diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/ci.yml | 618 | ||||
-rw-r--r-- | .github/workflows/codeql-analysis.yml | 76 | ||||
-rw-r--r-- | .github/workflows/coverity.yml | 84 |
3 files changed, 778 insertions, 0 deletions
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..c8c4875 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,618 @@ +name: GitHub CI + +on: + push: + branches: ['**'] + pull_request: + +# Cancels all previous workflow runs for pull requests that have not completed. +concurrency: + # The concurrency group contains the workflow name and the branch name for + # pull requests or the commit hash for any other events. + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} + cancel-in-progress: true + +permissions: + contents: read # to fetch code (actions/checkout) + +jobs: + linux: + runs-on: ubuntu-20.04 + + env: + CC: ${{ matrix.compiler }} + TEST: test + SRCDIR: ./src + LEAK_CFLAGS: -DEXITFREE + CFLAGS: -Wno-deprecated-declarations + LOG_DIR: ${{ github.workspace }}/logs + TERM: xterm + DISPLAY: ':99' + DEBIAN_FRONTEND: noninteractive + + strategy: + fail-fast: false + matrix: + features: [tiny, normal, huge] + compiler: [clang, gcc] + extra: [none] + include: + - features: tiny + compiler: clang + extra: nogui + - features: tiny + compiler: gcc + extra: nogui + - features: normal + shadow: ./src/shadow + - features: huge + coverage: true + - features: huge + compiler: gcc + coverage: true + extra: testgui + uchar: true + - features: huge + compiler: clang + extra: asan + - features: huge + compiler: gcc + coverage: true + extra: unittests + - features: normal + compiler: gcc + extra: vimtags + + steps: + - name: Checkout repository from github + uses: actions/checkout@v3 + + - name: Install packages + run: | + PKGS=( \ + gettext \ + libgtk2.0-dev \ + desktop-file-utils \ + libtool-bin \ + ) + if ${{ matrix.features == 'huge' }}; then + PKGS+=( \ + autoconf \ + lcov \ + libcanberra-dev \ + libperl-dev \ + python-dev \ + python3-dev \ + liblua5.3-dev \ + lua5.3 \ + ruby-dev \ + tcl-dev \ + cscope \ + libsodium-dev \ + ) + fi + sudo apt update && sudo apt install -y "${PKGS[@]}" + + - name: Install gcc-11 + if: matrix.compiler == 'gcc' + run: | + sudo apt install -y gcc-11 + sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-11 100 + sudo update-alternatives --set gcc /usr/bin/gcc-11 + + - name: Install clang-16 + if: matrix.compiler == 'clang' + run: | + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - + . /etc/lsb-release + sudo add-apt-repository -y "deb http://apt.llvm.org/${DISTRIB_CODENAME}/ llvm-toolchain-${DISTRIB_CODENAME}-16 main" + sudo apt install -y clang-16 llvm-16 + sudo update-alternatives --install /usr/bin/clang clang /usr/bin/clang-16 100 + sudo update-alternatives --set clang /usr/bin/clang-16 + sudo update-alternatives --install /usr/bin/llvm-cov llvm-cov /usr/bin/llvm-cov-16 100 + sudo update-alternatives --install /usr/bin/asan_symbolize asan_symbolize /usr/bin/asan_symbolize-16 100 + + - name: Set up environment + run: | + mkdir -p "${LOG_DIR}" + mkdir -p "${HOME}/bin" + echo "${HOME}/bin" >> $GITHUB_PATH + ( + echo "LINUX_VERSION=$(uname -r)" + echo "NPROC=$(getconf _NPROCESSORS_ONLN)" + echo "SND_DUMMY_DIR=${HOME}/snd-dummy" + echo "TMPDIR=${{ runner.temp }}" + + case "${{ matrix.features }}" in + tiny) + echo "TEST=testtiny" + if ${{ contains(matrix.extra, 'nogui') }}; then + echo "CONFOPT=--disable-gui" + fi + ;; + normal) + ;; + huge) + echo "TEST=scripttests test_libvterm" + echo "CONFOPT=--enable-perlinterp --enable-pythoninterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp" + ;; + esac + + if ${{ matrix.coverage == true }}; then + CFLAGS="$CFLAGS --coverage -DUSE_GCOV_FLUSH" + echo "LDFLAGS=--coverage" + fi + if ${{ matrix.uchar == true }}; then + CFLAGS="$CFLAGS -funsigned-char" + fi + if ${{ contains(matrix.extra, 'testgui') }}; then + echo "TEST=-C src testgui" + fi + if ${{ contains(matrix.extra, 'unittests') }}; then + echo "TEST=unittests" + fi + if ${{ contains(matrix.extra, 'asan') }}; then + echo "SANITIZER_CFLAGS=-g -O1 -DABORT_ON_INTERNAL_ERROR -DEXITFREE -fsanitize-recover=all -fsanitize=address -fsanitize=undefined -fno-omit-frame-pointer" + echo "ASAN_OPTIONS=print_stacktrace=1 log_path=${LOG_DIR}/asan" + echo "UBSAN_OPTIONS=print_stacktrace=1 log_path=${LOG_DIR}/ubsan" + echo "LSAN_OPTIONS=suppressions=${GITHUB_WORKSPACE}/src/testdir/lsan-suppress.txt" + fi + if ${{ contains(matrix.extra, 'vimtags') }}; then + echo "TEST=-C runtime/doc vimtags VIMEXE=../../${SRCDIR}/vim" + fi + echo "CFLAGS=$CFLAGS" + ) >> $GITHUB_ENV + + - name: Set up system + run: | + if [[ ${CC} = clang ]]; then + # Use llvm-cov instead of gcov when compiler is clang. + ln -fs /usr/bin/llvm-cov ${HOME}/bin/gcov + fi + sudo sysctl -w net.ipv6.conf.lo.disable_ipv6=0 + sudo usermod -a -G audio "${USER}" + sudo bash ci/setup-xvfb.sh + + # FIXME: Temporarily disabled because of build errors + #- name: Cache snd-dummy + # uses: actions/cache@v3 + # with: + # path: ${{ env.SND_DUMMY_DIR }} + # key: linux-${{ env.LINUX_VERSION }}-snd-dummy + + #- name: Set up snd-dummy + # run: | + # if [[ ! -e ${SND_DUMMY_DIR}/snd-dummy.ko ]]; then + # bash ci/build-snd-dummy.sh + # fi + # cd "${SND_DUMMY_DIR}" + # sudo insmod soundcore.ko + # sudo insmod snd.ko + # sudo insmod snd-pcm.ko + # sudo insmod snd-dummy.ko + + - name: Check autoconf + if: contains(matrix.extra, 'unittests') + run: | + make -C src autoconf + + - name: Set up shadow dir + if: matrix.shadow + run: | + make -C src shadow + echo "SRCDIR=${{ matrix.shadow }}" >> $GITHUB_ENV + echo "SHADOWOPT=-C ${{ matrix.shadow }}" >> $GITHUB_ENV + + - name: Configure + run: | + ./configure --with-features=${{ matrix.features }} ${CONFOPT} --enable-fail-if-missing + # Append various warning flags to CFLAGS. + sed -i -f ci/config.mk.sed ${SRCDIR}/auto/config.mk + sed -i -f ci/config.mk.${CC}.sed ${SRCDIR}/auto/config.mk + if [[ ${CC} = clang ]]; then + # Suppress some warnings produced by clang 12 and later. + sed -i -f ci/config.mk.clang-12.sed ${SRCDIR}/auto/config.mk + fi + + - name: Build + if: (!contains(matrix.extra, 'unittests')) + run: | + make ${SHADOWOPT} -j${NPROC} + + - name: Check version + if: (!contains(matrix.extra, 'unittests')) + run: | + "${SRCDIR}"/vim --version + "${SRCDIR}"/vim -u NONE -i NONE --not-a-term -esNX -V1 -S ci/if_ver-1.vim -c quit + "${SRCDIR}"/vim -u NONE -i NONE --not-a-term -esNX -V1 -S ci/if_ver-2.vim -c quit + + - name: Test + timeout-minutes: 20 + run: | + do_test() { sg audio "sg $(id -gn) '$*'"; } + do_test make ${SHADOWOPT} ${TEST} + + # - name: Coveralls + # if: matrix.coverage && github.event_name != 'pull_request' + # env: + # COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} + # COVERALLS_PARALLEL: true + # TRAVIS_JOB_ID: ${{ github.run_id }} + # run: | + # sudo apt-get install -y python3-setuptools python3-wheel + # sudo -H pip3 install pip -U + # # needed for https support for coveralls building cffi only works with gcc, not with clang + # CC=gcc pip3 install --user cpp-coveralls pyopenssl ndg-httpsclient pyasn1 + # ~/.local/bin/coveralls -b "${SRCDIR}" -x .xs -e "${SRCDIR}"/if_perl.c -e "${SRCDIR}"/xxd -e "${SRCDIR}"/libvterm --encodings utf-8 + + - name: Generate gcov files + if: matrix.coverage + run: | + cd "${SRCDIR}" + find . -type f -name '*.gcno' -exec gcov -pb {} + || true + + - name: Codecov + if: matrix.coverage + uses: codecov/codecov-action@v3 + with: + flags: linux,${{ matrix.features }}-${{ matrix.compiler }}-${{ matrix.extra }} + + - name: ASan logs + if: contains(matrix.extra, 'asan') && !cancelled() + run: | + for f in $(grep -lR '#[[:digit:]]* *0x[[:xdigit:]]*' "${LOG_DIR}"); do + asan_symbolize -l "$f" + false # in order to fail a job + done + + # coveralls: + # runs-on: ubuntu-20.04 + # + # needs: linux + # if: always() && github.event_name != 'pull_request' + # + # steps: + # - name: Parallel finished + # env: + # COVERALLS_REPO_TOKEN: ${{ secrets.COVERALLS_REPO_TOKEN }} + # run: | + # curl -k "https://coveralls.io/webhook?repo_token=${COVERALLS_REPO_TOKEN}" -d "payload[build_num]=${GITHUB_RUN_ID}&payload[status]=done" + + macos: + runs-on: macos-latest + + env: + CC: clang + TEST: test + SRCDIR: ./src + LEAK_CFLAGS: -DEXITFREE + TERM: xterm + + strategy: + fail-fast: false + matrix: + features: [tiny, normal, huge] + + steps: + - name: Checkout repository from github + uses: actions/checkout@v3 + + - name: Install packages + if: matrix.features == 'huge' + env: + HOMEBREW_NO_AUTO_UPDATE: 1 + run: | + brew install lua + echo "LUA_PREFIX=/usr/local" >> $GITHUB_ENV + brew uninstall perl + + - name: Set up environment + run: | + ( + echo "NPROC=$(getconf _NPROCESSORS_ONLN)" + case "${{ matrix.features }}" in + tiny) + echo "TEST=testtiny" + echo "CONFOPT=--disable-gui" + ;; + normal) + ;; + huge) + echo "CONFOPT=--enable-perlinterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp" + ;; + esac + ) >> $GITHUB_ENV + + - name: Configure + run: | + ./configure --with-features=${{ matrix.features }} ${CONFOPT} --enable-fail-if-missing + # Append various warning flags to CFLAGS. + # BSD sed needs backup extension specified. + sed -i.bak -f ci/config.mk.sed ${SRCDIR}/auto/config.mk + # On macOS, the entity of gcc is clang. + sed -i.bak -f ci/config.mk.clang.sed ${SRCDIR}/auto/config.mk + # Suppress some warnings produced by clang 12 and later. + if clang --version | grep -qs 'Apple clang version \(1[3-9]\|[2-9]\)\.'; then + sed -i.bak -f ci/config.mk.clang-12.sed ${SRCDIR}/auto/config.mk + fi + + - name: Build + env: + LC_ALL: C + run: | + make -j${NPROC} + + - name: Check version + run: | + "${SRCDIR}"/vim --version + "${SRCDIR}"/vim -u NONE -i NONE --not-a-term -esNX -V1 -S ci/if_ver-1.vim -c quit + "${SRCDIR}"/vim -u NONE -i NONE --not-a-term -esNX -V1 -S ci/if_ver-2.vim -c quit + + - name: Test + timeout-minutes: 20 + run: | + make ${TEST} + + windows: + runs-on: windows-2022 + + env: + # Interfaces + # Lua + LUA_VER: 54 + LUA_VER_DOT: '5.4' + LUA_RELEASE: 5.4.2 + LUA32_URL: https://downloads.sourceforge.net/luabinaries/lua-%LUA_RELEASE%_Win32_dllw6_lib.zip + LUA64_URL: https://downloads.sourceforge.net/luabinaries/lua-%LUA_RELEASE%_Win64_dllw6_lib.zip + LUA_DIR: D:\Lua + # do not want \L to end up in pathdef.c and compiler complaining about unknown escape sequences \l + LUA_DIR_SLASH: D:/Lua + # Python 2 + PYTHON_VER: 27 + PYTHON_VER_DOT: '2.7' + PYTHON_DIR: 'C:\Python27' + # Python 3 + PYTHON3_VER: 311 + PYTHON3_VER_DOT: '3.11' + # Other dependencies + # winpty + WINPTY_URL: https://github.com/rprichard/winpty/releases/download/0.4.3/winpty-0.4.3-msvc2015.zip + # Escape sequences + COL_RED: "\x1b[31m" + COL_GREEN: "\x1b[32m" + COL_YELLOW: "\x1b[33m" + COL_RESET: "\x1b[m" + + strategy: + fail-fast: false + matrix: + include: + - { features: HUGE, toolchain: msvc, VIMDLL: no, GUI: no, arch: x64 } + - { features: HUGE, toolchain: mingw, VIMDLL: yes, GUI: yes, arch: x86, coverage: yes } + - { features: HUGE, toolchain: msvc, VIMDLL: no, GUI: yes, arch: x86 } + - { features: HUGE, toolchain: mingw, VIMDLL: yes, GUI: no, arch: x64, coverage: yes } + - { features: NORMAL, toolchain: msvc, VIMDLL: yes, GUI: no, arch: x86 } + - { features: NORMAL, toolchain: mingw, VIMDLL: no, GUI: yes, arch: x64 } + - { features: TINY, toolchain: msvc, VIMDLL: yes, GUI: yes, arch: x64 } + - { features: TINY, toolchain: mingw, VIMDLL: no, GUI: no, arch: x86 } + + steps: + - name: Initialize + id: init + shell: bash + run: | + # Show Windows version + cmd /c ver + + git config --global core.autocrlf input + + if [ "${{ matrix.arch }}" = "x64" ]; then + cygreg=registry + pyreg= + echo "VCARCH=amd64" >> $GITHUB_ENV + echo "WARCH=x64" >> $GITHUB_ENV + echo "BITS=64" >> $GITHUB_ENV + echo "MSYSTEM=MINGW64" >> $GITHUB_ENV + else + cygreg=registry32 + pyreg=-32 + echo "VCARCH=x86" >> $GITHUB_ENV + echo "WARCH=ia32" >> $GITHUB_ENV + echo "BITS=32" >> $GITHUB_ENV + echo "MSYSTEM=MINGW32" >> $GITHUB_ENV + fi + + echo "VCVARSALL=$(vswhere -products \* -latest -property installationPath)\\VC\\Auxiliary\\Build\\vcvarsall.bat" >> $GITHUB_ENV + if [ "${{ matrix.features }}" != "TINY" ]; then + if [ "${{ matrix.arch }}" = "x86" ]; then + choco install python2 --no-progress --forcex86 + else + choco install python2 --no-progress + fi + fi + python3_dir=$(cat "/proc/$cygreg/HKEY_LOCAL_MACHINE/SOFTWARE/Python/PythonCore/${PYTHON3_VER_DOT}$pyreg/InstallPath/@") + echo "PYTHON3_DIR=$python3_dir" >> $GITHUB_ENV + + - uses: msys2/setup-msys2@v2 + if: matrix.toolchain == 'mingw' + with: + update: true + install: tar + pacboy: >- + make:p gcc:p + msystem: ${{ env.MSYSTEM }} + release: false + + - name: Checkout repository from github + uses: actions/checkout@v3 + + - name: Create a list of download URLs + shell: cmd + run: | + type NUL > urls.txt + echo %LUA_RELEASE%>> urls.txt + echo %WINPTY_URL%>> urls.txt + + - name: Cache downloaded files + uses: actions/cache@v3 + with: + path: downloads + key: ${{ runner.os }}-${{ matrix.arch }}-${{ hashFiles('urls.txt') }} + + - name: Download dependencies + shell: cmd + run: | + path C:\Program Files\7-Zip;%path% + if not exist downloads mkdir downloads + + echo %COL_GREEN%Download Lua%COL_RESET% + call :downloadfile %LUA${{ env.BITS }}_URL% downloads\lua.zip + 7z x downloads\lua.zip -o%LUA_DIR% > nul || exit 1 + + echo %COL_GREEN%Download winpty%COL_RESET% + call :downloadfile %WINPTY_URL% downloads\winpty.zip + 7z x -y downloads\winpty.zip -oD:\winpty > nul || exit 1 + copy /Y D:\winpty\%WARCH%\bin\winpty.dll src\winpty%BITS%.dll + copy /Y D:\winpty\%WARCH%\bin\winpty-agent.exe src\ + + goto :eof + + :downloadfile + :: call :downloadfile <URL> <localfile> + if not exist %2 ( + curl -f -L %1 -o %2 + ) + if ERRORLEVEL 1 ( + rem Retry once. + curl -f -L %1 -o %2 || exit 1 + ) + goto :eof + + - name: Build (MSVC) + if: matrix.toolchain == 'msvc' + shell: cmd + run: | + call "%VCVARSALL%" %VCARCH% + cd src + if "${{ matrix.VIMDLL }}"=="yes" ( + set GUI=yes + ) else ( + set GUI=${{ matrix.GUI }} + ) + if "${{ matrix.features }}"=="HUGE" ( + nmake -nologo -f Make_mvc.mak ^ + FEATURES=${{ matrix.features }} ^ + GUI=%GUI% IME=yes ICONV=yes VIMDLL=${{ matrix.VIMDLL }} ^ + DYNAMIC_LUA=yes