From 887c7c8cd6a51662ac95fa81895a8f871e7e90f8 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 17:49:11 +0200 Subject: [PATCH 01/22] Script to generate certificates --- tools/ci/gen-certificates.py | 65 ++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100755 tools/ci/gen-certificates.py diff --git a/tools/ci/gen-certificates.py b/tools/ci/gen-certificates.py new file mode 100755 index 000000000..32f24b920 --- /dev/null +++ b/tools/ci/gen-certificates.py @@ -0,0 +1,65 @@ +#!/usr/bin/env python3 +# Copyright (c) 2026 Ruben Perez Hidalgo (rubenperez038 at gmail dot com) +# +# Distributed under the Boost Software License, Version 1.0. (See +# accompanying file LICENSE.txt) +# + +# Generates the ca and certificates used for CI testing. +# Usage: python gen-certificates.py [output-dir] + +import os +import subprocess +import sys +import stat + + +def _run_openssl(*args: str) -> None: + print(f' + {" ".join(args)}') + subprocess.run(['openssl', *args], check=True) + + +def main() -> None: + output_dir = sys.argv[1] if len(sys.argv) > 1 else '/opt/ci-tls-mysql' + os.makedirs(output_dir, exist_ok=True) + os.chdir(output_dir) + + ca_key = os.path.join(output_dir, 'ca-key.pem') + ca_crt = os.path.join(output_dir, 'ca-cert.pem') + server_key = os.path.join(output_dir, 'server-key.pem') + server_csr = os.path.join(output_dir, 'server.csr') + server_crt = os.path.join(output_dir, 'server-cert.pem') + + # CA private key + _run_openssl('genpkey', '-algorithm', 'RSA', '-out', ca_key, '-pkeyopt', 'rsa_keygen_bits:2048') + + # CA certificate + _run_openssl( + 'req', '-x509', '-new', '-nodes', '-key', ca_key, '-sha256', + '-days', '20000', '-out', ca_crt, + '-subj', '/C=ES/O=Boost.MySQL CI CA/OU=IT/CN=boost-mysql-ci-ca', + ) + + # Server private key + _run_openssl('genpkey', '-algorithm', 'RSA', '-out', server_key, '-pkeyopt', 'rsa_keygen_bits:2048') + + # Server certificate + _run_openssl( + 'req', '-new', '-key', server_key, '-out', server_csr, + '-subj', '/C=ES/O=Boost.MySQL CI CA/OU=IT/CN=mysql', + ) + _run_openssl( + 'x509', '-req', '-in', server_csr, '-CA', ca_crt, '-CAkey', ca_key, + '-CAcreateserial', '-out', server_crt, '-days', '20000', '-sha256', + ) + os.remove(server_csr) + os.remove(ca_key) + + # Required when running with Docker because of mismatched user IDs + read_only = stat.S_IRUSR | stat.S_IRGRP | stat.S_IROTH # 444 + for name in os.listdir(output_dir): + os.chmod(os.path.join(output_dir, name), read_only) + + +if __name__ == '__main__': + main() From 5e9cde5fa3710ba4ca67dd1e549ce99d37181108 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 17:59:01 +0200 Subject: [PATCH 02/22] Read tA certificate dynamically --- .../include/test_integration/server_ca.hpp | 43 ------------------- test/integration/test/handshake.cpp | 28 +++++++++--- 2 files changed, 23 insertions(+), 48 deletions(-) delete mode 100644 test/integration/include/test_integration/server_ca.hpp diff --git a/test/integration/include/test_integration/server_ca.hpp b/test/integration/include/test_integration/server_ca.hpp deleted file mode 100644 index 7ced5d3e7..000000000 --- a/test/integration/include/test_integration/server_ca.hpp +++ /dev/null @@ -1,43 +0,0 @@ -// -// Copyright (c) 2019-2025 Ruben Perez Hidalgo (rubenperez038 at gmail dot com) -// -// Distributed under the Boost Software License, Version 1.0. (See accompanying -// file LICENSE_1_0.txt or copy at http://www.boost.org/LICENSE_1_0.txt) -// - -#ifndef BOOST_MYSQL_TEST_INTEGRATION_INCLUDE_TEST_INTEGRATION_SERVER_CA_HPP -#define BOOST_MYSQL_TEST_INTEGRATION_INCLUDE_TEST_INTEGRATION_SERVER_CA_HPP - -namespace boost { -namespace mysql { -namespace test { - -// The CA file that signed the server's certificate -constexpr const char CA_PEM[] = R"%(-----BEGIN CERTIFICATE----- -MIIDZzCCAk+gAwIBAgIUWznm2UoxXw3j7HCcp9PpiayTvFQwDQYJKoZIhvcNAQEL -BQAwQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAMBgNVBAoM -BW15c3FsMQ4wDAYDVQQDDAVteXNxbDAgFw0yMDA0MDQxNDMwMjNaGA8zMDE5MDgw -NjE0MzAyM1owQjELMAkGA1UEBhMCQVUxEzARBgNVBAgMClNvbWUtU3RhdGUxDjAM -BgNVBAoMBW15c3FsMQ4wDAYDVQQDDAVteXNxbDCCASIwDQYJKoZIhvcNAQEBBQAD -ggEPADCCAQoCggEBAN0WYdvsDb+a0TxOGPejcwZT0zvTrf921mmDUlrLN1Z0hJ/S -ydgQCSD7Q+6za4lTFZCXcvs52xvvS2gfC0yXyYLCT/jA4RQRxuF+/+w1gDWEbGk0 -KzEpsBuKrEIvEaVdoS78SxInnW/aegshdrRRocp4JQ6KHsZgkLTxSwPfYSUmMUo0 -cRO0Q/ak3VK8NP13A6ZFvZjrBxjS3cSw9HqilgADcyj1D4EokvfI1C9LrgwgLlZC -XVkjjBqqoMXGGlnXOEK+pm8bU68HM/QvMBkb1Amo8pioNaaYgqJUCP0Ch0iu1nUU -HtsWt6emXv0jANgIW0oga7xcT4MDGN/M+IRWLTECAwEAAaNTMFEwHQYDVR0OBBYE -FNxhaGwf5ePPhzK7yOAKD3VF6wm2MB8GA1UdIwQYMBaAFNxhaGwf5ePPhzK7yOAK -D3VF6wm2MA8GA1UdEwEB/wQFMAMBAf8wDQYJKoZIhvcNAQELBQADggEBAAoeJCAX -IDCFoAaZoQ1niI6Ac/cds8G8It0UCcFGSg+HrZ0YujJxWIruRCUG60Q2OAbEvn0+ -uRpTm+4tV1Wt92WFeuRyqkomozx0g4CyfsxGX/x8mLhKPFK/7K9iTXM4/t+xQC4f -J+iRmPVsMKQ8YsHYiWVhlOMH9XJQiqERCB2kOKJCH6xkaF2k0GbM2sGgbS7Z6lrd -fsFTOIVx0VxLVsZnWX3byE9ghnDR5jn18u30Cpb/R/ShxNUGIHqRa4DkM5la6uZX -W1fpSW11JBSUv4WnOO0C2rlIu7UJWOROqZZ0OsybPRGGwagcyff2qVRuI2XFvAMk -OzBrmpfHEhF6NDU= ------END CERTIFICATE----- -)%"; - -} // namespace test -} // namespace mysql -} // namespace boost - -#endif diff --git a/test/integration/test/handshake.cpp b/test/integration/test/handshake.cpp index 819f1569e..193809f11 100644 --- a/test/integration/test/handshake.cpp +++ b/test/integration/test/handshake.cpp @@ -26,8 +26,11 @@ #include #include +#include +#include #include #include +#include #include #include @@ -39,7 +42,6 @@ #include "test_common/source_location.hpp" #include "test_integration/any_connection_fixture.hpp" #include "test_integration/connect_params_builder.hpp" -#include "test_integration/server_ca.hpp" #include "test_integration/server_features.hpp" #include "test_integration/tcp_connection_fixture.hpp" @@ -51,6 +53,22 @@ namespace data = boost::unit_test::data; namespace { +// Retrieves the CA certificate that signed the server's certificate +std::string read_ca_pem() +{ + auto path = safe_getenv("BOOST_MYSQL_CA_CERTIFICATE", "/opt/ci-tls-mysql/ca-cert.pem"); + std::ifstream ifs(path); + if (!ifs) + throw std::system_error(errno, std::system_category(), "Failed to open " + std::string(path)); + return std::string(std::istreambuf_iterator(ifs), std::istreambuf_iterator()); +} + +string_view get_ca_pem() +{ + static std::string res = read_ca_pem(); + return res; +} + BOOST_AUTO_TEST_SUITE(test_handshake) // Handshake is the most convoluted part of MySQL protocol, @@ -362,7 +380,7 @@ BOOST_AUTO_TEST_CASE(certificate_valid) // Setup asio::ssl::context ssl_ctx(asio::ssl::context::tls_client); ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer); - ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM)); + ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem())); any_connection_fixture fix(ssl_ctx); // Connect works @@ -390,7 +408,7 @@ BOOST_AUTO_TEST_CASE(custom_certificate_verification_success) // Setup asio::ssl::context ssl_ctx(asio::ssl::context::tls_client); ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer); - ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM)); + ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem())); ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("mysql")); any_connection_fixture fix(ssl_ctx); @@ -405,7 +423,7 @@ BOOST_AUTO_TEST_CASE(custom_certificate_verification_error) // Setup asio::ssl::context ssl_ctx(asio::ssl::context::tls_client); ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer); - ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM)); + ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem())); ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("host.name")); any_connection_fixture fix(ssl_ctx); @@ -422,7 +440,7 @@ BOOST_FIXTURE_TEST_CASE(tcp_ssl_connection_, io_context_fixture) // Setup asio::ssl::context ssl_ctx(asio::ssl::context::tls_client); ssl_ctx.set_verify_mode(boost::asio::ssl::verify_peer); - ssl_ctx.add_certificate_authority(boost::asio::buffer(CA_PEM)); + ssl_ctx.add_certificate_authority(boost::asio::buffer(get_ca_pem())); ssl_ctx.set_verify_callback(boost::asio::ssl::host_name_verification("host.name")); tcp_ssl_connection