summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rw-r--r--.github/workflows/build_test.yml29
-rw-r--r--.github/workflows/cifuzz.yml47
-rwxr-xr-x.github/workflows/ubuntu-build-check.sh118
3 files changed, 194 insertions, 0 deletions
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
new file mode 100644
index 0000000..c9aec77
--- /dev/null
+++ b/.github/workflows/build_test.yml
@@ -0,0 +1,29 @@
+---
+# vi: ts=2 sw=2 et:
+#
+name: Build test
+on:
+ pull_request:
+ paths:
+ - '**/meson.build'
+ - '.github/workflows/**'
+ - 'meson_options.txt'
+ - 'src/**'
+ - 'test/fuzz/**'
+
+jobs:
+ build:
+ runs-on: ubuntu-20.04
+ strategy:
+ fail-fast: false
+ matrix:
+ env:
+ - { COMPILER: "gcc", COMPILER_VERSION: "10" }
+ - { COMPILER: "clang", COMPILER_VERSION: "10" }
+ - { COMPILER: "clang", COMPILER_VERSION: "11" }
+ env: ${{ matrix.env }}
+ steps:
+ - name: Repository checkout
+ uses: actions/checkout@v1
+ - name: Build check (${{ env.COMPILER }}-${{ env.COMPILER_VERSION }})
+ run: sudo -E .github/workflows/ubuntu-build-check.sh
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
new file mode 100644
index 0000000..ed6db50
--- /dev/null
+++ b/.github/workflows/cifuzz.yml
@@ -0,0 +1,47 @@
+---
+# vi: ts=2 sw=2 et:
+# See: https://google.github.io/oss-fuzz/getting-started/continuous-integration/
+
+name: CIFuzz
+on:
+ pull_request:
+ paths:
+ - '**/meson.build'
+ - '.github/workflows/**'
+ - 'meson_options.txt'
+ - 'src/**'
+ - 'test/fuzz/**'
+ - 'tools/oss-fuzz.sh'
+ push:
+ branches:
+ - master
+jobs:
+ Fuzzing:
+ runs-on: ubuntu-latest
+ if: github.repository == 'systemd/systemd'
+ strategy:
+ fail-fast: false
+ matrix:
+ sanitizer: [address, undefined, memory]
+ steps:
+ - name: Build Fuzzers (${{ matrix.sanitizer }})
+ id: build
+ uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'systemd'
+ dry-run: false
+ allowed-broken-targets-percentage: 0
+ sanitizer: ${{ matrix.sanitizer }}
+ - name: Run Fuzzers (${{ matrix.sanitizer }})
+ uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
+ with:
+ oss-fuzz-project-name: 'systemd'
+ fuzz-seconds: 600
+ dry-run: false
+ sanitizer: ${{ matrix.sanitizer }}
+ - name: Upload Crash
+ uses: actions/upload-artifact@v1
+ if: failure() && steps.build.outcome == 'success'
+ with:
+ name: ${{ matrix.sanitizer }}-artifacts
+ path: ./out/artifacts
diff --git a/.github/workflows/ubuntu-build-check.sh b/.github/workflows/ubuntu-build-check.sh
new file mode 100755
index 0000000..d4f1106
--- /dev/null
+++ b/.github/workflows/ubuntu-build-check.sh
@@ -0,0 +1,118 @@
+#!/bin/bash
+
+set -ex
+
+info() { echo -e "\033[33;1m$1\033[0m"; }
+fatal() { echo >&2 -e "\033[31;1m$1\033[0m"; exit 1; }
+success() { echo >&2 -e "\033[32;1m$1\033[0m"; }
+
+ARGS=(
+ "--optimization=0"
+ "--optimization=2"
+ "--optimization=s"
+ "--optimization=3 -Db_lto=true"
+ "--optimization=3 -Db_lto=false"
+ "-Db_ndebug=true"
+)
+PACKAGES=(
+ cryptsetup-bin
+ expect
+ fdisk
+ gettext
+ iputils-ping
+ isc-dhcp-client
+ itstool
+ kbd
+ libblkid-dev
+ libcap-dev
+ libcurl4-gnutls-dev
+ libfdisk-dev
+ libfido2-dev
+ libgpg-error-dev
+ liblz4-dev
+ liblzma-dev
+ libmicrohttpd-dev
+ libmount-dev
+ libp11-kit-dev
+ libpwquality-dev
+ libqrencode-dev
+ libssl-dev
+ libxkbcommon-dev
+ libxtables-dev
+ libzstd-dev
+ mount
+ net-tools
+ perl
+ python-lxml
+ python3-evdev
+ python3-lxml
+ python3-pip
+ python3-pyparsing
+ python3-setuptools
+ quota
+ strace
+ unifont
+ util-linux
+ zstd
+)
+COMPILER="${COMPILER:?}"
+COMPILER_VERSION="${COMPILER_VERSION:?}"
+RELEASE="$(lsb_release -cs)"
+
+bash -c "echo 'deb-src http://archive.ubuntu.com/ubuntu/ $RELEASE main restricted universe multiverse' >>/etc/apt/sources.list"
+
+# Note: As we use postfixed clang/gcc binaries, we need to override $AR
+# as well, otherwise meson falls back to ar from binutils which
+# doesn't work with LTO
+if [[ "$COMPILER" == clang ]]; then
+ CC="clang-$COMPILER_VERSION"
+ CXX="clang++-$COMPILER_VERSION"
+ AR="llvm-ar-$COMPILER_VERSION"
+ # Latest LLVM stack deb packages provided by https://apt.llvm.org/
+ # Following snippet was borrowed from https://apt.llvm.org/llvm.sh
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+ add-apt-repository -y "deb http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main"
+ PACKAGES+=(clang-$COMPILER_VERSION lldb-$COMPILER_VERSION lld-$COMPILER_VERSION clangd-$COMPILER_VERSION)
+elif [[ "$COMPILER" == gcc ]]; then
+ CC="gcc-$COMPILER_VERSION"
+ CXX="g++-$COMPILER_VERSION"
+ AR="gcc-ar-$COMPILER_VERSION"
+ # Latest gcc stack deb packages provided by
+ # https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
+ sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test
+ PACKAGES+=(gcc-$COMPILER_VERSION)
+else
+ fatal "Unknown compiler: $COMPILER"
+fi
+
+# PPA with some newer build dependencies (like zstd)
+add-apt-repository -y ppa:upstream-systemd-ci/systemd-ci
+apt-get -y update
+apt-get -y build-dep systemd
+apt-get -y install "${PACKAGES[@]}"
+# Install the latest meson and ninja form pip, since the distro versions don't
+# support all the features we need (like --optimization=). Since the build-dep
+# command above installs the distro versions, let's install the pip ones just
+# locally and add the local bin directory to the $PATH.
+pip3 install --user -U meson ninja
+export PATH="$HOME/.local/bin:$PATH"
+
+$CC --version
+
+for args in "${ARGS[@]}"; do
+ SECONDS=0
+
+ info "Checking build with $args"
+ if ! AR="$AR" CC="$CC" CXX="$CXX" CFLAGS="-Werror" CXXFLAGS="-Werror" meson -Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror $args build; then
+ fatal "meson failed with $args"
+ fi
+
+ ninja --version
+ if ! ninja -C build; then
+ fatal "ninja failed with $args"
+ fi
+
+ git clean -dxf
+
+ success "Build with $args passed in $SECONDS seconds"
+done