Skip to content

Early Rejection of Large Requests Based on Content-Length Header #11873

Early Rejection of Large Requests Based on Content-Length Header

Early Rejection of Large Requests Based on Content-Length Header #11873

Workflow file for this run

name: CI
on:
push:
branches:
- "**"
tags-ignore:
# The release versions will be verified by 'publish-release.yml'
- armeria-*
pull_request:
merge_group:
concurrency:
# Cancel the previous builds in the same PR.
# Allow running concurrently for all non-PR commits.
group: ci-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
env:
LC_ALL: "en_US.UTF-8"
BUILD_JDK_VERSION: "21"
# Used by GitHub CLI
GH_TOKEN: ${{ github.token }}
RUN_ID: ${{ github.run_id }}
PR_NUMBER: ${{ github.event.pull_request.number }}
DEVELOCITY_ACCESS_KEY: ${{ secrets.DEVELOCITY_ACCESS_KEY }}
jobs:
build:
if: github.repository == 'line/armeria'
runs-on: ${{ matrix.on }}
timeout-minutes: 120
strategy:
fail-fast: false
matrix:
on: [ ubicloud-standard-8, macos-latest, windows-latest ]
java: [ 21 ]
include:
- java: 8
on: ubicloud-standard-8
- java: 11
on: ubicloud-standard-8
- java: 17
on: ubicloud-standard-8
leak: true
- java: 17
on: ubicloud-standard-8
min-java: 11
- java: 17
on: ubicloud-standard-8
min-java: 17
coverage: true
- java: 21
on: ubicloud-standard-8
snapshot: true
# blockhound makes the build run about 10 minutes slower
blockhound: true
name: build-${{ matrix.on }}-jdk-${{ matrix.java }}${{ matrix.min-java && format('-min-java-{0}', matrix.min-java) || '' }}${{ matrix.leak && '-leak' || ''}}${{ matrix.coverage && '-coverage' || ''}}${{ matrix.snapshot && '-snapshot' || ''}}${{ matrix.blockhound && '-blockhound' || ''}}
steps:
- name: Set job name
run: |
JOB_NAME="build-${{ matrix.on }}-jdk-${{ matrix.java }}${{ matrix.min-java && format('-min-java-{0}', matrix.min-java) || '' }}${{ matrix.leak && '-leak' || ''}}${{ matrix.coverage && '-coverage' || ''}}${{ matrix.snapshot && '-snapshot' || ''}}${{ matrix.blockhound && '-blockhound' || ''}}"
echo "JOB_NAME=$JOB_NAME" >> $GITHUB_ENV
shell: bash
- uses: actions/checkout@v4
- id: setup-jdk
if: ${{ matrix.java != env.BUILD_JDK_VERSION }}
name: Set up JDK ${{ matrix.java }}
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ matrix.java }}
- id: setup-build-jdk
name: Set up build JDK ${{ env.BUILD_JDK_VERSION }}
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ env.BUILD_JDK_VERSION }}
- name: Clean up stale build scan data
if: always()
run: |
rm -rf ~/.gradle/build-scan-data/*
rm -rf ~/.gradle/init.d
shell: bash
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
# Build the shaded JARs first so that shading process doesn't incur memory pressure
# on other Gradle tasks such as tests.
- name: Build with Gradle (Shading only)
run: |
./gradlew --no-daemon --stacktrace shadedJar shadedTestJar trimShadedJar \
${{ startsWith(matrix.on, 'ubicloud') && '--max-workers=8' || '--max-workers=2' }} --parallel \
${{ matrix.coverage && '-Pcoverage' || '' }} \
-PnoLint \
-PbuildJdkVersion=${{ env.BUILD_JDK_VERSION }} \
-PtestJavaVersion=${{ matrix.java }} \
${{ matrix.min-java && format('-PminimumJavaVersion={0}', matrix.min-java) || '' }} \
-Porg.gradle.java.installations.paths=${{ steps.setup-build-jdk.outputs.path }},${{ steps.setup-jdk.outputs.path }}
shell: bash
- name: Get job ID
id: get-job-id
run: |
JOB_ID=$(gh run view $RUN_ID --json jobs | jq ".jobs[] | select(.name == \"${JOB_NAME}\") | .databaseId")
echo "JOB_ID=$JOB_ID" >> $GITHUB_ENV
shell: bash
- name: Build with Gradle
run: |
./gradlew --no-daemon --stacktrace build \
${{ startsWith(matrix.on, 'ubicloud') && '--max-workers=8' || '--max-workers=2' }} --parallel \
${{ matrix.coverage && '-Pcoverage' || '' }} \
${{ matrix.leak && '-Pleak' || '' }} \
${{ matrix.blockhound && '-Pblockhound' || '' }} \
-PnoLint \
-PflakyTests=false \
-Pretry=true \
-PbuildJdkVersion=${{ env.BUILD_JDK_VERSION }} \
-PtestJavaVersion=${{ matrix.java }} \
${{ matrix.min-java && format('-PminimumJavaVersion={0}', matrix.min-java) || '' }} \
-Porg.gradle.java.installations.paths=${{ steps.setup-build-jdk.outputs.path }},${{ steps.setup-jdk.outputs.path }} \
-PpreferShadedTests=${{ github.ref_name != 'main' }}
# Unshaded tests are skipped for PRs to avoid running the same tests twice.
shell: bash
env:
COMMIT_SHA: ${{ github.event.pull_request.head.sha }}
- name: Upload Gradle build scan
if: always()
uses: actions/upload-artifact@v4
with:
name: ${{ env.PR_NUMBER && format('{0}-', env.PR_NUMBER) || '' }}build-scan-${{ env.JOB_NAME }}
