summaryrefslogtreecommitdiffstats
path: root/.github
diff options
context:
space:
mode:
authorDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 01:25:11 +0000
committerDaniel Baumann <daniel.baumann@progress-linux.org>2024-05-04 01:25:11 +0000
commit941f9937e0744d18de4cc0afa71e0caa925d82ac (patch)
tree67872b86dbf72d73e91188bf8de12594668fe4aa /.github
parentAdding upstream version 3.3.0+dfsg1. (diff)
downloadfreerdp3-941f9937e0744d18de4cc0afa71e0caa925d82ac.tar.xz
freerdp3-941f9937e0744d18de4cc0afa71e0caa925d82ac.zip
Adding upstream version 3.5.0+dfsg1.upstream/3.5.0+dfsg1
Signed-off-by: Daniel Baumann <daniel.baumann@progress-linux.org>
Diffstat (limited to '.github')
-rw-r--r--.github/workflows/abi-checker.yml102
-rw-r--r--.github/workflows/codeql-analysis.yml185
-rw-r--r--.github/workflows/coverity.yml96
-rw-r--r--.github/workflows/mingw.yml31
4 files changed, 328 insertions, 86 deletions
diff --git a/.github/workflows/abi-checker.yml b/.github/workflows/abi-checker.yml
new file mode 100644
index 0000000..5506f44
--- /dev/null
+++ b/.github/workflows/abi-checker.yml
@@ -0,0 +1,102 @@
+name: abi-checker
+on:
+ workflow_dispatch:
+ branches: [ master, stable* ]
+ inputs:
+ API_BASE_REF:
+ description: 'Base revision for ABI compatibility check'
+ required: true
+ default: '3.0.0'
+ pull_request_target:
+ branches: [ master, stable* ]
+ schedule:
+ - cron: '30 4 * * SUN'
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ name: "Run ABI checker on ubuntu-latest"
+ steps:
+ - name: "Check out pull request"
+ if: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event_name == 'pull_request_target' }}
+ uses: suzuki-shunsuke/get-pr-action@v0.1.0
+ id: pr
+
+ - name: "Check out source"
+ uses: actions/checkout@v4
+ with:
+ fetch-depth: 0
+ ref: ${{steps.pr.outputs.merge_commit_sha}}
+
+ - name: "Prepare environment"
+ run: |
+ sudo apt-get update -q -y
+ sudo apt-get install -q -y \
+ libxrandr-dev \
+ libxinerama-dev \
+ libusb-1.0-0-dev \
+ xserver-xorg-dev \
+ libswscale-dev \
+ libswresample-dev \
+ libavutil-dev \
+ libavcodec-dev \
+ libcups2-dev \
+ libpulse-dev \
+ libasound2-dev \
+ libpcsclite-dev \
+ xsltproc \
+ libxcb-cursor-dev \
+ libxcursor-dev \
+ libcairo2-dev \
+ libfaad-dev \
+ libjpeg-dev \
+ libgsm1-dev \
+ ninja-build \
+ libxfixes-dev \
+ libxkbcommon-dev \
+ libwayland-dev \
+ libpam0g-dev \
+ libxdamage-dev \
+ libxcb-damage0-dev \
+ libxtst-dev \
+ libfuse3-dev \
+ libsystemd-dev \
+ libcairo2-dev \
+ libsoxr-dev \
+ libsdl2-dev \
+ docbook-xsl \
+ libkrb5-dev \
+ libcjson-dev \
+ libpkcs11-helper1-dev \
+ libsdl2-ttf-dev \
+ libwebkit2gtk-4.0-dev \
+ libopus-dev \
+ libwebp-dev \
+ libpng-dev \
+ libjpeg-dev \
+ liburiparser-dev \
+ cmake \
+ clang \
+ abigail-tools \
+ pylint \
+ curl
+
+ - name: "Prepare configuration"
+ run: |
+ mkdir -p checker
+ cp ci/cmake-preloads/config-abi.txt checker/
+ cp scripts/abi-suppr.txt checker/
+ curl https://gist.githubusercontent.com/akallabeth/aa35caed0d39241fa17c3dc8a0539ea3/raw/ef12f8c720ac6be51aa1878710e2502b1b39cf4c/check-abi -o checker/check-abi
+ chmod +x checker/check-abi
+ echo "GITHUB_BASE_REF=$GITHUB_BASE_REF"
+ echo "GITHUB_HEAD_REF=$GITHUB_HEAD_REF"
+ echo "API_BASE_REF=${{ inputs.API_BASE_REF || '3.0.0' }}"
+ echo "HEAD=$(git rev-parse HEAD)"
+ echo "remotes=$(git remote -v)"
+
+ - name: "Run ABI check..."