conn(ctx, ssl_ctx); auto params = connect_params_builder().build_hparams(); From 854d9862d8db485cafb4d5c64823e82afb9ba554 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 18:01:58 +0200 Subject: [PATCH 03/22] Initial docker compose --- tools/scripts/docker-compose.yml | 54 ++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 tools/scripts/docker-compose.yml diff --git a/tools/scripts/docker-compose.yml b/tools/scripts/docker-compose.yml new file mode 100644 index 000000000..c83ebeb88 --- /dev/null +++ b/tools/scripts/docker-compose.yml @@ -0,0 +1,54 @@ +services: + mysql-5.7.41: + container_name: mysql-5.7.41 + image: mysql:5.7.41 + network_mode: host + environment: + MYSQL_ALLOW_EMPTY_PASSWORD: "1" + MYSQL_ROOT_PASSWORD: "" + volumes: + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld + command: > + /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ + /usr/local/bin/docker-entrypoint.sh mysqld \ + --ssl-ca=/tls/ca-cert.pem \ + --ssl-cert=/tls/server-cert.pem \ + --ssl-key=/tls/server-key.pem + ' + + mysql-8.4.1: + container_name: mysql-8.4.1 + image: mysql:8.4.1 + network_mode: host + environment: + MYSQL_ALLOW_EMPTY_PASSWORD: "1" + MYSQL_ROOT_PASSWORD: "" + volumes: + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld + command: > + /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ + /usr/local/bin/docker-entrypoint.sh mysqld \ + --mysql-native-password=ON \ + --ssl-ca=/tls/ca-cert.pem \ + --ssl-cert=/tls/server-cert.pem \ + --ssl-key=/tls/server-key.pem + ' + mysql-9.4.0: + container_name: mysql-9.4.0 + image: mysql:9.4.0 + network_mode: host + environment: + MYSQL_ALLOW_EMPTY_PASSWORD: "1" + MYSQL_ROOT_PASSWORD: "" + volumes: + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld + command: > + /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ + /usr/local/bin/docker-entrypoint.sh mysqld \ + --ssl-ca=/tls/ca-cert.pem \ + --ssl-cert=/tls/server-cert.pem \ + --ssl-key=/tls/server-key.pem + ' From dcdd9e424db8bbd7ba149da06ba965b1ada50548 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 19:42:22 +0200 Subject: [PATCH 04/22] coverage prototype --- .github/workflows/coverage.yml | 31 +++++++++++----------------- tools/ci/docker-compose-coverage.yml | 27 ++++++++++++++++++++++++ 2 files changed, 39 insertions(+), 19 deletions(-) create mode 100644 tools/ci/docker-compose-coverage.yml diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 1b7411701..6f35ea5c2 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -17,27 +17,21 @@ on: jobs: coverage: runs-on: ubuntu-latest - container: - image: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1 - volumes: - - /var/run/mysqld:/var/run/mysqld - services: - mysql: - image: ghcr.io/anarthal/cpp-ci-containers/mysql-8_4_1:1 - ports: - - 3306:3306 - volumes: - - /var/run/mysqld:/var/run/mysqld steps: - name: Fetch code uses: actions/checkout@v4 + - name: Start containers + uses: hoverkraft-tech/compose-action@v2.5.0 + with: + compose-file: ./tools/ci/docker-compose-coverage.yml + - name: Build code run: | - python tools/ci/main.py \ - --source-dir=$(pwd) \ + docker exec builder python tools/ci/main.py \ + --source-dir=/boost-mysql \ b2 \ - --server-host=mysql \ + --server-host=localhost \ --toolset=gcc \ --cxxstd=20 \ --variant=debug \ @@ -47,20 +41,19 @@ jobs: - name: Generate coverage reports shell: bash run: | - cd ~/boost-root/bin.v2 - lcov \ + docker exec builder lcov \ --rc branch_coverage=0 \ --rc geninfo_unexecuted_blocks=1 \ --ignore-errors mismatch \ --gcov-tool gcov-14 \ - --directory . \ + --directory ~/boost-root/bin.v2 \ --capture \ --output-file all.info - lcov \ + docker exec builder lcov \ --rc branch_coverage=0 \ --output-file coverage.info \ --extract all.info '*/boost/mysql*' - sed "s|^SF:$HOME/boost-root/|SF:include/|g" coverage.info > $GITHUB_WORKSPACE/coverage.info + docker exec builder sed "s|^SF:$HOME/boost-root/|SF:include/|g" coverage.info > /boost-mysql/coverage.info - name: Upload coverage reports uses: codecov/codecov-action@v4 diff --git a/tools/ci/docker-compose-coverage.yml b/tools/ci/docker-compose-coverage.yml new file mode 100644 index 000000000..dac47316f --- /dev/null +++ b/tools/ci/docker-compose-coverage.yml @@ -0,0 +1,27 @@ +services: + mysql: + image: mysql:8.4.1 + network_mode: host + environment: + MYSQL_ALLOW_EMPTY_PASSWORD: "1" + MYSQL_ROOT_PASSWORD: "" + volumes: + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld + command: > + /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ + /usr/local/bin/docker-entrypoint.sh mysqld \ + --mysql-native-password=ON \ + --ssl-ca=/tls/ca-cert.pem \ + --ssl-cert=/tls/server-cert.pem \ + --ssl-key=/tls/server-key.pem + ' + builder: + container_name: builder + image: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1 + network_mode: host + tty: true + volumes: + - ./:/boost-mysql + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld From 1d60422c79d76aeab992484c2d29e56e3734121e Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 19:42:40 +0200 Subject: [PATCH 05/22] drone prototype --- .drone.star | 219 +++++++++++++++++++++++++++++++--------------------- 1 file changed, 132 insertions(+), 87 deletions(-) diff --git a/.drone.star b/.drone.star index 087d37cbe..7b83d21d6 100644 --- a/.drone.star +++ b/.drone.star @@ -85,6 +85,8 @@ def _pipeline( disable_aslr=False ): steps = [] + + # Disable ASLR if disable_aslr: steps.append({ "name": "Disable ASLR", @@ -93,6 +95,51 @@ def _pipeline( "privileged": True, "commands": ["echo 0 | tee /proc/sys/kernel/randomize_va_space"] }) + + # Generate certificates + if db != None: + steps.append({ + "name": "Generate certificates", + "image": image, + "pull": "if-not-exists", + "commands": [ + "python tools/ci/gen-certificates.py" + ] + }) + + # Start the database + if db != None: + steps.append({ + "name": "mysql", + "image": db.replace('-', ':'), + "pull": "if-not-exists", + "detached": True, + "environment": { + "MYSQL_ALLOW_EMPTY_PASSWORD": "1", + "MYSQL_ROOT_PASSWORD": "" + }, + "entrypoint": [ + "/bin/bash", + "-c", + r"chown -R mysql:mysql /var/run/mysqld && \ + /usr/local/bin/docker-entrypoint.sh mysqld \ + --ssl-ca=/tls/ca-cert.pem \ + --ssl-cert=/tls/server-cert.pem \ + --ssl-key=/tls/server-key.pem" + ], + "volumes": [ + { + "name": "mysql-socket", + "path": "/var/run/mysqld" + }, + { + "name": "tls-certificates", + "path": "/opt/ci-tls-mysql:/tls" + } + ] + }) + + # Run the build steps.append({ "name": "Build and run", "image": image, @@ -119,18 +166,16 @@ def _pipeline( }, "node": {}, "steps": steps, - "services": [{ - "name": "mysql", - "image": "ghcr.io/anarthal/cpp-ci-containers/{}".format(db), - "volumes": [{ + "volumes": [ + { "name": "mysql-socket", - "path": "/var/run/mysqld" - }] - }] if db != None else [], - "volumes": [{ - "name": "mysql-socket", - "temp": {} - }] if db != None else [] + "temp": {} + }, + { + "name": "tls-certificates", + "temp": {} + } + ] if db != None else [] } @@ -149,7 +194,7 @@ def linux_b2( valgrind=0, arch='amd64', fail_if_no_openssl=1, - db='mysql-8_4_1:1', + db='mysql-8.4.1', ): command = _b2_command( source_dir='$(pwd)', @@ -201,7 +246,7 @@ def windows_b2( def linux_cmake( name, image, - db='mysql-8_4_1:1', + db='mysql-8.4.1', build_shared_libs=0, cmake_build_type='Debug', cxxstd='20', @@ -270,7 +315,7 @@ def bench(name): '--server-host=mysql ' + \ '--connection-pool-iters=1 ' + \ '--protocol-iters=1 ' - return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql-8_4_1:1') + return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql-8.4.1') def docs(name): @@ -285,79 +330,79 @@ def docs(name): def main(ctx): return [ - # CMake Linux - linux_cmake('Linux CMake MySQL 5.x', _image('build-gcc14:1'), db='mysql-5_7_41:1', build_shared_libs=0), - linux_cmake('Linux CMake MariaDB', _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1), - linux_cmake('Linux