-
Notifications
You must be signed in to change notification settings - Fork 17
138 lines (132 loc) · 4.64 KB
/
main.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
# Copyright 2020 Tresys Technology, LLC
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: C/C++ CI
on: [push, pull_request]
jobs:
build:
name: build (${{ matrix.cc }})
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
cc: [ 'gcc', 'clang' ]
include:
- is_release_job: false
- is_release_job: true
cc: 'gcc'
env:
CC: ${{ matrix.cc }}
steps:
- uses: actions/checkout@v4
# Prevent Clang from using DWARF5, not supported by the valgrind version in runners
- name: Set environment for Clang
run: |
echo "CC=clang-17" >> $GITHUB_ENV
echo "CFLAGS=-gdwarf-4 -O2" >> $GITHUB_ENV
if: ${{ matrix.cc == 'clang' }}
- name: install clang repo
run: |
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key 2>/dev/null | sudo apt-key add -
sudo add-apt-repository 'deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-17 main' -y
sudo apt-get update -q
sudo apt-get install -y clang-17
if: ${{ matrix.cc == 'clang' }}
- name: install dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y check uthash-dev libconfuse-dev autoconf-archive bison byacc flex valgrind help2man bats
- name: autogen
run: ./autogen.sh
- name: configure
run: |
if [[ ${{ matrix.cc }} == 'gcc' ]]
then
./configure --enable-werror CFLAGS=--coverage || (cat config.log; exit 1;)
else
./configure --enable-werror || (cat config.log; exit 1;)
fi
- name: make
run: make
- name: make check
run: make check || (cat tests/test-suite.log; exit 1;)
- name: make check-valgrind
run: make check-valgrind || (cat tests/test-suite-memcheck.log; exit 1;)
- name: make distcheck
run: make distcheck DISTCHECK_CONFIGURE_FLAGS=--enable-werror
- name: functional tests
run : |
cd ./tests/functional
BATS_TIME_EXPENSIVE=1 bats end-to-end.bats
- name: Test distribution
run : |
make VERSION=pipeline-test dist
tar xvzf selint-pipeline-test.tar.gz
cd selint-pipeline-test
./configure --enable-werror
make
cd tests/functional
BATS_TIME_EXPENSIVE=1 bats end-to-end.bats
- name: checkout refpolicy
uses: actions/checkout@v4
with:
repository: SELinuxProject/refpolicy
path: refpolicy
- name: refpolicy parse test
run : |
cd refpolicy/
make conf
../src/selint -c ../selint.conf -s -r -e C-001 --summary-only .
- name: Release Info
id: release_info
run: |
if [[ '${{ github.ref }}' == refs/tags/v* && ${{ matrix.is_release_job }} == 'true' ]]
then
echo is_release=true >> $GITHUB_OUTPUT
echo tag=$(echo ${{ github.ref }} | cut -dv -f2) >> $GITHUB_OUTPUT
else
echo is_release=false >> $GITHUB_OUTPUT
fi
shell: bash
- name: Create Release
id: create_release
if: steps.release_info.outputs.is_release == 'true'
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ github.ref }}
release_name: v${{ steps.release_info.outputs.tag }}
draft: false
prerelease: false
- name: Upload Release Artifact
if: steps.release_info.outputs.is_release == 'true'
uses: actions/[email protected]
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
# This pulls from the CREATE RELEASE step above, referencing it's ID to
# get its outputs object, which include a `upload_url`
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: ./selint-${{ steps.release_info.outputs.tag }}.tar.gz
asset_name: selint-${{ steps.release_info.outputs.tag }}.tar.gz
asset_content_type: application/tar+gzip
whitespace_check:
name: Whitespace Check
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- name: check-whitespaces
run: git diff-tree --check origin/main HEAD