-
Notifications
You must be signed in to change notification settings - Fork 28
140 lines (137 loc) · 4.95 KB
/
build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
name: Build
on:
push:
branches: main
pull_request:
branches: main
permissions: read-all
jobs:
dependabot-merge:
name: Merge Dependabot
runs-on: ubuntu-latest
needs: []
steps:
- uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a
if: ${{ github.event_name == 'pull_request' }}
with:
target: minor
github-token: ${{ secrets.GITHUB_TOKEN }}
build:
strategy:
fail-fast: false
matrix:
os: [ubuntu, windows]
arch: [x86, x64, arm64]
tls: [schannel, openssl]
link: [static, shared]
exclude:
- os: ubuntu
tls: schannel
- os: ubuntu
arch: x86
permissions:
# required for all workflows
security-events: write
# required to fetch internal or private CodeQL packs
packages: read
# only required for workflows in private repositories
actions: read
contents: read
name: Build
runs-on: ${{ matrix.os }}-latest
steps:
- name: Harden Runner
uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
with:
egress-policy: audit
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
with:
submodules: 'recursive'
- name: Install Perl
if: runner.os == 'Windows'
uses: shogo82148/actions-setup-perl@98dfedee230bcf1ee68d5b021931fc8d63f2016e
with:
perl-version: '5.34'
- name: Install NASM
if: runner.os == 'Windows'
uses: ilammy/setup-nasm@13cbeb366c45c4379d3478cdcbadd8295feb5028
- name: Install libnuma-dev
if: runner.os == 'Ubuntu'
run: sudo apt-get install -y libnuma-dev
- name: Initialize CodeQL
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
with:
languages: c-cpp
build-mode: manual
config: |
queries:
- uses: security-and-quality # (very verbose)
query-filters:
- exclude:
id: cpp/loop-variable-changed
- exclude:
id: cpp/include-non-header
- name: Build
shell: pwsh
run: ./build.ps1 -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -Link ${{ matrix.link }} -Install -BuildInstaller -Debug
- name: Perform CodeQL Analysis
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
with:
category: "/language:c-cpp"
output: sarif-results
upload: failure-only
- name: Filter SARIF
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: advanced-security/filter-sarif@f3b8118a9349d88f7b1c0c488476411145b6270d
with:
patterns: |
-msquic/**/*
-build/**/*
input: sarif-results/cpp.sarif
output: sarif-results/cpp.sarif
- name: Upload SARIF
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: github/codeql-action/upload-sarif@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
with:
sarif_file: sarif-results/cpp.sarif
- name: Upload SARIF to Artifacts
if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: sarif-results
path: sarif-results
- name: Upload
uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
with:
name: bin-${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.tls }}-${{ matrix.link }}
path: |
build/bin/**/*.so
build/bin/**/*.dll
build/bin/**/quicreach
build/bin/**/quicreach.exe
build/bin/**/quicreach.msi
- name: Test (Linux)
if: runner.os == 'Linux'
run: /usr/local/bin/quicreach outlook-evergreen.office.com,www.cloudflare.com,www.google.com --req-all --stats
- name: Test (Windows, x64)
if: ${{ runner.os == 'Windows' && matrix.arch == 'x64' }}
run: |
& 'C:/Program Files/quicreach/bin/quicreach' outlook-evergreen.office.com,www.cloudflare.com,www.google.com --req-all --stats
- name: Test (Windows, x86)
if: ${{ runner.os == 'Windows' && matrix.arch == 'x86' }}
run: |
& 'C:/Program Files (x86)/quicreach/bin/quicreach' outlook-evergreen.office.com,www.cloudflare.com,www.google.com --req-all --stats
Complete:
name: Complete
if: always()
needs: [build]
runs-on: ubuntu-latest
permissions: {} # No need for any permissions.
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
with:
jobs: ${{ toJSON(needs) }}