo "GOROOT: $GOROOT" echo "GOPATH: $GOPATH" echo "Go version: `go version`" - name: Pave config files env: CONTROLLER_TEST_CONFIG: ${{ secrets.CONTROLLER_TEST_CONFIG }} run: | cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core echo "$CONTROLLER_TEST_CONFIG" > ./psiphon/controller_test.config # TODO: fix and re-enable test # sudo -E env "PATH=$PATH" go test -v -race ./psiphon/common/tun - name: Run tests with data race detector if: ${{ matrix.test-type == 'detector' }} run: | cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core go test -v -race ./psiphon/common go test -v -race ./psiphon/common/accesscontrol go test -v -race ./psiphon/common/crypto/ssh go test -v -race ./psiphon/common/fragmentor go test -v -race -tags "PSIPHON_ENABLE_INPROXY" ./psiphon/common/inproxy go test -v -race ./psiphon/common/regen go test -v -race ./psiphon/common/monotime go test -v -race ./psiphon/common/obfuscator go test -v -race ./psiphon/common/osl sudo -E env "PATH=$PATH" go test -v -race -tags "PSIPHON_RUN_PACKET_MANIPULATOR_TEST" ./psiphon/common/packetman go test -v -race ./psiphon/common/parameters go test -v -race ./psiphon/common/protocol go test -v -race ./psiphon/common/quic go test -v -race ./psiphon/common/resolver go test -v -race ./psiphon/common/tactics go test -v -race ./psiphon/common/transforms go test -v -race ./psiphon/common/values go test -v -race ./psiphon/common/wildcard go test -v -race ./psiphon/transferstats sudo -E env "PATH=$PATH" go test -v -timeout 30m -race -tags "PSIPHON_ENABLE_INPROXY PSIPHON_RUN_PACKET_MANIPULATOR_TEST" ./psiphon/server go test -v -race ./psiphon/server/psinet go test -v -timeout 30m -race ./psiphon go test -v -race ./ClientLibrary/clientlib go test -v -race ./Server/logging/analysis go test -v -race ./psiphon/common/networkid # TODO: fix and re-enable test # sudo -E env "PATH=$PATH" go test -v -covermode=count -coverprofile=tun.coverprofile ./psiphon/common/tun - name: Run tests with coverage env: COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }} if: ${{ matrix.test-type == 'coverage' && github.repository == 'Psiphon-Labs/psiphon-tunnel-core' }} run: | cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core go test -v -covermode=count -coverprofile=common.coverprofile ./psiphon/common go test -v -covermode=count -coverprofile=accesscontrol.coverprofile ./psiphon/common/accesscontrol go test -v -covermode=count -coverprofile=ssh.coverprofile ./psiphon/common/crypto/ssh go test -v -covermode=count -coverprofile=fragmentor.coverprofile ./psiphon/common/fragmentor go test -v -covermode=count -tags "PSIPHON_ENABLE_INPROXY" -coverprofile=inproxy.coverprofile ./psiphon/common/inproxy go test -v -covermode=count -coverprofile=regen.coverprofile ./psiphon/common/regen go test -v -covermode=count -coverprofile=monotime.coverprofile ./psiphon/common/monotime go test -v -covermode=count -coverprofile=obfuscator.coverprofile ./psiphon/common/obfuscator go test -v -covermode=count -coverprofile=osl.coverprofile ./psiphon/common/osl sudo -E env "PATH=$PATH" go test -v -covermode=count -coverprofile=packetman.coverprofile -tags "PSIPHON_RUN_PACKET_MANIPULATOR_TEST" ./psiphon/common/packetman go test -v -covermode=count -coverprofile=parameters.coverprofile ./psiphon/common/parameters go test -v -covermode=count -coverprofile=protocol.coverprofile ./psiphon/common/protocol go test -v -covermode=count -coverprofile=quic.coverprofile ./psiphon/common/quic go test -v -covermode=count -coverprofile=resolver.coverprofile ./psiphon/common/resolver go test -v -covermode=count -coverprofile=tactics.coverprofile ./psiphon/common/tactics go test -v -covermode=count -coverprofile=transforms.coverprofile ./psiphon/common/transforms go test -v -covermode=count -coverprofile=values.coverprofile ./psiphon/common/values go test -v -covermode=count -coverprofile=wildcard.coverprofile ./psiphon/common/wildcard go test -v -covermode=count -coverprofile=transferstats.coverprofile ./psiphon/transferstats sudo -E env "PATH=$PATH" go test -v -timeout 30m -covermode=count -coverprofile=server.coverprofile -tags "PSIPHON_ENABLE_INPROXY PSIPHON_RUN_PACKET_MANIPULATOR_TEST" ./psiphon/server go test -v -covermode=count -coverprofile=psinet.coverprofile ./psiphon/server/psinet go test -v -timeout 30m -covermode=count -coverprofile=psiphon.coverprofile ./psiphon go test -v -covermode=count -coverprofile=clientlib.coverprofile ./ClientLibrary/clientlib go test -v -covermode=count -coverprofile=analysis.coverprofile ./Server/logging/analysis go test -v -covermode=count -coverprofile=networkid.coverprofile ./psiphon/common/networkid $GOPATH/bin/gover $GOPATH/bin/goveralls -coverprofile=gover.coverprofile -service=github -repotoken "$COVERALLS_TOKEN" - name: Run memory tests if: ${{ matrix.test-type == 'memory' }} run: | cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core go test -v ./psiphon/memory_test -run TestReconnectTunnel go test -v ./psiphon/memory_test -run TestRestartController - name: Compile with custom build tags if: ${{ matrix.test-type == 'custom-build-tags' }} run: | cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core/ConsoleClient go build -a -v -tags "" go build -a -v -tags "PSIPHON_ENABLE_INPROXY" go build -a -v -tags "PSIPHON_DISABLE_QUIC" go build -a -v -tags "PSIPHON_DISABLE_GQUIC" go build -a -v -tags "PSIPHON_ENABLE_REFRACTION_NETWORKING" - name: Check Go fmt if: ${{ matrix.test-type == 'code-vetting' }} run: | cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core if [ "$(gofmt -s -l ./psiphon ./ClientLibrary ./ConsoleClient ./MobileLibrary/psi ./Server | wc -l)" -gt 0 ]; then gofmt -s -l ./psiphon ./ClientLibrary ./ConsoleClient ./MobileLibrary/psi ./Server exit 1 fi - name: Check Go vet if: ${{ matrix.test-type == 'code-vetting' }} run: | cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core go vet -tags "PSIPHON_ENABLE_INPROXY PSIPHON_ENABLE_REFRACTION_NETWORKING" ./psiphon/... ./ClientLibrary/... ./ConsoleClient/... ./MobileLibrary/psi ./Server/... # License check ignore cases: # # - github.com/Psiphon-Labs,github.com/Psiphon-Inc: Psiphon code with # GPL 3 license; any dependencies within (subtree or copy) must be # manually vetted # # - github.com/oschwald/maxminddb-golang,github.com/shoenig/go-m1cpu: # ISC and MPL-2.0 respectively; allowed for server only (there is an # extra pass, without this exclusion, over the main client packages) # # - github.com/sergeyfrolov/bsbuffer: is LGPL-3.0, but may be excluded by # omitting the build tag PSIPHON_ENABLE_REFRACTION_NETWORKING. # - name: Check licenses if: ${{ matrix.test-type == 'code-vetting' }} run: | cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core GOFLAGS="-tags=PSIPHON_ENABLE_INPROXY,PSIPHON_ENABLE_REFRACTION_NETWORKING" go run github.com/google/go-licenses@latest check --ignore=github.com/Psiphon-Labs,github.com/Psiphon-Inc,github.com/oschwald/maxminddb-golang,github.com/shoenig/go-m1cpu,github.com/sergeyfrolov/bsbuffer --allowed_licenses=Apache-2.0,Apache-3,BSD-2-Clause,BSD-3-Clause,BSD-4-Clause,CC0-1.0,ISC,MIT ./... GOFLAGS="-tags=PSIPHON_ENABLE_INPROXY,PSIPHON_ENABLE_REFRACTION_NETWORKING" go run github.com/google/go-licenses@latest check --ignore=github.com/Psiphon-Labs,github.com/Psiphon-Inc,github.com/sergeyfrolov/bsbuffer --allowed_licenses=Apache-2.0,Apache-3,BSD-2-Clause,BSD-3-Clause,BSD-4-Clause,CC0-1.0,ISC,MIT ./psiphon ./psiphon/common/... ./ClientLibrary/... ./ConsoleClient/... ./MobileLibrary/psi