LUA=%LUA_DIR% ^ + DYNAMIC_PYTHON=yes PYTHON=%PYTHON_DIR% ^ + DYNAMIC_PYTHON3=yes PYTHON3=%PYTHON3_DIR% + ) else ( + nmake -nologo -f Make_mvc.mak ^ + FEATURES=${{ matrix.features }} ^ + GUI=%GUI% IME=yes ICONV=yes VIMDLL=${{ matrix.VIMDLL }} + ) + + - name: Build (MinGW) + if: matrix.toolchain == 'mingw' + shell: msys2 {0} + run: | + cd src + if [ "${{ matrix.VIMDLL }}" = "yes" ]; then + GUI=yes + else + GUI=${{ matrix.GUI }} + fi + if [ "${{ matrix.features }}" = "HUGE" ]; then + mingw32-make -f Make_ming.mak -j2 \ + FEATURES=${{ matrix.features }} \ + GUI=$GUI IME=yes ICONV=yes VIMDLL=${{ matrix.VIMDLL }} \ + DYNAMIC_LUA=yes LUA=${LUA_DIR_SLASH} \ + DYNAMIC_PYTHON=yes PYTHON=${PYTHON_DIR} \ + DYNAMIC_PYTHON3=yes PYTHON3=${PYTHON3_DIR} \ + STATIC_STDCPLUS=yes COVERAGE=${{ matrix.coverage }} + else + mingw32-make -f Make_ming.mak -j2 \ + FEATURES=${{ matrix.features }} \ + GUI=$GUI IME=yes ICONV=yes VIMDLL=${{ matrix.VIMDLL }} \ + STATIC_STDCPLUS=yes + fi + + - name: Check version + shell: cmd + run: | + PATH %LUA_DIR%;C:\msys64\%MSYSTEM%\bin;%PATH%;%PYTHON3_DIR% + if "${{ matrix.GUI }}"=="yes" ( + start /wait src\gvim -u NONE -i NONE -c "redir > version.txt | ver | q" || exit 1 + type version.txt + echo. + start /wait src\gvim -u NONE -i NONE -c "redir! > version.txt | so ci\if_ver-1.vim | q" + start /wait src\gvim -u NONE -i NONE -c "redir >> version.txt | so ci\if_ver-2.vim | q" + type version.txt + del version.txt + ) else ( + src\vim --version || exit 1 + src\vim -u NONE -i NONE --not-a-term -esNX -V1 -S ci/if_ver-1.vim -c quit + src\vim -u NONE -i NONE --not-a-term -esNX -V1 -S ci/if_ver-2.vim -c quit + ) + + #- name: Prepare Artifact + # shell: cmd + # run: | + # mkdir artifacts + # copy src\*vim.exe artifacts + # copy src\vim*.dll artifacts + # + #- name: Upload Artifact + # uses: actions/upload-artifact@v1 + # with: + # name: vim${{ matrix.bits }}-${{ matrix.toolchain }} + # path: ./artifacts + + - name: Test and show the result of testing gVim + if: matrix.GUI == 'yes' || matrix.VIMDLL == 'yes' + shell: cmd + timeout-minutes: 15 + run: | + PATH %LUA_DIR%;C:\msys64\%MSYSTEM%\bin;%PATH%;%PYTHON3_DIR% + call "%VCVARSALL%" %VCARCH% + + echo %COL_GREEN%Test gVim:%COL_RESET% + cd src\testdir + if "${{ matrix.GUI }}"=="yes" ( + nmake -nologo -f Make_mvc.mak VIMPROG=..\gvim || exit 1 + ) else ( + @rem Run only tiny tests. + nmake -nologo -f Make_mvc.mak tiny VIMPROG=..\gvim || exit 1 + ) + + - name: Test and show the result of testing Vim + if: matrix.GUI == 'no' || matrix.VIMDLL == 'yes' + shell: cmd + timeout-minutes: 15 + run: | + PATH %LUA_DIR%;C:\msys64\%MSYSTEM%\bin;%PATH%;%PYTHON3_DIR% + call "%VCVARSALL%" %VCARCH% + + echo %COL_GREEN%Test Vim:%COL_RESET% + cd src\testdir + nmake -nologo -f Make_mvc.mak clean + if "${{ matrix.GUI }}"=="no" ( + nmake -nologo -f Make_mvc.mak VIMPROG=..\vim || exit 1 + ) else ( + @rem Run only tiny tests. + nmake -nologo -f Make_mvc.mak tiny VIMPROG=..\vim || exit 1 + ) + + - name: Generate gcov files + if: matrix.coverage + shell: msys2 {0} + run: | + cd src + find . -type f -name '*.gcno' -exec gcov -pb {} + || true + + - name: Codecov + if: matrix.coverage + uses: codecov/codecov-action@v3 + with: + directory: src + flags: windows,${{ matrix.toolchain }}-${{ matrix.arch }}-${{ matrix.features }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..efd91a4 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,76 @@ +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +name: "CodeQL" + +on: + push: + branches: [master] + pull_request: + # The branches