summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/ci.yml186
-rw-r--r--.github/workflows/codecov.yml15
-rw-r--r--.github/workflows/codeql.yml56
3 files changed, 225 insertions, 32 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 9db363d..4c1c89c 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -6,17 +6,19 @@ jobs:
linux:
name: Linux
- runs-on: ubuntu-latest
+ runs-on: ubuntu-22.04
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo dpkg --add-architecture i386
sudo apt-get update -y
sudo apt-get install -y \
+ expect \
gcc-multilib \
+ libgcc-s1:i386 \
acl \
libacl1-dev \
libacl1:i386 \
@@ -27,13 +29,16 @@ jobs:
libcap-dev \
libcap2:i386 \
libonig-dev \
- libonig5:i386
+ libonig5:i386 \
+ liburing-dev
# Ubuntu doesn't let you install the -dev packages for both amd64 and
- # i386 at once, so we make our own symlinks to fix -m32 -lacl -lattr -lcap
+ # i386 at once, so we make our own symlinks to fix -m32 -lacl -l...
sudo ln -s libacl.so.1 /lib/i386-linux-gnu/libacl.so
sudo ln -s libattr.so.1 /lib/i386-linux-gnu/libattr.so
sudo ln -s libcap.so.2 /lib/i386-linux-gnu/libcap.so
sudo ln -s libonig.so.5 /lib/i386-linux-gnu/libonig.so
+ # Work around https://github.com/actions/runner-images/issues/9491
+ sudo sysctl vm.mmap_rnd_bits=28
- name: Run tests
run: |
@@ -42,46 +47,175 @@ jobs:
macos:
name: macOS
- runs-on: macos-latest
+ runs-on: macos-14
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Install dependencies
run: |
- brew install coreutils
+ brew install \
+ bash \
+ expect
- name: Run tests
run: |
- make -j$(sysctl -n hw.ncpu) distcheck
+ jobs=$(sysctl -n hw.ncpu)
+ make -j$jobs distcheck
freebsd:
name: FreeBSD
- if: ${{ github.repository_owner == 'tavianator' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }}
+ runs-on: ubuntu-22.04
- runs-on: ubuntu-latest
+ steps:
+ - uses: actions/checkout@v4
- concurrency: spurion
+ - name: Run tests
+ uses: vmactions/freebsd-vm@v1
+ with:
+ release: "14.0"
+ usesh: true
+ copyback: false
+
+ prepare: |
+ pkg install -y \
+ bash \
+ expect \
+ gmake \
+ oniguruma \
+ sudo \
+ tcl-wrapper
+ pw useradd -n action -m -G wheel -s /usr/local/bin/bash
+ echo "%wheel ALL=(ALL) NOPASSWD: ALL" >>/usr/local/etc/sudoers
+ mount -t fdescfs none /dev/fd
+
+ run: |
+ chown -R action:action .
+ sudo -u action gmake -j$(nproc) distcheck
+
+ openbsd:
+ name: OpenBSD
+
+ runs-on: ubuntu-22.04
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- - uses: tailscale/github-action@main
+ - name: Run tests
+ uses: vmactions/openbsd-vm@v1
with:
- authkey: ${{ secrets.TAILSCALE_KEY }}
+ release: "7.4"
+ usesh: true
+ copyback: false
+
+ prepare: |
+ pkg_add \
+ bash \
+ expect \
+ gmake \
+ oniguruma
+ adduser -group USER -batch action wheel </dev/null
+ cp /etc/examples/doas.conf /etc/doas.conf
+ echo "permit nopass keepenv :wheel" >>/etc/doas.conf
+
+ run: |
+ chown -R action:action .
+ jobs=$(sysctl -n hw.ncpu)
+ doas -u action gmake -j$jobs check TEST_FLAGS="--sudo=doas --verbose=skipped"
+
+ netbsd:
+ name: NetBSD
+
+ runs-on: ubuntu-22.04
- - name: Configure SSH
- env:
- SSH_KEY: ${{ secrets.SSH_KEY }}
- run: |
- mkdir ~/.ssh
- printf '%s' "$SSH_KEY" >~/.ssh/github-actions
- chmod 0600 ~/.ssh/github-actions
- printf 'Host %s\n\tStrictHostKeyChecking=accept-new\n\tUser github\n\tIdentityFile ~/.ssh/github-actions\n' "$(tailscale ip -6 spurion)" >~/.ssh/config
+ steps:
+ - uses: actions/checkout@v4
- name: Run tests
- run: |
- spurion=$(tailscale ip -6 spurion)
- rsync -rl --delete . "[$spurion]:bfs"
- ssh "$spurion" 'gmake -C bfs -j$(sysctl -n hw.ncpu) distcheck'
+ uses: vmactions/netbsd-vm@v1
+ with:
+ release: "9.3"
+ usesh: true
+ copyback: false
+
+ prepare: |
+ PATH="/sbin:/usr/sbin:$PATH"
+ pkg_add \
+ bash \
+ clang \
+ gmake \
+ oniguruma \
+ sudo \
+ tcl-expect
+ useradd -m -G wheel -g =uid action
+ echo "%wheel ALL=(ALL) NOPASSWD: ALL" >>/usr/pkg/etc/sudoers
+
+ run: |
+ PATH="/sbin:/usr/sbin:$PATH"
+ chown -R action:action .
+ jobs=$(sysctl -n hw.ncpu)
+ sudo -u action gmake -j$jobs check CC=clang LDFLAGS="-rpath /usr/pkg/lib" TEST_FLAGS="--sudo --verbose=skipped"
+
+ dragonflybsd:
+ name: DragonFly BSD
+
+ runs-on: ubuntu-22.04
+
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Run tests
+ uses: vmactions/dragonflybsd-vm@v1
+ with:
+ release: "6.4.0"
+ usesh: true
+ copyback: false
+
+ prepare: |
+ pkg install -y \
+ bash \
+ expect \
+ gmake \
+ oniguruma \
+ sudo \
+ tcl-wrapper
+ pw useradd -n action -m -G wheel -s /usr/local/bin/bash
+ echo "%wheel ALL=(ALL) NOPASSWD: ALL" >>/usr/local/etc/sudoers
+
+ run: |
+ chown -R action:action .
+ jobs=$(sysctl -n hw.ncpu)
+ sudo -u action gmake -j$jobs check TEST_FLAGS="--sudo --verbose=skipped"
+
+ omnios:
+ name: OmniOS
+
+ runs-on: ubuntu-22.04
+
+ steps:
+ - uses: actions/checkout@v4
+
+ - name: Run tests
+ uses: vmactions/omnios-vm@v1
+ with:
+ release: "r151048"
+ usesh: true
+ copyback: false
+
+ prepare: |
+ pkg install \
+ bash \
+ build-essential \
+ expect \
+ gnu-make \
+ onig \
+ sudo
+ useradd -m -g staff action
+ echo "%staff ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers
+
+ run: |
+ PATH="/usr/xpg4/bin:$PATH"
+ chown -R action:staff .
+ jobs=$(getconf NPROCESSORS_ONLN)
+ sudo -u action gmake -j$jobs check LDFLAGS="-Wl,-rpath,/opt/ooce/lib/amd64" TEST_FLAGS="--sudo --verbose=skipped"
diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml
index c8808d3..9c2119b 100644
--- a/.github/workflows/codecov.yml
+++ b/.github/workflows/codecov.yml
@@ -1,18 +1,19 @@
name: codecov.io
-on: [push, pull_request]
+on: [push]
jobs:
build:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-22.04
steps:
- - uses: actions/checkout@v3
+ - uses: actions/checkout@v4
- name: Install dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y \
+ expect \
gcc \
acl \
libacl1-dev \
@@ -20,13 +21,15 @@ jobs:
libattr1-dev \
libcap2-bin \
libcap-dev \
- libonig-dev
+ libonig-dev \
+ liburing-dev
- name: Generate coverage
run: |
make -j$(nproc) gcov check TEST_FLAGS="--sudo"
- gcov -abcfu obj/*/*.o
+ gcov -abcfpu obj/*/*.o
- - uses: codecov/codecov-action@v3.1.0
+ - uses: codecov/codecov-action@v3
with:
+ token: ${{ secrets.CODECOV_TOKEN }}
fail_ci_if_error: true
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
new file mode 100644
index 0000000..71073c6
--- /dev/null
+++ b/.github/workflows/codeql.yml
@@ -0,0 +1,56 @@
+name: CodeQL
+
+on:
+ push:
+ branches:
+ - main
+ pull_request:
+ branches:
+ - main
+ schedule:
+ - cron: "10 14 * * 2"
+
+jobs:
+ analyze:
+ name: Analyze
+ runs-on: ubuntu-22.04
+ permissions:
+ actions: read
+ contents: read
+ security-events: write
+
+ strategy:
+ fail-fast: false
+
+ steps:
+ - name: Checkout
+ uses: actions/checkout@v4
+
+ - name: Install dependencies
+ run: |
+ sudo apt-get update -y
+ sudo apt-get install -y \
+ gcc \
+ acl \
+ libacl1-dev \
+ attr \
+ libattr1-dev \
+ libcap2-bin \
+ libcap-dev \
+ libonig-dev \
+ liburing-dev
+
+ - name: Initialize CodeQL
+ uses: github/codeql-action/init@v3
+ with:
+ languages: cpp
+ queries: +security-and-quality
+
+ - name: Build
+ run: |
+ make -j$(nproc) all
+
+ - name: Perform CodeQL Analysis
+ uses: github/codeql-action/analyze@v3
+ with:
+ category: "/language:cpp"