1 |
commit: 22e3de54dee0d4efa6c3d14753f847677f0e8d98 |
2 |
Author: Mike Frysinger <vapier <AT> chromium <DOT> org> |
3 |
AuthorDate: Mon Oct 4 17:31:53 2021 +0000 |
4 |
Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> |
5 |
CommitDate: Mon Oct 4 22:26:21 2021 +0000 |
6 |
URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=22e3de54 |
7 |
|
8 |
migrate from Travis to GH actions |
9 |
|
10 |
Signed-off-by: Mike Frysinger <vapier <AT> gentoo.org> |
11 |
|
12 |
.github/workflows/build-test-ci.yml | 85 +++++++++++++++++++++++++++++++++++++ |
13 |
.github/workflows/coverity.yml | 52 +++++++++++++++++++++++ |
14 |
.travis.yml | 33 -------------- |
15 |
Makefile | 6 +-- |
16 |
Makefile.am | 1 - |
17 |
README.md | 2 +- |
18 |
autogen.sh | 14 +++--- |
19 |
travis/lib.sh | 38 ----------------- |
20 |
travis/main.sh | 75 -------------------------------- |
21 |
9 files changed, 147 insertions(+), 159 deletions(-) |
22 |
|
23 |
diff --git a/.github/workflows/build-test-ci.yml b/.github/workflows/build-test-ci.yml |
24 |
new file mode 100644 |
25 |
index 0000000..e23f0a3 |
26 |
--- /dev/null |
27 |
+++ b/.github/workflows/build-test-ci.yml |
28 |
@@ -0,0 +1,85 @@ |
29 |
+# GitHub actions workflow. |
30 |
+# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions |
31 |
+ |
32 |
+name: Build+Test CI |
33 |
+ |
34 |
+on: |
35 |
+ push: |
36 |
+ branches: [master, gh-actions] |
37 |
+ tags: [v*] |
38 |
+ pull_request: |
39 |
+ types: [opened] |
40 |
+ branches: [master] |
41 |
+ |
42 |
+jobs: |
43 |
+ make: |
44 |
+ strategy: |
45 |
+ matrix: |
46 |
+ os: [ubuntu-latest] |
47 |
+ cc: [gcc, clang] |
48 |
+ runs-on: ${{ matrix.os }} |
49 |
+ env: |
50 |
+ CC: ${{ matrix.cc }} |
51 |
+ steps: |
52 |
+ - name: Install dependencies |
53 |
+ run: sudo apt-get install -y python3-pyelftools |
54 |
+ - uses: actions/checkout@v2 |
55 |
+ # Hack up the man pages as installing xmlto is very expensive. |
56 |
+ # We'll test this in the autotools builder instead. |
57 |
+ - name: Hack man pages |
58 |
+ run: echo man/*.docbook | sed s:docbook:1:g | xargs touch |
59 |
+ - run: make |
60 |
+ - run: make check |
61 |
+ - run: make install DESTDIR="${PWD}/root/" |
62 |
+ - run: make debug |
63 |
+ - run: make check |
64 |
+ |
65 |
+ autotools-distcheck-linux: |
66 |
+ strategy: |
67 |
+ matrix: |
68 |
+ os: [ubuntu-latest] |
69 |
+ cc: [gcc, clang] |
70 |
+ runs-on: ${{ matrix.os }} |
71 |
+ env: |
72 |
+ CC: ${{ matrix.cc }} |
73 |
+ steps: |
74 |
+ - name: Install dependencies |
75 |
+ run: sudo apt-get install -y python3-pyelftools xmlto |
76 |
+ - name: Checkout gnulib |
77 |
+ uses: actions/checkout@v2 |
78 |
+ with: |
79 |
+ repository: coreutils/gnulib |
80 |
+ path: gnulib |
81 |
+ - run: mv gnulib .. |
82 |
+ - uses: actions/checkout@v2 |
83 |
+ - run: make distcheck SHELL_TRACE=-x PV=git PATH="${PWD}/../gnulib:${PATH}" |
84 |
+ |
85 |
+ autotools-build-macos: |
86 |
+ strategy: |
87 |
+ matrix: |
88 |
+ os: [macos-latest] |
89 |
+ cc: [clang] |
90 |
+ runs-on: ${{ matrix.os }} |
91 |
+ env: |
92 |
