ci: stop using deprecated set-env in GitHub Actions

(And move the ci scripts into the `ci` directory.)

11 files changed, 725 insertions, 0 deletions

diff --git a/ci/build.sh b/ci/build.sh
new file mode 100755
index 000000000..c230e67d6
--- /dev/null
+++ b/ci/build.sh
@@ -0,0 +1,67 @@
+#!/usr/bin/env bash
+#
+# Environment variables:
+#
+# SOURCE_DIR: Set to the directory of the libgit2 source (optional)
+#     If not set, it will be derived relative to this script.
+
+set -e
+
+SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
+BUILD_DIR=$(pwd)
+BUILD_PATH=${BUILD_PATH:=$PATH}
+CMAKE=$(which cmake)
+CMAKE_GENERATOR=${CMAKE_GENERATOR:-Unix Makefiles}
+
+if [[ "$(uname -s)" == MINGW* ]]; then
+	BUILD_PATH=$(cygpath "$BUILD_PATH")
+fi
+
+indent() { sed "s/^/    /"; }
+
+echo "Source directory: ${SOURCE_DIR}"
+echo "Build directory:  ${BUILD_DIR}"
+echo ""
+
+if [ "$(uname -s)" = "Darwin" ]; then
+	echo "macOS version:"
+	sw_vers | indent
+fi
+
+if [ -f "/etc/debian_version" ]; then
+	echo "Debian version:"
+	(source /etc/lsb-release && echo "${DISTRIB_DESCRIPTION}") | indent
+fi
+
+echo "Kernel version:"
+uname -a 2>&1 | indent
+
+echo "CMake version:"
+env PATH="${BUILD_PATH}" "${CMAKE}" --version 2>&1 | indent
+
+if test -n "${CC}"; then
+	echo "Compiler version:"
+	"${CC}" --version 2>&1 | indent
+fi
+echo "Environment:"
+if test -n "${CC}"; then
+	echo "CC=${CC}" | indent
+fi
+if test -n "${CFLAGS}"; then
+	echo "CFLAGS=${CFLAGS}" | indent
+fi
+echo ""
+
+echo "##############################################################################"
+echo "## Configuring build environment"
+echo "##############################################################################"
+
+echo cmake -DENABLE_WERROR=ON -DBUILD_EXAMPLES=ON -DBUILD_FUZZERS=ON -DUSE_STANDALONE_FUZZERS=ON -G \"${CMAKE_GENERATOR}\" ${CMAKE_OPTIONS} -S \"${SOURCE_DIR}\"
+env PATH="${BUILD_PATH}" "${CMAKE}" -DENABLE_WERROR=ON -DBUILD_EXAMPLES=ON -DBUILD_FUZZERS=ON -DUSE_STANDALONE_FUZZERS=ON -G "${CMAKE_GENERATOR}" ${CMAKE_OPTIONS} -S "${SOURCE_DIR}"
+
+echo ""
+echo "##############################################################################"
+echo "## Building libgit2"
+echo "##############################################################################"
+
+env PATH="${BUILD_PATH}" "${CMAKE}" --build .
diff --git a/ci/coverity.sh b/ci/coverity.sh
new file mode 100755
index 000000000..c68b6f8cc
--- /dev/null
+++ b/ci/coverity.sh
@@ -0,0 +1,62 @@
+#!/bin/bash -e
+
+if test -z "$COVERITY_TOKEN"
+then
+    echo "Need to set a coverity token"
+    exit 1
+fi
+
+case $(uname -m) in
+    i?86)
+        BITS=32;;
+    amd64|x86_64)
+        BITS=64;;
+    *)
+        echo "Unsupported arch '$(uname -m)'"
+        exit 1;;
+esac
+
+SCAN_TOOL=https://scan.coverity.com/download/cxx/linux${BITS}
+SOURCE_DIR=$(realpath "$(dirname "${BASH_SOURCE[0]}")"/..)