+ env:
+ BASE_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event_name == 'pull_request_target' && github.event.pull_request.base.sha || github.event_name == 'workflow_dispatch' && inputs.API_BASE_REF || '3.0.0' }}
+ run: |
+ echo "BASE_REF=$BASE_REF"
+ ./checker/check-abi -s checker/abi-suppr.txt --parameters="-Cchecker/config-abi.txt" $BASE_REF $(git rev-parse HEAD)
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
index 2db775f..0f90de2 100644
--- a/.github/workflows/codeql-analysis.yml
+++ b/.github/workflows/codeql-analysis.yml
@@ -14,116 +14,129 @@ name: "CodeQL"
on:
workflow_dispatch:
branches: [ master, stable* ]
- pull_request_target:
- branches: [ master, stable* ]
-
-permissions:
- contents: read
+ push:
+ branches: [ "master", "stable*" ]
+ pull_request:
+ branches: [ "master", "stable*" ]
+ schedule:
+ - cron: '41 2 * * 2'
jobs:
analyze:
+ name: Analyze (${{ matrix.language }})
+ # Runner size impacts CodeQL analysis time. To learn more, please see:
+ # - https://gh.io/recommended-hardware-resources-for-running-codeql
+ # - https://gh.io/supported-runners-and-hardware-resources
+ # - https://gh.io/using-larger-runners (GitHub.com only)
+ # Consider using larger runners or machines with greater resources for possible analysis time improvements.
+ runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
+ timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
+ # required for all workflows
security-events: write
+
+ # only required for workflows in private repositories
actions: read
contents: read
- name: Analyze
- runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
- language: [ 'cpp' ]
- # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
- # Learn more:
- # https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
-
+ include:
+ - language: c-cpp
+ build-mode: manual
+ # CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
+ # Use `c-cpp` to analyze code written in C, C++ or both
+ # Use 'java-kotlin' to analyze code written in Java, Kotlin or both
+ # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
+ # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
+ # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
+ # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
+ # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- - uses: suzuki-shunsuke/get-pr-action@v0.1.0
- id: pr
- - uses: actions/checkout@v4
- with:
- ref: ${{steps.pr.outputs.merge_commit_sha}}
+ - name: Checkout repository
+ uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
+ build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
- # queries: ./path/to/local/query, your-org/your-repo/queries@main
- # Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
- # If this step fails, then you should remove it and run the build manually (see below)
- # - name: Autobuild
- # uses: github/codeql-action/autobuild@v2
+ # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
+ # queries: security-extended,security-and-quality
+ # If the analyze step fails for one of the languages you are analyzing with
+ # "We were unable to automatically build your code", modify the matrix above
+ # to set the build mode to "manual" for that language. Then modify this step
+ # to build your code.
# ℹī¸ Command-line programs to run using the OS shell.
- # 📚 https://git.io/JvXDl
-
- # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines
- # and modify them (or add more) to build your code if your project
- # uses a compiled language
-
- - run: |
- sudo apt update
- sudo apt install \
- libxrandr-dev \
- libxinerama-dev \
- libusb-1.0-0-dev \
- xserver-xorg-dev \
- libswscale-dev \
- libswresample-dev \
- libavutil-dev \
- libavcodec-dev \
- libcups2-dev \
- libpulse-dev \
- libasound2-dev \
- libpcsclite-dev \
- xsltproc \
- libxcb-cursor-dev \
- libxcursor-dev \
- libcairo2-dev \
- libfaac-dev \
- libfaad-dev \
- libjpeg-dev \
- libgsm1-dev \
- ninja-build \
- libxfixes-dev \
- libxkbcommon-dev \
- libwayland-dev \
- libpam0g-dev \
- libxdamage-dev \
- libxcb-damage0-dev \
- ccache \
- libxtst-dev \
- libfuse3-dev \
- libsystemd-dev \
- libcairo2-dev \
- libsoxr-dev \
- libsdl2-dev \
- docbook-xsl \
- libkrb5-dev \
- libcjson-dev \
- libpkcs11-helper1-dev \
- libsdl2-ttf-dev \
- libsdl2-image-dev \
- libwebkit2gtk-4.0-dev \
- clang \
- libopus-dev \
- libwebp-dev \
- libpng-dev \
- libjpeg-dev \
- liburiparser-dev
- mkdir ci-build
- cd ci-build
- export CC=/usr/bin/clang
- export CXX=/usr/bin/clang++
- export CFLAGS="-Weverything"
- export CXXFLAGS="-Weverything"
- cmake -GNinja ../ci/cmake-preloads/config-linux-all.txt ..
- cmake --build .
+ # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
+ - if: matrix.build-mode == 'manual'
+ run: |
+ sudo apt update
+ sudo apt install \
+ libxrandr-dev \
+ libxinerama-dev \
+ libusb-1.0-0-dev \
+ xserver-xorg-dev \
+ libswscale-dev \
+ libswresample-dev \
+ libavutil-dev \
+ libavcodec-dev \
+ libcups2-dev \
+ libpulse-dev \
+ libasound2-dev \
+ libpcsclite-dev \
+ xsltproc \
+ libxcb-cursor-dev \
+ libxcursor-dev \
+ libcairo2-dev \
+ libfaac-dev \
+ libfaad-dev \
+ libjpeg-dev \
+ libgsm1-dev \
+ ninja-build \
+ libxfixes-dev \
+ libxkbcommon-dev \
+ libwayland-dev \
+ libpam0g-dev \
+ libxdamage-dev \
+ libxcb-damage0-dev \
+ ccache \
+ libxtst-dev \
+ libfuse3-dev \
+ libsystemd-dev \
+ libcairo2-dev \
+ libsoxr-dev \
+ libsdl2-dev \
+ docbook-xsl \
+ libkrb5-dev \
+ libcjson-dev \
+ libpkcs11-helper1-dev \
+ libsdl2-ttf-dev \
+ libsdl2-image-dev \
+ libwebkit2gtk-4.0-dev \
+ clang \
+ libopus-dev \
+ libwebp-dev \
+ libpng-dev \
+ libjpeg-dev \
+ liburiparser-dev
+ mkdir ci-build
+ cd ci-build
+ export CC=/usr/bin/clang
+ export CXX=/usr/bin/clang++
+ export CFLAGS="-Weverything"
+ export CXXFLAGS="-Weverything"
+ cmake -GNinja ../ci/cmake-preloads/config-linux-all.txt ..
+ cmake --build .
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
+ with:
+ category: "/language:${{matrix.language}}"
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000..5998a1d
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,96 @@
+
+name: Coverity
+
+on:
+ schedule:
+ - cron: "0 0 * * *"
+ workflow_dispatch:
+
+permissions:
+ contents: read
+
+jobs:
+ scan:
+ runs-on: ubuntu-latest
+ if: ${{ github.repository_owner == 'FreeRDP' }}
+ steps:
+ - uses: actions/checkout@v4
+ - name: Install apt dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y \
+ libxrandr-dev \
+ libxinerama-dev \
+ libusb-1.0-0-dev \
+ xserver-xorg-dev \
+ libswscale-dev \
+ libswresample-dev \
+ libavutil-dev \
+ libavcodec-dev \
+ libcups2-dev \
+ libpulse-dev \
+ libasound2-dev \
+ libpcsclite-dev \
+ xsltproc \
+ libxcb-cursor-dev \
+ libxcursor-dev \
+ libcairo2-dev \
+ libfaac-dev \
+ libfaad-dev \
+ libjpeg-dev \
+ libgsm1-dev \
+ ninja-build \
+ libxfixes-dev \
+ libxkbcommon-dev \
+ libwayland-dev \
+ libpam0g-dev \
+ libxdamage-dev \
+ libxcb-damage0-dev \
+ ccache \
+ libxtst-dev \
+ libfuse3-dev \
+ libsystemd-dev \
+ libcairo2-dev \
+ libsoxr-dev \
+ libsdl2-dev \
+ docbook-xsl \
+ libkrb5-dev \
+ libcjson-dev \
+ libpkcs11-helper1-dev \
+ libsdl2-ttf-dev \
+ libsdl2-image-dev \
+ libwebkit2gtk-4.0-dev \
+ clang \
+ libopus-dev \
+ libwebp-dev \
+ libpng-dev \
+ libjpeg-dev \
+ liburiparser-dev
+ - name: Download Coverity build tool
+ run: |
+ wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=FreeRDP" -O coverity_tool.tar.gz
+ mkdir coverity_tool
+ tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+ - name: Build with Coverity build tool
+ run: |
+ export PATH=`pwd`/coverity_tool/bin:$PATH
+ export CC=/usr/bin/clang
+ export CXX=/usr/bin/clang++
+ # in source build is used to help coverity to determine relative file path
+ cmake \
+ -GNinja \
+ -C ci/cmake-preloads/config-coverity.txt \
+ -DALLOW_IN_SOURCE_BUILD=true \
+ -B. \
+ -S.
+ cov-build --dir cov-int cmake --build .
+
+ - name: Submit build result to Coverity Scan
+ run: |
+ tar czvf cov.tar.gz cov-int
+ curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
+ --form email=team+coverity@freerdp.com \
+ --form file=@cov.tar.gz \
+ --form version="Commit $GITHUB_SHA" \
+ --form description="Build submitted via CI" \
+ https://scan.coverity.com/builds?project=FreeRDP
diff --git a/.github/workflows/mingw.yml b/.github/workflows/mingw.yml
new file mode 100644
index 0000000..d7920c9
--- /dev/null
+++ b/.github/workflows/mingw.yml
@@ -0,0 +1,31 @@
+name: mingw-builder
+on:
+ workflow_dispatch:
+ branches: [ master, stable* ]
+ schedule:
+ - cron: '30 5 * * SUN'
+
+jobs:
+ build:
+ runs-on: ubuntu-latest
+ name: "Run mingw build on ubuntu-latest"
+ steps:
+ - name: "Check out source"
+ uses: actions/checkout@v4
+
+ - name: "Prepare environment"
+ run: |
+ sudo apt-get update -q -y
+ sudo apt-get install -q -y \
+ git \
+ nasm \
+ meson \
+ cmake \
+ ninja-build \
+ mingw-w64 \
+ mingw-w64-tools \
+ binutils-mingw-w64
+
+ - name: "Run mingw build..."
+ run: |
+ ./scripts/mingw.sh