blob: bc13b59630d7fe9cdba74b648cb338832fc09209 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
|
name: GitHub CI tests
on:
push:
branches: [master, ci, coverity_scan]
pull_request:
jobs:
build:
runs-on: ${{ matrix.os }}
name: build(${{ matrix.docker_image || matrix.os }}, ${{ matrix.cc }})
strategy:
matrix:
os: [ubuntu-18.04, macos-10.15]
cc: [gcc, clang]
exclude:
- os: macos-10.15
cc: gcc
include:
# Enable distcheck for one build
- os: ubuntu-18.04
cc: gcc
do_distc: yes
# Run Coverity on a clang build; Coverity's gcc causes issues
- os: ubuntu-18.04
cc: clang
do_coverity: yes
# Build in an Alpine Docker image
- os: ubuntu-latest
cc: gcc
docker_image: alpine:latest
shell: '/usr/bin/docker exec dockerciimage sh -e {0}'
# Add an additional Windows build (MinGW-gcc via MSYS2) with no extras
- os: windows-2019
cc: gcc
shell: 'msys2 {0}'
defaults:
run:
shell: ${{ matrix.shell || 'bash' }}
steps:
- name: checkout code
uses: actions/checkout@v2
- name: Start Docker
if: matrix.docker_image
shell: bash
run: |
# Note: With this setup everything inside the container will be run as root
docker pull "${{ matrix.docker_image }}"
docker create --name dockerciimage \
-v "/home/runner/work:/home/runner/work" --workdir "$PWD" \
--entrypoint "tail" "${{ matrix.docker_image }}" "-f" "/dev/null"
docker start dockerciimage
- name: Setup MSys2
uses: msys2/setup-msys2@v2
if: matrix.os == 'windows-2019'
with:
msystem: MINGW64
update: false
- name: install deps
run: |
case "${{ matrix.docker_image || matrix.os }}" in
macos-*)
#brew update
# fontconfig, freetype, autoconf and libtool are preinstalled
# and `brew install` fails if a non-uptodate version is already installed
#brew upgrade fontconfig freetype autoconf libtool
brew install automake fribidi harfbuzz nasm
;;
windows-*)
pre="mingw-w64-x86_64"
pacman --noconfirm -S \
automake autoconf nasm make \
$pre-libtool $pre-pkg-config $pre-gcc \
$pre-fribidi $pre-freetype $pre-harfbuzz $pre-fontconfig
;;
alpine:*)
apk add nasm ${{ matrix.cc }} musl-dev \
make automake autoconf libtool pkgconf \
fontconfig-dev freetype-dev fribidi-dev harfbuzz-dev
;;
*)
sudo apt-get update #&& sudo apt-get upgrade
sudo apt-get install -y \
libfontconfig1-dev libfreetype6-dev libfribidi-dev \
libharfbuzz-dev nasm ${{ matrix.cc }}
;;
esac
- name: configure
run: ./autogen.sh && CC="${{ matrix.cc }}" ./configure
- name: compile
run: test "x${{ matrix.do_distc }}" = "xyes" || make -j 2
- name: distcheck
run: if [ "x${{ matrix.do_distc }}" = "xyes" ] ; then make -j 2 distcheck; fi
- name: Coverity scan
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
PROJECT_NAME: libass/libass
NOTIFY_EMAIL: none@example.com
TOOL_URL: https://scan.coverity.com/download/
UPLOAD_URL: https://scan.coverity.com/builds?project=libass%2Flibass
SCAN_URL: https://scan.coverity.com
RES_DIR: cov-int
run: |
if [ "x${{ matrix.do_coverity }}" = "xyes" ] \
&& [ "x${{ github.repository }}" = "xlibass/libass" ] \
&& [ "x${{ github.event_name }}" != "xpull_request" ]
then
exit_code=0
echo "Running Coverity ..."
# Remove previous build output
make clean
# The upstream script is borked and always exits with 1 even on success
# To get meaningful success/error status we're using our own script
# but we still want to be informed about upstream script changes
if curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh \
| shasum -a 256 \
| grep -Eq '^234d71b4a5257a79559e66dd3ba5765576d2af4845da83af4975b77b14ab536b '
then
: remote unchanged
else
echo "Coverity's travis script changed!"
exit_code=1
fi
# Check if we are within quoata
quota_res="$(curl -s --form project="$PROJECT_NAME" \
--form token="$COVERITY_SCAN_TOKEN" \
"$SCAN_URL"/api/upload_permitted)"
if [ "$?" -ne 0 ] || [ "x$quota_res" = "xAccess denied" ] ; then
echo "Coverity denied access or did not respond!"
exit 1
elif echo "$quota_res" | grep -Eq 'upload_permitted": *true' ; then
echo "Within Coverity quota."
else
echo "Exceeding Coverity quota! Try again later."
echo "$quota_res" | grep -Eo 'next_upload_permitted_at":[^,}]*'
exit 0
fi
# Download cov tool and make it available
wget -nv "$TOOL_URL""$(uname)" \
--post-data "project=$PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" \
-O cov-analysis-tool.tar.gz
mkdir cov-analysis-tool
tar xzf cov-analysis-tool.tar.gz --strip 1 -C cov-analysis-tool
export PATH="$(pwd)/cov-analysis-tool/bin:$PATH"
# Coverity Build
echo "Starting Coverity build..."
#mkdir "$RES_DIR" # already done by cov-build
COVERITY_UNSUPPORTED=1 cov-build --dir "$RES_DIR" make -j 2
cov-import-scm --dir "$RES_DIR" --scm git --log "$RES_DIR/scm_log.txt" 2>&1
# Submit results to Coverity's server
tar czf libass.tar.gz "$RES_DIR"
upstat="$(curl --silent --write-out "\n%{http_code}\n" \
--form project="PROJECT_NAME" \
--form token="$COVERITY_SCAN_TOKEN" \
--form email="$NOTIFY_EMAIL" \
--form file=@libass.tar.gz \
--form version="${{ github.sha }}" \
--form description="GitHubActions CI build" \
"$UPLOAD_URL")"
if [ "$?" -ne 0 ] ; then
echo "Upload failed (curl error)"
exit_code=1
elif echo "$upstat" | tail -n 1 | grep -Eq '^2[0-9]{2}$' ; then
echo "Upload successful."
else
echo "Upload failed (server error)"
exit_code=1
fi
echo "$upstat" | head
exit $exit_code
fi
- name: Stop Docker
if: matrix.docker_image
shell: bash
run: |
docker rm --force dockerciimage
|
