diff options
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/coverity.yml | 97 | ||||
-rw-r--r-- | .github/workflows/solaris.yml | 32 | ||||
-rw-r--r-- | .github/workflows/solaris_test.yml | 28 |
3 files changed, 89 insertions, 68 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index e1bfcb0..7b01aa4 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml | |||
@@ -1,48 +1,65 @@ | |||
1 | name: Coverity | 1 | # GitHub Actions workflow to run Coverity scans. |
2 | name: "Coverity" | ||
2 | 3 | ||
3 | on: | 4 | on: |
4 | workflow_dispatch: | 5 | workflow_dispatch: |
5 | schedule: | 6 | schedule: |
6 | - cron: "0 0 * * *" | 7 | - cron: "0 0 * * *" # At 00:00 daily. |
7 | 8 | ||
8 | jobs: | 9 | jobs: |
9 | scan: | 10 | scan: |
10 | runs-on: ubuntu-latest | 11 | name: "Scan" |
11 | if: ${{ github.repository_owner == 'libressl' }} | 12 | runs-on: "ubuntu-latest" |
13 | if: github.repository_owner == 'libressl' # Prevent running on forks | ||
14 | permissions: | ||
15 | contents: read | ||
12 | steps: | 16 | steps: |
13 | - uses: actions/checkout@main | 17 | - name: "Checkout repository" |
14 | - name: Install apt dependencies | 18 | uses: actions/checkout@v4 |
15 | run: | | 19 | |
16 | sudo apt-get update | 20 | - name: "Install dependencies" |
17 | sudo apt-get install -y cmake ninja-build | 21 | run: | |
18 | - name: Download Coverity build tool | 22 | sudo apt-get update |
19 | run: | | 23 | sudo apt-get install -y cmake ninja-build |
20 | wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=libressl-portable%2Fportable" -O coverity_tool.tar.gz | 24 | |
21 | mkdir coverity_tool | 25 | - name: "Download Coverity build tool" |
22 | tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool | 26 | env: |
23 | - name: Configure | 27 | PROJECT: "libressl-portable%2Fportable" |
24 | run: | | 28 | COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" |
25 | ./autogen.sh | 29 | run: | |
26 | ./configure | 30 | wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$PROJECT" -O coverity_tool.tar.gz |
27 | make dist | 31 | mkdir coverity_tool |
28 | tar zxf libressl-*.tar.gz | 32 | tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool |
29 | rm libressl-*.tar.gz | 33 | |
30 | cd libressl-* | 34 | - name: "Setup" |
31 | mkdir build-static | 35 | run: | |
32 | mkdir build-shared | 36 | ./autogen.sh |
33 | cmake -GNinja -DBUILD_SHARED_LIBS=ON .. | 37 | ./configure |
34 | - name: Build with Coverity build tool | 38 | make dist |
35 | run: | | 39 | tar zxf libressl-*.tar.gz |
36 | export PATH=`pwd`/coverity_tool/bin:$PATH | 40 | rm libressl-*.tar.gz |
37 | cd libressl-* | 41 | cd libressl-* |
38 | cov-build --dir cov-int ninja | 42 | mkdir build-static |
39 | - name: Submit build result to Coverity Scan | 43 | mkdir build-shared |
40 | run: | | 44 | cmake -GNinja -DBUILD_SHARED_LIBS=ON .. |
41 | cd libressl-* | 45 | |
42 | tar czvf cov.tar.gz cov-int | 46 | - name: "Build with Coverity build tool" |
43 | curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \ | 47 | run: | |
44 | --form email=libressl-security@openbsd.org \ | 48 | export PATH=`pwd`/coverity_tool/bin:$PATH |
45 | --form file=@cov.tar.gz \ | 49 | cd libressl-* |
46 | --form version="Commit $GITHUB_SHA" \ | 50 | cov-build --dir cov-int ninja |
47 | --form description="Build submitted via CI" \ | 51 | |
48 | https://scan.coverity.com/builds?project=libressl-portable%2Fportable | 52 | - name: "Submit build result to Coverity Scan" |
53 | env: | ||
54 | EMAIL: "libressl-security@openbsd.org" | ||
55 | PROJECT: "libressl-portable%2Fportable" | ||
56 | COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" | ||
57 | run: | | ||
58 | cd libressl-* | ||
59 | tar czvf cov.tar.gz cov-int | ||
60 | curl --form token=$COVERITY_SCAN_TOKEN \ | ||
61 | --form email=$EMAIL \ | ||
62 | --form file=@cov.tar.gz \ | ||
63 | --form version="Commit $GITHUB_SHA" \ | ||
64 | --form description="Build submitted via CI" \ | ||
65 | https://scan.coverity.com/builds?project=$PROJECT | ||
diff --git a/.github/workflows/solaris.yml b/.github/workflows/solaris.yml new file mode 100644 index 0000000..2c6ee49 --- /dev/null +++ b/.github/workflows/solaris.yml | |||
@@ -0,0 +1,32 @@ | |||
1 | # GitHub Actions workflow to run tests on a Solaris VM. | ||
2 | name: "Solaris" | ||
3 | |||
4 | on: | ||
5 | workflow_dispatch: | ||
6 | schedule: | ||
7 | - cron: "0 0 * * *" # At 00:00 daily. | ||
8 | |||
9 | jobs: | ||
10 | test: | ||
11 | name: "Solaris" | ||
12 | runs-on: ubuntu-latest | ||
13 | permissions: | ||
14 | contents: read | ||
15 | steps: | ||
16 | - name: "Checkout repository" | ||
17 | uses: actions/checkout@v4 | ||
18 | |||
19 | - name: "Setup" | ||
20 | run: | | ||
21 | sudo apt-get update | ||
22 | sudo apt-get install -y automake autoconf libtool | ||
23 | ./autogen.sh | ||
24 | |||
25 | - name: "Build on VM" | ||
26 | uses: vmactions/solaris-vm@v1 | ||
27 | with: | ||
28 | prepare: | | ||
29 | pkg install gcc make | ||
30 | run: | | ||
31 | MAKE=gmake ./configure | ||
32 | gmake -j2 check || (cat tests/test-suite.log && exit 1) | ||
diff --git a/.github/workflows/solaris_test.yml b/.github/workflows/solaris_test.yml deleted file mode 100644 index 6470278..0000000 --- a/.github/workflows/solaris_test.yml +++ /dev/null | |||
@@ -1,28 +0,0 @@ | |||
1 | name: solaris_ci | ||
2 | |||
3 | on: | ||
4 | workflow_dispatch: | ||
5 | |||
6 | jobs: | ||
7 | build-native: | ||
8 | strategy: | ||
9 | matrix: | ||
10 | release: [11.4] | ||
11 | runs-on: ubuntu-latest | ||
12 | continue-on-error: false | ||
13 | name: Solaris ${{ matrix.release }} | ||
14 | steps: | ||
15 | - name: Checkout source | ||
16 | uses: actions/checkout@main | ||
17 | - name: Configure source | ||
18 | run: | | ||
19 | brew install automake autoconf libtool | ||
20 | ./autogen.sh | ||
21 | - name: Build on VM | ||
22 | uses: vmactions/solaris-vm@v1 | ||
23 | with: | ||
24 | prepare: | | ||
25 | pkg install gcc make | ||
26 | run: | | ||
27 | MAKE=gmake ./configure | ||
28 | gmake -j2 check || (cat tests/test-suite.log && exit 1) | ||