CMake cmake 3.8', _image('build-cmake3_8:3'), cxxstd='11', install_test=0), - linux_cmake('Linux CMake gcc Release', _image('build-gcc14:1'), cmake_build_type='Release'), - linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'), - linux_cmake_noopenssl('Linux CMake no OpenSSL'), - linux_cmake_nointeg('Linux CMake without integration tests'), - - # CMake Windows - windows_cmake('Windows CMake static', build_shared_libs=0), - windows_cmake('Windows CMake shared', build_shared_libs=1), - - # find_package with B2 distribution - find_package_b2_linux('Linux find_package b2 distribution'), - find_package_b2_windows('Windows find_package b2 distribution'), - - # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever - # Default Ubuntu compilers: - # Ubuntu 16.04: gcc5, clang 3.8 - # Ubuntu 18.04: gcc7, clang 7 - # Ubuntu 20.04: gcc9, clang 10 - # Ubuntu 22.04: gcc11, clang 14 - # Ubuntu 24.04: gcc13, clang 18 - linux_b2('Linux B2 clang-4', _image('build-clang4:1'), toolset='clang-4', cxxstd='14'), - linux_b2('Linux B2 clang-5-honly-dbg', _image('build-clang5:1'), toolset='clang-5', cxxstd='14', separate_compilation=0), - linux_b2('Linux B2 clang-6', _image('build-clang5:1'), toolset='clang-5', cxxstd='14'), - linux_b2('Linux B2 clang-7', _image('build-clang7:2'), toolset='clang-7', cxxstd='14,17'), - linux_b2('Linux B2 clang-8', _image('build-clang8:2'), toolset='clang-8', cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1), - linux_b2('Linux B2 clang-9', _image('build-clang9:2'), toolset='clang-9', cxxstd='17', variant='release'), - linux_b2('Linux B2 clang-10', _image('build-clang10:2'), toolset='clang-10', cxxstd='17,20', variant='debug'), - linux_b2('Linux B2 clang-11', _image('build-clang11:2'), toolset='clang-11', cxxstd='20'), - linux_b2('Linux B2 clang-12', _image('build-clang12:2'), toolset='clang-12', cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1), - linux_b2('Linux B2 clang-13', _image('build-clang13:1'), toolset='clang-13', cxxstd='20', db='mysql-9_4_0:1'), - linux_b2('Linux B2 clang-14', _image('build-clang14:1'), toolset='clang-14', cxxstd='20', variant='debug'), - linux_b2('Linux B2 clang-15', _image('build-clang15:1'), toolset='clang-15', cxxstd='20', variant='debug'), - linux_b2('Linux B2 clang-16', _image('build-clang16:1'), toolset='clang-16', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), - linux_b2('Linux B2 clang-17-honly-rls', _image('build-clang17:1'), toolset='clang-17', cxxstd='20', variant='release', separate_compilation=0), - linux_b2('Linux B2 clang-18-honly-dbg', _image('build-clang18:1'), toolset='clang-18', cxxstd='20', variant='debug', separate_compilation=0), - linux_b2('Linux B2 clang-19-libc++', _image('build-clang19:1'), toolset='clang-19', cxxstd='23', stdlib='libc++'), + # # CMake Linux + # linux_cmake('Linux CMake MySQL 5.x', _image('build-gcc14:1'), db='mysql-5_7_41:1', build_shared_libs=0), + # linux_cmake('Linux CMake MariaDB', _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1), + # linux_cmake('Linux CMake cmake 3.8', _image('build-cmake3_8:3'), cxxstd='11', install_test=0), + # linux_cmake('Linux CMake gcc Release', _image('build-gcc14:1'), cmake_build_type='Release'), + # linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'), + # linux_cmake_noopenssl('Linux CMake no OpenSSL'), + # linux_cmake_nointeg('Linux CMake without integration tests'), + + # # CMake Windows + # windows_cmake('Windows CMake static', build_shared_libs=0), + # windows_cmake('Windows CMake shared', build_shared_libs=1), + + # # find_package with B2 distribution + # find_package_b2_linux('Linux find_package b2 distribution'), + # find_package_b2_windows('Windows find_package b2 distribution'), + + # # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever + # # Default Ubuntu compilers: + # # Ubuntu 16.04: gcc5, clang 3.8 + # # Ubuntu 18.04: gcc7, clang 7 + # # Ubuntu 20.04: gcc9, clang 10 + # # Ubuntu 22.04: gcc11, clang 14 + # # Ubuntu 24.04: gcc13, clang 18 + # linux_b2('Linux B2 clang-4', _image('build-clang4:1'), toolset='clang-4', cxxstd='14'), + # linux_b2('Linux B2 clang-5-honly-dbg', _image('build-clang5:1'), toolset='clang-5', cxxstd='14', separate_compilation=0), + # linux_b2('Linux B2 clang-6', _image('build-clang5:1'), toolset='clang-5', cxxstd='14'), + # linux_b2('Linux B2 clang-7', _image('build-clang7:2'), toolset='clang-7', cxxstd='14,17'), + # linux_b2('Linux B2 clang-8', _image('build-clang8:2'), toolset='clang-8', cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1), + # linux_b2('Linux B2 clang-9', _image('build-clang9:2'), toolset='clang-9', cxxstd='17', variant='release'), + # linux_b2('Linux B2 clang-10', _image('build-clang10:2'), toolset='clang-10', cxxstd='17,20', variant='debug'), + # linux_b2('Linux B2 clang-11', _image('build-clang11:2'), toolset='clang-11', cxxstd='20'), + # linux_b2('Linux B2 clang-12', _image('build-clang12:2'), toolset='clang-12', cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1), + # linux_b2('Linux B2 clang-13', _image('build-clang13:1'), toolset='clang-13', cxxstd='20', db='mysql-9_4_0:1'), + # linux_b2('Linux B2 clang-14', _image('build-clang14:1'), toolset='clang-14', cxxstd='20', variant='debug'), + # linux_b2('Linux B2 clang-15', _image('build-clang15:1'), toolset='clang-15', cxxstd='20', variant='debug'), + # linux_b2('Linux B2 clang-16', _image('build-clang16:1'), toolset='clang-16', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), + # linux_b2('Linux B2 clang-17-honly-rls', _image('build-clang17:1'), toolset='clang-17', cxxstd='20', variant='release', separate_compilation=0), + # linux_b2('Linux B2 clang-18-honly-dbg', _image('build-clang18:1'), toolset='clang-18', cxxstd='20', variant='debug', separate_compilation=0), + # linux_b2('Linux B2 clang-19-libc++', _image('build-clang19:1'), toolset='clang-19', cxxstd='23', stdlib='libc++'), linux_b2('Linux B2 clang-20', _image('build-clang20:1'), toolset='clang-20', cxxstd='23'), - linux_b2('Linux B2 clang-sanit', _image('build-clang20:1'), toolset='clang-20', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), - linux_b2('Linux B2 clang-i386-sanit', _image('build-clang16-i386:1'), toolset='clang-16', cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1), - - linux_b2('Linux B2 gcc-5', _image('build-gcc5:1'), toolset='gcc-5', cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view - linux_b2('Linux B2 gcc-5-ts-executor', _image('build-gcc5:1'), toolset='gcc-5', cxxstd='11', use_ts_executor=1), - linux_b2('Linux B2 gcc-6-honly-dbg', _image('build-gcc6:1'), toolset='gcc-6', cxxstd='14', variant='debug', separate_compilation=0), - linux_b2('Linux B2 gcc-7', _image('build-gcc7:1'), toolset='gcc-7', cxxstd='14,17', variant='debug'), - linux_b2('Linux B2 gcc-8', _image('build-gcc8:1'), toolset='gcc-8', cxxstd='17'), - linux_b2('Linux B2 gcc-9', _image('build-gcc9:1'), toolset='gcc-9', cxxstd='14,17', variant='debug'), - linux_b2('Linux B2 gcc-10', _image('build-gcc10:1'), toolset='gcc-10', cxxstd='17'), - linux_b2('Linux B2 gcc-11', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20'), - linux_b2('Linux B2 gcc-12', _image('build-gcc12:1'), toolset='gcc-12', cxxstd='20,23', variant='debug'), - linux_b2('Linux B2 gcc-13', _image('build-gcc13:1'), toolset='gcc-13', cxxstd='20', db='mysql-9_4_0:1'), - linux_b2('Linux B2 gcc-14', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23'), - linux_b2('Linux B2 gcc-15', _image('build-gcc15:1'), toolset='gcc-15', cxxstd='23'), - linux_b2('Linux B2 gcc-sanit', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1), - linux_b2('Linux B2 gcc-valgrind', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', valgrind=1), - linux_b2('Linux B2 gcc-11-arm64', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20', arch='arm64', variant='release'), - linux_b2('Linux B2 gcc-11-arm64-sanit', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20', arch='arm64', variant='debug'), - linux_b2('Linux