path: ~/.gradle/build-scan-data
- if: ${{ matrix.snapshot && github.ref_name == 'main' }}
name: Publish snapshots
run: |
./gradlew --no-daemon --stacktrace --max-workers=1 publish
env:
# Should not use '-P' option with 'secrets' that can cause unexpected results
# if secret values contains white spaces or new lines.
ORG_GRADLE_PROJECT_ossrhUsername: ${{ secrets.OSSRH_USER_NAME }}
ORG_GRADLE_PROJECT_ossrhPassword: ${{ secrets.OSSRH_PASSWORD }}
ORG_GRADLE_PROJECT_signingKeyId: ${{ secrets.GPG_KEY_ID }}
ORG_GRADLE_PROJECT_signingKey: ${{ secrets.GPG_PRIVATE_KEY }}
ORG_GRADLE_PROJECT_signingPassword: ${{ secrets.GPG_PASSWORD }}
shell: bash
- name: Summarize the failed tests
if: failure()
run: |
./gradlew --no-daemon --stacktrace --max-workers=1 reportFailedTests \
-PnoLint \
-PflakyTests=false \
-PbuildJdkVersion=${{ env.BUILD_JDK_VERSION }} \
-PtestJavaVersion=${{ matrix.java }} \
${{ matrix.min-java && format('-PminimumJavaVersion={0}', matrix.min-java) || '' }} \
-Porg.gradle.java.installations.paths=${{ steps.setup-build-jdk.outputs.path }},${{ steps.setup-jdk.outputs.path }}
SUMMARY_FILE="build/failed-tests-result.txt"
if test -f "$SUMMARY_FILE"; then
echo '### 🔴 Failed tests' >> $GITHUB_STEP_SUMMARY
cat $SUMMARY_FILE >> $GITHUB_STEP_SUMMARY
fi
shell: bash
- name: Dump stuck threads
if: always()
run: jps | grep -iv "jps" | grep -v 'Daemon' | awk '{ print $1 }' | xargs -I'{}' jstack -l {} || true
shell: bash
- name: Upload the coverage report to Codecov
if: ${{ matrix.coverage }}
uses: codecov/codecov-action@v3
- name: Fail the run if any threads were blocked
if: ${{ matrix.blockhound }}
run: |
blockhound_logs=$(find . -name 'blockhound.log' -size +0); \
if [[ -z ${blockhound_logs} ]]; then \
exit 0; \
else \
while IFS= read -r log; do \
echo "- Detected file: ${log}"; \
head --lines=1000 "${log}"; \
echo; \
done <<< "${blockhound_logs}"; \
exit 1; \
fi
shell: bash
- name: Collect the test reports
if: failure()
run: |
find . '(' \
-name 'java_pid*.hprof' -or \
-name 'hs_err_*.log' -or \
-path '*/build/reports/tests' -or \
-path '*/build/test-results' -or \
-path '*/javadoc.options' -or \
-name 'blockhound.log' ')' \
-exec tar rf "reports-${{ env.JOB_NAME }}.tar" {} ';'
shell: bash
- name: Upload the artifacts
if: failure()
uses: actions/upload-artifact@v4
with:
name: reports-${{ env.JOB_NAME }}
path: reports-${{ env.JOB_NAME }}.tar
retention-days: 3
lint:
if: github.repository == 'line/armeria'
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
- id: setup-build-jdk
name: Set up JDK ${{ env.BUILD_JDK_VERSION }}
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ env.BUILD_JDK_VERSION }}
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Run the linters
run: |
./gradlew --no-daemon --stacktrace --max-workers=8 --parallel lint
site:
if: github.repository == 'line/armeria'
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
- name: Install svgbob_cli
run: |
sudo apt-get -y install cargo && cargo install svgbob_cli
echo "$HOME/.cargo/bin" >> $GITHUB_PATH
- id: setup-build-jdk
name: Set up JDK ${{ env.BUILD_JDK_VERSION }}
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ env.BUILD_JDK_VERSION }}
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Build the site
run: |
./gradlew --no-daemon --stacktrace --max-workers=2 --parallel -PgithubToken=${{ secrets.GITHUB_TOKEN }} site
shell: bash
flaky-tests:
if: github.repository == 'line/armeria'
runs-on: ubuntu-latest
timeout-minutes: 60
steps:
- uses: actions/checkout@v4
- id: setup-build-jdk
name: Set up JDK ${{ env.BUILD_JDK_VERSION }}
uses: actions/setup-java@v4
with:
distribution: 'temurin'
java-version: ${{ env.BUILD_JDK_VERSION }}
- name: Setup Gradle
uses: gradle/actions/setup-gradle@v4
- name: Run flaky tests
run: |
./gradlew --no-daemon --stacktrace --max-workers=2 --parallel check \
-PnoLint -PflakyTests=true -Pretry=true \
-PbuildJdkVersion=${{ env.BUILD_JDK_VERSION }} \
-PtestJavaVersion=${{ env.BUILD_JDK_VERSION }} \
-Porg.gradle.java.installations.paths=${{ steps.setup-build-jdk.outputs.path }}
- name: Summarize the failed tests
if: failure()
run: |
./gradlew --no-daemon --stacktrace --max-workers=1 -PnoWeb -PnoLint reportFailedTests
SUMMARY_FILE="build/failed-tests-result.txt"
if test -f "$SUMMARY_FILE"; then
echo '#### 🔴 Failed tests' >> $GITHUB_STEP_SUMMARY
cat $SUMMARY_FILE >> $GITHUB_STEP_SUMMARY
fi
shell: bash
- name: Dump stuck threads
if: always()
run: jps | grep -iv "jps" | grep -v 'Daemon' | awk '{ print $1 }' | xargs -I'{}' jstack -l {} || true
shell: bash