[PoC] Global context rules #2788
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Test | |
on: | |
push: | |
branches: [ master ] | |
tags: | |
- "*" | |
pull_request: | |
branches: | |
- "**" | |
schedule: | |
- cron: 30 0 * * * | |
workflow_dispatch: | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
sanitizers: | |
strategy: | |
fail-fast: false | |
matrix: | |
suffix: | |
- none | |
- vectorized | |
arch: | |
- amd64 | |
- arm64 | |
runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-4core-linux-arm-limited' }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Create directories | |
run: mkdir Debug | |
- name: Install dependencies | |
if: matrix.arch == 'arm64' | |
run: sudo apt update ; sudo apt install -y cmake git make curl | |
- name: Install clang-{tidy,format} | |
run: | | |
sudo .github/workflows/scripts/llvm.sh 17 | |
sudo apt-get install -y clang-17 clang++-17 | |
- name: CMake | |
env: | |
CC: clang-17 | |
CXX: clang++-17 | |
run: | | |
cmake .. -DCMAKE_BUILD_TYPE=Debug \ | |
-DCMAKE_CXX_FLAGS="-fsanitize=address,leak,undefined -DASAN_BUILD" \ | |
-DCMAKE_C_FLAGS="-fsanitize=address,leak,undefined -DASAN_BUILD" \ | |
-DCMAKE_EXE_LINKER_FLAGS="-fsanitize=address,leak,undefined" \ | |
-DCMAKE_MODULE_LINKER_FLAGS="-fsanitize=address,leak,undefined" \ | |
-DLIBDDWAF_VECTORIZED_TRANSFORMERS=$([ "${{ matrix.suffix }}" != "none" ] && echo "ON" || echo "OFF") | |
working-directory: Debug | |
- name: Build | |
run: VERBOSE=1 make -j $(nproc) waf_test waf_validator | |
working-directory: Debug | |
- name: Test | |
run: ASAN_OPTIONS="verbosity=1 fast_unwind_on_malloc=0 detect_leaks=1" make test | |
working-directory: Debug | |
- name: Validate | |
run: ASAN_OPTIONS="verbosity=1 fast_unwind_on_malloc=0 detect_leaks=1" make validate | |
working-directory: Debug | |
valgrind: | |
strategy: | |
fail-fast: false | |
matrix: | |
suffix: | |
- none | |
- vectorized | |
arch: | |
- amd64 | |
- arm64 | |
runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-4core-linux-arm-limited' }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install dependencies | |
run: sudo apt update ; sudo apt install -y valgrind cmake gcc-12 g++-12 git make curl | |
- name: Create directories | |
run: mkdir Debug | |
- name: CMake | |
env: | |
CC: gcc-12 | |
CXX: g++-12 | |
run: | | |
cmake .. \ | |
-DCMAKE_BUILD_TYPE=Debug \ | |
-DLIBDDWAF_VECTORIZED_TRANSFORMERS=$([ "${{ matrix.suffix }}" != "none" ] && echo "ON" || echo "OFF") | |
working-directory: Debug | |
- name: Build | |
run: VERBOSE=1 make -j $(nproc) waf_test waf_validator | |
working-directory: Debug | |
- name: Test | |
run: make test_valgrind | |
working-directory: Debug | |
- name: Validate | |
run: make validate_valgrind | |
working-directory: Debug | |
coverage: | |
strategy: | |
fail-fast: false | |
matrix: | |
suffix: | |
- none | |
- vectorized | |
arch: | |
- amd64 | |
- arm64 | |
runs-on: ${{ matrix.arch == 'amd64' && 'ubuntu-latest' || 'arm-4core-linux-arm-limited' }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y cmake gcc-12 g++-12 git make curl python3 python3-venv python3-pip | |
python3 -m venv .venv | |
source .venv/bin/activate | |
pip install gcovr==7.2 | |
- name: Create directories | |
run: mkdir Debug | |
- name: CMake | |
env: | |
CC: gcc-12 | |
CXX: g++-12 | |
run: | | |
cmake .. \ | |
-DLIBDDWAF_TEST_COVERAGE=ON \ | |
-DCMAKE_BUILD_TYPE=Debug \ | |
-DLIBDDWAF_VECTORIZED_TRANSFORMERS=$([ "${{ matrix.suffix }}" != "none" ] && echo "ON" || echo "OFF") | |
working-directory: Debug | |
- name: Build | |
run: VERBOSE=1 make -j $(nproc) waf_test waf_validator | |
