yosoyhendrix
/
psiphon-tunnel-core
kopia lustrzana https://github.com/Psiphon-Labs/psiphon-tunnel-core


			
				
					
						
						
							123456789101112131415161718192021222324252627282930313233343536373839404142434445464748495051525354555657585960616263646566676869707172737475767778798081828384858687888990919293949596979899100101102103104105106107108109110111112113114115116117118119120121122123124125126127128129130131132133134135136137138139140141142143144145146147148149150151152153154155156157158159160161162163164165166167168169170171172173174175176177178179180181182183184185186187188189190191192193194195196197198
							name: CI

on:
  workflow_dispatch:
  push:
    branches:
      - master
      - staging-client
      - staging-server

jobs:
  run_tests:

    strategy:
      fail-fast: false
      matrix:
        os: [ "ubuntu" ]
        go: [ "1.24.4" ]
        test-type: [ "detector", "coverage", "memory", "custom-build-tags", "code-vetting", "dependency-check" ]

    runs-on: ${{ matrix.os }}-latest

    name: psiphon-tunnel-core ${{ matrix.test-type }} tests on ${{ matrix.os}}, Go ${{ matrix.go }}

    permissions:
      checks: write
      contents: read

    env:
      GOPATH: ${{ github.workspace }}/go

    steps:

      - name: Clone repository
        uses: actions/checkout@v4
        with:
          path: ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core

      - name: Install Go
        uses: actions/setup-go@v4
        with:
          go-version: ${{ matrix.go }}

      - name: Install networking components
        run: |
          sudo apt-get update
          sudo apt-get install libnetfilter-queue-dev
          sudo apt-get install conntrack

      - name: Install coverage tools
        if: ${{ matrix.test-type == 'coverage' }}
        run: |
          go install github.com/axw/gocov/gocov@latest
          go install github.com/modocache/gover@latest
          go install github.com/mattn/goveralls@latest
          go install golang.org/x/tools/cmd/cover@latest

      - name: Check environment
        run: |
          echo "GitHub workspace: $GITHUB_WORKSPACE"
          echo "Working directory: `pwd`"
          echo "GOROOT: $GOROOT"
          echo "GOPATH: $GOPATH"
          echo "Go version: `go version`"

      - name: Pave config files
        env:
          CONTROLLER_TEST_CONFIG: ${{ secrets.CONTROLLER_TEST_CONFIG }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
          echo "$CONTROLLER_TEST_CONFIG" > ./psiphon/controller_test.config

      # TODO: fix and re-enable test
      # sudo -E env "PATH=$PATH" go test -v -race ./psiphon/common/tun
      - name: Run tests with data race detector
        if: ${{ matrix.test-type == 'detector' }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
          go test -v -race ./psiphon/common
          go test -v -race ./psiphon/common/accesscontrol
          go test -v -race ./psiphon/common/crypto/ssh
          go test -v -race ./psiphon/common/fragmentor
          go test -v -race -tags "PSIPHON_ENABLE_INPROXY" ./psiphon/common/inproxy
          go test -v -race ./psiphon/common/regen
          go test -v -race ./psiphon/common/monotime
          go test -v -race ./psiphon/common/obfuscator
          go test -v -race ./psiphon/common/osl
          sudo -E env "PATH=$PATH" go test -v -race -tags "PSIPHON_RUN_PACKET_MANIPULATOR_TEST" ./psiphon/common/packetman
          go test -v -race ./psiphon/common/parameters
          go test -v -race ./psiphon/common/protocol
          go test -v -race ./psiphon/common/quic
          go test -v -race ./psiphon/common/resolver
          go test -v -race ./psiphon/common/tactics
          go test -v -race ./psiphon/common/transforms
          go test -v -race ./psiphon/common/values
          go test -v -race ./psiphon/common/wildcard
          go test -v -race ./psiphon/transferstats
          sudo -E env "PATH=$PATH" go test -v -timeout 30m -race -tags "PSIPHON_ENABLE_INPROXY PSIPHON_RUN_PACKET_MANIPULATOR_TEST" ./psiphon/server
          go test -v -race ./psiphon/server/psinet
          go test -v -timeout 30m -race ./psiphon
          go test -v -race ./ClientLibrary/clientlib
          go test -v -race ./Server/logging/analysis
          go test -v -race ./psiphon/common/networkid

