Merge pull request #6796 from ConradIrwin/no-oob #3308
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Continuous integration and pull request validation builds for the | |
| # main and maintenance branches. | |
| name: CI Build | |
| on: | |
| push: | |
| branches: [ main, maint/* ] | |
| pull_request: | |
| branches: [ main, maint/* ] | |
| workflow_dispatch: | |
| env: | |
| docker-registry: ghcr.io | |
| docker-config-path: ci/docker | |
| permissions: | |
| contents: write | |
| packages: write | |
| jobs: | |
| # Run our CI/CD builds. We build a matrix with the various build targets | |
| # and their details. Then we build either in a docker container (Linux) | |
| # or on the actual hosts (macOS, Windows). | |
| build: | |
| strategy: | |
| matrix: | |
| platform: | |
| # All builds: core platforms | |
| - name: "Linux (Noble, GCC, OpenSSL, libssh2)" | |
| id: noble-gcc-openssl | |
| os: ubuntu-latest | |
| container: | |
| name: noble | |
| env: | |
| CC: gcc | |
| CMAKE_GENERATOR: Ninja | |
| CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=libssh2 -DDEBUG_STRICT_ALLOC=ON -DDEBUG_STRICT_OPEN=ON | |
| - name: "Linux (Noble, Clang, mbedTLS, OpenSSH)" | |
| id: noble-clang-mbedtls | |
| os: ubuntu-latest | |
| container: | |
| name: noble | |
| env: | |
| CC: clang | |
| CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=exec | |
| CMAKE_GENERATOR: Ninja | |
| - name: "Linux (Xenial, GCC, OpenSSL, OpenSSH)" | |
| id: xenial-gcc-openssl | |
| os: ubuntu-latest | |
| container: | |
| name: xenial | |
| env: | |
| CC: gcc | |
| CMAKE_GENERATOR: Ninja | |
| CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=exec -DDEBUG_STRICT_ALLOC=ON -DDEBUG_STRICT_OPEN=ON | |
| - name: "Linux (Xenial, Clang, mbedTLS, libssh2)" | |
| id: xenial-gcc-mbedtls | |
| os: ubuntu-latest | |
| container: | |
| name: xenial | |
| env: | |
| CC: clang | |
| CMAKE_GENERATOR: Ninja | |
| CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=libssh2 | |
| - name: "macOS" | |
| id: macos | |
| os: macos-12 | |
| setup-script: osx | |
| env: | |
| CC: clang | |
| CMAKE_OPTIONS: -DREGEX_BACKEND=regcomp_l -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=leaks -DUSE_GSSAPI=ON | |
| CMAKE_GENERATOR: Ninja | |
| PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| - name: "Windows (amd64, Visual Studio, Schannel)" | |
| id: windows-amd64-vs | |
| os: windows-2019 | |
| setup-script: win32 | |
| env: | |
| ARCH: amd64 | |
| CMAKE_GENERATOR: Visual Studio 16 2019 | |
| CMAKE_OPTIONS: -A x64 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel -DUSE_SSH=ON -DCMAKE_PREFIX_PATH=D:\Temp\libssh2 | |
| BUILD_PATH: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin;D:\Temp\libssh2\bin | |
| BUILD_TEMP: D:\Temp | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| - name: "Windows (x86, Visual Studio, WinHTTP)" | |
| id: windows-x86-vs | |
| os: windows-2019 | |
| setup-script: win32 | |
| env: | |
| ARCH: x86 | |
| CMAKE_GENERATOR: Visual Studio 16 2019 | |
| CMAKE_OPTIONS: -A Win32 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_SHA1=HTTPS -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON -DCMAKE_PREFIX_PATH=D:\Temp\libssh2 | |
| BUILD_PATH: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin;D:\Temp\libssh2\bin | |
| BUILD_TEMP: D:\Temp | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| - name: "Windows (amd64, mingw, WinHTTP)" | |
| id: windows-amd64-mingw | |
| os: windows-2019 | |
| setup-script: mingw | |
| env: | |
| ARCH: amd64 | |
| CMAKE_GENERATOR: MinGW Makefiles | |
| CMAKE_OPTIONS: -DDEPRECATE_HARD=ON | |
| BUILD_TEMP: D:\Temp | |
| BUILD_PATH: D:\Temp\mingw64\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| - name: "Windows (x86, mingw, Schannel)" | |
| id: windows-x86-mingw | |
| os: windows-2019 | |
| setup-script: mingw | |
| env: | |
| ARCH: x86 | |
| CMAKE_GENERATOR: MinGW Makefiles | |
| CMAKE_OPTIONS: -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel | |
| BUILD_TEMP: D:\Temp | |
| BUILD_PATH: D:\Temp\mingw32\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| # All builds: sanitizers | |
| - name: "Sanitizer (Memory)" | |
| id: sanitizer-memory | |
| os: ubuntu-latest | |
| setup-script: sanitizer | |
| container: | |
| name: noble | |
| env: | |
| CC: clang | |
| CFLAGS: -fsanitize=memory -fsanitize-memory-track-origins=2 -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer | |
| CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local/msan -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON | |
| CMAKE_GENERATOR: Ninja | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 | |
| UBSAN_OPTIONS: print_stacktrace=1 | |
| - name: "Sanitizer (Address)" | |
| id: sanitizer-address | |
| os: ubuntu-latest | |
| setup-script: sanitizer | |
| container: | |
| name: noble | |
| env: | |
| CC: clang | |
| CFLAGS: -fsanitize=address -ggdb -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer | |
| CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON | |
| CMAKE_GENERATOR: Ninja | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 | |
| UBSAN_OPTIONS: print_stacktrace=1 | |
| - name: "Sanitizer (UndefinedBehavior)" | |
| id: sanitizer-ub | |
| os: ubuntu-latest | |
| setup-script: sanitizer | |