+BUILD_DIR=${SOURCE_DIR}/coverity-build
+TOOL_DIR=${BUILD_DIR}/coverity-tools
+
+# Install coverity tools
+if ! test -d "$TOOL_DIR"
+then
+    mkdir -p "$TOOL_DIR"
+    curl --silent --show-error --location --data "project=libgit2&token=$COVERITY_TOKEN" "$SCAN_TOOL" |
+        tar -xzC "$TOOL_DIR"
+    ln -s "$(find "$TOOL_DIR" -type d -name 'cov-analysis*')" "$TOOL_DIR"/cov-analysis
+fi
+
+cp "${SOURCE_DIR}/script/user_nodefs.h" "$TOOL_DIR"/cov-analysis/config/
+
+# Build libgit2 with Coverity
+mkdir -p "$BUILD_DIR"
+cd "$BUILD_DIR"
+cmake "$SOURCE_DIR"
+COVERITY_UNSUPPORTED=1 \
+    "$TOOL_DIR/cov-analysis/bin/cov-build" --dir cov-int \
+    cmake --build .
+
+# Upload results
+tar -czf libgit2.tgz cov-int
+REVISION=$(cd ${SOURCE_DIR} && git rev-parse --short HEAD)
+HTML="$(curl \
+    --silent --show-error \
+    --write-out "\n%{http_code}" \
+    --form token="$COVERITY_TOKEN" \
+    --form email=libgit2@gmail.com \
+    --form file=@libgit2.tgz \
+    --form version="$REVISION" \
+    --form description="libgit2 build" \
+    https://scan.coverity.com/builds?project=libgit2)"
+
+# Status code is the last line
+STATUS_CODE="$(echo "$HTML" | tail -n1)"
+if test "${STATUS_CODE}" != 200 && test "${STATUS_CODE}" != 201
+then
+    echo "Received error code ${STATUS_CODE} from Coverity"
+    exit 1
+fi
diff --git a/ci/docker/bionic b/ci/docker/bionic
new file mode 100644
index 000000000..5918584dc
--- /dev/null
+++ b/ci/docker/bionic
@@ -0,0 +1,41 @@
+FROM ubuntu:bionic AS apt
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        clang \
+        cmake \
+        curl \
+        gcc \
+        git \
+        libcurl4-openssl-dev \
+        libpcre3-dev \
+        libssh2-1-dev \
+        libssl-dev \
+        libz-dev \
+        ninja-build \
+        openjdk-8-jre-headless \
+        openssh-server \
+        openssl \
+        pkgconf \
+        python \
+        sudo \
+        valgrind \
+        && \
+    rm -rf /var/lib/apt/lists/*
+
+FROM apt AS mbedtls
+RUN cd /tmp && \
+    curl --location --silent --show-error https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz | \
+    tar -xz && \
+    cd mbedtls-2.16.2 && \
+    scripts/config.pl set MBEDTLS_MD4_C 1 && \
+    CFLAGS=-fPIC cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON . && \
+    ninja install && \
+    cd .. && \
+    rm -rf mbedtls-2.16.2
+
+FROM mbedtls AS configure
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod a+x /usr/local/bin/entrypoint.sh
+RUN mkdir /var/run/sshd
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/ci/docker/docurium b/ci/docker/docurium
new file mode 100644
index 000000000..54a4202b6
--- /dev/null
+++ b/ci/docker/docurium
@@ -0,0 +1,3 @@
+FROM ubuntu:bionic
+RUN apt update && apt install -y cmake pkg-config ruby ruby-dev llvm libclang-dev libssl-dev python-pygments
+RUN gem install docurium
diff --git a/ci/docker/entrypoint.sh b/ci/docker/entrypoint.sh
new file mode 100644
index 000000000..8d96e3acd
--- /dev/null
+++ b/ci/docker/entrypoint.sh
@@ -0,0 +1,4 @@
+#!/bin/bash -e
+useradd --shell /bin/bash libgit2