      # TODO: fix and re-enable test
      # sudo -E env "PATH=$PATH" go test -v -covermode=count -coverprofile=tun.coverprofile ./psiphon/common/tun
      - name: Run tests with coverage
        env:
          COVERALLS_TOKEN: ${{ secrets.GITHUB_TOKEN }}
        if: ${{ matrix.test-type == 'coverage' && github.repository == 'Psiphon-Labs/psiphon-tunnel-core' }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
          go test -v -covermode=count -coverprofile=common.coverprofile ./psiphon/common
          go test -v -covermode=count -coverprofile=accesscontrol.coverprofile ./psiphon/common/accesscontrol
          go test -v -covermode=count -coverprofile=ssh.coverprofile ./psiphon/common/crypto/ssh
          go test -v -covermode=count -coverprofile=fragmentor.coverprofile ./psiphon/common/fragmentor
          go test -v -covermode=count -tags "PSIPHON_ENABLE_INPROXY" -coverprofile=inproxy.coverprofile ./psiphon/common/inproxy
          go test -v -covermode=count -coverprofile=regen.coverprofile ./psiphon/common/regen
          go test -v -covermode=count -coverprofile=monotime.coverprofile ./psiphon/common/monotime
          go test -v -covermode=count -coverprofile=obfuscator.coverprofile ./psiphon/common/obfuscator
          go test -v -covermode=count -coverprofile=osl.coverprofile ./psiphon/common/osl
          sudo -E env "PATH=$PATH" go test -v -covermode=count -coverprofile=packetman.coverprofile -tags "PSIPHON_RUN_PACKET_MANIPULATOR_TEST" ./psiphon/common/packetman
          go test -v -covermode=count -coverprofile=parameters.coverprofile ./psiphon/common/parameters
          go test -v -covermode=count -coverprofile=protocol.coverprofile ./psiphon/common/protocol
          go test -v -covermode=count -coverprofile=quic.coverprofile ./psiphon/common/quic
          go test -v -covermode=count -coverprofile=resolver.coverprofile ./psiphon/common/resolver
          go test -v -covermode=count -coverprofile=tactics.coverprofile ./psiphon/common/tactics
          go test -v -covermode=count -coverprofile=transforms.coverprofile ./psiphon/common/transforms
          go test -v -covermode=count -coverprofile=values.coverprofile ./psiphon/common/values
          go test -v -covermode=count -coverprofile=wildcard.coverprofile ./psiphon/common/wildcard
          go test -v -covermode=count -coverprofile=transferstats.coverprofile ./psiphon/transferstats
          sudo -E env "PATH=$PATH" go test -v -timeout 30m -covermode=count -coverprofile=server.coverprofile -tags "PSIPHON_ENABLE_INPROXY PSIPHON_RUN_PACKET_MANIPULATOR_TEST" ./psiphon/server
          go test -v -covermode=count -coverprofile=psinet.coverprofile ./psiphon/server/psinet
          go test -v -timeout 30m -covermode=count -coverprofile=psiphon.coverprofile ./psiphon
          go test -v -covermode=count -coverprofile=clientlib.coverprofile ./ClientLibrary/clientlib
          go test -v -covermode=count -coverprofile=analysis.coverprofile ./Server/logging/analysis
          go test -v -covermode=count -coverprofile=networkid.coverprofile ./psiphon/common/networkid
          $GOPATH/bin/gover
          $GOPATH/bin/goveralls -coverprofile=gover.coverprofile -service=github -repotoken "$COVERALLS_TOKEN"