B2 noopenssl', _image('build-noopenssl:1'), toolset='gcc', cxxstd='11', fail_if_no_openssl=0), - - # B2 Windows - windows_b2('Windows B2 msvc14.1 32-bit', _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release', address_model='32'), - windows_b2('Windows B2 msvc14.1 64-bit', _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17', variant='release'), - windows_b2('Windows B2 msvc14.2', _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17', variant='release'), - windows_b2('Windows B2 msvc14.3', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20', variant='debug,release'), - windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20', variant='release', use_ts_executor=1), - - # Benchmarks - bench('Benchmarks'), - - # Docs - docs('Linux docs') + # linux_b2('Linux B2 clang-sanit', _image('build-clang20:1'), toolset='clang-20', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), + # linux_b2('Linux B2 clang-i386-sanit', _image('build-clang16-i386:1'), toolset='clang-16', cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1), + + # linux_b2('Linux B2 gcc-5', _image('build-gcc5:1'), toolset='gcc-5', cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view + # linux_b2('Linux B2 gcc-5-ts-executor', _image('build-gcc5:1'), toolset='gcc-5', cxxstd='11', use_ts_executor=1), + # linux_b2('Linux B2 gcc-6-honly-dbg', _image('build-gcc6:1'), toolset='gcc-6', cxxstd='14', variant='debug', separate_compilation=0), + # linux_b2('Linux B2 gcc-7', _image('build-gcc7:1'), toolset='gcc-7', cxxstd='14,17', variant='debug'), + # linux_b2('Linux B2 gcc-8', _image('build-gcc8:1'), toolset='gcc-8', cxxstd='17'), + # linux_b2('Linux B2 gcc-9', _image('build-gcc9:1'), toolset='gcc-9', cxxstd='14,17', variant='debug'), + # linux_b2('Linux B2 gcc-10', _image('build-gcc10:1'), toolset='gcc-10', cxxstd='17'), + # linux_b2('Linux B2 gcc-11', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20'), + # linux_b2('Linux B2 gcc-12', _image('build-gcc12:1'), toolset='gcc-12', cxxstd='20,23', variant='debug'), + # linux_b2('Linux B2 gcc-13', _image('build-gcc13:1'), toolset='gcc-13', cxxstd='20', db='mysql-9_4_0:1'), + # linux_b2('Linux B2 gcc-14', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23'), + # linux_b2('Linux B2 gcc-15', _image('build-gcc15:1'), toolset='gcc-15', cxxstd='23'), + # linux_b2('Linux B2 gcc-sanit', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1), + # linux_b2('Linux B2 gcc-valgrind', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', valgrind=1), + # linux_b2('Linux B2 gcc-11-arm64', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20', arch='arm64', variant='release'), + # linux_b2('Linux B2 gcc-11-arm64-sanit', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20', arch='arm64', variant='debug'), + # linux_b2('Linux B2 noopenssl', _image('build-noopenssl:1'), toolset='gcc', cxxstd='11', fail_if_no_openssl=0), + + # # B2 Windows + # windows_b2('Windows B2 msvc14.1 32-bit', _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release', address_model='32'), + # windows_b2('Windows B2 msvc14.1 64-bit', _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17', variant='release'), + # windows_b2('Windows B2 msvc14.2', _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17', variant='release'), + # windows_b2('Windows B2 msvc14.3', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20', variant='debug,release'), + # windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20', variant='release', use_ts_executor=1), + + # # Benchmarks + # bench('Benchmarks'), + + # # Docs + # docs('Linux docs') ] From 5d477da1fcd222f2d66797fcd02a8f759c2c6b0d Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 19:50:27 +0200 Subject: [PATCH 06/22] Proper volume definitions --- .drone.star | 33 +++++++++++++++++---------------- 1 file changed, 17 insertions(+), 16 deletions(-) diff --git a/.drone.star b/.drone.star index 7b83d21d6..54a834057 100644 --- a/.drone.star +++ b/.drone.star @@ -86,6 +86,18 @@ def _pipeline( ): steps = [] + # Volumes, common to all steps + volumes = [ + { + "name": "mysql-socket", + "path": "/var/run/mysqld" + }, + { + "name": "tls-certificates", + "path": "/tls" + } + ] + # Disable ASLR if disable_aslr: steps.append({ @@ -102,8 +114,9 @@ def _pipeline( "name": "Generate certificates", "image": image, "pull": "if-not-exists", + "volumes": volumes, "commands": [ - "python tools/ci/gen-certificates.py" + "python tools/ci/gen-certificates.py /tls" ] }) @@ -127,16 +140,7 @@ def _pipeline( --ssl-cert=/tls/server-cert.pem \ --ssl-key=/tls/server-key.pem" ], - "volumes": [ - { - "name": "mysql-socket", - "path": "/var/run/mysqld" - }, - { - "name": "tls-certificates", - "path": "/opt/ci-tls-mysql:/tls" - } - ] + "volumes": volumes }) # Run the build @@ -145,10 +149,7 @@ def _pipeline( "image": image, "pull": "if-not-exists", "privileged": arch == "arm64", # TSAN tests fail otherwise (personality syscall) - "volumes":[{ - "name": "mysql-socket", - "path": "/var/run/mysqld" - }] if db != None else [], + "volumes": volumes, "commands": [command] }) @@ -175,7 +176,7 @@ def _pipeline( "name": "tls-certificates", "temp": {} } - ] if db != None else [] + ] } From 0374bcf2d22a6647b22c72beb80860f4804b9f54 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 19:51:32 +0200 Subject: [PATCH 07/22] Fully qualify path --- .github/workflows/coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 6f35ea5c2..70aea6a14 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -28,7 +28,7 @@ jobs: - name: Build code run: | - docker exec builder python tools/ci/main.py \ + docker exec builder python /boost-mysql/tools/ci/main.py \ --source-dir=/boost-mysql \ b2 \ --server-host=localhost \ From 75be3610e60970fdefe9b0d080c92115dd5b31b4 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 19:59:09 +0200 Subject: [PATCH 08/22] Debugging drone --- .drone.star | 6 +----- 1 file changed, 1 insertion(+), 5 deletions(-) diff --git a/.drone.star b/.drone.star index 54a834057..983e31c1c 100644 --- a/.drone.star +++ b/.drone.star @@ -134,11 +134,7 @@ def _pipeline( "entrypoint": [ "/bin/bash", "-c", - r"chown -R mysql:mysql /var/run/mysqld && \ - /usr/local/bin/docker-entrypoint.sh mysqld \ - --ssl-ca=/tls/ca-cert.pem \ - --ssl-cert=/tls/server-cert.pem \ - --ssl-key=/tls/server-key.pem" + "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld --ssl-ca=/tls/ca-cert.pem --ssl-cert=/tls/server-cert.pem --ssl-key=/tls/server-key.pem" ], "volumes": volumes }) From 83fb7512d892df9612fad28ed77a30f255052afc Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:01:01 +0200 Subject: [PATCH 09/22] Fix detach --- .drone.star | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.drone.star b/.drone.star index 983e31c1c..2198db6d9 100644 --- a/.drone.star +++ b/.drone.star @@ -126,7 +126,7 @@ def _pipeline( "name": "mysql", "image": db.replace('-', ':'), "pull": "if-not-exists", - "detached": True, + "detach": True, "environment": { "MYSQL_ALLOW_EMPTY_PASSWORD": "1", "MYSQL_ROOT_PASSWORD": "" From b1b46eb4fb09205eebd3363da0ef0276fb2ff472 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:07:01 +0200 Subject: [PATCH 10/22] Proper coverage volume dir --- tools/ci/docker-compose-coverage.