below must be a subset of the branches above + branches: [master] + schedule: + - cron: '0 18 * * 1' + +# Cancels all previous workflow runs for pull requests that have not completed. +concurrency: + # The concurrency group contains the workflow name and the branch name for + # pull requests or the commit hash for any other events. + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} + cancel-in-progress: true + +permissions: + contents: read # to fetch code (actions/checkout) + +jobs: + analyze: + permissions: + contents: read # to fetch code (actions/checkout) + security-events: write # (github/codeql-action/autobuild) + + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + # Override automatic language detection by changing the below list + # Supported options are ['csharp', 'cpp', 'go', 'java', 'javascript', 'python'] + language: ['cpp', 'python'] + # Learn more... + # https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#overriding-automatic-language-detection + + steps: + - name: Checkout repository from github + uses: actions/checkout@v3 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: ${{ matrix.language }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + # queries: ./path/to/local/query, your-org/your-repo/queries@main + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v2 + + # âšī¸ Command-line programs to run using the OS shell. + # đ https://git.io/JvXDl + + # âī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000..e399170 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,84 @@ +name: Coverity +on: + schedule: + - cron: '42 0 * * *' # Run once per day, to avoid Coverity's submission limits + workflow_dispatch: + +permissions: + contents: read # to fetch code (actions/checkout) + +jobs: + scan: + runs-on: ubuntu-20.04 + + env: + CC: gcc + CFLAGS: -Wno-deprecated-declarations + DEBIAN_FRONTEND: noninteractive + TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + + steps: + - name: Checkout repository from github + if: env.TOKEN + uses: actions/checkout@v3 + + - name: Download Coverity + if: env.TOKEN + run: | + wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz + mkdir cov-scan + tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan + + - name: Install packages + if: env.TOKEN + run: | + sudo apt update && sudo apt install -y \ + autoconf \ + gettext \ + libcanberra-dev \ + libperl-dev \ + python-dev \ + python3-dev \ + liblua5.3-dev \ + lua5.3 \ + ruby-dev \ + tcl-dev \ + libgtk2.0-dev \ + desktop-file-utils \ + libtool-bin \ + libsodium-dev + + - name: Set up environment + if: env.TOKEN + run: | + echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH + ( + echo "NPROC=$(getconf _NPROCESSORS_ONLN)" + echo "CONFOPT=--enable-perlinterp --enable-pythoninterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp" + ) >> $GITHUB_ENV + + - name: Configure + if: env.TOKEN + run: | + ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing + # Append various warning flags to CFLAGS. + sed -i -f ci/config.mk.sed src/auto/config.mk + sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk + + - name: Build/scan vim + if: env.TOKEN + run: | + cov-build --dir cov-int make -j${NPROC} + + - name: Submit results + if: env.TOKEN + run: | + tar zcf cov-scan.tgz cov-int + curl --form token=$TOKEN \ + --form email=$EMAIL \ + --form file=@cov-scan.tgz \ + --form version="$(git rev-parse HEAD)" \ + --form description="Automatic GHA scan" \ + 'https://scan.coverity.com/builds?project=vim' + env: + EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} |