GHA/codeql: enable more build options, build servers and tunits by vszakats · Pull Request #18557 · curl/curl

vszakats · 2025-09-15T19:05:37Z

add HTTP/3 build with OpenSSL 3.5, nghttp3 and ngtcp2.
enable GSASL, Heimdal, rtmp, SSLS-export.
make one build MultiSSL with GnuTLS, mbedTLS, Rustls, wolfSSL.
build servers (also on Windows), and tunits.
use Linuxbrew to install build dependencies missing from Ubuntu.

Coverage is now 466 C files. (was: 446)

It's a first in curl CI that Linuxbrew packages are used in builds.
It allows building with packages missing from Ubuntu 24.04:
gsasl (upcoming in 24.10), mbedtls 3, also latest wolfSSL (though
not compatible with coexist), openssl, nghttp3, ngtcp2 (openssl), and
rustls-ffi.

clang 18 is slower (but able to build units) 1m44s: https://github.com/curl/curl/actions/runs/17744622476/job/50426706985?pr=18557
gcc 1m14s: https://github.com/curl/curl/actions/runs/17745349876/job/50429178627?pr=18557

add coverage for H3.

Turns out the cause of CodeQL hangs (or probably just extreme long compile) is the header `curl/typecheck-gcc.h`. By accident I noticed that the preprocessed output of libtests.c is 75 MB (megabytes). This is much higher than the amounf of source code hinted, also compared to e.g. units.c or other build targets. The reason for the extreme size is each easy option call pulling in the large checker logic defined in this header. By compiling with `-DCURL_DISABLE_TYPECHECK`, preprocessed output drops to 2.2 MB (34x), and the libtests target builds without issues. Also build all tests and examples with the Linux HTTP/3 config, covering 3 more files. With these, CodeQL C coverage is 893 out of 930 (96%) (was: 645 69%) Follow-up to 71fc11e #18695 Follow-up to a333fd4 #18557 Follow-up to b4922b1 #18564 Closes vszakats#11 Closes #19632

vszakats added tests CI Continuous Integration labels Sep 15, 2025

vszakats changed the title ~~GHA/codeql: use clang, build some tests, enable options~~ GHA/codeql: enable more build options, build servers and tunits Sep 15, 2025

vszakats added 15 commits September 16, 2025 11:22

GHA/codeql: use clang, build some tests, enable options

faa66b1

try using linuxbrew

933ea3d

fixups

1436615

fixup

25a42ab

try with gcc again

01e1f33

cleanup

4b2429f

cleanup-1

95e4165

cleanup-2

99806c4

try building a second build variant on Linux

795d6ee

typos

c0400e8

enable wolfssl in MultiSSL in favor of OpenSSL

34bbf55

enable Rustls

135639d

finalize

4e8756c

build servers for Windows

0165e9c

cleanup

818df11

vszakats force-pushed the cqlmore branch from 276ebe5 to 818df11 Compare September 16, 2025 09:22

vszakats closed this in a333fd4 Sep 16, 2025

vszakats deleted the cqlmore branch September 16, 2025 09:23

emilazy mentioned this pull request Sep 20, 2025

curl: enable HTTP/3 support by default NixOS/nixpkgs#435914

Merged

13 tasks

vszakats mentioned this pull request Nov 21, 2025

GHA/codeql: add tweak to successfully build libtests for CodeQL #19632

Closed

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Uh oh!

GHA/codeql: enable more build options, build servers and tunits#18557

GHA/codeql: enable more build options, build servers and tunits#18557
vszakats wants to merge 15 commits intocurl:masterfrom
vszakats:cqlmore

vszakats commented Sep 15, 2025 •

edited

Loading

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

Uh oh!

Conversation

vszakats commented Sep 15, 2025 • edited Loading Uh oh! There was an error while loading. Please reload this page.

Uh oh!

Uh oh!

Reviewers

Assignees

Labels

Milestone

Development

Uh oh!

1 participant

vszakats commented Sep 15, 2025 •

edited

Loading