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/ci/docker-compose-coverage.yml b/tools/ci/docker-compose-coverage.yml index dac47316f..4b0df9185 100644 --- a/tools/ci/docker-compose-coverage.yml +++ b/tools/ci/docker-compose-coverage.yml @@ -22,6 +22,6 @@ services: network_mode: host tty: true volumes: - - ./:/boost-mysql + - ../../:/boost-mysql - /opt/ci-tls-mysql:/tls - /var/run/mysqld:/var/run/mysqld From 735cbaadc8c0895328dcb0a4119ba4817a1a713c Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:12:33 +0200 Subject: [PATCH 11/22] enable mysql_native_password --- .drone.star | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/.drone.star b/.drone.star index 2198db6d9..ed6d80233 100644 --- a/.drone.star +++ b/.drone.star @@ -134,7 +134,11 @@ def _pipeline( "entrypoint": [ "/bin/bash", "-c", - "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld --ssl-ca=/tls/ca-cert.pem --ssl-cert=/tls/server-cert.pem --ssl-key=/tls/server-key.pem" + "chown -R mysql:mysql /var/run/mysqld /usr/local/bin/docker-entrypoint.sh mysqld " \ + "--ssl-ca=/tls/ca-cert.pem "\ + "--ssl-cert=/tls/server-cert.pem " \ + "--ssl-key=/tls/server-key.pem " \ + "--mysql-native-password=ON" ], "volumes": volumes }) From 9b2c9d2fecbee6da8128d7ce2a9df228dd96782d Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:22:11 +0200 Subject: [PATCH 12/22] Generic entry point --- .drone.star | 35 ++++++++++++++++++++++++++--------- 1 file changed, 26 insertions(+), 9 deletions(-) diff --git a/.drone.star b/.drone.star index ed6d80233..ac2b8348c 100644 --- a/.drone.star +++ b/.drone.star @@ -75,6 +75,27 @@ def _find_package_b2_command(source_dir, generator): '--generator="{}" '.format(generator) +def _make_entrypoint(db): + if db.startswith('mysql:'): + # MySQL generic. Sanitize UNIX socket permissions and launch the server with the adequate TLS files + res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld " \ + "--ssl-ca=/tls/ca-cert.pem "\ + "--ssl-cert=/tls/server-cert.pem " \ + "--ssl-key=/tls/server-key.pem " + if db.startswith('mysql:8.'): + # v8.x needs this flag to enable mysql_native_password + res += "--mysql-native-password=ON" + else: + # MariaDB changed the default socket path, so we provide it explicitly + res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mariadbd " \ + "--ssl-ca=/tls/ca-cert.pem "\ + "--ssl-cert=/tls/server-cert.pem " \ + "--ssl-key=/tls/server-key.pem " \ + "--socket=/var/run/mysqld/mysqld.sock" + + return res + + def _pipeline( name, image, @@ -124,7 +145,7 @@ def _pipeline( if db != None: steps.append({ "name": "mysql", - "image": db.replace('-', ':'), + "image": db, "pull": "if-not-exists", "detach": True, "environment": { @@ -134,11 +155,7 @@ def _pipeline( "entrypoint": [ "/bin/bash", "-c", - "chown -R mysql:mysql /var/run/mysqld /usr/local/bin/docker-entrypoint.sh mysqld " \ - "--ssl-ca=/tls/ca-cert.pem "\ - "--ssl-cert=/tls/server-cert.pem " \ - "--ssl-key=/tls/server-key.pem " \ - "--mysql-native-password=ON" + _make_entrypoint(db) ], "volumes": volumes }) @@ -195,7 +212,7 @@ def linux_b2( valgrind=0, arch='amd64', fail_if_no_openssl=1, - db='mysql-8.4.1', + db='mysql:8.4.1', ): command = _b2_command( source_dir='$(pwd)', @@ -247,7 +264,7 @@ def windows_b2( def linux_cmake( name, image, - db='mysql-8.4.1', + db='mysql:8.4.1', build_shared_libs=0, cmake_build_type='Debug', cxxstd='20', @@ -316,7 +333,7 @@ def bench(name): '--server-host=mysql ' + \ '--connection-pool-iters=1 ' + \ '--protocol-iters=1 ' - return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql-8.4.1') + return _pipeline(name=name, image=_image('build-bench:1'), os='linux', command=command, db='mysql:8.4.1') def docs(name): From 340d8a7cf5373a9a01ce4dec4923ef1ce5f56cc5 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:26:05 +0200 Subject: [PATCH 13/22] adjust OSX build --- tools/osx-ci.cnf | 6 +++--- tools/setup_db_osx.sh | 6 ++++-- 2 files changed, 7 insertions(+), 5 deletions(-) diff --git a/tools/osx-ci.cnf b/tools/osx-ci.cnf index 146021e23..11d9d493c 100644 --- a/tools/osx-ci.cnf +++ b/tools/osx-ci.cnf @@ -7,9 +7,9 @@ [mysqld] socket=/var/run/mysqld/mysqld.sock -ssl-ca=/etc/ssl/certs/mysql/ca-cert.pem -ssl-cert=/etc/ssl/certs/mysql/server-cert.pem -ssl-key=/etc/ssl/certs/mysql/server-key.pem +ssl-ca=/tmp/mysql-tls/ca-cert.pem +ssl-cert=/tmp/mysql-tls/server-cert.pem +ssl-key=/tmp/mysql-tls/server-key.pem [client] socket=/var/run/mysqld/mysqld.sock \ No newline at end of file diff --git a/tools/setup_db_osx.sh b/tools/setup_db_osx.sh index 6ec0b1436..3a5037820 100644 --- a/tools/setup_db_osx.sh +++ b/tools/setup_db_osx.sh @@ -13,10 +13,12 @@ brew install mysql@8.0 export PATH="/opt/homebrew/opt/mysql@8.0/bin:$PATH" +# Generate the certificates +mkdir -p /tmp/mysql-tls +python tools/ci/generate-certificates.py /tmp/mysql-tls + # Copy config files and set up paths cp tools/osx-ci.cnf ~/.my.cnf -sudo mkdir -p /etc/ssl/certs/mysql/ -sudo cp tools/ssl/*.pem /etc/ssl/certs/mysql/ sudo mkdir -p /var/run/mysqld/ sudo chmod 777 /var/run/mysqld/ From 8ba6a71dea96b06a9855e772db2a2c98871ad90d Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:35:54 +0200 Subject: [PATCH 14/22] Fuzz job --- .github/workflows/fuzz.yml | 38 +++++++++++++++----------------- tools/ci/docker-compose-fuzz.yml | 27 +++++++++++++++++++++++ 2 files changed, 45 insertions(+), 20 deletions(-) create mode 100644 tools/ci/docker-compose-fuzz.yml diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index e9aa8ce95..1d6bf30c4 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -10,7 +10,7 @@ name: fuzz on: push: branches: [develop, master] - tags: ['*'] + tags: ["*"] pull_request: workflow_dispatch: schedule: @@ -19,35 +19,33 @@ on: jobs: fuzz: runs-on: ubuntu-latest - container: - image: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1 - volumes: - - /var/run/mysqld:/var/run/mysqld - services: - mysql: - image: ghcr.io/anarthal/cpp-ci-containers/mysql-8_4_1:1 - ports: - - 3306:3306 - volumes: - - /var/run/mysqld:/var/run/mysqld steps: - name: Fetch code uses: actions/checkout@v4 + - name: Start containers + uses: hoverkraft-tech/compose-action@v2.5.0 + with: + compose-file: ./tools/ci/docker-compose-fuzz.yml + - name: Restore corpus uses: actions/cache@v4 with: path: /tmp/corpus.tar.gz key: corpus-${{ github.run_id }} restore-keys: corpus- - + # Note: this will take care of using the corpus and updating it - name: Build and run the fuzzer run: | - python tools/ci/main.py \ - --source-dir=$(pwd) \ - fuzz \ - --server-host=mysql + docker exec builder python /boost-mysql/tools/ci/main.py \ + --source-dir=/boost-mysql \ + fuzz + + - name: Copy crashes from container + if: always() + run: | + docker exec builder bash -c 'cp /root/boost-root/crash-* /root/boost-root/leak-* /root/boost-root/timeout-* /boost-mysql/' - name: Archive any crashes as an artifact uses: actions/upload-artifact@v4 @@ -55,7 +53,7 @@ jobs: with: name: crashes path: | - ~/boost-root/crash-* - ~/boost-root/leak-* - ~/boost-root/timeout-* + crash-* + leak-* + timeout-* if-no-files-found: ignore diff --git a/tools/ci/docker-compose-fuzz.yml b/tools/ci/docker-compose-fuzz.yml new file mode 100644 index 000000000..9e5e1ae3a --- /dev/null +++ b/tools/ci/docker-compose-fuzz.yml @@ -0,0 +1,27 @@ +services: + mysql: + image: mysql:8.4.1 + network_mode: host + environment: + MYSQL_ALLOW_EMPTY_PASSWORD: "1" + MYSQL_ROOT_PASSWORD: "" + volumes: + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld + command: > + /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ + /usr/local/bin/docker-entrypoint.sh mysqld \ + --mysql-native-password=ON \ + --ssl-ca=/tls/ca-cert.pem \ + --ssl-cert=/tls/server-cert.pem \ + --ssl-key=/tls/server-key.pem + ' + builder: + container_name: builder + image: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1 + network_mode: host + tty: true + volumes: + - ../../:/boost-mysql + - /opt/ci-tls-mysql:/tls + - /var/run/mysqld:/var/run/mysqld From 711946aeb0eec3e8c29e8acef1769b042552c0ca Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:36:30 +0200 Subject: [PATCH 15/22] Remove docker compose --- tools/scripts/docker-compose.yml | 54 -------------------------------- 1 file changed, 54 deletions(-) delete mode 100644 tools/scripts/docker-compose.yml diff --git a/tools/scripts/docker-compose.yml b/tools/scripts/docker-compose.yml deleted file mode 100644 index c83ebeb88..000000000 --- a/tools/scripts/docker-compose.yml +++ /dev/null @@ -1,54 +0,0 @@ -services: - mysql-5.7.41: - container_name: mysql-5.7.41 - image: mysql:5.7.41 - network_mode: host - environment: - MYSQL_ALLOW_EMPTY_PASSWORD: "1" - MYSQL_ROOT_PASSWORD: "" - volumes: - - /opt/ci-tls-mysql:/tls - - /var/run/mysqld:/var/run/mysqld - command: > - /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ - /usr/local/bin/docker-entrypoint.sh mysqld \ - --ssl-ca=/tls/ca-cert.pem \ - --ssl-cert=/tls/server-cert.pem \ - --ssl-key=/tls/server-key.pem - ' - - mysql-8.4.1: - container_name: mysql-8.4.1 - image: mysql:8.4.1 - network_mode: host - environment: - MYSQL_ALLOW_EMPTY_PASSWORD: "1" - MYSQL_ROOT_PASSWORD: "" - volumes: - - /opt/ci-tls-mysql:/tls - - /var/run/mysqld:/var/run/mysqld - command: > - /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ - /usr/local/bin/docker-entrypoint.sh mysqld \ - --mysql-native-password=ON \ - --ssl-ca=/tls/ca-cert.pem \ - --ssl-cert=/tls/server-cert.pem \ - --ssl-key=/tls/server-key.pem - ' - mysql-9.4.0: - container_name: mysql-9.4.0 - image: mysql:9.4.0 - network_mode: host - environment: - MYSQL_ALLOW_EMPTY_PASSWORD: "1" - MYSQL_ROOT_PASSWORD: "" - volumes: - - /opt/ci-tls-mysql:/tls - - /var/run/mysqld:/var/run/mysqld - command: > - /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ - /usr/local/bin/docker-entrypoint.sh mysqld \ - --ssl-ca=/tls/ca-cert.pem \ - --ssl-cert=/tls/server-cert.pem \ - --ssl-key=/tls/server-key.pem - ' From 77d4170e5353fca95f585760bbe0b042a67deaaf Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:38:12 +0200 Subject: [PATCH 16/22] Reduce compose duplication --- .github/workflows/coverage.yml | 4 ++- .github/workflows/fuzz.yml | 4 ++- tools/ci/docker-compose-coverage.yml | 27 ------------------- ...er-compose-fuzz.yml => docker-compose.yml} | 2 +- 4 files changed, 7 insertions(+), 30 deletions(-) delete mode 100644 tools/ci/docker-compose-coverage.yml rename tools/ci/{docker-compose-fuzz.yml => docker-compose.yml} (92%) diff --git a/.github/workflows/coverage.yml b/.github/workflows/coverage.yml index 70aea6a14..c4394922d 100644 --- a/.github/workflows/coverage.yml +++ b/.github/workflows/coverage.yml @@ -24,7 +24,9 @@ jobs: - name: Start containers uses: hoverkraft-tech/compose-action@v2.5.0 with: - compose-file: ./tools/ci/docker-compose-coverage.yml + compose-file: ./tools/ci/docker-compose.yml + env: + BUILDER_IMAGE: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1 - name: Build code run: | diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index 1d6bf30c4..d99c64f38 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -26,7 +26,9 @@ jobs: - name: Start containers uses: hoverkraft-tech/compose-action@v2.5.0 with: - compose-file: ./tools/ci/docker-compose-fuzz.yml + compose-file: ./tools/ci/docker-compose.yml + env: + BUILDER_IMAGE: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1 - name: Restore corpus uses: actions/cache@v4 diff --git a/tools/ci/docker-compose-coverage.yml b/tools/ci/docker-compose-coverage.yml deleted file mode 100644 index 4b0df9185..000000000 --- a/tools/ci/docker-compose-coverage.yml +++ /dev/null @@ -1,27 +0,0 @@ -services: - mysql: - image: mysql:8.4.1 - network_mode: host - environment: - MYSQL_ALLOW_EMPTY_PASSWORD: "1" - MYSQL_ROOT_PASSWORD: "" - volumes: - - /opt/ci-tls-mysql:/tls - - /var/run/mysqld:/var/run/mysqld - command: > - /bin/bash -c 'chown -R mysql:mysql /var/run/mysqld && \ - /usr/local/bin/docker-entrypoint.sh mysqld \ - --mysql-native-password=ON \ - --ssl-ca=/tls/ca-cert.pem \ - --ssl-cert=/tls/server-cert.pem \ - --ssl-key=/tls/server-key.pem - ' - builder: - container_name: builder - image: ghcr.io/anarthal/cpp-ci-containers/build-gcc14-lcov:1 - network_mode: host - tty: true - volumes: - - ../../:/boost-mysql - - /opt/ci-tls-mysql:/tls - - /var/run/mysqld:/var/run/mysqld diff --git a/tools/ci/docker-compose-fuzz.yml b/tools/ci/docker-compose.yml similarity index 92% rename from tools/ci/docker-compose-fuzz.yml rename to tools/ci/docker-compose.yml index 9e5e1ae3a..be147b5e9 100644 --- a/tools/ci/docker-compose-fuzz.yml +++ b/tools/ci/docker-compose.yml @@ -18,7 +18,7 @@ services: ' builder: container_name: builder - image: ghcr.io/anarthal/cpp-ci-containers/build-clang18:1 + image: ${BUILDER_IMAGE} network_mode: host tty: true volumes: From 3198101e580581abe481568e3235f7f208b37bb2 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:39:23 +0200 Subject: [PATCH 17/22] Fix multiline string literals --- .drone.star | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) diff --git a/.drone.star b/.drone.star index ac2b8348c..772ede7d8 100644 --- a/.drone.star +++ b/.drone.star @@ -78,19 +78,19 @@ def _find_package_b2_command(source_dir, generator): def _make_entrypoint(db): if db.startswith('mysql:'): # MySQL generic. Sanitize UNIX socket permissions and launch the server with the adequate TLS files - res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld " \ - "--ssl-ca=/tls/ca-cert.pem "\ - "--ssl-cert=/tls/server-cert.pem " \ + res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mysqld " + \ + "--ssl-ca=/tls/ca-cert.pem " + \ + "--ssl-cert=/tls/server-cert.pem " + \ "--ssl-key=/tls/server-key.pem " if db.startswith('mysql:8.'): # v8.x needs this flag to enable mysql_native_password res += "--mysql-native-password=ON" else: # MariaDB changed the default socket path, so we provide it explicitly - res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mariadbd " \ - "--ssl-ca=/tls/ca-cert.pem "\ - "--ssl-cert=/tls/server-cert.pem " \ - "--ssl-key=/tls/server-key.pem " \ + res = "chown -R mysql:mysql /var/run/mysqld && /usr/local/bin/docker-entrypoint.sh mariadbd " + \ + "--ssl-ca=/tls/ca-cert.pem " + \ + "--ssl-cert=/tls/server-cert.pem " + \ + "--ssl-key=/tls/server-key.pem " + \ "--socket=/var/run/mysqld/mysqld.sock" return res From 4b188a504fcd50eb145b8dc346af1f0e886d9673 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:40:22 +0200 Subject: [PATCH 18/22] recover drone jobs --- .drone.star | 146 ++++++++++++++++++++++++++-------------------------- 1 file changed, 73 insertions(+), 73 deletions(-) diff --git a/.drone.star b/.drone.star index 772ede7d8..d0d243a7c 100644 --- a/.drone.star +++ b/.drone.star @@ -348,79 +348,79 @@ def docs(name): def main(ctx): return [ - # # CMake Linux - # linux_cmake('Linux CMake MySQL 5.x', _image('build-gcc14:1'), db='mysql-5_7_41:1', build_shared_libs=0), - # linux_cmake('Linux CMake MariaDB', _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1), - # linux_cmake('Linux CMake cmake 3.8', _image('build-cmake3_8:3'), cxxstd='11', install_test=0), - # linux_cmake('Linux CMake gcc Release', _image('build-gcc14:1'), cmake_build_type='Release'), - # linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'), - # linux_cmake_noopenssl('Linux CMake no OpenSSL'), - # linux_cmake_nointeg('Linux CMake without integration tests'), - - # # CMake Windows - # windows_cmake('Windows CMake static', build_shared_libs=0), - # windows_cmake('Windows CMake shared', build_shared_libs=1), - - # # find_package with B2 distribution - # find_package_b2_linux('Linux find_package b2 distribution'), - # find_package_b2_windows('Windows find_package b2 distribution'), - - # # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever - # # Default Ubuntu compilers: - # # Ubuntu 16.04: gcc5, clang 3.8 - # # Ubuntu 18.04: gcc7, clang 7 - # # Ubuntu 20.04: gcc9, clang 10 - # # Ubuntu 22.04: gcc11, clang 14 - # # Ubuntu 24.04: gcc13, clang 18 - # linux_b2('Linux B2 clang-4', _image('build-clang4:1'), toolset='clang-4', cxxstd='14'), - # linux_b2('Linux B2 clang-5-honly-dbg', _image('build-clang5:1'), toolset='clang-5', cxxstd='14', separate_compilation=0), - # linux_b2('Linux B2 clang-6', _image('build-clang5:1'), toolset='clang-5', cxxstd='14'), - # linux_b2('Linux B2 clang-7', _image('build-clang7:2'), toolset='clang-7', cxxstd='14,17'), - # linux_b2('Linux B2 clang-8', _image('build-clang8:2'), toolset='clang-8', cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1), - # linux_b2('Linux B2 clang-9', _image('build-clang9:2'), toolset='clang-9', cxxstd='17', variant='release'), - # linux_b2('Linux B2 