name: GitHub CI on: push: branches: [master, ci, coverity_scan] pull_request: jobs: build: runs-on: ${{ matrix.os }} name: build(${{ matrix.msystem || matrix.docker_image || matrix.os }}, ${{ matrix.cc }}${{ matrix.api && ', ' }}${{ matrix.api }}) strategy: fail-fast: false matrix: os: [ubuntu-latest, macos-10.15] cc: [gcc, clang] docker_image: [''] exclude: - os: macos-10.15 cc: gcc include: # Enable distcheck for one build - os: ubuntu-latest cc: gcc do_distc: yes # Run Coverity on a clang build; Coverity's gcc causes issues - os: ubuntu-latest cc: clang do_coverity: yes # Add a tcc build - os: ubuntu-latest cc: tcc ld: tcc # Add docker-build on Alpine - os: ubuntu-latest cc: gcc docker_image: alpine:latest shell: '/usr/bin/docker exec dockerciimage sh -e {0}' # Add docker-build with minimum version of dependencies - os: ubuntu-latest cc: gcc docker_image: oldlibs docker_pullprefix: 'ghcr.io/theoneric/libass-containers/' shell: '/usr/bin/docker exec dockerciimage sh -e {0}' # Add a Windows build (MinGW-gcc via MSYS2) with no extras - os: windows-2019 msystem: MINGW32 cc: gcc api: desktop shell: 'msys2 {0}' package_prefix: mingw-w64-i686 # Add a best-effort build for UWP apps for Microsoft Store - os: windows-2019 msystem: UCRT64 cc: gcc api: app extra_cflags: -DWINAPI_FAMILY=WINAPI_FAMILY_APP -specs=/tmp/windowsapp.specs shell: 'msys2 {0}' package_prefix: mingw-w64-ucrt-x86_64 defaults: run: shell: ${{ matrix.shell || 'bash' }} steps: - name: checkout code uses: actions/checkout@v2 - name: Start Docker if: matrix.docker_image shell: bash run: | # Note: Many containers default to the root user docker pull "${{ matrix.docker_pullprefix }}${{ matrix.docker_image }}" docker create --name dockerciimage \ -v "/home/runner/work:/home/runner/work" --workdir "$PWD" \ --entrypoint "tail" \ "${{ matrix.docker_pullprefix }}${{ matrix.docker_image }}" \ "-f" "/dev/null" docker start dockerciimage - name: Setup MSys2 uses: msys2/setup-msys2@v2 if: matrix.msystem with: msystem: ${{ matrix.msystem }} update: false - name: install deps run: | case "${{ matrix.docker_image || matrix.os }}" in macos-*) #brew update # fontconfig, freetype, autoconf and libtool are preinstalled # and `brew install` fails if a non-uptodate version is already installed #brew upgrade fontconfig freetype autoconf libtool brew install automake fribidi harfbuzz nasm ;; windows-*) pre="${{ matrix.package_prefix }}" pacman --noconfirm -S \ automake autoconf nasm make \ $pre-libtool $pre-pkg-config $pre-gcc \ $pre-fribidi $pre-freetype $pre-harfbuzz $pre-fontconfig ;; alpine:*) apk add nasm ${{ matrix.cc }} musl-dev \ make automake autoconf libtool pkgconf \ fontconfig-dev freetype-dev fribidi-dev harfbuzz-dev ;; oldlibs) : # Everything is preinstalled ;; *) sudo apt-get update #&& sudo apt-get upgrade sudo apt-get install -y --no-install-recommends \ autoconf automake make libtool \ libfontconfig1-dev libfreetype6-dev libfribidi-dev \ libharfbuzz-dev nasm ${{ matrix.cc }} ;; esac - name: Customize compiler if: matrix.api == 'app' && matrix.cc == 'gcc' run: > gcc -dumpspecs | sed 's/-lmsvcrt/-lucrtapp/g; s/-lkernel32/-lwindowsapp/g; s/-ladvapi32//g; s/-lshell32//g; s/-luser32//g' > /tmp/windowsapp.specs - name: configure env: CC: "${{ matrix.cc }}\ ${{ matrix.extra_cflags && ' ' }}${{ matrix.extra_cflags }}" LD: "${{ matrix.ld }}" run: ./autogen.sh && ./configure - name: compile if: matrix.do_distc != 'yes' run: make -j 2 - name: distcheck if: matrix.do_distc == 'yes' run: make -j 2 distcheck - name: Coverity scan if: > matrix.do_coverity == 'yes' && github.repository == 'libass/libass' && github.event_name != 'pull_request' env: COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} PROJECT_NAME: libass/libass NOTIFY_EMAIL: none@example.com TOOL_URL: https://scan.coverity.com/download/ UPLOAD_URL: https://scan.coverity.com/builds?project=libass%2Flibass SCAN_URL: https://scan.coverity.com RES_DIR: cov-int run: | exit_code=0 echo "Running Coverity ..." # Remove previous build output make clean # The upstream script is borked and always exits with 1 even on success # To get meaningful success/error status we're using our own script # but we still want to be informed about upstream script changes if curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh \ | shasum -a 256 \ | grep -Eq '^234d71b4a5257a79559e66dd3ba5765576d2af4845da83af4975b77b14ab536b ' then : remote unchanged else echo "Coverity's travis script changed!" exit_code=1 fi # Check if we are within quoata quota_res="$(curl -s --form project="$PROJECT_NAME" \ --form token="$COVERITY_SCAN_TOKEN" \ "$SCAN_URL"/api/upload_permitted)" if [ "$?" -ne 0 ] || [ "x$quota_res" = "xAccess denied" ] ; then echo "Coverity denied access or did not respond!" exit 1 elif echo "$quota_res" | grep -Eq 'upload_permitted": *true' ; then echo "Within Coverity quota." else echo "Exceeding Coverity quota! Try again later." echo "$quota_res" | grep -Eo 'next_upload_permitted_at":[^,}]*' exit 0 fi # Download cov tool and make it available wget -nv "$TOOL_URL""$(uname)" \ --post-data "project=$PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" \ -O cov-analysis-tool.tar.gz mkdir cov-analysis-tool tar xzf cov-analysis-tool.tar.gz --strip 1 -C cov-analysis-tool export PATH="$(pwd)/cov-analysis-tool/bin:$PATH" # Coverity Build echo "Starting Coverity build..." #mkdir "$RES_DIR" # already done by cov-build COVERITY_UNSUPPORTED=1 cov-build --dir "$RES_DIR" make -j 2 cov-import-scm --dir "$RES_DIR" --scm git --log "$RES_DIR/scm_log.txt" 2>&1 # Submit results to Coverity's server tar czf libass.tar.gz "$RES_DIR" upstat="$(curl --silent --write-out "\n%{http_code}\n" \ --form project="PROJECT_NAME" \ --form token="$COVERITY_SCAN_TOKEN" \ --form email="$NOTIFY_EMAIL" \ --form file=@libass.tar.gz \ --form version="${{ github.sha }}" \ --form description="GitHubActions CI build" \ "$UPLOAD_URL")" if [ "$?" -ne 0 ] ; then echo "Upload failed (curl error)" exit_code=1 elif echo "$upstat" | tail -n 1 | grep -Eq '^2[0-9]{2}$' ; then echo "Upload successful." else echo "Upload failed (server error)" exit_code=1 fi echo "$upstat" | head exit $exit_code - name: Stop Docker if: matrix.docker_image shell: bash run: | docker rm --force dockerciimage