diff options
Diffstat (limited to '')
-rw-r--r-- | .github/ISSUE_TEMPLATE | 19 | ||||
-rw-r--r-- | .github/actions/run-build/action.yml | 45 | ||||
-rw-r--r-- | .github/release.yml | 29 | ||||
-rw-r--r-- | .github/workflows/benchmark.yml | 82 | ||||
-rw-r--r-- | .github/workflows/build-containers.yml | 72 | ||||
-rw-r--r-- | .github/workflows/main.yml | 304 | ||||
-rw-r--r-- | .github/workflows/nightly.yml | 410 |
7 files changed, 961 insertions, 0 deletions
diff --git a/.github/ISSUE_TEMPLATE b/.github/ISSUE_TEMPLATE new file mode 100644 index 0000000..717f8b9 --- /dev/null +++ b/.github/ISSUE_TEMPLATE @@ -0,0 +1,19 @@ +You are opening a _bug report_ against the libgit2 project: we use +GitHub Issues for tracking bug reports and feature requests. If you +have a question about an API or usage, please ask on StackOverflow: +http://stackoverflow.com/questions/tagged/libgit2. If you want to +have high-level discussions about the libgit2 project itself, visit +https://github.com/libgit2/discussions. + +Otherwise, to report a bug, please fill out the reproduction steps +(below) and delete these introductory paragraphs. Thanks! + +### Reproduction steps + +### Expected behavior + +### Actual behavior + +### Version of libgit2 (release number or SHA1) + +### Operating system(s) tested diff --git a/.github/actions/run-build/action.yml b/.github/actions/run-build/action.yml new file mode 100644 index 0000000..41145d3 --- /dev/null +++ b/.github/actions/run-build/action.yml @@ -0,0 +1,45 @@ +# Run a build step in a container or directly on the Actions runner +name: Run Build Step +description: Run a build step in a container or directly on the Actions runner + +inputs: + command: + description: Command to run + required: true + type: string + container: + description: Optional container to run in + type: string + container-version: + description: Version of the container to run + type: string + +runs: + using: 'composite' + steps: + - run: | + if [ -n "${{ inputs.container }}" ]; then + docker run \ + --rm \ + --user "$(id -u):$(id -g)" \ + -v "$(pwd)/source:/home/libgit2/source" \ + -v "$(pwd)/build:/home/libgit2/build" \ + -w /home/libgit2 \ + -e ASAN_SYMBOLIZER_PATH \ + -e CC \ + -e CFLAGS \ + -e CMAKE_GENERATOR \ + -e CMAKE_OPTIONS \ + -e GITTEST_NEGOTIATE_PASSWORD \ + -e GITTEST_FLAKY_STAT \ + -e PKG_CONFIG_PATH \ + -e SKIP_NEGOTIATE_TESTS \ + -e SKIP_SSH_TESTS \ + -e TSAN_OPTIONS \ + -e UBSAN_OPTIONS \ + ${{ inputs.container-version }} \ + /bin/bash -c "${{ inputs.command }}" + else + ${{ inputs.command }} + fi + shell: bash diff --git a/.github/release.yml b/.github/release.yml new file mode 100644 index 0000000..7a00321 --- /dev/null +++ b/.github/release.yml @@ -0,0 +1,29 @@ +changelog: + categories: + - title: New features + labels: + - feature + - title: Performance improvements + labels: + - performance + - title: Bug fixes + labels: + - bug + - title: Security fixes + labels: + - security + - title: Code cleanups + labels: + - cleanup + - title: Build and CI improvements + labels: + - build + - title: Documentation improvements + labels: + - documentation + - title: Git compatibility fixes + labels: + - git compatibility + - title: Other changes + labels: + - '*' diff --git a/.github/workflows/benchmark.yml b/.github/workflows/benchmark.yml new file mode 100644 index 0000000..bf21674 --- /dev/null +++ b/.github/workflows/benchmark.yml @@ -0,0 +1,82 @@ +# Benchmark libgit2 against the git reference implementation. +name: Benchmark + +on: + workflow_dispatch: + schedule: + - cron: '15 4 * * *' + +jobs: + # Run our nightly builds. We build a matrix with the various build + # targets and their details. Then we build either in a docker container + # (Linux) or on the actual hosts (macOS, Windows). + build: + # Only run scheduled workflows on the main repository; prevents people + # from using build minutes on their forks. + if: github.repository == 'libgit2/libgit2' + + strategy: + matrix: + platform: + - name: "Linux (clang, OpenSSL)" + env: + CC: clang + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON -DBUILD_TESTS=OFF -DBUILD_EXAMPLES=OFF -DBUILD_CLI=ON -DCMAKE_BUILD_TYPE=Release + CMAKE_BUILD_OPTIONS: --config Release + id: linux + os: ubuntu-latest + setup-script: ubuntu + - name: "macOS" + os: macos-11 + env: + CC: clang + CMAKE_OPTIONS: -DREGEX_BACKEND=regcomp_l -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON -DBUILD_TESTS=OFF -DBUILD_EXAMPLES=OFF -DBUILD_CLI=ON -DCMAKE_BUILD_TYPE=Release + CMAKE_BUILD_OPTIONS: --config Release + PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig + id: macos + setup-script: osx + - name: "Windows (amd64, Visual Studio)" + os: windows-2019 + env: + ARCH: amd64 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A x64 -DDEPRECATE_HARD=ON -DBUILD_TESTS=OFF -DBUILD_EXAMPLES=OFF -DBUILD_CLI=ON -DCMAKE_BUILD_TYPE=Release + CMAKE_BUILD_OPTIONS: --config Release + id: windows + setup-script: win32 + fail-fast: false + name: "Build ${{ matrix.platform.name }}" + env: ${{ matrix.platform.env }} + runs-on: ${{ matrix.platform.os }} + steps: + - name: Check out repository + uses: actions/checkout@v3 + with: + path: source + fetch-depth: 0 + - name: Set up benchmark environment + run: source/ci/setup-${{ matrix.platform.setup-script }}-benchmark.sh + shell: bash + if: matrix.platform.setup-script != '' + - name: Build + run: | + mkdir build && cd build + ../source/ci/build.sh + shell: bash + - name: Benchmark + run: | + if [[ "$(uname -s)" == MINGW* ]]; then + GIT2_CLI="$(cygpath -w $(pwd))\\build\\Release\\git2" + else + GIT2_CLI="$(pwd)/build/git2" + fi + + mkdir benchmark && cd benchmark + ../source/tests/benchmarks/benchmark.sh --baseline-cli "git" --cli "${GIT2_CLI}" --json benchmarks.json --zip benchmarks.zip + shell: bash + - name: Upload results + uses: actions/upload-artifact@v2 + with: + name: benchmark-${{ matrix.platform.id }} + path: benchmark + if: always() diff --git a/.github/workflows/build-containers.yml b/.github/workflows/build-containers.yml new file mode 100644 index 0000000..767798b --- /dev/null +++ b/.github/workflows/build-containers.yml @@ -0,0 +1,72 @@ +# Generate the containers that we use for builds. +name: Build Containers + +on: + workflow_call: + +env: + docker-registry: ghcr.io + docker-config-path: source/ci/docker + +jobs: + # Build the docker container images that we will use for our Linux + # builds. This will identify the last commit to the repository that + # updated the docker images, and try to download the image tagged with + # that sha. If it does not exist, we'll do a docker build and push + # the image up to GitHub Packages for the actual CI/CD runs. We tag + # with both the sha and "latest" so that the subsequent runs need not + # know the sha. Only do this on CI builds (when the event is a "push") + # because PR builds from forks lack permission to write packages. + containers: + strategy: + matrix: + container: + - name: xenial + - name: bionic + - name: focal + - name: docurium + - name: bionic-x86 + dockerfile: bionic + base: multiarch/ubuntu-core:x86-bionic + qemu: true + - name: bionic-arm32 + dockerfile: bionic + base: multiarch/ubuntu-core:armhf-bionic + qemu: true + - name: bionic-arm64 + dockerfile: bionic + base: multiarch/ubuntu-core:arm64-bionic + qemu: true + - name: centos7 + - name: centos8 + runs-on: ubuntu-latest + name: "Create container: ${{ matrix.container.name }}" + steps: + - name: Check out repository + uses: actions/checkout@v3 + with: + path: source + fetch-depth: 0 + if: github.event_name != 'pull_request' + - name: Setup QEMU + run: docker run --rm --privileged multiarch/qemu-user-static:register --reset + if: matrix.container.qemu == true + - name: Download existing container + run: | + "${{ github.workspace }}/source/ci/getcontainer.sh" "${{ matrix.container.name }}" "${{ matrix.container.dockerfile }}" + env: + DOCKER_REGISTRY: ${{ env.docker-registry }} + GITHUB_TOKEN: ${{ secrets.github_token }} + working-directory: ${{ env.docker-config-path }} + if: github.event_name != 'pull_request' + - name: Build and publish image + run: | + if [ "${{ matrix.container.base }}" != "" ]; then + BASE_ARG="--build-arg BASE=${{ matrix.container.base }}" + fi + docker build -t ${{ env.docker-registry-container-sha }} --build-arg UID=$(id -u) --build-arg GID=$(id -g) ${BASE_ARG} -f ${{ env.dockerfile }} . + docker tag ${{ env.docker-registry-container-sha }} ${{ env.docker-registry-container-latest }} + docker push ${{ env.docker-registry-container-sha }} + docker push ${{ env.docker-registry-container-latest }} + working-directory: ${{ env.docker-config-path }} + if: github.event_name != 'pull_request' && env.docker-container-exists != 'true' diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..d84ded0 --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,304 @@ +# Continuous integration and pull request validation builds for the +# main and maintenance branches. +name: CI Build + +on: + push: + branches: [ main, maint/* ] + pull_request: + branches: [ main, maint/* ] + workflow_dispatch: + +env: + docker-registry: ghcr.io + docker-config-path: source/ci/docker + +jobs: + containers: + uses: ./.github/workflows/build-containers.yml + + # Run our CI/CD builds. We build a matrix with the various build targets + # and their details. Then we build either in a docker container (Linux) + # or on the actual hosts (macOS, Windows). + build: + needs: [ containers ] + strategy: + matrix: + platform: + - name: "Linux (Xenial, GCC, OpenSSL)" + id: xenial-gcc-openssl + container: + name: xenial + env: + CC: gcc + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON -DDEBUG_STRICT_ALLOC=ON -DDEBUG_STRICT_OPEN=ON + os: ubuntu-latest + - name: Linux (Xenial, GCC, mbedTLS) + id: xenial-gcc-mbedtls + container: + name: xenial + env: + CC: gcc + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + os: ubuntu-latest + - name: "Linux (Xenial, Clang, OpenSSL)" + id: xenial-clang-openssl + container: + name: xenial + env: + CC: clang + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + os: ubuntu-latest + - name: "Linux (Xenial, Clang, mbedTLS)" + id: xenial-clang-mbedtls + container: + name: xenial + env: + CC: clang + CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + CMAKE_GENERATOR: Ninja + os: ubuntu-latest + - name: "macOS" + id: macos + os: macos-11 + env: + CC: clang + CMAKE_OPTIONS: -DREGEX_BACKEND=regcomp_l -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=leaks -DUSE_GSSAPI=ON + PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + setup-script: osx + - name: "Windows (amd64, Visual Studio, Schannel)" + id: windows-amd64-vs + os: windows-2019 + setup-script: win32 + env: + ARCH: amd64 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A x64 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel -DUSE_SSH=ON -DCMAKE_PREFIX_PATH=D:\Temp\libssh2 + BUILD_PATH: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin;D:\Temp\libssh2\bin + BUILD_TEMP: D:\Temp + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (x86, Visual Studio, WinHTTP)" + id: windows-x86-vs + os: windows-2019 + setup-script: win32 + env: + ARCH: x86 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A Win32 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_SHA1=HTTPS -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON -DCMAKE_PREFIX_PATH=D:\Temp\libssh2 + BUILD_PATH: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin;D:\Temp\libssh2\bin + BUILD_TEMP: D:\Temp + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (amd64, mingw, WinHTTP)" + id: windows-amd64-mingw + os: windows-2019 + setup-script: mingw + env: + ARCH: amd64 + CMAKE_GENERATOR: MinGW Makefiles + CMAKE_OPTIONS: -DDEPRECATE_HARD=ON + BUILD_TEMP: D:\Temp + BUILD_PATH: D:\Temp\mingw64\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (x86, mingw, Schannel)" + id: windows-x86-mingw + os: windows-2019 + setup-script: mingw + env: + ARCH: x86 + CMAKE_GENERATOR: MinGW Makefiles + CMAKE_OPTIONS: -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel + BUILD_TEMP: D:\Temp + BUILD_PATH: D:\Temp\mingw32\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + + # Sanitizers + - name: "Sanitizer (Memory)" + id: memorysanitizer + container: + name: focal + env: + CC: clang-10 + CFLAGS: -fsanitize=memory -fsanitize-memory-track-origins=2 -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer + CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local/msan -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON + CMAKE_GENERATOR: Ninja + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 + UBSAN_OPTIONS: print_stacktrace=1 + os: ubuntu-latest + - name: "Sanitizer (UndefinedBehavior)" + id: ubsanitizer + container: + name: focal + env: + CC: clang-10 + CFLAGS: -fsanitize=undefined,nullability -fno-sanitize-recover=undefined,nullability -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer + CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=OpenSSL -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON + CMAKE_GENERATOR: Ninja + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 + UBSAN_OPTIONS: print_stacktrace=1 + os: ubuntu-latest + - name: "Sanitizer (Thread)" + id: threadsanitizer + container: + name: focal + env: + CC: clang-10 + CFLAGS: -fsanitize=thread -fno-optimize-sibling-calls -fno-omit-frame-pointer + CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=OpenSSL -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON + CMAKE_GENERATOR: Ninja + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 + UBSAN_OPTIONS: print_stacktrace=1 + TSAN_OPTIONS: suppressions=/home/libgit2/source/script/thread-sanitizer.supp second_deadlock_stack=1 + os: ubuntu-latest + + # Experimental: SHA256 support + - name: "Linux (SHA256, Xenial, Clang, OpenSSL)" + id: xenial-clang-openssl + container: + name: xenial + env: + CC: clang + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON -DEXPERIMENTAL_SHA256=ON + os: ubuntu-latest + - name: "macOS (SHA256)" + id: macos + os: macos-11 + env: + CC: clang + CMAKE_OPTIONS: -DREGEX_BACKEND=regcomp_l -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=leaks -DUSE_GSSAPI=ON -DEXPERIMENTAL_SHA256=ON + PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + setup-script: osx + - name: "Windows (SHA256, amd64, Visual Studio)" + id: windows-amd64-vs + os: windows-2019 + env: + ARCH: amd64 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A x64 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DEXPERIMENTAL_SHA256=ON + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + fail-fast: false + env: ${{ matrix.platform.env }} + runs-on: ${{ matrix.platform.os }} + name: "Build: ${{ matrix.platform.name }}" + steps: + - name: Check out repository + uses: actions/checkout@v3 + with: + path: source + fetch-depth: 0 + - name: Set up build environment + run: source/ci/setup-${{ matrix.platform.setup-script }}-build.sh + shell: bash + if: matrix.platform.setup-script != '' + - name: Setup QEMU + run: docker run --rm --privileged multiarch/qemu-user-static:register --reset + if: matrix.platform.container.qemu == true + - name: Download container + run: | + "${{ github.workspace }}/source/ci/getcontainer.sh" "${{ matrix.platform.container.name }}" "${{ matrix.platform.container.dockerfile }}" + env: + DOCKER_REGISTRY: ${{ env.docker-registry }} + GITHUB_TOKEN: ${{ secrets.github_token }} + working-directory: ${{ env.docker-config-path }} + if: matrix.platform.container.name != '' + - name: Create container + run: | + if [ "${{ matrix.container.base }}" != "" ]; then + BASE_ARG="--build-arg BASE=${{ matrix.container.base }}" + fi + docker build -t ${{ env.docker-registry-container-sha }} --build-arg UID=$(id -u) --build-arg GID=$(id -g) ${BASE_ARG} -f ${{ env.dockerfile }} . + working-directory: ${{ env.docker-config-path }} + if: matrix.platform.container.name != '' && env.docker-container-exists != 'true' + - name: Prepare build + run: mkdir build + - name: Build + uses: ./source/.github/actions/run-build + with: + command: cd build && ../source/ci/build.sh + container: ${{ matrix.platform.container.name }} + container-version: ${{ env.docker-registry-container-sha }} + - name: Test + uses: ./source/.github/actions/run-build + with: + command: cd build && ../source/ci/test.sh + container: ${{ matrix.platform.container.name }} + container-version: ${{ env.docker-registry-container-sha }} + - name: Upload test results + uses: actions/upload-artifact@v3 + if: success() || failure() + with: + name: test-results-${{ matrix.platform.id }} + path: build/results_*.xml + + test_results: + name: Test results + needs: [ build ] + if: always() + runs-on: ubuntu-latest + steps: + - name: Download test results + uses: actions/download-artifact@v3 + - name: Generate test summary + uses: test-summary/action@v2 + with: + paths: 'test-results-*/*.xml' + + + # Generate documentation using docurium. We'll upload the documentation + # as a build artifact so that it can be reviewed as part of a pull + # request or in a forked build. For CI builds in the main repository's + # main branch, we'll push the gh-pages