clang-10', _image('build-clang10:2'), toolset='clang-10', cxxstd='17,20', variant='debug'), - # linux_b2('Linux B2 clang-11', _image('build-clang11:2'), toolset='clang-11', cxxstd='20'), - # linux_b2('Linux B2 clang-12', _image('build-clang12:2'), toolset='clang-12', cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1), - # linux_b2('Linux B2 clang-13', _image('build-clang13:1'), toolset='clang-13', cxxstd='20', db='mysql-9_4_0:1'), - # linux_b2('Linux B2 clang-14', _image('build-clang14:1'), toolset='clang-14', cxxstd='20', variant='debug'), - # linux_b2('Linux B2 clang-15', _image('build-clang15:1'), toolset='clang-15', cxxstd='20', variant='debug'), - # linux_b2('Linux B2 clang-16', _image('build-clang16:1'), toolset='clang-16', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), - # linux_b2('Linux B2 clang-17-honly-rls', _image('build-clang17:1'), toolset='clang-17', cxxstd='20', variant='release', separate_compilation=0), - # linux_b2('Linux B2 clang-18-honly-dbg', _image('build-clang18:1'), toolset='clang-18', cxxstd='20', variant='debug', separate_compilation=0), - # linux_b2('Linux B2 clang-19-libc++', _image('build-clang19:1'), toolset='clang-19', cxxstd='23', stdlib='libc++'), + # CMake Linux + linux_cmake('Linux CMake MySQL 5.x', _image('build-gcc14:1'), db='mysql-5_7_41:1', build_shared_libs=0), + linux_cmake('Linux CMake MariaDB', _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1), + linux_cmake('Linux CMake cmake 3.8', _image('build-cmake3_8:3'), cxxstd='11', install_test=0), + linux_cmake('Linux CMake gcc Release', _image('build-gcc14:1'), cmake_build_type='Release'), + linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'), + linux_cmake_noopenssl('Linux CMake no OpenSSL'), + linux_cmake_nointeg('Linux CMake without integration tests'), + + # CMake Windows + windows_cmake('Windows CMake static', build_shared_libs=0), + windows_cmake('Windows CMake shared', build_shared_libs=1), + + # find_package with B2 distribution + find_package_b2_linux('Linux find_package b2 distribution'), + find_package_b2_windows('Windows find_package b2 distribution'), + + # B2 Linux. Please try to keep this below 3 configurations per build so CI doesn't take forever + # Default Ubuntu compilers: + # Ubuntu 16.04: gcc5, clang 3.8 + # Ubuntu 18.04: gcc7, clang 7 + # Ubuntu 20.04: gcc9, clang 10 + # Ubuntu 22.04: gcc11, clang 14 + # Ubuntu 24.04: gcc13, clang 18 + linux_b2('Linux B2 clang-4', _image('build-clang4:1'), toolset='clang-4', cxxstd='14'), + linux_b2('Linux B2 clang-5-honly-dbg', _image('build-clang5:1'), toolset='clang-5', cxxstd='14', separate_compilation=0), + linux_b2('Linux B2 clang-6', _image('build-clang5:1'), toolset='clang-5', cxxstd='14'), + linux_b2('Linux B2 clang-7', _image('build-clang7:2'), toolset='clang-7', cxxstd='14,17'), + linux_b2('Linux B2 clang-8', _image('build-clang8:2'), toolset='clang-8', cxxstd='14', variant='debug', address_sanitizer=1, undefined_sanitizer=1), + linux_b2('Linux B2 clang-9', _image('build-clang9:2'), toolset='clang-9', cxxstd='17', variant='release'), + linux_b2('Linux B2 clang-10', _image('build-clang10:2'), toolset='clang-10', cxxstd='17,20', variant='debug'), + linux_b2('Linux B2 clang-11', _image('build-clang11:2'), toolset='clang-11', cxxstd='20'), + linux_b2('Linux B2 clang-12', _image('build-clang12:2'), toolset='clang-12', cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1), + linux_b2('Linux B2 clang-13', _image('build-clang13:1'), toolset='clang-13', cxxstd='20', db='mysql-9_4_0:1'), + linux_b2('Linux B2 clang-14', _image('build-clang14:1'), toolset='clang-14', cxxstd='20', variant='debug'), + linux_b2('Linux B2 clang-15', _image('build-clang15:1'), toolset='clang-15', cxxstd='20', variant='debug'), + linux_b2('Linux B2 clang-16', _image('build-clang16:1'), toolset='clang-16', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), + linux_b2('Linux B2 clang-17-honly-rls', _image('build-clang17:1'), toolset='clang-17', cxxstd='20', variant='release', separate_compilation=0), + linux_b2('Linux B2 clang-18-honly-dbg', _image('build-clang18:1'), toolset='clang-18', cxxstd='20', variant='debug', separate_compilation=0), + linux_b2('Linux B2 clang-19-libc++', _image('build-clang19:1'), toolset='clang-19', cxxstd='23', stdlib='libc++'), linux_b2('Linux B2 clang-20', _image('build-clang20:1'), toolset='clang-20', cxxstd='23'), - # linux_b2('Linux B2 clang-sanit', _image('build-clang20:1'), toolset='clang-20', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), - # linux_b2('Linux B2 clang-i386-sanit', _image('build-clang16-i386:1'), toolset='clang-16', cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1), - - # linux_b2('Linux B2 gcc-5', _image('build-gcc5:1'), toolset='gcc-5', cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view - # linux_b2('Linux B2 gcc-5-ts-executor', _image('build-gcc5:1'), toolset='gcc-5', cxxstd='11', use_ts_executor=1), - # linux_b2('Linux B2 gcc-6-honly-dbg', _image('build-gcc6:1'), toolset='gcc-6', cxxstd='14', variant='debug', separate_compilation=0), - # linux_b2('Linux B2 gcc-7', _image('build-gcc7:1'), toolset='gcc-7', cxxstd='14,17', variant='debug'), - # linux_b2('Linux B2 gcc-8', _image('build-gcc8:1'), toolset='gcc-8', cxxstd='17'), - # linux_b2('Linux B2 gcc-9', _image('build-gcc9:1'), toolset='gcc-9', cxxstd='14,17', variant='debug'), - # linux_b2('Linux B2 gcc-10', _image('build-gcc10:1'), toolset='gcc-10', cxxstd='17'), - # linux_b2('Linux B2 gcc-11', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20'), - # linux_b2('Linux B2 gcc-12', _image('build-gcc12:1'), toolset='gcc-12', cxxstd='20,23', variant='debug'), - # linux_b2('Linux B2 gcc-13', _image('build-gcc13:1'), toolset='gcc-13', cxxstd='20', db='mysql-9_4_0:1'), - # linux_b2('Linux B2 gcc-14', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23'), - # linux_b2('Linux B2 gcc-15', _image('build-gcc15:1'), toolset='gcc-15', cxxstd='23'), - # linux_b2('Linux B2 gcc-sanit', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1), - # linux_b2('Linux B2 gcc-valgrind', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', valgrind=1), - # linux_b2('Linux B2 gcc-11-arm64', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20', arch='arm64', variant='release'), - # linux_b2('Linux B2 gcc-11-arm64-sanit', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20', arch='arm64', variant='debug'), - # linux_b2('Linux B2 noopenssl', _image('build-noopenssl:1'), toolset='gcc', cxxstd='11', fail_if_no_openssl=0), - - # # B2 Windows - # windows_b2('Windows B2 msvc14.1 32-bit', _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release', address_model='32'), - # windows_b2('Windows B2 msvc14.1 64-bit', _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17', variant='release'), - # windows_b2('Windows B2 msvc14.2', _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17', variant='release'), - # windows_b2('Windows B2 msvc14.3', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20', variant='debug,release'), - # windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20', variant='release', use_ts_executor=1), - - # # Benchmarks - # bench('Benchmarks'), - - # # Docs - # docs('Linux docs') + linux_b2('Linux B2 clang-sanit', _image('build-clang20:1'), toolset='clang-20', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), + linux_b2('Linux B2 clang-i386-sanit', _image('build-clang16-i386:1'), toolset='clang-16', cxxstd='20', variant='debug', address_model='32', address_sanitizer=1, undefined_sanitizer=1), + + linux_b2('Linux B2 gcc-5', _image('build-gcc5:1'), toolset='gcc-5', cxxstd='11'), # gcc-5 C++14 doesn't like my constexpr field_view + linux_b2('Linux B2 gcc-5-ts-executor', _image('build-gcc5:1'), toolset='gcc-5', cxxstd='11', use_ts_executor=1), + linux_b2('Linux B2 gcc-6-honly-dbg', _image('build-gcc6:1'), toolset='gcc-6', cxxstd='14', variant='debug', separate_compilation=0), + linux_b2('Linux B2 gcc-7', _image('build-gcc7:1'), toolset='gcc-7', cxxstd='14,17', variant='debug'), + linux_b2('Linux