diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/ci.yml | 186 | ||||
-rw-r--r-- | .github/workflows/codecov.yml | 15 | ||||
-rw-r--r-- | .github/workflows/codeql.yml | 56 |
3 files changed, 225 insertions, 32 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9db363d..4c1c89c 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,17 +6,19 @@ jobs: linux: name: Linux - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: | sudo dpkg --add-architecture i386 sudo apt-get update -y sudo apt-get install -y \ + expect \ gcc-multilib \ + libgcc-s1:i386 \ acl \ libacl1-dev \ libacl1:i386 \ @@ -27,13 +29,16 @@ jobs: libcap-dev \ libcap2:i386 \ libonig-dev \ - libonig5:i386 + libonig5:i386 \ + liburing-dev # Ubuntu doesn't let you install the -dev packages for both amd64 and - # i386 at once, so we make our own symlinks to fix -m32 -lacl -lattr -lcap + # i386 at once, so we make our own symlinks to fix -m32 -lacl -l... sudo ln -s libacl.so.1 /lib/i386-linux-gnu/libacl.so sudo ln -s libattr.so.1 /lib/i386-linux-gnu/libattr.so sudo ln -s libcap.so.2 /lib/i386-linux-gnu/libcap.so sudo ln -s libonig.so.5 /lib/i386-linux-gnu/libonig.so + # Work around https://github.com/actions/runner-images/issues/9491 + sudo sysctl vm.mmap_rnd_bits=28 - name: Run tests run: | @@ -42,46 +47,175 @@ jobs: macos: name: macOS - runs-on: macos-latest + runs-on: macos-14 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: | - brew install coreutils + brew install \ + bash \ + expect - name: Run tests run: | - make -j$(sysctl -n hw.ncpu) distcheck + jobs=$(sysctl -n hw.ncpu) + make -j$jobs distcheck freebsd: name: FreeBSD - if: ${{ github.repository_owner == 'tavianator' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }} + runs-on: ubuntu-22.04 - runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 - concurrency: spurion + - name: Run tests + uses: vmactions/freebsd-vm@v1 + with: + release: "14.0" + usesh: true + copyback: false + + prepare: | + pkg install -y \ + bash \ + expect \ + gmake \ + oniguruma \ + sudo \ + tcl-wrapper + pw useradd -n action -m -G wheel -s /usr/local/bin/bash + echo "%wheel ALL=(ALL) NOPASSWD: ALL" >>/usr/local/etc/sudoers + mount -t fdescfs none /dev/fd + + run: | + chown -R action:action . + sudo -u action gmake -j$(nproc) distcheck + + openbsd: + name: OpenBSD + + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: tailscale/github-action@main + - name: Run tests + uses: vmactions/openbsd-vm@v1 with: - authkey: ${{ secrets.TAILSCALE_KEY }} + release: "7.4" + usesh: true + copyback: false + + prepare: | + pkg_add \ + bash \ + expect \ + gmake \ + oniguruma + adduser -group USER -batch action wheel </dev/null + cp /etc/examples/doas.conf /etc/doas.conf + echo "permit nopass keepenv :wheel" >>/etc/doas.conf + + run: | + chown -R action:action . + jobs=$(sysctl -n hw.ncpu) + doas -u action gmake -j$jobs check TEST_FLAGS="--sudo=doas --verbose=skipped" + + netbsd: + name: NetBSD + + runs-on: ubuntu-22.04 - - name: Configure SSH - env: - SSH_KEY: ${{ secrets.SSH_KEY }} - run: | - mkdir ~/.ssh - printf '%s' "$SSH_KEY" >~/.ssh/github-actions - chmod 0600 ~/.ssh/github-actions - printf 'Host %s\n\tStrictHostKeyChecking=accept-new\n\tUser github\n\tIdentityFile ~/.ssh/github-actions\n' "$(tailscale ip -6 spurion)" >~/.ssh/config + steps: + - uses: actions/checkout@v4 - name: Run tests - run: | - spurion=$(tailscale ip -6 spurion) - rsync -rl --delete . "[$spurion]:bfs" - ssh "$spurion" 'gmake -C bfs -j$(sysctl -n hw.ncpu) distcheck' + uses: vmactions/netbsd-vm@v1 + with: + release: "9.3" + usesh: true + copyback: false + + prepare: | + PATH="/sbin:/usr/sbin:$PATH" + pkg_add \ + bash \ + clang \ + gmake \ + oniguruma \ + sudo \ + tcl-expect + useradd -m -G wheel -g =uid action + echo "%wheel ALL=(ALL) NOPASSWD: ALL" >>/usr/pkg/etc/sudoers + + run: | + PATH="/sbin:/usr/sbin:$PATH" + chown -R action:action . + jobs=$(sysctl -n hw.ncpu) + sudo -u action gmake -j$jobs check CC=clang LDFLAGS="-rpath /usr/pkg/lib" TEST_FLAGS="--sudo --verbose=skipped" + + dragonflybsd: + name: DragonFly BSD + + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + + - name: Run tests + uses: vmactions/dragonflybsd-vm@v1 + with: + release: "6.4.0" + usesh: true + copyback: false + + prepare: | + pkg install -y \ + bash \ + expect \ + gmake \ + oniguruma \ + sudo \ + tcl-wrapper + pw useradd -n action -m -G wheel -s /usr/local/bin/bash + echo "%wheel ALL=(ALL) NOPASSWD: ALL" >>/usr/local/etc/sudoers + + run: | + chown -R action:action . + jobs=$(sysctl -n hw.ncpu) + sudo -u action gmake -j$jobs check TEST_FLAGS="--sudo --verbose=skipped" + + omnios: + name: OmniOS + + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + + - name: Run tests + uses: vmactions/omnios-vm@v1 + with: + release: "r151048" + usesh: true + copyback: false + + prepare: | + pkg install \ + bash \ + build-essential \ + expect \ + gnu-make \ + onig \ + sudo + useradd -m -g staff action + echo "%staff ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers + + run: | + PATH="/usr/xpg4/bin:$PATH" + chown -R action:staff . + jobs=$(getconf NPROCESSORS_ONLN) + sudo -u action gmake -j$jobs check LDFLAGS="-Wl,-rpath,/opt/ooce/lib/amd64" TEST_FLAGS="--sudo --verbose=skipped" diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index c8808d3..9c2119b 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -1,18 +1,19 @@ name: codecov.io -on: [push, pull_request] +on: [push] jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: | sudo apt-get update -y sudo apt-get install -y \ + expect \ gcc \ acl \ libacl1-dev \ @@ -20,13 +21,15 @@ jobs: libattr1-dev \ libcap2-bin \ libcap-dev \ - libonig-dev + libonig-dev \ + liburing-dev - name: Generate coverage run: | make -j$(nproc) gcov check TEST_FLAGS="--sudo" - gcov -abcfu obj/*/*.o + gcov -abcfpu obj/*/*.o - - uses: codecov/codecov-action@v3.1.0 + - uses: codecov/codecov-action@v3 with: + token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..71073c6 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,56 @@ +name: CodeQL + +on: + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: "10 14 * * 2" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-22.04 + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install dependencies + run: | + sudo apt-get update -y + sudo apt-get install -y \ + gcc \ + acl \ + libacl1-dev \ + attr \ + libattr1-dev \ + libcap2-bin \ + libcap-dev \ + libonig-dev \ + liburing-dev + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: cpp + queries: +security-and-quality + + - name: Build + run: | + make -j$(nproc) all + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:cpp" |