+ CC: ${{ matrix.cc }} |
93 |
+ steps: |
94 |
+ - name: Install dependencies |
95 |
+ run: brew install autoconf automake docbook libtool xmlto xz |
96 |
+ - name: Checkout gnulib |
97 |
+ uses: actions/checkout@v2 |
98 |
+ with: |
99 |
+ repository: coreutils/gnulib |
100 |
+ path: gnulib |
101 |
+ - run: mv gnulib .. |
102 |
+ - uses: actions/checkout@v2 |
103 |
+ # We don't run the whole distcheck flow because we don't want or need to |
104 |
+ # rebuild the tarball, and that flow also runs the basic Linux+make which |
105 |
+ # blows up wonderfully everywhere else. |
106 |
+ - run: make autotools SHELL_TRACE=-x |
107 |
+ - run: ./configure |
108 |
+ - run: make |
109 |
+ # The unittests generally assume a Linux ELF host, so don't bother making |
110 |
+ # sure they pass on macOS. Run them out of morbid curiosity I guess. |
111 |
+ - run: | |
112 |
+ make -k check || : |
113 |
+ - run: make install DESTDIR="${PWD}/root/" |
114 |
|
115 |
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml |
116 |
new file mode 100644 |
117 |
index 0000000..0cdfec2 |
118 |
--- /dev/null |
119 |
+++ b/.github/workflows/coverity.yml |
120 |
@@ -0,0 +1,52 @@ |
121 |
+# GitHub actions workflow. |
122 |
+# https://docs.github.com/en/actions/learn-github-actions/workflow-syntax-for-github-actions |
123 |
+ |
124 |
+# https://scan.coverity.com/projects/gentoo-pax-utils |
125 |
+name: Coverity Scan |
126 |
+ |
127 |
+on: |
128 |
+ push: |
129 |
+ branches: [master] |
130 |
+ |
131 |
+jobs: |
132 |
+ coverity: |
133 |
+ strategy: |
134 |
+ matrix: |
135 |
+ os: [ubuntu-latest] |
136 |
+ cc: [gcc] |
137 |
+ runs-on: ${{ matrix.os }} |
138 |
+ env: |
139 |
+ COVERITY_EMAIL: vapier@g.o |
140 |
+ COVERITY_PROJECT: gentoo%2Fpax-utils |
141 |
+ CC: ${{ matrix.cc }} |
142 |
+ steps: |
143 |
+ - uses: actions/checkout@v2 |
144 |
+ |
145 |
+ - name: Download Coverity Build Tool |
146 |
+ run: | |
147 |
+ wget -nv https://scan.coverity.com/download/cxx/linux64 \ |
148 |
+ --post-data "token=${TOKEN}&project=${COVERITY_PROJECT}" \ |
149 |
+ -O cov-analysis-linux64.tar.gz |
150 |
+ mkdir cov-analysis |
151 |
+ tar -xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis |
152 |
+ env: |
153 |
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} |
154 |
+ |
155 |
+ - name: Build with cov-build |
156 |
+ run: | |
157 |
+ export PATH="${PWD}/cov-analysis/bin:${PATH}" |
158 |
+ cov-build --dir cov-int make |
159 |
+ |
160 |
+ - name: Submit the result to Coverity Scan |
161 |
+ run: | |
162 |
+ tar -czvf cov-int.tgz cov-int |
163 |
+ curl \ |
164 |
+ --form project="${COVERITY_PROJECT}" \ |
165 |
+ --form token="${TOKEN}" \ |
166 |
+ --form email="${COVERITY_EMAIL}" \ |
167 |
+ --form file=@cov-int.tgz \ |
168 |
+ --form version="${GITHUB_SHA}" \ |
169 |
+ --form description="pax-utils git" \ |
170 |
+ "https://scan.coverity.com/builds?project=${COVERITY_PROJECT}" |
171 |
+ env: |
172 |
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} |
173 |
|
174 |
diff --git a/.travis.yml b/.travis.yml |
175 |
deleted file mode 100644 |
