Skip to content

[PoC] Global context rules #2788

[PoC] Global context rules

[PoC] Global context rules #2788

Workflow file for this run

name: Test
on:
push:
branches: [ master ]
tags:
- "*"
pull_request:
branches:
- "**"
schedule:
- cron: 30 0 * * *
workflow_dispatch:
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
sanitizers:
strategy:
fail-fast: false
matrix:
suffix:
- none
- vectorized
arch:
- amd64
- arm64
runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-4core-linux-arm-limited' }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Create directories
run: mkdir Debug
- name: Install dependencies
if: matrix.arch == 'arm64'
run: sudo apt update ; sudo apt install -y cmake git make curl
- name: Install clang-{tidy,format}
run: |
sudo .github/workflows/scripts/llvm.sh 17
sudo apt-get install -y clang-17 clang++-17
- name: CMake
env:
CC: clang-17
CXX: clang++-17
run: |
cmake .. -DCMAKE_BUILD_TYPE=Debug \
-DCMAKE_CXX_FLAGS="-fsanitize=address,leak,undefined -DASAN_BUILD" \
-DCMAKE_C_FLAGS="-fsanitize=address,leak,undefined -DASAN_BUILD" \
-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address,leak,undefined" \
-DCMAKE_MODULE_LINKER_FLAGS="-fsanitize=address,leak,undefined" \
-DLIBDDWAF_VECTORIZED_TRANSFORMERS=$([ "${{ matrix.suffix }}" != "none" ] && echo "ON" || echo "OFF")
working-directory: Debug
- name: Build
run: VERBOSE=1 make -j $(nproc) waf_test waf_validator
working-directory: Debug
- name: Test
run: ASAN_OPTIONS="verbosity=1 fast_unwind_on_malloc=0 detect_leaks=1" make test
working-directory: Debug
- name: Validate
run: ASAN_OPTIONS="verbosity=1 fast_unwind_on_malloc=0 detect_leaks=1" make validate
working-directory: Debug
valgrind:
strategy:
fail-fast: false
matrix:
suffix:
- none
- vectorized
arch:
- amd64
- arm64
runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-4core-linux-arm-limited' }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install dependencies
run: sudo apt update ; sudo apt install -y valgrind cmake gcc-12 g++-12 git make curl
- name: Create directories
run: mkdir Debug
- name: CMake
env:
CC: gcc-12
CXX: g++-12
run: |
cmake .. \
-DCMAKE_BUILD_TYPE=Debug \
-DLIBDDWAF_VECTORIZED_TRANSFORMERS=$([ "${{ matrix.suffix }}" != "none" ] && echo "ON" || echo "OFF")
working-directory: Debug
- name: Build
run: VERBOSE=1 make -j $(nproc) waf_test waf_validator
working-directory: Debug
- name: Test
run: make test_valgrind
working-directory: Debug
- name: Validate
run: make validate_valgrind
working-directory: Debug
coverage:
strategy:
fail-fast: false
matrix:
suffix:
- none
- vectorized
arch:
- amd64
- arm64
runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-4core-linux-arm-limited' }}
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Install dependencies
run: |
sudo apt update
sudo apt install -y cmake gcc-12 g++-12 git make curl python3 python3-venv python3-pip
python3 -m venv .venv
source .venv/bin/activate
pip install gcovr==7.2
- name: Create directories
run: mkdir Debug
- name: CMake
env:
CC: gcc-12
CXX: g++-12
run: |
cmake .. \
-DLIBDDWAF_TEST_COVERAGE=ON \
-DCMAKE_BUILD_TYPE=Debug \
-DLIBDDWAF_VECTORIZED_TRANSFORMERS=$([ "${{ matrix.suffix }}" != "none" ] && echo "ON" || echo "OFF")
working-directory: Debug
- name: Build
run: VERBOSE=1 make -j $(nproc) waf_test waf_validator
working-directory: Debug
- name: Test
run: make test
working-directory: Debug
- name: Validate
run: make validate
working-directory: Debug
- name: Generate coverage
run: |
source ../.venv/bin/activate
gcovr --version
gcovr --gcov-executable gcov-12 --exclude-throw-branches -v -f '.*src.*' -e ".*src/vendor/.*" --json -o coverage-${{ matrix.suffix }}-${{ matrix.arch }}.json
working-directory: Debug
- uses: actions/upload-artifact@v4
with:
name: coverage_${{ matrix.suffix }}_${{ matrix.arch }}
path: ${{ github.workspace }}/Debug/coverage-${{ matrix.suffix }}-${{ matrix.arch }}.json
upload-coverage:
needs: [ coverage ]
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- uses: actions/download-artifact@v4
with:
path: artifacts
- name: Install dependencies
run: |
sudo apt update
sudo apt install -y python3 python3-venv python3-pip
python3 -m venv .venv
source .venv/bin/activate
pip install gcovr==7.2
- name: Generate coverage
run: |
source .venv/bin/activate
gcovr --version
gcovr --merge-mode-functions merge-use-line-0 --json-add-tracefile "artifacts/*/coverage-*.json" -x coverage.xml
mkdir -p coverage
gcovr --merge-mode-functions merge-use-line-0 --json-add-tracefile "artifacts/*/coverage-*.json" --html-details coverage/coverage.html
- name: Submit coverage
uses: codecov/codecov-action@v4
with:
token: ${{ secrets.CODECOV_TOKEN }}
flags: waf_test
verbose: true
files: coverage.xml
- uses: actions/upload-artifact@v4
with:
name: coverage
path: ${{ github.workspace }}/coverage/
lint:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Create directories
run: mkdir Debug
- name: Install clang-{tidy,format}
run: |
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y remove python3-lldb-14
sudo .github/workflows/scripts/llvm.sh 17
sudo apt-get install -y clang-tidy-17 clang-format-17
- name: CMake
env:
CXX: clang++-17
CC: clang-17
run: |
cmake .. -DCMAKE_BUILD_TYPE=Debug -DCLANG_TIDY=/usr/bin/run-clang-tidy-17 \
-DCLANG_FORMAT=/usr/bin/clang-format-17
working-directory: Debug
- name: Build
run: VERBOSE=1 make -j $(nproc)
working-directory: Debug
- name: Format
run: make format
working-directory: Debug
- name: Tidy
run: make tidy
working-directory: Debug
tools:
runs-on: ubuntu-latest
strategy:
fail-fast: false
steps:
- uses: actions/checkout@v4
with:
submodules: recursive
- name: Create directories
run: mkdir Debug
- name: Install dependencies
run: sudo apt update ; sudo apt install -y libreadline-dev
- name: CMake
env:
CC: gcc-12
CXX: g++-12
run: |
cmake .. -DCMAKE_BUILD_TYPE=Debug
working-directory: Debug
- name: Build
run: VERBOSE=1 make -j $(nproc) verify_rule verify_ruleset waf_runner validate_schema
working-directory: Debug
#verify_ruleset:
#runs-on: ubuntu-latest
#strategy:
#fail-fast: false
#steps:
#- uses: actions/checkout@v4
#with:
#submodules: recursive
#- name: Create directories
#run: mkdir Debug
#- name: CMake
#env:
#CC: gcc-12
#CXX: g++-12
#run: |
#cmake .. -DCMAKE_BUILD_TYPE=Debug
#working-directory: Debug
#- name: Build
#run: VERBOSE=1 make -j $(nproc) verify_ruleset proj_event_rules
#working-directory: Debug
#- name: Verify
#run: ./tools/verify_ruleset ./third_party/proj_event_rules-prefix/src/proj_event_rules/build/recommended.json
#working-directory: Debug