Add CodeQL Workflow for Code Security Analysis #6
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: tests | |
on: [push, pull_request] | |
jobs: | |
build: | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/rauc/rauc/rauc-ci:latest | |
# allow mounting and devtmpfs in the container | |
options: --user=root --privileged -v /dev:/dev | |
steps: | |
- name: Inspect environment | |
run: | | |
whoami | |
gcc --version | |
apt-get update | |
DEBIAN_FRONTEND='noninteractive' apt-get install -qy meson | |
- uses: actions/checkout@v3 | |
- name: Test with service and gpt | |
run: | | |
rm -rf build/ | |
meson setup -Dservice=true -Dgpt=enabled -Db_coverage=true -Dwerror=true build | |
meson configure build | |
meson compile -C build | |
./qemu-test | |
lcov --directory . --capture --output-file "service.info" | |
- name: Test without service and gpt | |
run: | | |
rm -rf build/ | |
meson setup -Dservice=false -Dgpt=enabled -Db_coverage=true -Dwerror=true build | |
meson configure build | |
meson compile -C build | |
./qemu-test | |
lcov --directory . --capture --output-file "noservice.info" | |
- uses: codecov/codecov-action@v3 | |
with: | |
files: service.info,noservice.info | |
verbose: true | |
- name: Build documentation | |
run: | | |
meson compile doc -C build | |
- name: Build CGI example | |
run: | | |
cd contrib/cgi | |
./autogen.sh | |
./configure CFLAGS=-Werror | |
make clean | |
make -j4 | |
make -j4 distcheck | |
- name: Show system status | |
if: ${{ failure() }} | |
run: | | |
dmesg | tail -n 100 | |
mount || true | |
losetup || true | |
dmsetup table || true | |
dmsetup targets || true | |
- name: Show logs | |
if: ${{ failure() }} | |
run: | | |
cat build/meson-logs/testlog.txt || true | |
dmesg | tail -n 100 | |
cross: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
architecture: | |
- armhf | |
- arm64 | |
- armel | |
- i386 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Prepare ${{ matrix.architecture }} container | |
run: | | |
sudo apt-get update | |
sudo DEBIAN_FRONTEND='noninteractive' apt-get install -qy qemu-user-static | |
docker run --name cross -di -v "$PWD":/home -w /home multiarch/debian-debootstrap:${{ matrix.architecture }}-bullseye bash | |
docker logs cross | |
docker exec -i cross uname -a | |
docker exec -i cross apt-get update | |
docker exec -e DEBIAN_FRONTEND='noninteractive' -i cross apt-get install -qy build-essential meson libtool libglib2.0-dev libcurl3-dev libssl-dev libjson-glib-dev libdbus-1-dev libfdisk-dev libnl-genl-3-dev squashfs-tools | |
- name: Build | |
run: | | |
docker exec -i cross whoami | |
docker exec -i cross meson setup -Dgpt=enabled -Dwerror=true build | |
docker exec -i cross meson compile -C build | |
# don't run 'meson test' here, as we don't have full access to the kernel (mount, loopback, dm) | |
- name: Show logs | |
if: ${{ failure() }} | |
run: | | |
cat build/meson-logs/testlog.txt || true | |
stable: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
release: | |
- "ubuntu:18.04" | |
- "ubuntu:20.04" | |
- "ubuntu:22.04" | |
- "debian:buster" | |
- "debian:bullseye" | |
- "debian:testing" | |
builder: | |
- "meson" | |
- "automake" | |
exclude: | |
- release: "ubuntu:18.04" | |
builder: "meson" | |
- release: "debian:buster" | |
builder: "meson" | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Prepare ${{ matrix.release }} container for ${{ matrix.builder }} build | |
run: | | |
docker run --name stable -di -v "$PWD":/home -w /home ${{ matrix.release }} bash | |
docker exec -i stable uname -a | |
docker exec -i stable apt-get update | |
docker exec -e DEBIAN_FRONTEND='noninteractive' -i stable apt-get install -qy build-essential ${{ matrix.builder }} libtool libglib2.0-dev libcurl3-dev libssl-dev libjson-glib-dev libdbus-1-dev libfdisk-dev libnl-genl-3-dev squashfs-tools | |
- name: Patch & prepare | |
run: | | |
docker exec -i stable whoami | |
docker exec -i stable uname -a | |
docker exec -i stable find .github/workflows/patches/${{ matrix.release }}/ -type f -name "*.patch" -print0 | sort -z | xargs -t -n 1 -r -0 patch -p1 -f -i | |
- name: Configure (meson) | |
if: ${{ matrix.builder == 'meson' }} | |
run: | | |
docker exec -i stable meson setup -Dgpt=disabled -Dwerror=true build | |
- name: Configure (automake) | |
if: ${{ matrix.builder == 'automake' }} | |
run: | | |
docker exec -i stable ./autogen.sh | |
docker exec -i stable ./configure --disable-gpt CFLAGS='-Werror -Wno-error=deprecated-declarations' | |
- name: Build (meson) | |
if: ${{ matrix.builder == 'meson' }} | |
run: | | |
docker exec -i stable ninja -C build | |
- name: Build (automake) | |
if: ${{ matrix.builder == 'automake' }} | |
run: | | |
docker exec -i stable make TESTS= check | |
- name: Show logs | |
if: ${{ failure() }} | |
run: | | |
cat build/meson-logs/testlog.txt || true | |
cat config.log || true | |
cat test/*.log || true | |
cat test-suite.log || true | |
cat rauc-*/_build/sub/test-suite.log || true | |
uncrustify: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Install codespell | |
run: | | |
sudo apt-get update | |
sudo DEBIAN_FRONTEND='noninteractive' apt-get install -qy codespell | |
- name: Run uncrustify check | |
run: | | |
./uncrustify.sh | |
git diff --exit-code | |
- name: Run codespell check | |
run: | | |
codespell -L parms,cas -S 'openssl-ca,build,*.log' src include test docs |