branch back up so that it is + # published to our documentation site. + documentation: + name: Generate documentation + needs: [ containers ] + if: success() || failure() + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v3 + with: + path: source + fetch-depth: 0 + - name: Generate documentation + working-directory: source + run: | + git config user.name 'Documentation Generation' + git config user.email 'libgit2@users.noreply.github.com' + git branch gh-pages origin/gh-pages + docker login https://${{ env.docker-registry }} -u ${{ github.actor }} -p ${{ github.token }} + docker run \ + --rm \ + -v "$(pwd):/home/libgit2" \ + -w /home/libgit2 \ + ${{ env.docker-registry }}/${{ github.repository }}/docurium:latest \ + cm doc api.docurium + git checkout gh-pages + zip --exclude .git/\* --exclude .gitignore --exclude .gitattributes -r api-documentation.zip . + - uses: actions/upload-artifact@v3 + name: Upload artifact + with: + name: api-documentation + path: source/api-documentation.zip + - name: Push documentation branch + working-directory: source + run: git push origin gh-pages + if: github.event_name == 'push' && github.repository == 'libgit2/libgit2' diff --git a/.github/workflows/nightly.yml b/.github/workflows/nightly.yml new file mode 100644 index 0000000..18328a7 --- /dev/null +++ b/.github/workflows/nightly.yml @@ -0,0 +1,410 @@ +# Nightly build for the main branch across multiple targets. +name: Nightly Build + +on: + workflow_dispatch: + schedule: + - cron: '15 1 * * *' + +env: + docker-registry: ghcr.io + docker-config-path: source/ci/docker + +jobs: + # Run our nightly builds. We build a matrix with the various build + # targets and their details. Then we build either in a docker container + # (Linux) or on the actual hosts (macOS, Windows). + build: + # Only run scheduled workflows on the main repository; prevents people + # from using build minutes on their forks. + if: github.repository == 'libgit2/libgit2' + + strategy: + matrix: + platform: + - name: Linux (Xenial, GCC, OpenSSL) + container: + name: xenial + env: + CC: gcc + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + os: ubuntu-latest + - name: "Linux (Xenial, GCC, mbedTLS)" + container: + name: xenial + env: + CC: gcc + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + os: ubuntu-latest + - name: "Linux (Xenial, Clang, OpenSSL)" + container: + name: xenial + env: + CC: clang + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + os: ubuntu-latest + - name: "Linux (Xenial, Clang, mbedTLS)" + container: + name: xenial + env: + CC: clang + CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + CMAKE_GENERATOR: Ninja + os: ubuntu-latest + - name: "Linux (no threads)" + container: + name: xenial + env: + CC: gcc + CMAKE_OPTIONS: -DTHREADSAFE=OFF -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + CMAKE_GENERATOR: Ninja + os: ubuntu-latest + - name: "Linux (dynamically-loaded OpenSSL)" + container: + name: xenial + env: + CC: clang + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + CMAKE_GENERATOR: Ninja + os: ubuntu-latest + - name: "Linux (MemorySanitizer)" + container: + name: focal + env: + CC: clang-10 + CFLAGS: -fsanitize=memory -fsanitize-memory-track-origins=2 -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer + CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local/msan -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON + CMAKE_GENERATOR: Ninja + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 + UBSAN_OPTIONS: print_stacktrace=1 + os: ubuntu-latest + - name: "Linux (UndefinedBehaviorSanitizer)" + container: + name: focal + env: + CC: clang-10 + CFLAGS: -fsanitize=undefined,nullability -fno-sanitize-recover=undefined,nullability -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer + CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=OpenSSL -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON + CMAKE_GENERATOR: Ninja + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 + os: ubuntu-latest + - name: "Linux (ThreadSanitizer)" + container: + name: focal + env: + CC: clang-10 + CFLAGS: -fsanitize=thread -fno-optimize-sibling-calls -fno-omit-frame-pointer + CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=OpenSSL -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON + CMAKE_GENERATOR: Ninja + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 + TSAN_OPTIONS: suppressions=/home/libgit2/source/script/thread-sanitizer.supp second_deadlock_stack=1 + os: ubuntu-latest + - name: "Linux (no mmap)" + container: + name: focal + env: + CC: clang-10 + CFLAGS: -DNO_MMAP + CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local + CMAKE_GENERATOR: Ninja + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + os: ubuntu-latest + - name: "Linux (CentOS 7)" + container: + name: centos7 + env: + CMAKE_OPTIONS: -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + PKG_CONFIG_PATH: /usr/local/lib/pkgconfig + SKIP_NEGOTIATE_TESTS: true + os: ubuntu-latest + - name: "Linux (CentOS 7, dynamically-loaded OpenSSL)" + container: + name: centos7 + env: + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + PKG_CONFIG_PATH: /usr/local/lib/pkgconfig + SKIP_NEGOTIATE_TESTS: true + os: ubuntu-latest + - name: "Linux (CentOS 8)" + container: + name: centos8 + env: + CMAKE_OPTIONS: -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + PKG_CONFIG_PATH: /usr/local/lib/pkgconfig + SKIP_NEGOTIATE_TESTS: true + SKIP_SSH_TESTS: true + os: ubuntu-latest + - name: "Linux (CentOS 8, dynamically-loaded OpenSSL)" + container: + name: centos8 + env: + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON + PKG_CONFIG_PATH: /usr/local/lib/pkgconfig + SKIP_NEGOTIATE_TESTS: true + SKIP_SSH_TESTS: true + os: ubuntu-latest + - name: "macOS" + os: macos-11 + env: + CC: clang + CMAKE_OPTIONS: -DREGEX_BACKEND=regcomp_l -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=leaks -DUSE_GSSAPI=ON + PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + setup-script: osx + - name: "Windows (amd64, Visual Studio, WinHTTP)" + os: windows-2019 + env: + ARCH: amd64 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A x64 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_HTTPS=WinHTTP + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (x86, Visual Studio, WinHTTP)" + os: windows-2019 + env: + ARCH: x86 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A Win32 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_HTTPS=WinHTTP -DUSE_SHA1=HTTPS -DUSE_BUNDLED_ZLIB=ON + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (amd64, Visual Studio, Schannel)" + os: windows-2019 + env: + ARCH: amd64 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A x64 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (x86, Visual Studio, Schannel)" + os: windows-2019 + env: + ARCH: x86 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A Win32 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel -DUSE_BUNDLED_ZLIB=ON + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (amd64, mingw, WinHTTP)" + os: windows-2019 + setup-script: mingw + env: + ARCH: amd64 + CMAKE_GENERATOR: MinGW Makefiles + CMAKE_OPTIONS: -DDEPRECATE_HARD=ON + BUILD_TEMP: D:\Temp + BUILD_PATH: D:\Temp\mingw64\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (x86, mingw, Schannel)" + os: windows-2019 + setup-script: mingw + env: + ARCH: x86 + CMAKE_GENERATOR: MinGW Makefiles + CMAKE_OPTIONS: -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel + BUILD_TEMP: D:\Temp + BUILD_PATH: D:\Temp\mingw32\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Windows (no mmap)" + os: windows-2019 + env: + ARCH: amd64 + CMAKE_GENERATOR: Visual Studio 16 2019 + CFLAGS: -DNO_MMAP + CMAKE_OPTIONS: -A x64 -DDEPRECATE_HARD=ON + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + - name: "Linux (Bionic, GCC, dynamically-loaded OpenSSL)" + container: + name: bionic + dockerfile: bionic + env: + CC: gcc + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL-Dynamic -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + RUN_INVASIVE_TESTS: true + os: ubuntu-latest + - name: "Linux (x86, Bionic, Clang, OpenSSL)" + container: + name: bionic-x86 + dockerfile: bionic + qemu: true + env: + CC: clang + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + RUN_INVASIVE_TESTS: true + os: ubuntu-latest + - name: "Linux (x86, Bionic, GCC, OpenSSL)" + container: + name: bionic-x86 + dockerfile: bionic + env: + CC: gcc + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + RUN_INVASIVE_TESTS: true + os: ubuntu-latest + - name: "Linux (arm32, Bionic, GCC, OpenSSL)" + container: + name: bionic-arm32 + dockerfile: bionic + qemu: true + env: + CC: gcc + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON -DUSE_SSH=ON + RUN_INVASIVE_TESTS: true + SKIP_PROXY_TESTS: true + GITTEST_FLAKY_STAT: true + os: ubuntu-latest + - name: "Linux (arm64, Bionic, GCC, OpenSSL)" + container: + name: bionic-arm64 + dockerfile: bionic + qemu: true + env: + CC: gcc + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_GSSAPI=ON -DUSE_SSH=ON + RUN_INVASIVE_TESTS: true + SKIP_PROXY_TESTS: true + os: ubuntu-latest + + # Experimental: SHA256 support + - name: "Linux (SHA256, Xenial, Clang, OpenSSL)" + id: xenial-clang-openssl + container: + name: xenial + env: + CC: clang + CMAKE_GENERATOR: Ninja + CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=ON + os: ubuntu-latest + - name: "macOS (SHA256)" + id: macos + os: macos-10.15 + env: + CC: clang + CMAKE_OPTIONS: -DREGEX_BACKEND=regcomp_l -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=leaks -DUSE_GSSAPI=ON -DEXPERIMENTAL_SHA256=ON + PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + setup-script: osx + - name: "Windows (SHA256, amd64, Visual Studio)" + id: windows-amd64-vs + os: windows-2019 + env: + ARCH: amd64 + CMAKE_GENERATOR: Visual Studio 16 2019 + CMAKE_OPTIONS: -A x64 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DEXPERIMENTAL_SHA256=ON + SKIP_SSH_TESTS: true + SKIP_NEGOTIATE_TESTS: true + fail-fast: false + env: ${{ matrix.platform.env }} + runs-on: ${{ matrix.platform.os }} + name: "Build ${{ matrix.platform.name }}" + steps: + - name: Check out repository + uses: actions/checkout@v3 + with: + path: source + fetch-depth: 0 + - name: Set up build environment + run: source/ci/setup-${{ matrix.platform.setup-script }}-build.sh + shell: bash + if: matrix.platform.setup-script != '' + - name: Setup QEMU + run: docker run --rm --privileged multiarch/qemu-user-static:register --reset + if: matrix.platform.container.qemu == true + - name: Download container + run: | + "${{ github.workspace }}/source/ci/getcontainer.sh" "${{ matrix.platform.container.name }}" "${{ matrix.platform.container.dockerfile }}" + env: + DOCKER_REGISTRY: ${{ env.docker-registry }} + GITHUB_TOKEN: ${{ secrets.github_token }} + working-directory: ${{ env.docker-config-path }} + if: matrix.platform.container.name != '' + - name: Create container + run: docker build -t ${{ env.docker-registry-container-sha }} -f ${{ env.dockerfile }} . + working-directory: ${{ env.docker-config-path }} + if: matrix.platform.container.name != '' && env.docker-container-exists != 'true' + - name: Prepare build + run: mkdir build + - name: Build + uses: ./source/.github/actions/run-build + with: + command: cd build && ../source/ci/build.sh + container: ${{ matrix.platform.container.name }} + container-version: ${{ env.docker-registry-container-sha }} + - name: Test + uses: ./source/.github/actions/run-build + with: + command: cd build && ../source/ci/test.sh + container: ${{ matrix.platform.container.name }} + container-version: ${{ env.docker-registry-container-sha }} + + coverity: + # Only run scheduled workflows on the main repository; prevents people + # from using build minutes on their forks. + if: github.repository == 'libgit2/libgit2' + + name: Coverity + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v3 + with: + path: source + fetch-depth: 0 + - name: Download container + run: | + "${{ github.workspace }}/source/ci/getcontainer.sh" xenial + env: + DOCKER_REGISTRY: ${{ env.docker-registry }} + GITHUB_TOKEN: ${{ secrets.github_token }} + working-directory: ${{ env.docker-config-path }} + - name: Run Coverity + run: source/ci/coverity.sh + env: + COVERITY_TOKEN: ${{ secrets.coverity_token }} + + codeql: + # Only run scheduled workflows on the main repository; prevents people + # from using build minutes on their forks. + if: github.repository == 'libgit2/libgit2' + + name: CodeQL + runs-on: ubuntu-latest + steps: + - name: Check out repository + uses: actions/checkout@v3 + with: + fetch-depth: 0 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: 'cpp' + + - name: Build + run: | + mkdir build + cd build + cmake .. -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON + cmake --build . + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 |