KeyVerificationSession: be more vigilant with the received commitment #2240
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
push: | |
pull_request: | |
types: [opened, reopened] | |
defaults: | |
run: | |
shell: bash | |
concurrency: quotient-ci | |
jobs: | |
CI: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
fail-fast: false | |
max-parallel: 1 | |
matrix: | |
os: [ ubuntu-22.04 ] | |
qt-version: [ '6.4' ] | |
override-compiler: [ '', GCC ] # Defaults: MSVC on Windows, Clang elsewhere | |
include: # Attach API updating and static analysis to specific jobs | |
- os: ubuntu-22.04 | |
qt-version: '6.4' # That's what is in Ubuntu 22.04 | |
override-compiler: GCC | |
update-api: update-api | |
static-analysis: sonar # NB: to use sonar with Clang, replace gcov usage with lcov | |
- os: ubuntu-22.04 | |
qt-version: '6.4' | |
override-compiler: '' | |
static-analysis: codeql | |
- os: macos-14 | |
qt-version: '6.4' | |
- os: windows-latest | |
qt-version: '6.4' | |
env: | |
GCC_VERSION: -13 | |
CLANG_VERSION: -17 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
# Install on Linux via apt to get everything necessary in one go | |
- name: Install dependencies (Linux) | |
if: startsWith(matrix.os, 'ubuntu') | |
run: | | |
COMMON_PKGS="libolm-dev ninja-build gnome-keyring g++$GCC_VERSION clang$CLANG_VERSION" | |
# See https://github.com/actions/runner-images/issues/9679 | |
sudo add-apt-repository ppa:ubuntu-toolchain-r/test -y | |
# Add LLVM repo for newer Clang | |
wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | sudo tee /etc/apt/trusted.gpg.d/apt.llvm.org.asc | |
sudo add-apt-repository "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy$CLANG_VERSION main" -y | |
sudo apt-get -qq update | |
sudo apt-get -qq install $COMMON_PKGS | |
gnome-keyring-daemon -d --unlock <<<'' # Create a login keyring with no password | |
- name: Install dependencies (non-Linux) | |
uses: jurplel/[email protected] | |
with: | |
version: '${{ matrix.qt-version }}.*' | |
cache: true | |
cache-key-prefix: Qt | |
tools: "${{ !startsWith(matrix.os, 'ubuntu') && 'tools_ninja ' || '' }}\ | |
${{ startsWith(matrix.os, 'windows') && 'tools_opensslv3_x64' || '' }}" | |
- name: Setup build environment | |
run: | | |
if [ '${{ matrix.override-compiler }}' == 'GCC' ]; then | |
echo "CC=gcc$GCC_VERSION" >>$GITHUB_ENV | |
echo "CXX=g++$GCC_VERSION" >>$GITHUB_ENV | |
elif [[ '${{ runner.os }}' == 'Linux' ]]; then | |
# Workaround for https://github.com/actions/runner-images/issues/8659 | |
echo "CC=clang$CLANG_VERSION" >>$GITHUB_ENV | |
echo "CXX=clang++$CLANG_VERSION" >>$GITHUB_ENV | |
fi | |
if grep -q 'refs/tags' <<<'${{ github.ref }}'; then | |
VERSION="$(git describe --tags)" | |
elif [ '${{ github.ref }}' == 'refs/heads/master' ]; then | |
VERSION="ci${{ github.run_number }}-$(git rev-parse --short HEAD)" | |
else | |
