Resolve Detection Bugs with Browsers #134
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # AppView - Build Workflow | |
| # | |
| # This is the GitHub Workflow to build and unit test AppView. | |
| # | |
| name: Build & Test | |
| on: | |
| # Run on pushes to any branch | |
| push: | |
| branches: | |
| - 'master' | |
| # paths-ignore does not work as expected | |
| # it means the workflow will run on any explicit branch | |
| # and any other branch where a change to a file except | |
| # one in paths-ignore happens. | |
| # paths-ignore: | |
| # - 'website/**' | |
| # Run on manually triggered workflow | |
| workflow_dispatch: | |
| # Run on PRs targeting the default branch or a release branches | |
| pull_request: | |
| jobs: | |
| # This is the first stage of the workflow where we do some initial setup. | |
| info: | |
| name: Get Build Info | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Clone the repo | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| # This defines a number of outputs based on the tag being built if there | |
| # is one. We'll use the outputs in other places. | |
| - name: Get Version | |
| id: version | |
| uses: Simply007/[email protected] | |
| # Display these for troubleshooting | |
| - name: Version/Tag Outputs | |
| run: | | |
| echo "version=\"${{ steps.version.outputs.version }}\"" | |
| echo "major=\"${{ steps.version.outputs.major }}\"" | |
| echo "minor=\"${{ steps.version.outputs.minor }}\"" | |
| echo "maintenance=\"${{ steps.version.outputs.patch }}\"" | |
| echo "prerelease=\"${{ steps.version.outputs.prerelease }}\"" | |
| echo "build=\"${{ steps.version.outputs.build }}\"" | |
| echo "is-semver=\"${{ steps.version.outputs.is-semver }}\"" | |
| echo "tag=\"${{ steps.tag.outputs.tag }}\"" | |
| echo "push=\"${{ steps.tag.outputs.push }}\"" | |
| echo "branch=\"${{ steps.tag.outputs.branch }}\"" | |
| # Make these available to later stages. | |
| outputs: | |
| version: ${{ steps.version.outputs.version }} | |
| is-semver: ${{ steps.version.outputs.is-semver }} | |
| tag: ${{ steps.tag.outputs.tag }} | |
| push: ${{ steps.tag.outputs.push }} | |
| branch: ${{ steps.tag.outputs.branch }} | |
| # Build and unit-test the code. This is run in a matrix; once on GitHub's | |
| # standard `ubuntu-latest` runner which is x86, and once on our self-hosted | |
| # ARM64 runner. | |
| build: | |
| name: Build | |
| needs: info | |
| runs-on: ${{ matrix.on }} | |
| strategy: | |
| matrix: | |
| on: [[ubuntu-latest]] | |
| steps: | |
| # Some diagnostic info on the build environment. This also outputs `arch` | |
| # which we use elsewhere for architecture-specific things. | |
| - name: Dump Environment | |
| id: env | |
| run: | | |
| echo "::group::env" | |
| env | sort | |
| echo "::endgroup::" | |
| echo "::group::pwd" | |
| pwd | |
| echo "::endgroup::" | |
| echo "::group::net" | |
| hostname | |
| ip addr | |
| cat /etc/resolv.conf | |
| resolvectl status | |
| echo "::endgroup::" | |
| echo "::group::uname" | |
| uname -a | |
| echo "::endgroup::" | |
| echo "::group::cpuinfo" | |
| cat /proc/cpuinfo | |
| echo "::endgroup::" | |
| echo "::group::lscpu" | |
| lscpu | |
| echo "::endgroup::" | |
| echo "::group::ldd" | |
| ldd --version | |
| echo "::endgroup::" | |
| echo "::group::free" | |
| free | |
| echo "::endgroup::" | |
| echo "::group::home" | |
| ls -la $HOME | |
| echo "::endgroup::" | |
| echo "arch=$(uname -m)" >> "${GITHUB_OUTPUT}" | |
| # Clone the repos | |
| - name: Checkout Repository | |
| uses: actions/checkout@v3 | |
| # This installs the `/proc/sys/fs/binfmt` entries that allow the CI host | |
| # to build for other architectures under QEMU emulation. It's not really | |
| # needed here since we're only building natively but we're leaving it in | |
| # since it'll be done by our build system anyway. | |
| - name: Setup QEMU | |
| uses: docker/setup-qemu-action@v2 | |
| # Start a BuildX builder. We'll use the outputs later so give it an ID. | |
| - name: Setup Docker Buildx | |
| id: buildx | |
| uses: docker/setup-buildx-action@v2 | |
| # We'll tell BuildX to `--cache-from` this folder to speed up the build | |
| # of our `appview-builder` image. | |
| - name: Setup Docker Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: /tmp/.buildx-cache | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-buildx-${{ github.sha }} | |
| upload-chunk-size: 1000000 | |
| # Cache downloaded Go dependencies. | |
| - name: Setup Go Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: | | |
| ~/.cache/go-build | |
| ~/go/pkg/mod | |
| cli/.gobin | |
| cli/.gocache | |
