# Continuous integration and pull request validation builds for the # main and maintenance branches. name: CI Build on: push: branches: [ main, maint/* ] pull_request: branches: [ main, maint/* ] workflow_dispatch: env: docker-registry: ghcr.io docker-config-path: ci/docker permissions: contents: write packages: write jobs: # Run our CI/CD builds. We build a matrix with the various build targets # and their details. Then we build either in a docker container (Linux) # or on the actual hosts (macOS, Windows). build: strategy: matrix: platform: # All builds: core platforms - name: "Linux (Noble, GCC, OpenSSL, libssh2)" id: noble-gcc-openssl os: ubuntu-latest container: name: noble env: CC: gcc CMAKE_GENERATOR: Ninja CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=libssh2 -DDEBUG_STRICT_ALLOC=ON -DDEBUG_STRICT_OPEN=ON - name: "Linux (Noble, Clang, mbedTLS, OpenSSH)" id: noble-clang-mbedtls os: ubuntu-latest container: name: noble env: CC: clang CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=exec CMAKE_GENERATOR: Ninja - name: "Linux (Xenial, GCC, OpenSSL, OpenSSH)" id: xenial-gcc-openssl os: ubuntu-latest container: name: xenial env: CC: gcc CMAKE_GENERATOR: Ninja CMAKE_OPTIONS: -DUSE_HTTPS=OpenSSL -DREGEX_BACKEND=builtin -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=exec -DDEBUG_STRICT_ALLOC=ON -DDEBUG_STRICT_OPEN=ON - name: "Linux (Xenial, Clang, mbedTLS, libssh2)" id: xenial-gcc-mbedtls os: ubuntu-latest container: name: xenial env: CC: clang CMAKE_GENERATOR: Ninja CMAKE_OPTIONS: -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=valgrind -DUSE_GSSAPI=ON -DUSE_SSH=libssh2 - name: "macOS" id: macos os: macos-12 setup-script: osx env: CC: clang CMAKE_OPTIONS: -DREGEX_BACKEND=regcomp_l -DDEPRECATE_HARD=ON -DUSE_LEAK_CHECKER=leaks -DUSE_GSSAPI=ON CMAKE_GENERATOR: Ninja PKG_CONFIG_PATH: /usr/local/opt/openssl/lib/pkgconfig SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - name: "Windows (amd64, Visual Studio, Schannel)" id: windows-amd64-vs os: windows-2019 setup-script: win32 env: ARCH: amd64 CMAKE_GENERATOR: Visual Studio 16 2019 CMAKE_OPTIONS: -A x64 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel -DUSE_SSH=ON -DCMAKE_PREFIX_PATH=D:\Temp\libssh2 BUILD_PATH: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin;D:\Temp\libssh2\bin BUILD_TEMP: D:\Temp SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - name: "Windows (x86, Visual Studio, WinHTTP)" id: windows-x86-vs os: windows-2019 setup-script: win32 env: ARCH: x86 CMAKE_GENERATOR: Visual Studio 16 2019 CMAKE_OPTIONS: -A Win32 -DWIN32_LEAKCHECK=ON -DDEPRECATE_HARD=ON -DUSE_SHA1=HTTPS -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON -DCMAKE_PREFIX_PATH=D:\Temp\libssh2 BUILD_PATH: C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin;D:\Temp\libssh2\bin BUILD_TEMP: D:\Temp SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - name: "Windows (amd64, mingw, WinHTTP)" id: windows-amd64-mingw os: windows-2019 setup-script: mingw env: ARCH: amd64 CMAKE_GENERATOR: MinGW Makefiles CMAKE_OPTIONS: -DDEPRECATE_HARD=ON BUILD_TEMP: D:\Temp BUILD_PATH: D:\Temp\mingw64\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true - name: "Windows (x86, mingw, Schannel)" id: windows-x86-mingw os: windows-2019 setup-script: mingw env: ARCH: x86 CMAKE_GENERATOR: MinGW Makefiles CMAKE_OPTIONS: -DDEPRECATE_HARD=ON -DUSE_HTTPS=Schannel BUILD_TEMP: D:\Temp BUILD_PATH: D:\Temp\mingw32\bin;C:\Windows\system32;C:\Windows;C:\Windows\System32\Wbem;C:\Program Files (x86)\CMake\bin SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true # All builds: sanitizers - name: "Sanitizer (Memory)" id: sanitizer-memory os: ubuntu-latest setup-script: sanitizer container: name: noble env: CC: clang CFLAGS: -fsanitize=memory -fsanitize-memory-track-origins=2 -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local/msan -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON CMAKE_GENERATOR: Ninja SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 UBSAN_OPTIONS: print_stacktrace=1 - name: "Sanitizer (Address)" id: sanitizer-address os: ubuntu-latest setup-script: sanitizer container: name: noble env: CC: clang CFLAGS: -fsanitize=address -ggdb -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=mbedTLS -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON CMAKE_GENERATOR: Ninja SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 UBSAN_OPTIONS: print_stacktrace=1 - name: "Sanitizer (UndefinedBehavior)" id: sanitizer-ub os: ubuntu-latest setup-script: sanitizer container: name: noble env: CC: clang CFLAGS: -fsanitize=undefined,nullability -fno-sanitize-recover=undefined,nullability -fsanitize-blacklist=/home/libgit2/source/script/sanitizers.supp -fno-optimize-sibling-calls -fno-omit-frame-pointer CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=OpenSSL -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON CMAKE_GENERATOR: Ninja SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 UBSAN_OPTIONS: print_stacktrace=1 - name: "Sanitizer (Thread)" id: sanitizer-thread os: ubuntu-latest setup-script: sanitizer container: name: noble env: CC: clang CFLAGS: -fsanitize=thread -fno-optimize-sibling-calls -fno-omit-frame-pointer CMAKE_OPTIONS: -DCMAKE_PREFIX_PATH=/usr/local -DUSE_HTTPS=OpenSSL -DUSE_SHA1=HTTPS -DREGEX_BACKEND=pcre -DDEPRECATE_HARD=ON -DUSE_BUNDLED_ZLIB=ON -DUSE_SSH=ON CMAKE_GENERATOR: Ninja SKIP_SSH_TESTS: true SKIP_NEGOTIATE_TESTS: true ASAN_SYMBOLIZER_PATH: /usr/bin/llvm-symbolizer-10 UBSAN_OPTIONS: print_stacktrace=1 TSAN_OPTIONS: suppressions=/home/libgit2/source/script/thread-sanitizer.supp second_deadlock_stack=1 fail-fast: false env: ${{ matrix.platform.env }} runs-on: ${{ matrix.platform.os }} name: "Build: ${{ matrix.platform.name }}" steps: - name: Check out repository uses: actions/checkout@v4 with: path: source fetch-depth: 0 - name: Set up build environment run: source/ci/setup-${{ matrix.platform.setup-script }}-build.sh shell: bash if: matrix.platform.setup-script != '' - name: Setup QEMU run: docker run --rm --privileged multiarch/qemu-user-static:register --reset if: matrix.platform.container.qemu == true - name: Set up container uses: ./source/.github/actions/download-or-build-container with: registry: ${{ env.docker-registry }} config-path: ${{ env.docker-config-path }} container: ${{ matrix.platform.container.name }} github_token: ${{ secrets.github_token }} dockerfile: ${{ matrix.platform.container.dockerfile }} if: matrix.platform.container.name != '' - name: Prepare build run: mkdir build - name: Build uses: ./source/.github/actions/run-build with: command: cd ${BUILD_WORKSPACE:-.}/build && ../source/ci/build.sh container: ${{ matrix.platform.container.name }} container-version: ${{ env.docker-registry-container-sha }} shell: ${{ matrix.platform.shell }} - name: Test uses: ./source/.github/actions/run-build with: command: cd ${BUILD_WORKSPACE:-.}/build && ../source/ci/test.sh container: ${{ matrix.platform.container.name }} container-version: ${{ env.docker-registry-container-sha }} shell: ${{ matrix.platform.shell }} - name: Upload test results uses: actions/upload-artifact@v4 if: success() || failure() with: name: test-results-${{ matrix.platform.id }} path: build/results_*.xml test_results: name: Test results needs: [ build ] if: always() runs-on: ubuntu-latest steps: - name: Download test results uses: actions/download-artifact@v3 - name: Generate test summary uses: test-summary/action@v2 with: paths: 'test-results-*/*.xml' # Generate documentation using docurium. We'll upload the documentation # as a build artifact so that it can be reviewed as part of a pull # request or in a forked build. For CI builds in the main repository's # main branch, we'll push the gh-pages branch back up so that it is # published to our documentation site. documentation: name: Generate documentation if: success() || failure() runs-on: ubuntu-latest steps: - name: Check out repository uses: actions/checkout@v4 with: path: source fetch-depth: 0 - name: Set up container uses: ./source/.github/actions/download-or-build-container with: registry: ${{ env.docker-registry }} config-path: ${{ env.docker-config-path }} container: docurium github_token: ${{ secrets.github_token }} dockerfile: ${{ matrix.platform.container.dockerfile }} - name: Generate documentation working-directory: source run: | git config user.name 'Documentation Generation' git config user.email 'libgit2@users.noreply.github.com' git branch gh-pages origin/gh-pages docker login https://${{ env.docker-registry }} -u ${{ github.actor }} -p ${{ github.token }} docker run \ --rm \ -v "$(pwd):/home/libgit2" \ -w /home/libgit2 \ ${{ env.docker-registry }}/${{ github.repository }}/docurium:latest \ cm doc api.docurium git checkout gh-pages zip --exclude .git/\* --exclude .gitignore --exclude .gitattributes -r api-documentation.zip . - uses: actions/upload-artifact@v4 name: Upload artifact with: name: api-documentation path: source/api-documentation.zip - name: Push documentation branch working-directory: source run: git push origin gh-pages if: github.event_name == 'push' && github.repository == 'libgit2/libgit2'