Add SAST workflows #2

Workflow file for this run

	name: tests

	on: [push, pull_request]

	jobs:
	build:
	runs-on: ubuntu-latest
	container:
	image: ghcr.io/rauc/rauc/rauc-ci:latest
	# allow mounting and devtmpfs in the container
	options: --user=root --privileged -v /dev:/dev
	steps:
	- name: Inspect environment
	run: \|
	whoami
	gcc --version
	apt-get update
	DEBIAN_FRONTEND='noninteractive' apt-get install -qy meson

	- uses: actions/checkout@v3

	- name: Test with service and gpt
	run: \|
	rm -rf build/
	meson setup -Dservice=true -Dgpt=enabled -Db_coverage=true -Dwerror=true build
	meson configure build
	meson compile -C build
	./qemu-test
	lcov --directory . --capture --output-file "service.info"

	- name: Test without service and gpt
	run: \|
	rm -rf build/
	meson setup -Dservice=false -Dgpt=enabled -Db_coverage=true -Dwerror=true build
	meson configure build
	meson compile -C build
	./qemu-test
	lcov --directory . --capture --output-file "noservice.info"

	- uses: codecov/codecov-action@v3
	with:
	files: service.info,noservice.info
	verbose: true

	- name: Build documentation
	run: \|
	meson compile doc -C build

	- name: Build CGI example
	run: \|
	cd contrib/cgi
	./autogen.sh
	./configure CFLAGS=-Werror
	make clean
	make -j4
	make -j4 distcheck

	- name: Show system status
	if: ${{ failure() }}
	run: \|
	dmesg \| tail -n 100
	mount \|\| true
	losetup \|\| true
	dmsetup table \|\| true
	dmsetup targets \|\| true

	- name: Show logs
	if: ${{ failure() }}
	run: \|
	cat build/meson-logs/testlog.txt \|\| true
	dmesg \| tail -n 100

	cross:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	architecture:
	- armhf
	- arm64
	- armel
	- i386
	steps:
	- uses: actions/checkout@v3

	- name: Prepare ${{ matrix.architecture }} container
	run: \|
	sudo apt-get update
	sudo DEBIAN_FRONTEND='noninteractive' apt-get install -qy qemu-user-static
	docker run --name cross -di -v "$PWD":/home -w /home multiarch/debian-debootstrap:${{ matrix.architecture }}-bullseye bash
	docker logs cross
	docker exec -i cross uname -a
	docker exec -i cross apt-get update
	docker exec -e DEBIAN_FRONTEND='noninteractive' -i cross apt-get install -qy build-essential meson libtool libglib2.0-dev libcurl3-dev libssl-dev libjson-glib-dev libdbus-1-dev libfdisk-dev libnl-genl-3-dev squashfs-tools

	- name: Build
	run: \|
	docker exec -i cross whoami
	docker exec -i cross meson setup -Dgpt=enabled -Dwerror=true build
	docker exec -i cross meson compile -C build
	# don't run 'meson test' here, as we don't have full access to the kernel (mount, loopback, dm)

	- name: Show logs
	if: ${{ failure() }}
	run: \|
	cat build/meson-logs/testlog.txt \|\| true

	stable:
	runs-on: ubuntu-latest
	strategy:
	matrix:
	release:
	- "ubuntu:18.04"
	- "ubuntu:20.04"
	- "ubuntu:22.04"
	- "debian:buster"
	- "debian:bullseye"
	- "debian:testing"
	builder:
	- "meson"
	- "automake"
	exclude:
	- release: "ubuntu:18.04"
	builder: "meson"
	- release: "debian:buster"
	builder: "meson"
	steps:
	- uses: actions/checkout@v3

	- name: Prepare ${{ matrix.release }} container for ${{ matrix.builder }} build
	run: \|
	docker run --name stable -di -v "$PWD":/home -w /home ${{ matrix.release }} bash
	docker exec -i stable uname -a
	docker exec -i stable apt-get update
	docker exec -e DEBIAN_FRONTEND='noninteractive' -i stable apt-get install -qy build-essential ${{ matrix.builder }} libtool libglib2.0-dev libcurl3-dev libssl-dev libjson-glib-dev libdbus-1-dev libfdisk-dev libnl-genl-3-dev squashfs-tools

	- name: Patch & prepare
	run: \|
	docker exec -i stable whoami
	docker exec -i stable uname -a
	docker exec -i stable find .github/workflows/patches/${{ matrix.release }}/ -type f -name "*.patch" -print0 \| sort -z \| xargs -t -n 1 -r -0 patch -p1 -f -i

	- name: Configure (meson)
	if: ${{ matrix.builder == 'meson' }}
	run: \|
	docker exec -i stable meson setup -Dgpt=disabled -Dwerror=true build

	- name: Configure (automake)
	if: ${{ matrix.builder == 'automake' }}
	run: \|
	docker exec -i stable ./autogen.sh
	docker exec -i stable ./configure --disable-gpt CFLAGS='-Werror -Wno-error=deprecated-declarations'

	- name: Build (meson)
	if: ${{ matrix.builder == 'meson' }}
	run: \|
	docker exec -i stable ninja -C build

	- name: Build (automake)
	if: ${{ matrix.builder == 'automake' }}
	run: \|
	docker exec -i stable make TESTS= check

	- name: Show logs
	if: ${{ failure() }}
	run: \|
	cat build/meson-logs/testlog.txt \|\| true
	cat config.log \|\| true
	cat test/*.log \|\| true
	cat test-suite.log \|\| true
	cat rauc-*/_build/sub/test-suite.log \|\| true

	uncrustify:
	runs-on: ubuntu-20.04
	steps:
	- uses: actions/checkout@v3

	- name: Install codespell
	run: \|
	sudo apt-get update
	sudo DEBIAN_FRONTEND='noninteractive' apt-get install -qy codespell

	- name: Run uncrustify check
	run: \|
	./uncrustify.sh
	git diff --exit-code

	- name: Run codespell check
	run: \|
	codespell -L parms,cas -S 'openssl-ca,build,*.log' src include test docs

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Add SAST workflows #2

Workflow file

Add SAST workflows #2

Jobs

Run details

Workflow file for this run