+chown --recursive libgit2:libgit2 /home/libgit2
+exec sudo --preserve-env --set-home --user=libgit2 "$@"
diff --git a/ci/docker/focal b/ci/docker/focal
new file mode 100644
index 000000000..c75e85a4c
--- /dev/null
+++ b/ci/docker/focal
@@ -0,0 +1,79 @@
+FROM ubuntu:focal AS apt
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        bzip2 \
+        clang-10 \
+        cmake \
+        curl \
+        gcc-10 \
+        git \
+        krb5-user \
+        libcurl4-gnutls-dev \
+        libgcrypt20-dev \
+        libkrb5-dev \
+        libpcre3-dev \
+        libssl-dev \
+        libz-dev \
+        llvm-10 \
+        make \
+        ninja-build \
+        openjdk-8-jre-headless \
+        openssh-server \
+        openssl \
+        pkgconf \
+        python \
+        sudo \
+        valgrind \
+        && \
+    rm -rf /var/lib/apt/lists/* && \
+    mkdir /usr/local/msan
+
+FROM apt AS mbedtls
+RUN cd /tmp && \
+    curl --location --silent --show-error https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz | \
+        tar -xz && \
+    cd mbedtls-2.16.2 && \
+    scripts/config.pl unset MBEDTLS_AESNI_C && \
+    scripts/config.pl set MBEDTLS_MD4_C 1 && \
+    mkdir build build-msan && \
+    cd build && \
+    CC=clang-10 CFLAGS="-fPIC" cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF -DCMAKE_BUILD_TYPE=Debug -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \
+    ninja install && \
+    cd ../build-msan && \
+    CC=clang-10 CFLAGS="-fPIC" cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=ON -DUSE_STATIC_MBEDTLS_LIBRARY=OFF -DCMAKE_BUILD_TYPE=MemSanDbg -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \
+    ninja install && \
+    cd .. && \
+    rm -rf mbedtls-2.16.2
+
+FROM mbedtls AS libssh2
+RUN cd /tmp && \
+    curl --insecure --location --silent --show-error https://www.libssh2.org/download/libssh2-1.8.2.tar.gz | \
+        tar -xz && \
+    cd libssh2-1.8.2 && \
+    mkdir build build-msan && \
+    cd build && \
+    CC=clang-10 CFLAGS="-fPIC" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=Libgcrypt -DCMAKE_PREFIX_PATH=/usr/local -DCMAKE_INSTALL_PREFIX=/usr/local .. && \
+    ninja install && \
+    cd ../build-msan && \
+    CC=clang-10 CFLAGS="-fPIC -fsanitize=memory -fno-optimize-sibling-calls -fsanitize-memory-track-origins=2 -fno-omit-frame-pointer" LDFLAGS="-fsanitize=memory" cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=mbedTLS -DCMAKE_PREFIX_PATH=/usr/local/msan -DCMAKE_INSTALL_PREFIX=/usr/local/msan .. && \
+    ninja install && \
+    cd .. && \
+    rm -rf libssh2-1.8.2
+
+FROM libssh2 AS valgrind
+RUN cd /tmp && \
+    curl --insecure --location --silent --show-error https://sourceware.org/pub/valgrind/valgrind-3.15.0.tar.bz2 | \
+        tar -xj && \
+    cd valgrind-3.15.0 && \
+    CC=clang-10 ./configure && \
+    make MAKEFLAGS="-j -l$(grep -c ^processor /proc/cpuinfo)" && \
+    make install && \
+    cd .. && \
+    rm -rf valgrind-3.15.0
+
+FROM valgrind AS configure
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod a+x /usr/local/bin/entrypoint.sh