| container: | |
| name: noble | |
| env: | |
| CC: clang | |
| CFLAGS: -fsanitize=undefined,nullability -fno-sanitize-recover=undefined,nullability -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer | |
| CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=OpenSSL -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON | |
| CMAKE_GENERATOR: Ninja | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 | |
| UBSAN_OPTIONS: print_stacktrace=1 | |
| - name: "Sanitizer (Thread)" | |
| id: sanitizer-thread | |
| os: ubuntu-latest | |
| setup-script: sanitizer | |
| container: | |
| name: noble | |
| env: | |
| CC: clang | |
| CFLAGS: -fsanitize=thread -fno-optimize-sibling-calls -fno-omit-frame-pointer | |
| CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=OpenSSL -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON | |
| CMAKE_GENERATOR: Ninja | |
| SKIP_SSH_TESTS: true | |
| SKIP_NEGOTIATE_TESTS: true | |
| ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 | |
| UBSAN_OPTIONS: print_stacktrace=1 | |
| TSAN_OPTIONS: suppressions=/home/libgit2/source/script/thread-sanitizer.supp second_deadlock_stack=1 | |
| fail-fast: false | |
| env: ${{ matrix.platform.env }} | |
| runs-on: ${{ matrix.platform.os }} | |
| name: "Build: ${{ matrix.platform.name }}" | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: source | |
| fetch-depth: 0 | |
| - name: Set up build environment | |
| run: source/ci/setup-${{ matrix.platform.setup-script }}-build.sh | |
| shell: bash | |
| if: matrix.platform.setup-script != '' | |
| - name: Setup QEMU | |
| run: docker run --rm --privileged multiarch/qemu-user-static:register --reset | |
| if: matrix.platform.container.qemu == true | |
| - name: Set up container | |
| uses: ./source/.github/actions/download-or-build-container | |
| with: | |
| registry: ${{ env.docker-registry }} | |
| config-path: ${{ env.docker-config-path }} | |
| container: ${{ matrix.platform.container.name }} | |
| github_token: ${{ secrets.github_token }} | |
| dockerfile: ${{ matrix.platform.container.dockerfile }} | |
| if: matrix.platform.container.name != '' | |
| - name: Prepare build | |
| run: mkdir build | |
| - name: Build | |
| uses: ./source/.github/actions/run-build | |
| with: | |
| command: cd ${BUILD_WORKSPACE:-.}/build && ../source/ci/build.sh | |
| container: ${{ matrix.platform.container.name }} | |
| container-version: ${{ env.docker-registry-container-sha }} | |
| shell: ${{ matrix.platform.shell }} | |
| - name: Test | |
| uses: ./source/.github/actions/run-build | |
| with: | |
| command: cd ${BUILD_WORKSPACE:-.}/build && ../source/ci/test.sh | |
| container: ${{ matrix.platform.container.name }} | |
| container-version: ${{ env.docker-registry-container-sha }} | |
| shell: ${{ matrix.platform.shell }} | |
| - name: Upload test results | |
| uses: actions/upload-artifact@v4 | |
| if: success() || failure() | |
| with: | |
| name: test-results-${{ matrix.platform.id }} | |
| path: build/results_*.xml | |
| test_results: | |
| name: Test results | |
| needs: [ build ] | |
| if: always() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Download test results | |
| uses: actions/download-artifact@v3 | |
| - name: Generate test summary | |
| uses: test-summary/action@v2 | |
| with: | |
| paths: 'test-results-*/*.xml' | |
| # Generate documentation using docurium. We'll upload the documentation | |
| # as a build artifact so that it can be reviewed as part of a pull | |
| # request or in a forked build. For CI builds in the main repository's | |
| # main branch, we'll push the gh-pages branch back up so that it is | |
| # published to our documentation site. | |
| documentation: | |
| name: Generate documentation | |
| if: success() || failure() | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check out repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: source | |
| fetch-depth: 0 | |
| - name: Set up container | |
| uses: ./source/.github/actions/download-or-build-container | |
| with: | |
| registry: ${{ env.docker-registry }} | |
| config-path: ${{ env.docker-config-path }} | |
| container: docurium | |
| github_token: ${{ secrets.github_token }} | |
| dockerfile: ${{ matrix.platform.container.dockerfile }} | |
| - name: Generate documentation | |
| working-directory: source | |
| run: | | |
| git config user.name 'Documentation Generation' | |
| git config user.email 'libgit2@users.noreply.github.com' | |
| git branch gh-pages origin/gh-pages | |
| docker login https://${{ env.docker-registry }} -u ${{ github.actor }} -p ${{ github.token }} | |
| docker run \ | |
| --rm \ | |
| -v "$(pwd):/home/libgit2" \ | |
| -w /home/libgit2 \ | |
| ${{ env.docker-registry }}/${{ github.repository }}/docurium:latest \ | |
| cm doc api.docurium | |
| git checkout gh-pages | |
| zip --exclude .git/\* --exclude .gitignore --exclude .gitattributes -r api-documentation.zip . | |
| - uses: actions/upload-artifact@v4 | |
| name: Upload artifact | |
| with: | |
| name: api-documentation | |
| path: source/api-documentation.zip | |
| - name: Push documentation branch | |
| working-directory: source | |
| run: git push origin gh-pages | |
| if: github.event_name == 'push' && github.repository == 'libgit2/libgit2' |