diff options
Diffstat (limited to '.github')
| -rw-r--r-- | .github/codeql.yml | 9 | ||||
| -rw-r--r-- | .github/dependabot.yml | 6 | ||||
| -rw-r--r-- | .github/workflows/ci.yml | 173 | ||||
| -rw-r--r-- | .github/workflows/codecov.yml | 19 | ||||
| -rw-r--r-- | .github/workflows/codeql.yml | 60 |
5 files changed, 230 insertions, 37 deletions
diff --git a/.github/codeql.yml b/.github/codeql.yml new file mode 100644 index 0000000..6ff8337 --- /dev/null +++ b/.github/codeql.yml @@ -0,0 +1,9 @@ +query-filters: + - exclude: + id: cpp/commented-out-code + - exclude: + id: cpp/long-switch + - exclude: + id: cpp/loop-variable-changed + - exclude: + id: cpp/poorly-documented-function diff --git a/.github/dependabot.yml b/.github/dependabot.yml new file mode 100644 index 0000000..5ace460 --- /dev/null +++ b/.github/dependabot.yml @@ -0,0 +1,6 @@ +version: 2 +updates: + - package-ecosystem: "github-actions" + directory: "/" + schedule: + interval: "weekly" diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9db363d..3890bb0 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -6,34 +6,36 @@ jobs: linux: name: Linux - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: | sudo dpkg --add-architecture i386 sudo apt-get update -y sudo apt-get install -y \ + expect \ gcc-multilib \ + libgcc-s1:i386 \ acl \ libacl1-dev \ libacl1:i386 \ attr \ - libattr1-dev \ - libattr1:i386 \ libcap2-bin \ libcap-dev \ libcap2:i386 \ libonig-dev \ - libonig5:i386 + libonig5:i386 \ + liburing-dev # Ubuntu doesn't let you install the -dev packages for both amd64 and - # i386 at once, so we make our own symlinks to fix -m32 -lacl -lattr -lcap + # i386 at once, so we make our own symlinks to fix -m32 -lacl -l... sudo ln -s libacl.so.1 /lib/i386-linux-gnu/libacl.so - sudo ln -s libattr.so.1 /lib/i386-linux-gnu/libattr.so sudo ln -s libcap.so.2 /lib/i386-linux-gnu/libcap.so sudo ln -s libonig.so.5 /lib/i386-linux-gnu/libonig.so + # Work around https://github.com/actions/runner-images/issues/9491 + sudo sysctl vm.mmap_rnd_bits=28 - name: Run tests run: | @@ -42,46 +44,159 @@ jobs: macos: name: macOS - runs-on: macos-latest + runs-on: macos-14 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: | - brew install coreutils + brew install \ + bash \ + expect - name: Run tests run: | - make -j$(sysctl -n hw.ncpu) distcheck + jobs=$(sysctl -n hw.ncpu) + make -j$jobs distcheck freebsd: name: FreeBSD - if: ${{ github.repository_owner == 'tavianator' && (github.event_name != 'pull_request' || github.event.pull_request.head.repo.full_name == github.repository) }} + runs-on: ubuntu-22.04 - runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + - name: Run tests + uses: cross-platform-actions/action@v0.24.0 + with: + operating_system: freebsd + version: "14.0" + sync_files: runner-to-vm + + run: | + sudo pkg install -y \ + bash \ + expect \ + oniguruma \ + pkgconf \ + tcl-wrapper + sudo mount -t fdescfs none /dev/fd + make -j$(nproc) distcheck + + openbsd: + name: OpenBSD - concurrency: spurion + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - - uses: tailscale/github-action@main + - name: Run tests + uses: cross-platform-actions/action@v0.24.0 with: - authkey: ${{ secrets.TAILSCALE_KEY }} + operating_system: openbsd + version: "7.5" + sync_files: runner-to-vm - - name: Configure SSH - env: - SSH_KEY: ${{ secrets.SSH_KEY }} - run: | - mkdir ~/.ssh - printf '%s' "$SSH_KEY" >~/.ssh/github-actions - chmod 0600 ~/.ssh/github-actions - printf 'Host %s\n\tStrictHostKeyChecking=accept-new\n\tUser github\n\tIdentityFile ~/.ssh/github-actions\n' "$(tailscale ip -6 spurion)" >~/.ssh/config + run: | + sudo pkg_add \ + bash \ + expect \ + gmake \ + oniguruma + jobs=$(sysctl -n hw.ncpu) + gmake -j$jobs config + gmake -j$jobs check TEST_FLAGS="--sudo --verbose=skipped" + + netbsd: + name: NetBSD + + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 - name: Run tests - run: | - spurion=$(tailscale ip -6 spurion) - rsync -rl --delete . "[$spurion]:bfs" - ssh "$spurion" 'gmake -C bfs -j$(sysctl -n hw.ncpu) distcheck' + uses: cross-platform-actions/action@v0.24.0 + with: + operating_system: netbsd + version: "10.0" + sync_files: runner-to-vm + + run: | + PATH="/sbin:/usr/sbin:$PATH" + sudo pkgin -y install \ + bash \ + oniguruma \ + pkgconf \ + tcl-expect + jobs=$(sysctl -n hw.ncpu) + make -j$jobs config + make -j$jobs check TEST_FLAGS="--sudo --verbose=skipped" + + dragonflybsd: + name: DragonFly BSD + + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + + - name: Run tests + uses: vmactions/dragonflybsd-vm@v1 + with: + release: "6.4.0" + usesh: true + copyback: false + + prepare: | + pkg install -y \ + bash \ + expect \ + oniguruma \ + pkgconf \ + sudo \ + tcl-wrapper + pw useradd -n action -m -G wheel -s /usr/local/bin/bash + echo "%wheel ALL=(ALL) NOPASSWD: ALL" >>/usr/local/etc/sudoers + + run: | + chown -R action:action . + jobs=$(sysctl -n hw.ncpu) + sudo -u action make config + sudo -u action make -j$jobs check TEST_FLAGS="--sudo --verbose=skipped" + + omnios: + name: OmniOS + + runs-on: ubuntu-22.04 + + steps: + - uses: actions/checkout@v4 + + - name: Run tests + uses: vmactions/omnios-vm@v1 + with: + release: "r151048" + usesh: true + copyback: false + + prepare: | + pkg install \ + bash \ + build-essential \ + expect \ + gnu-make \ + onig \ + sudo + useradd -m -g staff action + echo "%staff ALL=(ALL) NOPASSWD: ALL" >>/etc/sudoers + + run: | + PATH="/usr/xpg4/bin:$PATH" + chown -R action:staff . + jobs=$(getconf NPROCESSORS_ONLN) + sudo -u action gmake config + sudo -u action gmake -j$jobs check TEST_FLAGS="--sudo --verbose=skipped" diff --git a/.github/workflows/codecov.yml b/.github/workflows/codecov.yml index c8808d3..2245f40 100644 --- a/.github/workflows/codecov.yml +++ b/.github/workflows/codecov.yml @@ -1,32 +1,35 @@ name: codecov.io -on: [push, pull_request] +on: [push] jobs: build: - runs-on: ubuntu-latest + runs-on: ubuntu-22.04 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Install dependencies run: | sudo apt-get update -y sudo apt-get install -y \ + expect \ gcc \ acl \ libacl1-dev \ attr \ - libattr1-dev \ libcap2-bin \ libcap-dev \ - libonig-dev + libonig-dev \ + liburing-dev - name: Generate coverage run: | - make -j$(nproc) gcov check TEST_FLAGS="--sudo" - gcov -abcfu obj/*/*.o + make config GCOV=y + make -j$(nproc) check TEST_FLAGS="--sudo" + gcov -abcfpu obj/*/*.o - - uses: codecov/codecov-action@v3.1.0 + - uses: codecov/codecov-action@v4 with: + token: ${{ secrets.CODECOV_TOKEN }} fail_ci_if_error: true diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..c21fda5 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,60 @@ +name: CodeQL + +on: + push: + branches: + - main + pull_request: + branches: + - main + schedule: + - cron: "10 14 * * 2" + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-22.04 + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Install dependencies + run: | + sudo apt-get update -y + sudo apt-get install -y \ + gcc \ + acl \ + libacl1-dev \ + attr \ + libcap2-bin \ + libcap-dev \ + libonig-dev \ + liburing-dev + + - name: Configure + run: | + make -j$(nproc) config + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: cpp + queries: +security-and-quality + config-file: .github/codeql.yml + + - name: Build + run: | + make -j$(nproc) all + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:cpp" |