+RUN mkdir /var/run/sshd
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/ci/docker/xenial b/ci/docker/xenial
new file mode 100644
index 000000000..67867edc6
--- /dev/null
+++ b/ci/docker/xenial
@@ -0,0 +1,66 @@
+FROM ubuntu:xenial AS apt
+RUN apt-get update && \
+    DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \
+        bzip2 \
+        clang \
+        cmake \
+        curl \
+        gcc \
+        git \
+        krb5-user \
+        libcurl4-gnutls-dev \
+        libgcrypt20-dev \
+        libkrb5-dev \
+        libpcre3-dev \
+        libssl-dev \
+        libz-dev \
+        make \
+        ninja-build \
+        openjdk-8-jre-headless \
+        openssh-server \
+        openssl \
+        pkgconf \
+        python \
+        sudo \
+        valgrind \
+        && \
+    rm -rf /var/lib/apt/lists/*
+
+FROM apt AS mbedtls
+RUN cd /tmp && \
+    curl --location --silent --show-error https://tls.mbed.org/download/mbedtls-2.16.2-apache.tgz | \
+    tar -xz && \
+    cd mbedtls-2.16.2 && \
+    scripts/config.pl set MBEDTLS_MD4_C 1 && \
+    CFLAGS=-fPIC cmake -G Ninja -DENABLE_PROGRAMS=OFF -DENABLE_TESTING=OFF -DUSE_SHARED_MBEDTLS_LIBRARY=OFF -DUSE_STATIC_MBEDTLS_LIBRARY=ON . && \
+    ninja install && \
+    cd .. && \
+    rm -rf mbedtls-2.16.2
+
+FROM mbedtls AS libssh2
+RUN cd /tmp && \
+    curl --insecure --location --silent --show-error https://www.libssh2.org/download/libssh2-1.8.2.tar.gz | \
+    tar -xz && \
+    cd libssh2-1.8.2 && \
+    CFLAGS=-fPIC cmake -G Ninja -DBUILD_SHARED_LIBS=ON -DCRYPTO_BACKEND=Libgcrypt . && \
+    ninja install && \
+    cd .. && \
+    rm -rf libssh2-1.8.2
+
+FROM libssh2 AS valgrind
+RUN cd /tmp && \
+    curl --insecure --location --silent --show-error https://sourceware.org/pub/valgrind/valgrind-3.15.0.tar.bz2 | \
+    tar -xj && \
+    cd valgrind-3.15.0 && \
+    ./configure && \
+    make && \
+    make install && \
+    cd .. && \
+    rm -rf valgrind-3.15.0
+
+FROM valgrind AS configure
+COPY entrypoint.sh /usr/local/bin/entrypoint.sh
+RUN chmod a+x /usr/local/bin/entrypoint.sh
+RUN mkdir /var/run/sshd
+
+ENTRYPOINT ["/usr/local/bin/entrypoint.sh"]
diff --git a/ci/getcontainer.sh b/ci/getcontainer.sh
new file mode 100755
index 000000000..b259260f4
--- /dev/null
+++ b/ci/getcontainer.sh
@@ -0,0 +1,45 @@
+#!/bin/bash
+
+set -e
+
+DOCKERFILE_PATH=$1
+
+if [ "${DOCKERFILE_PATH}" = "" ]; then
+	echo "usage: $0 dockerfile"
+	exit 1
+fi
+
+if [ "${DOCKER_REGISTRY}" = "" ]; then
+	echo "DOCKER_REGISTRY environment variable is unset."
+	echo "Not running inside GitHub Actions or misconfigured?"
+	exit 1
+fi
+
+DOCKER_CONTAINER="${GITHUB_REPOSITORY}/$(basename ${DOCKERFILE_PATH})"
+DOCKER_REGISTRY_CONTAINER="${DOCKER_REGISTRY}/${DOCKER_CONTAINER}"
+
+echo "docker-container=${DOCKER_CONTAINER}" >> $GITHUB_ENV
+echo "docker-registry-container=${DOCKER_REGISTRY_CONTAINER}" >> $GITHUB_ENV
+
+# Identify the last git commit that touched the Dockerfiles
+# Use this as a hash to identify the resulting docker containers
