diff options
Diffstat (limited to '.github/workflows')
-rw-r--r-- | .github/workflows/build_test.yml | 29 | ||||
-rw-r--r-- | .github/workflows/cifuzz.yml | 47 | ||||
-rwxr-xr-x | .github/workflows/ubuntu-build-check.sh | 118 |
3 files changed, 194 insertions, 0 deletions
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml new file mode 100644 index 0000000..c9aec77 --- /dev/null +++ b/.github/workflows/build_test.yml @@ -0,0 +1,29 @@ +--- +# vi: ts=2 sw=2 et: +# +name: Build test +on: + pull_request: + paths: + - '**/meson.build' + - '.github/workflows/**' + - 'meson_options.txt' + - 'src/**' + - 'test/fuzz/**' + +jobs: + build: + runs-on: ubuntu-20.04 + strategy: + fail-fast: false + matrix: + env: + - { COMPILER: "gcc", COMPILER_VERSION: "10" } + - { COMPILER: "clang", COMPILER_VERSION: "10" } + - { COMPILER: "clang", COMPILER_VERSION: "11" } + env: ${{ matrix.env }} + steps: + - name: Repository checkout + uses: actions/checkout@v1 + - name: Build check (${{ env.COMPILER }}-${{ env.COMPILER_VERSION }}) + run: sudo -E .github/workflows/ubuntu-build-check.sh diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml new file mode 100644 index 0000000..ed6db50 --- /dev/null +++ b/.github/workflows/cifuzz.yml @@ -0,0 +1,47 @@ +--- +# vi: ts=2 sw=2 et: +# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/ + +name: CIFuzz +on: + pull_request: + paths: + - '**/meson.build' + - '.github/workflows/**' + - 'meson_options.txt' + - 'src/**' + - 'test/fuzz/**' + - 'tools/oss-fuzz.sh' + push: + branches: + - master +jobs: + Fuzzing: + runs-on: ubuntu-latest + if: github.repository == 'systemd/systemd' + strategy: + fail-fast: false + matrix: + sanitizer: [address, undefined, memory] + steps: + - name: Build Fuzzers (${{ matrix.sanitizer }}) + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'systemd' + dry-run: false + allowed-broken-targets-percentage: 0 + sanitizer: ${{ matrix.sanitizer }} + - name: Run Fuzzers (${{ matrix.sanitizer }}) + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'systemd' + fuzz-seconds: 600 + dry-run: false + sanitizer: ${{ matrix.sanitizer }} + - name: Upload Crash + uses: actions/upload-artifact@v1 + if: failure() && steps.build.outcome == 'success' + with: + name: ${{ matrix.sanitizer }}-artifacts + path: ./out/artifacts diff --git a/.github/workflows/ubuntu-build-check.sh b/.github/workflows/ubuntu-build-check.sh new file mode 100755 index 0000000..d4f1106 --- /dev/null +++ b/.github/workflows/ubuntu-build-check.sh @@ -0,0 +1,118 @@ +#!/bin/bash + +set -ex + +info() { echo -e "\033[33;1m$1\033[0m"; } +fatal() { echo >&2 -e "\033[31;1m$1\033[0m"; exit 1; } +success() { echo >&2 -e "\033[32;1m$1\033[0m"; } + +ARGS=( + "--optimization=0" + "--optimization=2" + "--optimization=s" + "--optimization=3 -Db_lto=true" + "--optimization=3 -Db_lto=false" + "-Db_ndebug=true" +) +PACKAGES=( + cryptsetup-bin + expect + fdisk + gettext + iputils-ping + isc-dhcp-client + itstool + kbd + libblkid-dev + libcap-dev + libcurl4-gnutls-dev + libfdisk-dev + libfido2-dev + libgpg-error-dev + liblz4-dev + liblzma-dev + libmicrohttpd-dev + libmount-dev + libp11-kit-dev + libpwquality-dev + libqrencode-dev + libssl-dev + libxkbcommon-dev + libxtables-dev + libzstd-dev + mount + net-tools + perl + python-lxml + python3-evdev + python3-lxml + python3-pip + python3-pyparsing + python3-setuptools + quota + strace + unifont + util-linux + zstd +) +COMPILER="${COMPILER:?}" +COMPILER_VERSION="${COMPILER_VERSION:?}" +RELEASE="$(lsb_release -cs)" + +bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list" + +# Note: As we use postfixed clang/gcc binaries, we need to override $AR +# as well, otherwise meson falls back to ar from binutils which +# doesn't work with LTO +if [[ "$COMPILER" == clang ]]; then + CC="clang-$COMPILER_VERSION" + CXX="clang++-$COMPILER_VERSION" + AR="llvm-ar-$COMPILER_VERSION" + # Latest LLVM stack deb packages provided by https://apt.llvm.org/ + # Following snippet was borrowed from https://apt.llvm.org/llvm.sh + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add - + add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" + PACKAGES+=(clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION) +elif [[ "$COMPILER" == gcc ]]; then + CC="gcc-$COMPILER_VERSION" + CXX="g++-$COMPILER_VERSION" + AR="gcc-ar-$COMPILER_VERSION" + # Latest gcc stack deb packages provided by + # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test + sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test + PACKAGES+=(gcc-$COMPILER_VERSION) +else + fatal "Unknown compiler: $COMPILER" +fi + +# PPA with some newer build dependencies (like zstd) +add-apt-repository -y ppa:upstream-systemd-ci/systemd-ci +apt-get -y update +apt-get -y build-dep systemd +apt-get -y install "${PACKAGES[@]}" +# Install the latest meson and ninja form pip, since the distro versions don't +# support all the features we need (like --optimization=). Since the build-dep +# command above installs the distro versions, let's install the pip ones just +# locally and add the local bin directory to the $PATH. +pip3 install --user -U meson ninja +export PATH="$HOME/.local/bin:$PATH" + +$CC --version + +for args in "${ARGS[@]}"; do + SECONDS=0 + + info "Checking build with $args" + if ! AR="$AR" CC="$CC" CXX="$CXX" CFLAGS="-Werror" CXXFLAGS="-Werror" meson -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror $args build; then + fatal "meson failed with $args" + fi + + ninja --version + if ! ninja -C build; then + fatal "ninja failed with $args" + fi + + git clean -dxf + + success "Build with $args passed in $SECONDS seconds" +done |