| cli/.gomod | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-go-${{ hashFiles('cli/go.sum') }} | |
| upload-chunk-size: 1000000 | |
| # Cache the cmocka build. Use a key based on a hash of all the files used | |
| # in the build. | |
| - name: Setup cmocka Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: contrib/build/cmocka | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-cmocka-${{ hashFiles('contrib/*', 'contrib/cmocka/**') }} | |
| upload-chunk-size: 1000000 | |
| # Cache the funchook build. Use a key based on a hash of all the files | |
| # used in the build. | |
| - name: Setup funchook Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: contrib/build/funchook | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-funchook-${{ hashFiles('contrib/*', 'contrib/funchook/**') }} | |
| upload-chunk-size: 1000000 | |
| # Cache the funchook build. Use a key based on a hash of all the files | |
| # used in the build. | |
| - name: Setup pcre2 Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: contrib/build/pcre2 | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-pcre2-${{ hashFiles('contrib/*', 'contrib/cpre2/**') }} | |
| upload-chunk-size: 1000000 | |
| # Cache the openssl build. Use a key based on a hash of all the files | |
| # used in the build. | |
| - name: Setup openssl Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: contrib/build/openssl | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-openssl-${{ hashFiles('contrib/*', 'contrib/openssl/**') }} | |
| upload-chunk-size: 1000000 | |
| # Cache the ls-hpack build. Use a key based on a hash of all the files | |
| # used in the build. | |
| - name: Setup ls-hpack Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: contrib/build/ls-hpack | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-ls-hpack-${{ hashFiles('contrib/*', 'contrib/ls-hpack/**') }} | |
| upload-chunk-size: 1000000 | |
| # Cache the musl build. Use a key based on a hash of all the files | |
| # used in the build. | |
| - name: Setup musl Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: contrib/build/musl | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-musl-${{ hashFiles('contrib/*', 'contrib/musl/**') }} | |
| upload-chunk-size: 1000000 | |
| # Cache the libunwind build. Use a key based on a hash of all the files | |
| # used in the build. | |
| - name: Setup libunwind Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: contrib/build/libunwind | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-libunwind-${{ hashFiles('contrib/*', 'contrib/libunwind/**') }} | |
| upload-chunk-size: 1000000 | |
| # Cache the coredumper build. Use a key based on a hash of all the files | |
| # used in the build. | |
| - name: Setup coredumper Cache | |
| uses: actions/[email protected] | |
| with: | |
| path: contrib/build/coredumper | |
| key: ${{ runner.os }}-${{ steps.env.outputs.arch }}-coredumper-${{ hashFiles('contrib/*', 'contrib/coredumper/**') }} | |
| upload-chunk-size: 1000000 | |
| # Build our `appview-builder` image. This should only end up using the | |
| # cached image but because it needs to transfer the results from the | |
| # builder container into the local Docker registry, it stills take more | |
| # time that we'd like. | |
| - name: Update Builder | |
| env: | |
| BUILDER: ${{ steps.buildx.outputs.name }} | |
| CACHE_FROM: type=local,src=/tmp/.buildx-cache | |
| CACHE_TO: type=local,dest=/tmp/.buildx-cache-new | |
| run: df -h && make builder | |
| # Run `make all` in the builder container to build the core and CLI. | |
| - name: Build AppView | |
| env: | |
| VERSION: ${{ needs.info.outputs.tag }} | |
| BUILDER: ${{ steps.buildx.outputs.name }} | |
| run: make build NOBUILD=1 CMD="make all" CI=${CI} | |
| # Run `make test` in the builder container to unit-test the core and CLI. | |
| - name: Unit-Test AppView | |
| env: | |
| VERSION: ${{ needs.info.outputs.tag }} | |
| BUILDER: ${{ steps.buildx.outputs.name }} | |
| run: make build NOBUILD=1 CMD="make FSAN=true test" CI=${CI} | |
| - name: Print size of Binaries | |
| run: | | |
| echo "::group::libappview.so" | |
| stat -c %s lib/linux/${{ steps.env.outputs.arch }}/libappview.so | |
| echo "::endgroup::" | |
| echo "::group::appview" | |
| stat -c %s bin/linux/${{ steps.env.outputs.arch }}/appview | |
| echo "::endgroup::" | |
| # To prevent the cache from growing uncbounded, we used `--cache-to` a | |
| # different folder that the `--cache-from`. This moves the results of the | |
| # build to where the cache action expect to find the results. | |
| - name: Update Docker Cache | |
| run: | | |
| rm -rf /tmp/.buildx-cache | |
| mv /tmp/.buildx-cache-new /tmp/.buildx-cache | |