+DOCKER_SHA=$(git log -1 --pretty=format:"%h" -- "${DOCKERFILE_PATH}")
+echo "docker-sha=${DOCKER_SHA}" >> $GITHUB_ENV
+
+DOCKER_REGISTRY_CONTAINER_SHA="${DOCKER_REGISTRY_CONTAINER}:${DOCKER_SHA}"
+
+echo "docker-registry-container-sha=${DOCKER_REGISTRY_CONTAINER_SHA}" >> $GITHUB_ENV
+echo "docker-registry-container-latest=${DOCKER_REGISTRY_CONTAINER}:latest" >> $GITHUB_ENV
+
+exists="true"
+docker login https://${DOCKER_REGISTRY} -u ${GITHUB_ACTOR} -p ${GITHUB_TOKEN} || exists="false"
+
+if [ "${exists}" != "false" ]; then
+	docker pull ${DOCKER_REGISTRY_CONTAINER_SHA} || exists="false"
+fi
+
+if [ "${exists}" = "true" ]; then
+	echo "docker-container-exists=true" >> $GITHUB_ENV
+else
+	echo "docker-container-exists=false" >> $GITHUB_ENV
+fi
diff --git a/ci/setup-mingw.sh b/ci/setup-mingw.sh
new file mode 100755
index 000000000..d500da058
--- /dev/null
+++ b/ci/setup-mingw.sh
@@ -0,0 +1,25 @@
+#!/bin/sh -e
+
+echo "##############################################################################"
+echo "## Downloading mingw"
+echo "##############################################################################"
+
+BUILD_TEMP=${BUILD_TEMP:=$TEMP}
+BUILD_TEMP=$(cygpath $BUILD_TEMP)
+
+case "$ARCH" in
+	amd64)
+		MINGW_URI="https://bintray.com/libgit2/build-dependencies/download_file?file_path=mingw-w64-x86_64-8.1.0-release-win32-seh-rt_v6-rev0.zip";;
+	x86)
+		MINGW_URI="https://bintray.com/libgit2/build-dependencies/download_file?file_path=mingw-w64-i686-8.1.0-release-win32-sjlj-rt_v6-rev0.zip";;
+esac
+
+if [ -z "$MINGW_URI" ]; then
+	echo "No URL"
+	exit 1
+fi
+
+mkdir -p "$BUILD_TEMP"
+
+curl -s -L "$MINGW_URI" -o "$BUILD_TEMP"/mingw-"$ARCH".zip
+unzip -q "$BUILD_TEMP"/mingw-"$ARCH".zip -d "$BUILD_TEMP"
diff --git a/ci/setup-osx.sh b/ci/setup-osx.sh
new file mode 100755
index 000000000..2e630eedb
--- /dev/null
+++ b/ci/setup-osx.sh
@@ -0,0 +1,8 @@
+#!/bin/sh
+
+set -x
+
+brew update
+brew install pkgconfig zlib curl openssl libssh2 ninja
+
+ln -s /Applications/Xcode.app/Contents/Developer/usr/lib/libLeaksAtExit.dylib /usr/local/lib
diff --git a/ci/test.sh b/ci/test.sh
new file mode 100755
index 000000000..2b43ba198
--- /dev/null
+++ b/ci/test.sh
@@ -0,0 +1,325 @@
+#!/usr/bin/env bash
+
+set -e
+
+if [ -n "$SKIP_TESTS" ]; then
+	exit 0
+fi
+
+# Windows doesn't run the NTLM tests properly (yet)
+if [[ "$(uname -s)" == MINGW* ]]; then
+        SKIP_NTLM_TESTS=1
+fi
+
+SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
+BUILD_DIR=$(pwd)
+TMPDIR=${TMPDIR:-/tmp}
+USER=${USER:-$(whoami)}
+
+SUCCESS=1
+
+cleanup() {
+	echo "Cleaning up..."
+
+	if [ ! -z "$GITDAEMON_PID" ]; then
+		echo "Stopping git daemon..."
+		kill $GITDAEMON_PID
+	fi
+
+	if [ ! -z "$SSHD_DIR" -a -f "${SSHD_DIR}/pid" ]; then
+		echo "Stopping SSH..."
+		kill $(cat "${SSHD_DIR}/pid")
+	fi
+
+	echo "Done."
+}
+
+run_test() {
+	if [[ "$GITTEST_FLAKY_RETRY" > 0 ]]; then
+		ATTEMPTS_REMAIN=$GITTEST_FLAKY_RETRY
+	else
+		ATTEMPTS_REMAIN=1
+	fi
+
+	FAILED=0
+	while [[ "$ATTEMPTS_REMAIN" > 0 ]]; do
+		if [ "$FAILED" -eq 1 ]; then
+			echo ""
+			echo "Re-running flaky ${1} tests..."