working-directory: Debug | |
- name: Test | |
run: make test | |
working-directory: Debug | |
- name: Validate | |
run: make validate | |
working-directory: Debug | |
- name: Generate coverage | |
run: | | |
source ../.venv/bin/activate | |
gcovr --version | |
gcovr --gcov-executable gcov-12 --exclude-throw-branches -v -f '.*src.*' -e ".*src/vendor/.*" --json -o coverage-${{ matrix.suffix }}-${{ matrix.arch }}.json | |
working-directory: Debug | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: coverage_${{ matrix.suffix }}_${{ matrix.arch }} | |
path: ${{ github.workspace }}/Debug/coverage-${{ matrix.suffix }}-${{ matrix.arch }}.json | |
upload-coverage: | |
needs: [ coverage ] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- uses: actions/download-artifact@v4 | |
with: | |
path: artifacts | |
- name: Install dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y python3 python3-venv python3-pip | |
python3 -m venv .venv | |
source .venv/bin/activate | |
pip install gcovr==7.2 | |
- name: Generate coverage | |
run: | | |
source .venv/bin/activate | |
gcovr --version | |
gcovr --merge-mode-functions merge-use-line-0 --json-add-tracefile "artifacts/*/coverage-*.json" -x coverage.xml | |
mkdir -p coverage | |
gcovr --merge-mode-functions merge-use-line-0 --json-add-tracefile "artifacts/*/coverage-*.json" --html-details coverage/coverage.html | |
- name: Submit coverage | |
uses: codecov/codecov-action@v4 | |
with: | |
token: ${{ secrets.CODECOV_TOKEN }} | |
flags: waf_test | |
verbose: true | |
files: coverage.xml | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: coverage | |
path: ${{ github.workspace }}/coverage/ | |
lint: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Create directories | |
run: mkdir Debug | |
- name: Install clang-{tidy,format} | |
run: | | |
DEBIAN_FRONTEND="noninteractive" sudo apt-get -y remove python3-lldb-14 | |
sudo .github/workflows/scripts/llvm.sh 17 | |
sudo apt-get install -y clang-tidy-17 clang-format-17 | |
- name: CMake | |
env: | |
CXX: clang++-17 | |
CC: clang-17 | |
run: | | |
cmake .. -DCMAKE_BUILD_TYPE=Debug -DCLANG_TIDY=/usr/bin/run-clang-tidy-17 \ | |
-DCLANG_FORMAT=/usr/bin/clang-format-17 | |
working-directory: Debug | |
- name: Build | |
run: VERBOSE=1 make -j $(nproc) | |
working-directory: Debug | |
- name: Format | |
run: make format | |
working-directory: Debug | |
- name: Tidy | |
run: make tidy | |
working-directory: Debug | |
tools: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Create directories | |
run: mkdir Debug | |
- name: Install dependencies | |
run: sudo apt update ; sudo apt install -y libreadline-dev | |
- name: CMake | |
env: | |
CC: gcc-12 | |
CXX: g++-12 | |
run: | | |
cmake .. -DCMAKE_BUILD_TYPE=Debug | |
working-directory: Debug | |
- name: Build | |
run: VERBOSE=1 make -j $(nproc) verify_rule verify_ruleset waf_runner validate_schema | |
working-directory: Debug | |
#verify_ruleset: | |
#runs-on: ubuntu-latest | |
#strategy: | |
#fail-fast: false | |
#steps: | |
#- uses: actions/checkout@v4 | |
#with: | |
#submodules: recursive | |
#- name: Create directories | |
#run: mkdir Debug | |
#- name: CMake | |
#env: | |
#CC: gcc-12 | |
#CXX: g++-12 | |
#run: | | |
#cmake .. -DCMAKE_BUILD_TYPE=Debug | |
#working-directory: Debug | |
#- name: Build | |
#run: VERBOSE=1 make -j $(nproc) verify_ruleset proj_event_rules | |
#working-directory: Debug | |
#- name: Verify | |
#run: ./tools/verify_ruleset ./third_party/proj_event_rules-prefix/src/proj_event_rules/build/recommended.json | |
#working-directory: Debug |