VERSION="$(git describe --all --contains)-ci${{ github.run_number }}-$(git rev-parse --short HEAD)" | |
fi | |
QUOTEST_ORIGIN="$VERSION @ ${{ runner.os }}/Qt-${{ matrix.qt-version }}" | |
if [ -n '${{ matrix.override-compiler }}' ]; then | |
QUOTEST_ORIGIN="$QUOTEST_ORIGIN/${{ matrix.override-compiler }}" | |
fi | |
CMAKE_ARGS="-G Ninja -DCMAKE_BUILD_TYPE=RelWithDebInfo \ | |
${{ runner.os != 'Linux' && '-DCMAKE_MAKE_PROGRAM=$IQTA_TOOLS/Ninja/ninja' || '' }} \ | |
-DBUILD_SHARED_LIBS=${{ runner.os == 'Linux' }} \ | |
-DCMAKE_INSTALL_PREFIX=~/.local \ | |
-DCMAKE_PREFIX_PATH=~/.local \ | |
-DCMAKE_INSTALL_RPATH_USE_LINK_PATH=ON \ | |
" | |
QUOTEST_ORIGIN="$QUOTEST_ORIGIN/E2EE" | |
CMAKE_ARGS="$CMAKE_ARGS \ | |
${{ runner.os == 'macOS' && '-DOPENSSL_ROOT_DIR=`brew --prefix openssl`' || | |
runner.os == 'Windows' && '-DOPENSSL_ROOT_DIR=$IQTA_TOOLS/OpenSSLv3/Win_x64/' || '' }} \ | |
" | |
if [ '${{ matrix.static-analysis }}' == 'sonar' ]; then | |
mkdir -p $HOME/.sonar | |
CMAKE_ARGS="$CMAKE_ARGS -DCMAKE_CXX_FLAGS=--coverage" | |
fi | |
echo "CMAKE_ARGS=$CMAKE_ARGS" >>$GITHUB_ENV | |
echo "QUOTEST_ORIGIN=$QUOTEST_ORIGIN" >>$GITHUB_ENV | |
if [[ '${{ runner.os }}' != 'Windows' ]]; then | |
BIN_DIR=/bin | |
echo "LIB_PATH=$HOME/.local/lib" >>$GITHUB_ENV | |
fi | |
echo "BIN_DIR=$BIN_DIR" >>$GITHUB_ENV | |
echo "~/.local$BIN_DIR" >>$GITHUB_PATH | |
cmake -E make_directory ${{ runner.workspace }}/build | |
echo "BUILD_PATH=${{ runner.workspace }}/build/libQuotient" >>$GITHUB_ENV | |
- name: Setup MSVC | |
uses: ilammy/msvc-dev-cmd@v1 | |
if: startsWith(matrix.os, 'windows') | |
with: | |
arch: x64 | |
- name: Set up Sonar Cloud tools | |
id: sonar | |
if: matrix.static-analysis == 'sonar' | |
uses: sonarsource/sonarcloud-github-c-cpp@v2 | |
- name: Build and install QtKeychain | |
run: | | |
cd .. | |
git clone -b 0.14.3 https://github.com/frankosterfeld/qtkeychain.git | |
cmake -S qtkeychain -B qtkeychain/build -DBUILD_WITH_QT6=ON $CMAKE_ARGS | |
cmake --build qtkeychain/build --target install | |
- name: Build and install Olm | |
run: | | |
cd .. | |
git clone https://gitlab.matrix.org/matrix-org/olm.git | |
cmake -S olm -B olm/build $CMAKE_ARGS | |
cmake --build olm/build --target install | |
- name: Get CS API definitions; clone and build GTAD | |
if: matrix.update-api | |
run: | | |
git clone --depth=1 https://github.com/quotient-im/matrix-spec.git ../matrix-spec | |
git submodule update --init --recursive --depth=1 | |
cmake -S gtad/gtad -B ../build/gtad $CMAKE_ARGS -DBUILD_SHARED_LIBS=OFF | |
cmake --build ../build/gtad | |
echo "CMAKE_ARGS=$CMAKE_ARGS -DMATRIX_SPEC_PATH=${{ runner.workspace }}/matrix-spec \ | |
-DGTAD_PATH=${{ runner.workspace }}/build/gtad/gtad" \ | |
>>$GITHUB_ENV | |
echo "QUOTEST_ORIGIN=$QUOTEST_ORIGIN with regenerated API files" >>$GITHUB_ENV | |
- name: Initialize CodeQL tools | |
if: matrix.static-analysis == 'codeql' | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: cpp | |