+			echo ""
+		fi
+
+		RETURN_CODE=0
+
+		CLAR_SUMMARY="${BUILD_DIR}/results_${1}.xml" ctest -V -R "^${1}$" || RETURN_CODE=$? && true
+
+		if [ "$RETURN_CODE" -eq 0 ]; then
+			FAILED=0
+			break
+		fi
+
+		echo "Test exited with code: $RETURN_CODE"
+		ATTEMPTS_REMAIN="$(($ATTEMPTS_REMAIN-1))"
+		FAILED=1
+	done
+
+	if [ "$FAILED" -ne 0 ]; then
+		SUCCESS=0
+	fi
+}
+
+# Configure the test environment; run them early so that we're certain
+# that they're started by the time we need them.
+
+echo "##############################################################################"
+echo "## Configuring test environment"
+echo "##############################################################################"
+
+if [ -z "$SKIP_GITDAEMON_TESTS" ]; then
+	echo "Starting git daemon..."
+	GITDAEMON_DIR=`mktemp -d ${TMPDIR}/gitdaemon.XXXXXXXX`
+	git init --bare "${GITDAEMON_DIR}/test.git"
+	git daemon --listen=localhost --export-all --enable=receive-pack --base-path="${GITDAEMON_DIR}" "${GITDAEMON_DIR}" 2>/dev/null &
+	GITDAEMON_PID=$!
+	disown $GITDAEMON_PID
+fi
+
+if [ -z "$SKIP_PROXY_TESTS" ]; then
+	curl --location --silent --show-error https://github.com/ethomson/poxyproxy/releases/download/v0.7.0/poxyproxy-0.7.0.jar >poxyproxy.jar
+
+	echo ""
+	echo "Starting HTTP proxy (Basic)..."
+	java -jar poxyproxy.jar --address 127.0.0.1 --port 8080 --credentials foo:bar --auth-type basic --quiet &
+
+	echo ""
+	echo "Starting HTTP proxy (NTLM)..."
+	java -jar poxyproxy.jar --address 127.0.0.1 --port 8090 --credentials foo:bar --auth-type ntlm --quiet &
+fi
+
+if [ -z "$SKIP_NTLM_TESTS" ]; then
+	curl --location --silent --show-error https://github.com/ethomson/poxygit/releases/download/v0.4.0/poxygit-0.4.0.jar >poxygit.jar
+
+	echo ""
+	echo "Starting HTTP server..."
+	NTLM_DIR=`mktemp -d ${TMPDIR}/ntlm.XXXXXXXX`
+	git init --bare "${NTLM_DIR}/test.git"
+	java -jar poxygit.jar --address 127.0.0.1 --port 9000 --credentials foo:baz --quiet "${NTLM_DIR}" &
+fi
+
+if [ -z "$SKIP_SSH_TESTS" ]; then
+	echo "Starting ssh daemon..."
+	HOME=`mktemp -d ${TMPDIR}/home.XXXXXXXX`
+	SSHD_DIR=`mktemp -d ${TMPDIR}/sshd.XXXXXXXX`
+	git init --bare "${SSHD_DIR}/test.git"
+	cat >"${SSHD_DIR}/sshd_config" <<-EOF
+	Port 2222
+	ListenAddress 0.0.0.0
+	Protocol 2
+	HostKey ${SSHD_DIR}/id_rsa
+	PidFile ${SSHD_DIR}/pid
+	AuthorizedKeysFile ${HOME}/.ssh/authorized_keys
+	LogLevel DEBUG
+	RSAAuthentication yes
+	PasswordAuthentication yes
+	PubkeyAuthentication yes
+	ChallengeResponseAuthentication no
+	StrictModes no
+	# Required here as sshd will simply close connection otherwise
+	UsePAM no
+	EOF
+	ssh-keygen -t rsa -f "${SSHD_DIR}/id_rsa" -N "" -q
+	/usr/sbin/sshd -f "${SSHD_DIR}/sshd_config" -E "${SSHD_DIR}/log"
+
+	# Set up keys
+	mkdir "${HOME}/.ssh"
+	ssh-keygen -t rsa -f "${HOME}/.ssh/id_rsa" -N "" -q
+	cat "${HOME}/.ssh/id_rsa.pub" >>"${HOME}/.ssh/authorized_keys"
+	while read algorithm key comment; do
+		echo "[localhost]:2222 $algorithm $key" >>"${HOME}/.ssh/known_hosts"
+	done <"${SSHD_DIR}/id_rsa.pub"
+
+	# Get the fingerprint for localhost and remove the colons so we can
+	# parse it as a hex number. Older versions have a different output
+	# format.
