3 files changed, 89 insertions, 68 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index e1bfcb0..7b01aa4 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -1,48 +1,65 @@
-name: Coverity
+# GitHub Actions workflow to run Coverity scans.
+name: "Coverity"
 on:
  workflow_dispatch:
  schedule:
-  - cron: "0 0 * * *"
+    - cron: "0 0 * * *" # At 00:00 daily.
 jobs:
  scan:
-    runs-on: ubuntu-latest
+    name: "Scan"
-    if: ${{ github.repository_owner == 'libressl' }}
+    runs-on: "ubuntu-latest"
+    if: github.repository_owner == 'libressl' # Prevent running on forks
+    permissions:
+      contents: read
    steps:
-    - uses: actions/checkout@main
+      - name: "Checkout repository"
-    - name: Install apt dependencies
+        uses: actions/checkout@v4
-      run: |
-        sudo apt-get update
+      - name: "Install dependencies"
-        sudo apt-get install -y cmake ninja-build
+        run: |
-    - name: Download Coverity build tool
+          sudo apt-get update
-      run: |
+          sudo apt-get install -y cmake ninja-build
-        wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=libressl-portable%2Fportable" -O coverity_tool.tar.gz
-        mkdir coverity_tool
+      - name: "Download Coverity build tool"
-        tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+        env:
-    - name: Configure
+          PROJECT: "libressl-portable%2Fportable"
-      run: |
+          COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
-        ./autogen.sh
+        run: |
-        ./configure
+          wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$PROJECT" -O coverity_tool.tar.gz
-        make dist
+          mkdir coverity_tool
-        tar zxf libressl-*.tar.gz
+          tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
-        rm libressl-*.tar.gz
-        cd libressl-*
+      - name: "Setup"
-        mkdir build-static
+        run: |
-        mkdir build-shared 
+          ./autogen.sh
-        cmake -GNinja -DBUILD_SHARED_LIBS=ON ..
+          ./configure
-    - name: Build with Coverity build tool
+          make dist
-      run: |
+          tar zxf libressl-*.tar.gz
-        export PATH=`pwd`/coverity_tool/bin:$PATH
+          rm libressl-*.tar.gz
-        cd libressl-*
+          cd libressl-*
-        cov-build --dir cov-int ninja
+          mkdir build-static
-    - name: Submit build result to Coverity Scan
+          mkdir build-shared 
-      run: |
+          cmake -GNinja -DBUILD_SHARED_LIBS=ON ..
-        cd libressl-*
-        tar czvf cov.tar.gz cov-int
+      - name: "Build with Coverity build tool"
-        curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
+        run: |
-          --form email=libressl-security@openbsd.org \
+          export PATH=`pwd`/coverity_tool/bin:$PATH
-          --form file=@cov.tar.gz \
+          cd libressl-*
-          --form version="Commit $GITHUB_SHA" \
+          cov-build --dir cov-int ninja
-          --form description="Build submitted via CI" \
-          https://scan.coverity.com/builds?project=libressl-portable%2Fportable
+      - name: "Submit build result to Coverity Scan"
+        env:
+          EMAIL: "libressl-security@openbsd.org"
+          PROJECT: "libressl-portable%2Fportable"
+          COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
+        run: |
+          cd libressl-*
+          tar czvf cov.tar.gz cov-int
+          curl --form token=$COVERITY_SCAN_TOKEN \
+            --form email=$EMAIL \
+            --form file=@cov.tar.gz \
+            --form version="Commit $GITHUB_SHA" \
+            --form description="Build submitted via CI" \
+            https://scan.coverity.com/builds?project=$PROJECT
diff --git a/.github/workflows/solaris.yml b/.github/workflows/solaris.yml
new file mode 100644
index 0000000..2c6ee49
--- /dev/null
+++ b/.github/workflows/solaris.yml
@@ -0,0 +1,32 @@
+# GitHub Actions workflow to run tests on a Solaris VM.
+name: "Solaris"
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: "0 0 * * *" # At 00:00 daily.
+jobs:
+  test:
+    name: "Solaris"
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: "Checkout repository"
+        uses: actions/checkout@v4
+      - name: "Setup"
+        run: |
+          sudo apt-get update
+          sudo apt-get install -y automake autoconf libtool
+          ./autogen.sh
+      - name: "Build on VM"
+        uses: vmactions/solaris-vm@v1
+        with:
+          prepare: |
+            pkg install gcc make
+          run: |
+            MAKE=gmake ./configure
+            gmake -j2 check || (cat tests/test-suite.log && exit 1)
diff --git a/.github/workflows/solaris_test.yml b/.github/workflows/solaris_test.yml
deleted file mode 100644
index 6470278..0000000
--- a/.github/workflows/solaris_test.yml
+++ /dev/null
@@ -1,28 +0,0 @@
-name: solaris_ci
-on:
-  workflow_dispatch:
-jobs:
-  build-native:
-    strategy:
-      matrix:
-        release: [11.4]
-    runs-on: ubuntu-latest
-    continue-on-error: false
-    name: Solaris ${{ matrix.release }}
-    steps:
-    - name: Checkout source
-      uses: actions/checkout@main
-    - name: Configure source
-      run: |
-        brew install automake autoconf libtool
-        ./autogen.sh
-    - name: Build on VM
-      uses: vmactions/solaris-vm@v1
-      with:
-        prepare: |
-          pkg install gcc make
-        run: |
-          MAKE=gmake ./configure
-          gmake -j2 check || (cat tests/test-suite.log && exit 1)

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index e1bfcb0..7b01aa4 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml
@@ -1,48 +1,65 @@
1	name: Coverity	1	# GitHub Actions workflow to run Coverity scans.
		2	name: "Coverity"
2		3
3	on:	4	on:
4	workflow_dispatch:	5	workflow_dispatch:
5	schedule:	6	schedule:
6	- cron: "0 0 * * *"	7	- cron: "0 0 * * *" # At 00:00 daily.
7		8
8	jobs:	9	jobs:
9	scan:	10	scan:
10	runs-on: ubuntu-latest	11	name: "Scan"
11	if: ${{ github.repository_owner == 'libressl' }}	12	runs-on: "ubuntu-latest"
		13	if: github.repository_owner == 'libressl' # Prevent running on forks
		14	permissions:
		15	contents: read
12	steps:	16	steps:
13	- uses: actions/checkout@main	17	- name: "Checkout repository"
14	- name: Install apt dependencies	18	uses: actions/checkout@v4
15	run: \|	19
16	sudo apt-get update	20	- name: "Install dependencies"
17	sudo apt-get install -y cmake ninja-build	21	run: \|
18	- name: Download Coverity build tool	22	sudo apt-get update
19	run: \|	23	sudo apt-get install -y cmake ninja-build
20	wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=libressl-portable%2Fportable" -O coverity_tool.tar.gz	24
21	mkdir coverity_tool	25	- name: "Download Coverity build tool"
22	tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool	26	env:
23	- name: Configure	27	PROJECT: "libressl-portable%2Fportable"
24	run: \|	28	COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
25	./autogen.sh	29	run: \|
26	./configure	30	wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$PROJECT" -O coverity_tool.tar.gz
27	make dist	31	mkdir coverity_tool
28	tar zxf libressl-*.tar.gz	32	tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
29	rm libressl-*.tar.gz	33
30	cd libressl-*	34	- name: "Setup"
31	mkdir build-static	35	run: \|
32	mkdir build-shared	36	./autogen.sh
33	cmake -GNinja -DBUILD_SHARED_LIBS=ON ..	37	./configure
34	- name: Build with Coverity build tool	38	make dist
35	run: \|	39	tar zxf libressl-*.tar.gz
36	export PATH=`pwd`/coverity_tool/bin:$PATH	40	rm libressl-*.tar.gz
37	cd libressl-*	41	cd libressl-*
38	cov-build --dir cov-int ninja	42	mkdir build-static
39	- name: Submit build result to Coverity Scan	43	mkdir build-shared
40	run: \|	44	cmake -GNinja -DBUILD_SHARED_LIBS=ON ..
41	cd libressl-*	45
42	tar czvf cov.tar.gz cov-int	46	- name: "Build with Coverity build tool"
43	curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \	47	run: \|
44	--form email=libressl-security@openbsd.org \	48	export PATH=`pwd`/coverity_tool/bin:$PATH
45	--form file=@cov.tar.gz \	49	cd libressl-*
46	--form version="Commit $GITHUB_SHA" \	50	cov-build --dir cov-int ninja
47	--form description="Build submitted via CI" \	51
48	https://scan.coverity.com/builds?project=libressl-portable%2Fportable	52	- name: "Submit build result to Coverity Scan"
		53	env:
		54	EMAIL: "libressl-security@openbsd.org"
		55	PROJECT: "libressl-portable%2Fportable"
		56	COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
		57	run: \|
		58	cd libressl-*
		59	tar czvf cov.tar.gz cov-int
		60	curl --form token=$COVERITY_SCAN_TOKEN \
		61	--form email=$EMAIL \
		62	--form file=@cov.tar.gz \
		63	--form version="Commit $GITHUB_SHA" \
		64	--form description="Build submitted via CI" \
		65	https://scan.coverity.com/builds?project=$PROJECT


diff --git a/.github/workflows/solaris.yml b/.github/workflows/solaris.yml new file mode 100644 index 0000000..2c6ee49 --- /dev/null +++ b/.github/workflows/solaris.yml
@@ -0,0 +1,32 @@
		1	# GitHub Actions workflow to run tests on a Solaris VM.
		2	name: "Solaris"
		3
		4	on:
		5	workflow_dispatch:
		6	schedule:
		7	- cron: "0 0 * * *" # At 00:00 daily.
		8
		9	jobs:
		10	test:
		11	name: "Solaris"
		12	runs-on: ubuntu-latest
		13	permissions:
		14	contents: read
		15	steps:
		16	- name: "Checkout repository"
		17	uses: actions/checkout@v4
		18
		19	- name: "Setup"
		20	run: \|
		21	sudo apt-get update
		22	sudo apt-get install -y automake autoconf libtool
		23	./autogen.sh
		24
		25	- name: "Build on VM"
		26	uses: vmactions/solaris-vm@v1
		27	with:
		28	prepare: \|
		29	pkg install gcc make
		30	run: \|
		31	MAKE=gmake ./configure
		32	gmake -j2 check \|\| (cat tests/test-suite.log && exit 1)


diff --git a/.github/workflows/solaris_test.yml b/.github/workflows/solaris_test.yml deleted file mode 100644 index 6470278..0000000 --- a/.github/workflows/solaris_test.yml +++ /dev/null
@@ -1,28 +0,0 @@
1	name: solaris_ci
2
3	on:
4	workflow_dispatch:
5
6	jobs:
7	build-native:
8	strategy:
9	matrix:
10	release: [11.4]
11	runs-on: ubuntu-latest
12	continue-on-error: false
13	name: Solaris ${{ matrix.release }}
14	steps:
15	- name: Checkout source
16	uses: actions/checkout@main
17	- name: Configure source
18	run: \|
19	brew install automake autoconf libtool
20	./autogen.sh
21	- name: Build on VM
22	uses: vmactions/solaris-vm@v1
23	with:
24	prepare: \|
25	pkg install gcc make
26	run: \|
27	MAKE=gmake ./configure
28	gmake -j2 check \|\| (cat tests/test-suite.log && exit 1)