      - name: Run memory tests
        if: ${{ matrix.test-type == 'memory' }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
          go test -v ./psiphon/memory_test -run TestReconnectTunnel
          go test -v ./psiphon/memory_test -run TestRestartController

      - name: Compile with custom build tags
        if: ${{ matrix.test-type == 'custom-build-tags' }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core/ConsoleClient
          go build -a -v -tags ""
          go build -a -v -tags "PSIPHON_ENABLE_INPROXY"
          go build -a -v -tags "PSIPHON_DISABLE_QUIC"
          go build -a -v -tags "PSIPHON_DISABLE_GQUIC"
          go build -a -v -tags "PSIPHON_ENABLE_REFRACTION_NETWORKING"

      - name: Check Go fmt
        if: ${{ matrix.test-type == 'code-vetting' }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
          if [ "$(gofmt -s -l ./psiphon ./ClientLibrary ./ConsoleClient ./MobileLibrary/psi ./Server | wc -l)" -gt 0 ]; then
            gofmt -s -l ./psiphon ./ClientLibrary ./ConsoleClient ./MobileLibrary/psi ./Server
            exit 1
          fi

      - name: Check Go vet
        if: ${{ matrix.test-type == 'code-vetting' }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
          go vet -tags "PSIPHON_ENABLE_INPROXY PSIPHON_ENABLE_REFRACTION_NETWORKING" ./psiphon/... ./ClientLibrary/... ./ConsoleClient/... ./MobileLibrary/psi ./Server/...

      - name: Build and run ConsoleClient to invoke the panic-on-fail, init-time portmapper dependency check (see psiphon/common/inproxy/portmapper.go)
        if: ${{ matrix.test-type == 'dependency-check' }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core/ConsoleClient
          go build -a -v -tags "PSIPHON_ENABLE_INPROXY"
          ./ConsoleClient --version

      # License check ignore cases:
      #
      # - github.com/Psiphon-Labs,github.com/Psiphon-Inc: Psiphon code with
      #   GPL 3 license; any dependencies within (subtree or copy) must be
      #   manually vetted
      #
      # - github.com/oschwald/maxminddb-golang,github.com/shoenig/go-m1cpu:
      #   ISC and MPL-2.0 respectively; allowed for server only (there is an
      #   extra pass, without this exclusion, over the main client packages)
      #
      # - github.com/sergeyfrolov/bsbuffer: is LGPL-3.0, but may be excluded by
      #   omitting the build tag PSIPHON_ENABLE_REFRACTION_NETWORKING.
      #
      - name: Check licenses
        if: ${{ matrix.test-type == 'code-vetting' }}
        run: |
          cd ${{ github.workspace }}/go/src/github.com/Psiphon-Labs/psiphon-tunnel-core
          GOFLAGS="-tags=PSIPHON_ENABLE_INPROXY,PSIPHON_ENABLE_REFRACTION_NETWORKING" go run github.com/google/go-licenses@latest check --ignore=github.com/Psiphon-Labs,github.com/Psiphon-Inc,github.com/oschwald/maxminddb-golang,github.com/shoenig/go-m1cpu,github.com/sergeyfrolov/bsbuffer --allowed_licenses=Apache-2.0,Apache-3,BSD-2-Clause,BSD-3-Clause,BSD-4-Clause,CC0-1.0,ISC,MIT ./...
          GOFLAGS="-tags=PSIPHON_ENABLE_INPROXY,PSIPHON_ENABLE_REFRACTION_NETWORKING" go run github.com/google/go-licenses@latest check --ignore=github.com/Psiphon-Labs,github.com/Psiphon-Inc,github.com/sergeyfrolov/bsbuffer --allowed_licenses=Apache-2.0,Apache-3,BSD-2-Clause,BSD-3-Clause,BSD-4-Clause,CC0-1.0,ISC,MIT ./psiphon ./psiphon/common/... ./ClientLibrary/... ./ConsoleClient/... ./MobileLibrary/psi