+	if [[ $(ssh -V 2>&1) == OpenSSH_6* ]]; then
+		SSH_FINGERPRINT=$(ssh-keygen -F '[localhost]:2222' -f "${HOME}/.ssh/known_hosts" -l | tail -n 1 | cut -d ' ' -f 2 | tr -d ':')
+	else
+		SSH_FINGERPRINT=$(ssh-keygen -E md5 -F '[localhost]:2222' -f "${HOME}/.ssh/known_hosts" -l | tail -n 1 | cut -d ' ' -f 3 | cut -d : -f2- | tr -d :)
+	fi
+fi
+
+# Run the tests that do not require network connectivity.
+
+if [ -z "$SKIP_OFFLINE_TESTS" ]; then
+	echo ""
+	echo "##############################################################################"
+	echo "## Running (offline) tests"
+	echo "##############################################################################"
+
+	run_test offline
+fi
+
+if [ -n "$RUN_INVASIVE_TESTS" ]; then
+	echo ""
+	echo "Running invasive tests"
+	echo ""
+
+	export GITTEST_INVASIVE_FS_SIZE=1
+	export GITTEST_INVASIVE_MEMORY=1
+	export GITTEST_INVASIVE_SPEED=1
+	run_test invasive
+	unset GITTEST_INVASIVE_FS_SIZE
+	unset GITTEST_INVASIVE_MEMORY
+	unset GITTEST_INVASIVE_SPEED
+fi
+
+if [ -z "$SKIP_ONLINE_TESTS" ]; then
+	# Run the various online tests.  The "online" test suite only includes the
+	# default online tests that do not require additional configuration.  The
+	# "proxy" and "ssh" test suites require further setup.
+
+	echo ""
+	echo "##############################################################################"
+	echo "## Running (online) tests"
+	echo "##############################################################################"
+
+	export GITTEST_FLAKY_RETRY=5
+	run_test online
+	unset GITTEST_FLAKY_RETRY
+fi
+
+if [ -z "$SKIP_GITDAEMON_TESTS" ]; then
+	echo ""
+	echo "Running gitdaemon tests"
+	echo ""
+
+	export GITTEST_REMOTE_URL="git://localhost/test.git"
+	run_test gitdaemon
+	unset GITTEST_REMOTE_URL
+fi
+
+if [ -z "$SKIP_PROXY_TESTS" ]; then
+	echo ""
+	echo "Running proxy tests (Basic authentication)"
+	echo ""
+
+	export GITTEST_REMOTE_PROXY_HOST="localhost:8080"
+	export GITTEST_REMOTE_PROXY_USER="foo"
+	export GITTEST_REMOTE_PROXY_PASS="bar"
+	run_test proxy
+	unset GITTEST_REMOTE_PROXY_HOST
+	unset GITTEST_REMOTE_PROXY_USER
+	unset GITTEST_REMOTE_PROXY_PASS
+
+	echo ""
+	echo "Running proxy tests (NTLM authentication)"
+	echo ""
+
+	export GITTEST_REMOTE_PROXY_HOST="localhost:8090"
+	export GITTEST_REMOTE_PROXY_USER="foo"
+	export GITTEST_REMOTE_PROXY_PASS="bar"
+	export GITTEST_FLAKY_RETRY=5
+	run_test proxy
+	unset GITTEST_FLAKY_RETRY
+	unset GITTEST_REMOTE_PROXY_HOST
+	unset GITTEST_REMOTE_PROXY_USER
+	unset GITTEST_REMOTE_PROXY_PASS
+fi
+