B2 gcc-8', _image('build-gcc8:1'), toolset='gcc-8', cxxstd='17'), + linux_b2('Linux B2 gcc-9', _image('build-gcc9:1'), toolset='gcc-9', cxxstd='14,17', variant='debug'), + linux_b2('Linux B2 gcc-10', _image('build-gcc10:1'), toolset='gcc-10', cxxstd='17'), + linux_b2('Linux B2 gcc-11', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20'), + linux_b2('Linux B2 gcc-12', _image('build-gcc12:1'), toolset='gcc-12', cxxstd='20,23', variant='debug'), + linux_b2('Linux B2 gcc-13', _image('build-gcc13:1'), toolset='gcc-13', cxxstd='20', db='mysql-9_4_0:1'), + linux_b2('Linux B2 gcc-14', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23'), + linux_b2('Linux B2 gcc-15', _image('build-gcc15:1'), toolset='gcc-15', cxxstd='23'), + linux_b2('Linux B2 gcc-sanit', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1), + linux_b2('Linux B2 gcc-valgrind', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', valgrind=1), + linux_b2('Linux B2 gcc-11-arm64', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20', arch='arm64', variant='release'), + linux_b2('Linux B2 gcc-11-arm64-sanit', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20', arch='arm64', variant='debug'), + linux_b2('Linux B2 noopenssl', _image('build-noopenssl:1'), toolset='gcc', cxxstd='11', fail_if_no_openssl=0), + + # B2 Windows + windows_b2('Windows B2 msvc14.1 32-bit', _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='11,14,17', variant='release', address_model='32'), + windows_b2('Windows B2 msvc14.1 64-bit', _win_image('build-msvc14_1'), toolset='msvc-14.1', cxxstd='14,17', variant='release'), + windows_b2('Windows B2 msvc14.2', _win_image('build-msvc14_2'), toolset='msvc-14.2', cxxstd='14,17', variant='release'), + windows_b2('Windows B2 msvc14.3', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='17,20', variant='debug,release'), + windows_b2('Windows B2 msvc14.3-ts-executor', _win_image('build-msvc14_3'), toolset='msvc-14.3', cxxstd='20', variant='release', use_ts_executor=1), + + # Benchmarks + bench('Benchmarks'), + + # Docs + docs('Linux docs') ] From 0f4f1c7a847a076d4e138e9fba852e6b8c0f5677 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Sun, 29 Mar 2026 20:41:54 +0200 Subject: [PATCH 19/22] Fix DB versions --- .drone.star | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.drone.star b/.drone.star index d0d243a7c..54bfada89 100644 --- a/.drone.star +++ b/.drone.star @@ -349,8 +349,8 @@ def docs(name): def main(ctx): return [ # CMake Linux - linux_cmake('Linux CMake MySQL 5.x', _image('build-gcc14:1'), db='mysql-5_7_41:1', build_shared_libs=0), - linux_cmake('Linux CMake MariaDB', _image('build-gcc14:1'), db='mariadb-11_4_2:1', build_shared_libs=1), + linux_cmake('Linux CMake MySQL 5.x', _image('build-gcc14:1'), db='mysql:5.7.41', build_shared_libs=0), + linux_cmake('Linux CMake MariaDB', _image('build-gcc14:1'), db='mariadb:11.4.2', build_shared_libs=1), linux_cmake('Linux CMake cmake 3.8', _image('build-cmake3_8:3'), cxxstd='11', install_test=0), linux_cmake('Linux CMake gcc Release', _image('build-gcc14:1'), cmake_build_type='Release'), linux_cmake('Linux CMake gcc MinSizeRel', _image('build-gcc14:1'), cmake_build_type='MinSizeRel'), @@ -381,7 +381,7 @@ def main(ctx): linux_b2('Linux B2 clang-10', _image('build-clang10:2'), toolset='clang-10', cxxstd='17,20', variant='debug'), linux_b2('Linux B2 clang-11', _image('build-clang11:2'), toolset='clang-11', cxxstd='20'), linux_b2('Linux B2 clang-12', _image('build-clang12:2'), toolset='clang-12', cxxstd='20', variant='debug', stdlib='libc++', address_sanitizer=1, undefined_sanitizer=1), - linux_b2('Linux B2 clang-13', _image('build-clang13:1'), toolset='clang-13', cxxstd='20', db='mysql-9_4_0:1'), + linux_b2('Linux B2 clang-13', _image('build-clang13:1'), toolset='clang-13', cxxstd='20', db='mysql:9.4.0'), linux_b2('Linux B2 clang-14', _image('build-clang14:1'), toolset='clang-14', cxxstd='20', variant='debug'), linux_b2('Linux B2 clang-15', _image('build-clang15:1'), toolset='clang-15', cxxstd='20', variant='debug'), linux_b2('Linux B2 clang-16', _image('build-clang16:1'), toolset='clang-16', cxxstd='20', variant='debug', address_sanitizer=1, undefined_sanitizer=1), @@ -401,7 +401,7 @@ def main(ctx): linux_b2('Linux B2 gcc-10', _image('build-gcc10:1'), toolset='gcc-10', cxxstd='17'), linux_b2('Linux B2 gcc-11', _image('build-gcc11:1'), toolset='gcc-11', cxxstd='20'), linux_b2('Linux B2 gcc-12', _image('build-gcc12:1'), toolset='gcc-12', cxxstd='20,23', variant='debug'), - linux_b2('Linux B2 gcc-13', _image('build-gcc13:1'), toolset='gcc-13', cxxstd='20', db='mysql-9_4_0:1'), + linux_b2('Linux B2 gcc-13', _image('build-gcc13:1'), toolset='gcc-13', cxxstd='20', db='mysql:9.4.0'), linux_b2('Linux B2 gcc-14', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23'), linux_b2('Linux B2 gcc-15', _image('build-gcc15:1'), toolset='gcc-15', cxxstd='23'), linux_b2('Linux B2 gcc-sanit', _image('build-gcc14:1'), toolset='gcc-14', cxxstd='23', variant='debug', address_sanitizer=1, undefined_sanitizer=1), From 85b3c5a2625d84e53e6678645f0d13ca85367ae7 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Tue, 31 Mar 2026 13:48:44 +0200 Subject: [PATCH 20/22] Attempt to fix cert problems in drone --- .drone.star | 21 ++++++++++++++++++--- 1 file changed, 18 insertions(+), 3 deletions(-) diff --git a/.drone.star b/.drone.star index 54bfada89..e96fa18f1 100644 --- a/.drone.star +++ b/.drone.star @@ -117,7 +117,7 @@ def _pipeline( "name": "tls-certificates", "path": "/tls" } - ] + ] if db != None else [] # Disable ASLR if disable_aslr: @@ -130,14 +130,17 @@ def _pipeline( }) # Generate certificates - if db != None: + gen_certificates = db != None or os == "windows" + cert_path = "C:\\ssl\\" if os == "windows" else "/tls/" + ca_path = cert_path + "ca-cert.pem" + if gen_certificates: steps.append({ "name": "Generate certificates", "image": image, "pull": "if-not-exists", "volumes": volumes, "commands": [ - "python tools/ci/gen-certificates.py /tls" + "python tools/ci/gen-certificates.py {}".format(cert_path) ] }) @@ -159,6 +162,15 @@ def _pipeline( ], "volumes": volumes }) + elif os == "windows": + steps.append({ + "name": "Restart MySQL", + "commands": [ + "net stop MySQL", + "net start MySQL" + ] + }) + # Run the build steps.append({ @@ -167,6 +179,9 @@ def _pipeline( "pull": "if-not-exists", "privileged": arch == "arm64", # TSAN tests fail otherwise (personality syscall) "volumes": volumes, + "environment": { + "BOOST_MYSQL_CA_CERTIFICATE": ca_path + }, "commands": [command] }) From d1dd559a14cb36d8d036efc6655e5f4ec7c2c223 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Tue, 31 Mar 2026 13:50:58 +0200 Subject: [PATCH 21/22] fix osx typo --- tools/setup_db_osx.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/tools/setup_db_osx.sh b/tools/setup_db_osx.sh index 3a5037820..9d1800987 100644 --- a/tools/setup_db_osx.sh +++ b/tools/setup_db_osx.sh @@ -15,7 +15,7 @@ export PATH="/opt/homebrew/opt/mysql@8.0/bin:$PATH" # Generate the certificates mkdir -p /tmp/mysql-tls -python tools/ci/generate-certificates.py /tmp/mysql-tls +python tools/ci/gen-certificates.py /tmp/mysql-tls # Copy config files and set up paths cp tools/osx-ci.cnf ~/.my.cnf From 5a0bb505320c7b9a9aca5db12ab9ae72a0fa0163 Mon Sep 17 00:00:00 2001 From: Ruben Perez Date: Tue, 31 Mar 2026 13:58:31 +0200 Subject: [PATCH 22/22] Fix fuzz --- .github/workflows/fuzz.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index d99c64f38..6e2dfba86 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -47,7 +47,7 @@ jobs: - name: Copy crashes from container if: always() run: | - docker exec builder bash -c 'cp /root/boost-root/crash-* /root/boost-root/leak-* /root/boost-root/timeout-* /boost-mysql/' + docker exec builder bash -c 'cp /root/boost-root/crash-* /root/boost-root/leak-* /root/boost-root/timeout-* /boost-mysql/ || true' - name: Archive any crashes as an artifact uses: actions/upload-artifact@v4