Merge GH #3663 Add CodeQL #3387
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# (C) 2020,2022 Jack Lloyd | |
# (C) 2022 René Meusel, Rohde & Schwarz Cybersecurity | |
# | |
# Botan is released under the Simplified BSD License (see license.txt) | |
name: ci | |
permissions: | |
contents: read | |
# implicitly all other scopes not listed become none | |
on: | |
push: | |
branches: [ master ] | |
pull_request: | |
branches: [ master ] | |
# cancel running workflows when new commits are being pushed in pull requests | |
# but not on the master branch | |
concurrency: | |
group: ${{ github.workflow }} @ ${{ github.head_ref || github.run_id }} | |
cancel-in-progress: true | |
jobs: | |
windows: | |
name: "Windows" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: shared | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: static | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: amalgamation | |
arch: x86_64 | |
host_os: windows-2022 | |
- target: shared | |
arch: x86 | |
host_os: windows-2022 | |
runs-on: ${{ matrix.host_os }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-msvc-${{ matrix.arch }}-${{ matrix.target }} | |
arch: ${{ matrix.arch }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='msvc' --make-tool='jom' --cpu='${{ matrix.arch }}' --test-results-dir=junit_results ${{ matrix.target }} | |
linux: | |
name: "Linux" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- compiler: gcc | |
target: shared | |
- compiler: gcc | |
target: amalgamation | |
- compiler: gcc | |
target: static | |
- compiler: clang | |
target: shared | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: linux-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} | |
macos: | |
name: "macOS" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: shared | |
compiler: clang | |
- target: amalgamation | |
compiler: clang | |
runs-on: macos-13 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: macos-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} | |
clang-tidy: | |
name: "Clang Tidy" | |
runs-on: ubuntu-22.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: clang-tidy | |
cache-key: linux-x86_64-clang-tidy | |
- name: Configure Build | |
run: python3 ./configure.py --cc=clang | |
- name: Run Clang Tidy | |
run: | | |
./src/scripts/ci/gh_get_changes_in_pr.py $(git rev-parse HEAD) --api-token=${{ secrets.GITHUB_TOKEN }} | \ | |
python3 ./src/scripts/dev_tools/run_clang_tidy.py --verbose --take-file-list-from-stdin | |
analysis: | |
name: "Analysis" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: coverage | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: sanitizer | |
compiler: msvc | |
host_os: windows-2022 | |
make_tool: jom | |
- target: sanitizer | |
compiler: clang | |
host_os: ubuntu-22.04 | |
- target: sanitizer | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: valgrind | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: fuzzers | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: lint | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: format | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
runs-on: ${{ matrix.host_os }} | |
env: | |
COVERALLS_REPO_TOKEN: pbLoTMBxC1DFvbws9WfrzVOvfEdEZTcCS | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
path: ./source | |
- name: Fetch BoringSSL fork for BoGo tests | |
uses: actions/checkout@v3 | |
with: | |
repository: randombit/boringssl | |
ref: rene/runner-20230705 | |
path: ./boringssl | |
if: matrix.target == 'coverage' || matrix.target == 'sanitizer' | |
- name: Setup Build Agent | |
uses: ./source/.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./source/src/scripts/ci_build.py --root-dir=${{ github.workspace }}/source --build-dir=${{ github.workspace }}/build --boringssl-dir=${{ github.workspace }}/boringssl --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }} | |
specials: | |
name: "Special" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: examples | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: minimized | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: bsi | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
runs-on: ${{ matrix.host_os }} | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
path: ./source | |
- name: Setup Build Agent | |
uses: ./source/.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-x86_64-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./source/src/scripts/ci_build.py --root-dir=${{ github.workspace }}/source --build-dir=${{ github.workspace }}/build --boringssl-dir=${{ github.workspace }}/boringssl --cc='${{ matrix.compiler }}' --make-tool='${{ matrix.make_tool }}' --test-results-dir=junit_results ${{ matrix.target }} | |
x-compile: | |
name: "Cross" | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- target: cross-i386 | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: cross-arm32 | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: cross-arm64 | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: cross-ppc64 | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: cross-riscv64 | |
compiler: gcc | |
host_os: ubuntu-22.04 | |
- target: cross-android-arm32 | |
compiler: clang | |
host_os: ubuntu-22.04 | |
- target: cross-android-arm64 | |
compiler: clang | |
host_os: ubuntu-22.04 | |
- target: static | |
compiler: gcc | |
host_os: windows-2022 | |
make_tool: mingw32-make | |
- target: cross-ios-arm64 | |
compiler: clang | |
host_os: macos-13 | |
- target: emscripten | |
compiler: emcc | |
host_os: ubuntu-22.04 | |
runs-on: ${{ matrix.host_os }} | |
env: | |
ANDROID_NDK_VERSION: 25 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Setup Build Agent | |
uses: ./.github/actions/setup-build-agent | |
with: | |
target: ${{ matrix.target }} | |
cache-key: ${{ matrix.host_os }}-${{ matrix.compiler }}-xcompile-${{ matrix.target }} | |
- name: Build and Test Botan | |
run: python3 ./src/scripts/ci_build.py --cc='${{ matrix.compiler }}' --test-results-dir=junit_results ${{ matrix.target }} |