+if [ -z "$SKIP_NTLM_TESTS" ]; then
+	echo ""
+	echo "Running NTLM tests (IIS emulation)"
+	echo ""
+
+	export GITTEST_REMOTE_URL="http://localhost:9000/ntlm/test.git"
+	export GITTEST_REMOTE_USER="foo"
+	export GITTEST_REMOTE_PASS="baz"
+	run_test auth_clone_and_push
+	unset GITTEST_REMOTE_URL
+	unset GITTEST_REMOTE_USER
+	unset GITTEST_REMOTE_PASS
+
+	echo ""
+	echo "Running NTLM tests (Apache emulation)"
+	echo ""
+
+	export GITTEST_REMOTE_URL="http://localhost:9000/broken-ntlm/test.git"
+	export GITTEST_REMOTE_USER="foo"
+	export GITTEST_REMOTE_PASS="baz"
+	run_test auth_clone_and_push
+	unset GITTEST_REMOTE_URL
+	unset GITTEST_REMOTE_USER
+	unset GITTEST_REMOTE_PASS
+fi
+
+if [ -z "$SKIP_NEGOTIATE_TESTS" -a -n "$GITTEST_NEGOTIATE_PASSWORD" ]; then
+	echo ""
+	echo "Running SPNEGO tests"
+	echo ""
+
+	if [ "$(uname -s)" = "Darwin" ]; then
+		KINIT_FLAGS="--password-file=STDIN"
+	fi
+
+	echo $GITTEST_NEGOTIATE_PASSWORD | kinit $KINIT_FLAGS test@LIBGIT2.ORG
+	klist -5f
+
+	export GITTEST_REMOTE_URL="https://test.libgit2.org/kerberos/empty.git"
+	export GITTEST_REMOTE_DEFAULT="true"
+	run_test auth_clone
+	unset GITTEST_REMOTE_URL
+	unset GITTEST_REMOTE_DEFAULT
+
+	echo ""
+	echo "Running SPNEGO tests (expect/continue)"
+	echo ""
+
+	export GITTEST_REMOTE_URL="https://test.libgit2.org/kerberos/empty.git"
+	export GITTEST_REMOTE_DEFAULT="true"
+	export GITTEST_REMOTE_EXPECTCONTINUE="true"
+	run_test auth_clone
+	unset GITTEST_REMOTE_URL
+	unset GITTEST_REMOTE_DEFAULT
+	unset GITTEST_REMOTE_EXPECTCONTINUE
+
+	kdestroy -A
+fi
+
+if [ -z "$SKIP_SSH_TESTS" ]; then
+	echo ""
+	echo "Running ssh tests"
+	echo ""
+
+	export GITTEST_REMOTE_URL="ssh://localhost:2222/$SSHD_DIR/test.git"
+	export GITTEST_REMOTE_USER=$USER
+	export GITTEST_REMOTE_SSH_KEY="${HOME}/.ssh/id_rsa"
+	export GITTEST_REMOTE_SSH_PUBKEY="${HOME}/.ssh/id_rsa.pub"
+	export GITTEST_REMOTE_SSH_PASSPHRASE=""
+	export GITTEST_REMOTE_SSH_FINGERPRINT="${SSH_FINGERPRINT}"
+	run_test ssh
+	unset GITTEST_REMOTE_URL
+	unset GITTEST_REMOTE_USER
+	unset GITTEST_REMOTE_SSH_KEY
+	unset GITTEST_REMOTE_SSH_PUBKEY
+	unset GITTEST_REMOTE_SSH_PASSPHRASE
+	unset GITTEST_REMOTE_SSH_FINGERPRINT
+fi
+
+if [ -z "$SKIP_FUZZERS" ]; then
+	echo ""
+	echo "##############################################################################"
+	echo "## Running fuzzers"
+	echo "##############################################################################"
+
+	ctest -V -R 'fuzzer'
+fi
+
+cleanup
+
+if [ "$SUCCESS" -ne 1 ]; then
+	echo "Some tests failed."
+	exit 1
+fi
+
+echo "Success."
+exit 0