# If you wish to specify custom queries, you can do so here or in a config file. | |
# By default, queries listed here will override any specified in a config file. | |
# Prefix the list here with "+" to use these queries and those in the config file. | |
# queries: ./path/to/local/query, your-org/your-repo/queries@main | |
- name: Configure libQuotient | |
run: | | |
cmake -S $GITHUB_WORKSPACE -B $BUILD_PATH $CMAKE_ARGS -DQuotient_INSTALL_TESTS=ON | |
- name: Regenerate API code | |
if: matrix.update-api | |
run: cmake --build ../build/libQuotient --target update-api | |
- name: Build and install libQuotient | |
run: | | |
if [[ '${{ matrix.static-analysis }}' == 'sonar' ]]; then | |
BUILD_WRAPPER="${{ steps.sonar.outputs.build-wrapper-binary }} --out-dir $BUILD_PATH/sonar" | |
fi | |
$BUILD_WRAPPER cmake --build $BUILD_PATH --target all | |
cmake --build $BUILD_PATH --target install | |
ls ~/.local$BIN_DIR/quotest | |
- name: Run tests | |
env: | |
TEST_USER: ${{ secrets.TEST_USER }} | |
TEST_PWD: ${{ secrets.TEST_PWD }} | |
QT_ASSUME_STDERR_HAS_CONSOLE: 1 # Windows needs this for meaningful debug output | |
QT_LOGGING_RULES: 'quotient.*.debug=true;quotient.jobs.sync.debug=false;quotient.events.ephemeral.debug=false;quotient.events.state.debug=false;quotient.events.members.debug=false' | |
QT_MESSAGE_PATTERN: '%{time h:mm:ss.zzz}|%{category}|%{if-debug}D%{endif}%{if-info}I%{endif}%{if-warning}W%{endif}%{if-critical}C%{endif}%{if-fatal}F%{endif}|%{message}' | |
run: | | |
CTEST_ARGS="--test-dir $BUILD_PATH --output-on-failure" | |
if [[ '${{ runner.os }}' != 'Linux' ]]; then | |
CTEST_ARGS="$CTEST_ARGS -E testolmaccount" | |
else | |
. autotests/setup-tests.sh | |
fi | |
GTEST_COLOR=1 ctest $CTEST_ARGS | |
[[ -z "$TEST_USER" ]] || \ | |
LD_LIBRARY_PATH=$LIB_PATH \ | |
quotest "$TEST_USER" "$TEST_PWD" quotest-gha '#quotest:matrix.org' "$QUOTEST_ORIGIN" | |
timeout-minutes: 4 # quotest is supposed to finish within 3 minutes, actually | |
- name: Perform CodeQL analysis | |
if: matrix.static-analysis == 'codeql' | |
uses: github/codeql-action/analyze@v3 | |
- name: Run sonar-scanner | |
if: matrix.static-analysis == 'sonar' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_SERVER_URL: 'https://sonarcloud.io' | |
run: | | |
mkdir .coverage && pushd .coverage | |
find $BUILD_PATH -name '*.gcda' -print0 \ | |
| xargs -0 gcov$GCC_VERSION -s $GITHUB_WORKSPACE -pr | |
# Coverage of the test source code is not tracked, as it is always 100% | |
# (if not, some tests failed and broke the build at an earlier stage) | |
rm -f quotest* autotests* | |
popd | |
${{ steps.sonar.outputs.sonar-scanner-binary }} \ | |
-Dsonar.host.url="$SONAR_SERVER_URL" \ | |
-Dsonar.cfamily.compile-commands="$BUILD_PATH/sonar/compile_commands.json" \ | |
-Dsonar.cfamily.threads=2 \ | |
-Dsonar.cfamily.gcov.reportsPath=.coverage |