diff options
Diffstat (limited to '.github/workflows/nightly.yml')
-rw-r--r-- | .github/workflows/nightly.yml | 124 |
1 files changed, 82 insertions, 42 deletions
diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml index 47ebf464d..856da28a3 100644 --- a/.github/workflows/nightly.yml +++ b/.github/workflows/nightly.yml @@ -7,7 +7,7 @@ on: - cron: '15 1 * * *' env: - docker-registry: docker.pkg.github.com + docker-registry: ghcr.io docker-config-path: source/ci/docker jobs: @@ -15,71 +15,75 @@ jobs: # targets and their details. Then we build either in a docker container # (Linux) or on the actual hosts (macOS, Windows). build: - name: Build + # Only run scheduled workflows on the main repository; prevents people + # from using build minutes on their forks. + if: github.repository == 'libgit2/libgit2' + strategy: matrix: platform: - - # Xenial, GCC, OpenSSL + - name: Linux (Xenial, GCC, OpenSSL) container: name: xenial env: CC: gcc CMAKE_GENERATOR: Ninja - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON os: ubuntu-latest - - # Xenial, GCC, mbedTLS + - name: "Linux (Xenial, GCC, mbedTLS)" container: name: xenial env: CC: gcc CMAKE_GENERATOR: Ninja - CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON os: ubuntu-latest - - # Xenial, Clang, OpenSSL + - name: "Linux (Xenial, Clang, OpenSSL)" container: name: xenial env: CC: clang CMAKE_GENERATOR: Ninja - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON os: ubuntu-latest - - # Xenial, Clang, mbedTLS + - name: "Linux (Xenial, Clang, mbedTLS)" container: name: xenial env: CC: clang - CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON CMAKE_GENERATOR: Ninja os: ubuntu-latest - - # Xenial, GCC, thread-free + - name: "Linux (no threads)" container: name: xenial env: CC: gcc - CMAKE_OPTIONS: -DTHREADSAFE=OFF -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DTHREADSAFE=OFF -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON CMAKE_GENERATOR: Ninja os: ubuntu-latest - - # Xenial, Clang, OpenSSL (dynamically loaded) + - name: "Linux (dynamically-loaded OpenSSL)" container: name: xenial env: CC: clang - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON CMAKE_GENERATOR: Ninja os: ubuntu-latest - - # Focal, Clang 10, mbedTLS, MemorySanitizer + - name: "Linux (MemorySanitizer)" container: name: focal env: CC: clang-10 CFLAGS: -fsanitize=memory -fsanitize-memory-track-origins=2 -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer - CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local/msan -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON + CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local/msan -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON CMAKE_GENERATOR: Ninja SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 + UBSAN_OPTIONS: print_stacktrace=1 os: ubuntu-latest - - # Focal, Clang 10, OpenSSL, UndefinedBehaviorSanitizer + - name: "Linux (UndefinedBehaviorSanitizer)" container: name: focal env: @@ -91,7 +95,7 @@ jobs: SKIP_NEGOTIATE_TESTS: true ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 os: ubuntu-latest - - # Focal, Clang 10, OpenSSL, ThreadSanitizer + - name: "Linux (ThreadSanitizer)" container: name: focal env: @@ -104,7 +108,7 @@ jobs: ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 TSAN_OPTIONS: suppressions=/home/libgit2/source/script/thread-sanitizer.supp second_deadlock_stack=1 os: ubuntu-latest - - # Focal, Clang 10, mmap emulation (NO_MMAP) + - name: "Linux (no mmap)" container: name: focal env: @@ -115,23 +119,23 @@ jobs: SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true os: ubuntu-latest - - # CentOS 7 + - name: "Linux (CentOS 7)" container: name: centos7 env: - CMAKE_OPTIONS: -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON PKG_CONFIG_PATH: /usr/local/lib/pkgconfig SKIP_NEGOTIATE_TESTS: true os: ubuntu-latest - - # CentOS 7, OpenSSL (dynamically loaded) + - name: "Linux (CentOS 7, dynamically-loaded OpenSSL)" container: name: centos7 env: - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON PKG_CONFIG_PATH: /usr/local/lib/pkgconfig SKIP_NEGOTIATE_TESTS: true os: ubuntu-latest - - # CentOS 8 + - name: "Linux (CentOS 8)" container: name: centos8 env: @@ -140,7 +144,7 @@ jobs: SKIP_NEGOTIATE_TESTS: true SKIP_SSH_TESTS: true os: ubuntu-latest - - # CentOS 8, OpenSSL (dynamically loaded) + - name: "Linux (CentOS 8, dynamically-loaded OpenSSL)" container: name: centos8 env: @@ -149,7 +153,7 @@ jobs: SKIP_NEGOTIATE_TESTS: true SKIP_SSH_TESTS: true os: ubuntu-latest - - # macOS + - name: "macOS" os: macos-10.15 env: CC: clang @@ -158,7 +162,7 @@ jobs: SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true setup-script: osx - - # Windows amd64 Visual Studio + - name: "Windows (amd64, Visual Studio)" os: windows-2019 env: ARCH: amd64 @@ -166,7 +170,7 @@ jobs: CMAKE_OPTIONS: -A x64 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - - # Windows amd64 Visual Studio (NO_MMAP) + - name: "Windows (no mmap)" os: windows-2019 env: ARCH: amd64 @@ -175,7 +179,7 @@ jobs: CMAKE_OPTIONS: -A x64 -DDEPRECATE_HARD=ON SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - - # Windows x86 Visual Studio + - name: "Windows (x86, Visual Studio)" os: windows-2019 env: ARCH: x86 @@ -183,7 +187,7 @@ jobs: CMAKE_OPTIONS: -A Win32 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_SHA1=HTTPS -DUSE_BUNDLED_ZLIB=ON SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - - # Windows amd64 mingw + - name: "Windows (amd64, mingw)" os: windows-2019 setup-script: mingw env: @@ -194,7 +198,7 @@ jobs: BUILD_PATH: D:\Temp\mingw64\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - - # Windows x86 mingw + - name: "Windows (x86, mingw)" os: windows-2019 setup-script: mingw env: @@ -205,17 +209,17 @@ jobs: BUILD_PATH: D:\Temp\mingw32\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - - # Bionic, GCC, OpenSSL (dynamically loaded) + - name: "Linux (Bionic, GCC, dynamically-loaded OpenSSL)" container: name: bionic dockerfile: bionic env: CC: gcc CMAKE_GENERATOR: Ninja - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON RUN_INVASIVE_TESTS: true os: ubuntu-latest - - # Bionic, x86, Clang, OpenSSL + - name: "Linux (x86, Bionic, Clang, OpenSSL)" container: name: bionic-x86 dockerfile: bionic @@ -223,20 +227,20 @@ jobs: env: CC: clang CMAKE_GENERATOR: Ninja - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON RUN_INVASIVE_TESTS: true os: ubuntu-latest - - # Bionic, x86, GCC, OpenSSL + - name: "Linux (x86, Bionic, GCC, OpenSSL)" container: name: bionic-x86 dockerfile: bionic env: CC: gcc CMAKE_GENERATOR: Ninja - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON RUN_INVASIVE_TESTS: true os: ubuntu-latest - - # Bionic, arm32, GCC, OpenSSL + - name: "Linux (arm32, Bionic, GCC, OpenSSL)" container: name: bionic-arm32 dockerfile: bionic @@ -244,11 +248,12 @@ jobs: env: CC: gcc CMAKE_GENERATOR: Ninja - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON -DUSE_SSH=ON RUN_INVASIVE_TESTS: true SKIP_PROXY_TESTS: true + GITTEST_FLAKY_STAT: true os: ubuntu-latest - - # Bionic, arm64, GCC, OpenSSL + - name: "Linux (arm64, Bionic, GCC, OpenSSL)" container: name: bionic-arm64 dockerfile: bionic @@ -256,11 +261,12 @@ jobs: env: CC: gcc CMAKE_GENERATOR: Ninja - CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON -DUSE_SSH=ON RUN_INVASIVE_TESTS: true SKIP_PROXY_TESTS: true os: ubuntu-latest fail-fast: false + name: "Build ${{ matrix.platform.name }}" env: ${{ matrix.platform.env }} runs-on: ${{ matrix.platform.os }} steps: @@ -270,7 +276,7 @@ jobs: path: source fetch-depth: 0 - name: Set up build environment - run: source/ci/setup-${{ matrix.platform.setup-script }}.sh + run: source/ci/setup-${{ matrix.platform.setup-script }}-build.sh shell: bash if: matrix.platform.setup-script != '' - name: Setup QEMU @@ -304,6 +310,7 @@ jobs: -e CMAKE_GENERATOR \ -e CMAKE_OPTIONS \ -e GITTEST_NEGOTIATE_PASSWORD \ + -e GITTEST_FLAKY_STAT \ -e PKG_CONFIG_PATH \ -e SKIP_NEGOTIATE_TESTS \ -e SKIP_SSH_TESTS \ @@ -318,6 +325,10 @@ jobs: shell: bash coverity: + # Only run scheduled workflows on the main repository; prevents people + # from using build minutes on their forks. + if: github.repository == 'libgit2/libgit2' + name: Coverity runs-on: ubuntu-latest steps: @@ -337,3 +348,32 @@ jobs: run: source/ci/coverity.sh env: COVERITY_TOKEN: ${{ secrets.coverity_token }} + + codeql: + # Only run scheduled workflows on the main repository; prevents people + # from using build minutes on their forks. + if: github.repository == 'libgit2/libgit2' + + name: CodeQL + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: 'cpp' + + - name: Build + run: | + mkdir build + cd build + cmake .. -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON + cmake --build . + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 |