diff --git a/.github/workflows/block-autosquash-commits.yml b/.github/workflows/block-autosquash-commits.yml new file mode 100644 index 0000000..43d6771 --- /dev/null +++ b/.github/workflows/block-autosquash-commits.yml @@ -0,0 +1,15 @@ +on: pull_request + +name: Pull Requests + +jobs: + message-check: + name: Block Autosquash Commits + + runs-on: ubuntu-latest + + steps: + - name: Block Autosquash Commits + uses: xt0rted/block-autosquash-commits-action@v2.0.0 + with: + repo-token: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/check.yml b/.github/workflows/check.yml new file mode 100644 index 0000000..c217381 --- /dev/null +++ b/.github/workflows/check.yml @@ -0,0 +1,94 @@ +name: CI checks + +on: + push: + branches: + - master + pull_request: + branches: + - master + +jobs: + check: + name: Build with gcc and test + runs-on: ubuntu-latest + steps: + - name: Check out + uses: actions/checkout@v1 + - name: Install build-dependencies + run: sudo ./ci/builddeps.sh + - name: Create logs dir + run: mkdir test-logs + - name: autogen.sh + run: NOCONFIGURE=1 ./autogen.sh + - name: configure + run: | + mkdir _build + pushd _build + ../configure \ + --enable-man \ + --enable-selinux \ + ${NULL+} + popd + env: + CFLAGS: >- + -O2 + -Wp,-D_FORTIFY_SOURCE=2 + -fsanitize=address + -fsanitize=undefined + - name: make + run: make -C _build -j $(getconf _NPROCESSORS_ONLN) V=1 + - name: smoke-test + run: | + set -x + ./_build/bwrap --bind / / --tmpfs /tmp true + env: + ASAN_OPTIONS: detect_leaks=0 + - name: check + run: | + make -C _build -j $(getconf _NPROCESSORS_ONLN) check VERBOSE=1 BWRAP_MUST_WORK=1 + env: + ASAN_OPTIONS: detect_leaks=0 + - name: Collect overall test logs on failure + if: failure() + run: mv _build/test-suite.log test-logs/ || true + - name: Collect individual test logs on cancel + if: failure() || cancelled() + run: mv _build/tests/*.log test-logs/ || true + - name: Upload test logs + uses: actions/upload-artifact@v1 + if: failure() || cancelled() + with: + name: test logs + path: test-logs + + clang: + name: Build with clang and analyze + runs-on: ubuntu-latest + strategy: + fail-fast: false + matrix: + language: + - cpp + steps: + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: ${{ matrix.language }} + - name: Check out + uses: actions/checkout@v1 + - name: Install build-dependencies + run: sudo ./ci/builddeps.sh --clang + - name: autogen.sh + run: NOCONFIGURE=1 ./autogen.sh + - name: configure + run: ./configure --enable-selinux + env: + CC: clang + CFLAGS: >- + -O2 + -Werror=unused-variable + - name: make + run: make -j $(getconf _NPROCESSORS_ONLN) V=1 + - name: CodeQL analysis + uses: github/codeql-action/analyze@v1 diff --git a/ci/builddeps.sh b/ci/builddeps.sh new file mode 100755 index 0000000..e810edf --- /dev/null +++ b/ci/builddeps.sh @@ -0,0 +1,110 @@ +#!/bin/bash +# Copyright 2021 Simon McVittie +# SPDX-License-Identifier: LGPL-2.0-or-later + +set -eux +set -o pipefail + +usage () { + if [ "${1-2}" -ne 0 ]; then + exec >&2 + fi + cat <&2 + usage 2 + ;; + esac +done + +# No more arguments please +for arg in "$@"; do + usage 2 +done + +if dpkg-vendor --derives-from Debian; then + apt-get -y update + apt-get -q -y install \ + autoconf \ + automake \ + build-essential \ + docbook-xml \ + docbook-xsl \ + libcap-dev \ + libselinux1-dev \ + libtool \ + pkg-config \ + python-is-python2 \ + python3 \ + xsltproc \ + ${NULL+} + + if [ -n "${opt_clang}" ]; then + apt-get -y install clang + fi + + exit 0 +fi + +if command -v yum; then + yum -y install \ + 'pkgconfig(libselinux)' \ + /usr/bin/eu-readelf \ + autoconf \ + automake \ + docbook-style-xsl \ + gcc \ + git \ + libasan \ + libcap-devel \ + libtool \ + libtsan \ + libubsan \ + libxslt \ + make \ + redhat-rpm-config \ + rsync \ + ${NULL+} + + if [ -n "${opt_clang}" ]; then + yum -y install clang + fi + + exit 0 +fi + +echo "Unknown distribution" >&2 +exit 1 + +# vim:set sw=4 sts=4 et: