Commit Graph

28 Commits

Author SHA1 Message Date
Sam James 42754176bd
ci: don't pin official GH actions via commit, just tag
There's no real value in doing it via commit for official GH actions. We
can keep using pinned commits for unofficial actions. It's hassle for no
gain.

Maybe going forward we can limit this further by only being paranoid
for the jobs with any access to tokens.

(cherry picked from commit 35f8649f08)
2024-09-06 18:51:57 +03:00
Andrew Murray 4132277103
Updated actions
Closes: https://github.com/tukaani-project/xz/pull/115
(cherry picked from commit ef616683ef)
2024-09-06 18:51:57 +03:00
Sam James 1e63f7d536 ci: rename ci_build.sh -> ci_build.bash
We discussed the name and it's less cognitive load to just call it '.bash'
so you don't have an immediate question about if bashisms are OK.

(cherry picked from commit 73f629e321)
2024-05-22 14:26:59 +03:00
Sam James cc21af1715 ci: make UBSAN abort on errors
Unfortunately, UBSAN doesn't do this by default. See also the change
I made in Meson for this in October [0].

[0] 7b7d2e060b

(cherry picked from commit b5e3470442)
2024-05-22 14:26:59 +03:00
Sam James 2d2d5f14b3 ci: test Valgrind
Using `--trace-children=yes` has a trade-off here, as it makes
`test_scripts.sh` pretty slow when calling various non-xz utilities.

But I also feel like it's not useless to have Valgrind used there and it's
not easy to exclude Valgrind just for that one test...

I did consider using AX_VALGRIND_CHECK [0][1] but I couldn't get it working
immediately with some conditionally-built tests and I wondered if it was
worth spending time on at least while we're debating xz's future build
system situation.

[0] https://www.gnu.org/software/autoconf-archive/ax_valgrind_check.html
[1] https://tecnocode.co.uk/2014/12/23/automatically-valgrinding-code-with-ax_valgrind_check/

(cherry picked from commit 6c095a98fb)
2024-05-22 14:26:59 +03:00
Lasse Collin 38a3ec5a7e CI: Remove ifunc support.
(cherry picked from commit 986865ea2f)
2024-05-22 14:12:43 +03:00
Lasse Collin 22af94128b Add SPDX license identifier into 0BSD source code files. 2024-02-14 18:31:16 +02:00
Lasse Collin 689e0228ba Change most public domain parts to 0BSD.
Translations and doc/xz-file-format.txt and doc/lzma-file-format.txt
were not touched.

COPYING.0BSD was added.
2024-02-14 18:31:12 +02:00
Jia Tan f9b82bc64a CI: Update Upload Artifact Action. 2023-12-15 16:56:31 +08:00
Jia Tan fd170e8557 CI: Test musl libc builds on Ubuntu runner. 2023-11-30 20:09:46 +08:00
Jia Tan 5e3d890f88 CI: Disable sandboxing in fsanitize=address,undefined job.
The sandboxing on Linux now supports Landlock, which restricts all
supported filesystem actions after xz opens the files it needs. The
sandbox is only enabled when one file is input and we are writing to
standard out. With fsanitize=address,undefined, the instrumentation
needs to read additional files after the sandbox is in place. This
forces all xz based test to fail, so the sandbox must instead be
disabled.
2023-10-24 00:50:08 +08:00
Gabriela Gutierrez f28cc9bd48 CI: Bump and ref actions by commit SHA in ci.yml
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch.

It's important to make sure the SHA's are from the original repositories and not forks.

For reference:

https://github.com/actions/checkout/releases/tag/v4.1.0
8ade135a41

https://github.com/actions/upload-artifact/releases/tag/v3.1.3
a8a3f3ad30

Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-10-13 20:03:13 +08:00
Jia Tan 953e775941 CI: Enable CLMUL in address sanitization test.
The crc64_clmul() function should be ignored by the address sanitizer
now so these builds should still pass.
2023-09-14 21:43:34 +08:00
Jia Tan 45e250a9e9 CI: Add test with -fsanitize=address,undefined.
ci_build.sh was updated to accept disabling of __attribute__ ifunc
and CLMUL. This will allow -fsanitize=address to pass because ifunc
is incompatible with -fsanitize=address. The CLMUL implementation has
optimizations that potentially read past the buffer and mask out the
unwanted bytes.

This test will only run on Autotools Linux.
2023-06-28 23:59:47 +08:00
Jia Tan 596ee722cd CI: Upgrade checkout action from v2 to v3. 2023-06-28 20:48:49 +08:00
Jia Tan dbb3a536ed CI: Add apt update command before installing dependencies.
Without the extra command, all of the CI tests were automatically
failing because the Ubuntu servers could not be reached properly.
2023-06-07 00:23:02 +08:00
Jia Tan 2cf5ae5b5b CI: Adds a build and test for small configuration. 2023-04-25 22:14:28 +08:00
Jia Tan d0faa85df5 CI: Tests for disabling threading on CMake builds. 2023-03-29 23:46:43 +08:00
Jia Tan 20cd905d89 CI: Runs CMake feature tests.
Now, CMake will run similar feature disable tests that the Autotools
version did before. In order to do this without repeating lines in
ci.yml, it now makes sense to use the GitHub Workflow matrix to create
a loop.
2023-03-24 23:41:06 +08:00
Jia Tan 4f50763b98 CI: Add doxygen as a dependency.
Autogen now requires --no-doxygen or having doxygen installed to run
without errors.
2023-03-17 01:42:28 +08:00
Jia Tan 3a401b0e0c CI: Upload test logs as artifacts if a test fails. 2023-02-01 21:47:35 +08:00
Jia Tan b2ba1a489d CI: Reorder 32-bit build first for Linux autotool builds.
The 32-bit build needs to be first so the configure cache only needs to
be reset one time. The 32-bit build sets the CFLAGS env variable, so any
build using that flag after will fail unless the cache is reset.
2023-01-18 22:11:05 +08:00
Jia Tan 81cb02e2c2 CI: Disable shared and nls from various jobs in autotool runners.
Disabling shared library generation and linking should help speed up the
runners. The shared library is still being tested in the 32 bit build
and the full feature.

Disabling nls is to check for any unexpected warnings or errors.
2023-01-12 23:43:06 +08:00
Jia Tan 58a052198a CI: Reorder the 32-bit job in the Ubuntu runner.
Run the 32 bit job sooner since this is a more interesting test than
some of the later jobs.
2023-01-12 23:39:19 +08:00
Jia Tan 57464bb4eb CI/CD: Add 32-bit build and test steps to Ubuntu autotools runner.
If all goes well, Mac autotools and Linux and Mac CMake will be added
later for 32-bit builds.
2023-01-11 00:54:45 +08:00
Jia Tan 8d372bd940 CI/CD: Split CMake Linux and MacOS build phase to build and test.
The phase split was only done for Autotools before, so should also
apply to CMake.
2023-01-07 21:15:18 +08:00
Jia Tan 747c7f2b34 CI/CD: Reduce job runners to 4 instead of using matrix strategy.
The old version used too many runners that resulted in unnecessary
dependency downloads. Now, the runners are reused for the different
configurations for each OS and build system.
2023-01-07 21:15:16 +08:00
Jia Tan 9f05c27a58 CI/CD: Create initial version of CI/CD workflow.
The CI/CD workflow will only execute on Ubuntu and MacOS latest version.
The workflow will attempt to build with autotools and CMake and execute
the tests. The workflow will run for all pull requests and pushes done
to the master branch.
2022-12-30 23:34:31 +08:00