176 |
index f8b90cf..0000000 |
177 |
--- a/.travis.yml |
178 |
+++ /dev/null |
179 |
@@ -1,33 +0,0 @@ |
180 |
-# Travis build integration. |
181 |
-# https://docs.travis-ci.com/ |
182 |
- |
183 |
-language: c |
184 |
-# Order here matters for implicit matrix generation and coverity scan. |
185 |
-# See travis/main.sh for details. |
186 |
-compiler: |
187 |
- - gcc |
188 |
- - clang |
189 |
- |
190 |
-sudo: false |
191 |
- |
192 |
-# Order here matters; see compiler comment above. |
193 |
-os: |
194 |
- - linux |
195 |
- - osx |
196 |
- |
197 |
-# Travis currently uses Ubuntu 12.04 (Precise) which is too old: it does |
198 |
-# not include pyelftools. Disable until they update. |
199 |
-env: |
200 |
- global: |
201 |
- - USE_PYTHON=no |
202 |
- - secure: "ePjz/xsdTlf0lhdZtANITiAk2lBAA9wwzB5PK/9aR5i1eBfjgXQgIJLY1y7Lqa4WU8TnSF2mwzd0pYgb320lQMC5rP7aEMAqxVZeG9WmFjet2G5vQ48tDhEJzzDhOpfvQyPehiWqLL6RUhNjE8+kpdK74P7oUFJVIuoQkUn2EuW9eUD9hV6z6tS60C0F4COdE/6DPnBySmqvjm9r9Sdfz1flCI2FXoV7MrrqrwLIx3OMtHmqmM9vGF1d2rGXRADVEGL+ldx9KvdfTLddXhWkCuHZil9YMvQLu0+gTK/g3V02Gh1/xrKmTa6v2RDqimCYDGKdHn0An+tQShYqk2JqJfzvPeysGS8lWfQePaEnHnf6niQN6h4078Ru5jH3D6AFjInrdPEOS3UZsbrJ//7hhUdiHONeQZcVcCVk7bvaJoanjjI9hJaPQXc72u81uyjlXaTOEj/znOAV92WyTaR62cT5r0GR+R7Jp214YR1IyAIB63zQVw2QCNi6W2HpyUEo3d2fOdJdaPwPQL52GxD/i3h4uGh1orYdRL4s/tdqwvYHklE2AGrEAboq2pIkmVirWH9+3+vRTnZ+fyoXD6dqDa0QvkN0pxEwmFy0IvbvTUA+0k6iplDVY21hqoid2OUpus+LjdXT2QALsY9OfMvMPdUaoFSTzWFm1jwZBPqlZN0=" |
203 |
- |
204 |
-# Note: OS X deps are maintained in .travis.sh until Travis supports it here. |
205 |
-addons: |
206 |
- apt: |
207 |
- packages: |
208 |
- - autoconf-archive |
209 |
- - gnulib |
210 |
- - xmlto |
211 |
- |
212 |
-script: ./travis/main.sh |
213 |
|
214 |
diff --git a/Makefile b/Makefile |
215 |
index bb6f167..2585933 100644 |
216 |
--- a/Makefile |
217 |
+++ b/Makefile |
218 |
@@ -184,7 +184,7 @@ endif |
219 |
PN = pax-utils |
220 |
P = $(PN)-$(PV) |
221 |
dist: |
222 |
- ./make-tarball.sh $(DISTCHECK) $(PV) |
223 |
+ ./make-tarball.sh $(SHELL_TRACE) $(DISTCHECK) $(PV) |
224 |
distcheck: |
225 |
$(MAKE) dist DISTCHECK=--check |
226 |
|
227 |
@@ -200,7 +200,7 @@ check test: |
228 |
# |
229 |
GEN_MARK_START = \# @@@ GEN START @@@ \# |
230 |
GEN_MARK_END = \# @@@ GEN END @@@ \# |
231 |
-EXTRA_DIST = $(shell git ls-files | grep -v ^travis/) |
232 |
+EXTRA_DIST = $(shell git ls-files | grep -v -E '^(\.github|travis)/') |
233 |
autotools-update: |
234 |
$(MAKE) -C man -j |
235 |
sed -i.tmp '/^$(GEN_MARK_START)$$/,/^$(GEN_MARK_END)$$/d' Makefile.am |
236 |
@@ -219,6 +219,6 @@ autotools: |
237 |
ifeq ($(SKIP_AUTOTOOLS_UPDATE),) |
238 |
$(MAKE) autotools-update |
239 |
endif |
240 |
- ./autogen.sh --from=make |
241 |
+ ./autogen.sh $(SHELL_TRACE) --from=make |
242 |
|
243 |
.PHONY: autotools autotools-update _autotools-update |
244 |
|
245 |
diff --git a/Makefile.am b/Makefile.am |
246 |
index 748a7ca..2626b37 100644 |
247 |
--- a/Makefile.am |
248 |
+++ b/Makefile.am |
249 |
@@ -54,7 +54,6 @@ EXTRA_DIST += \ |
250 |
.depend \ |
251 |
.gitignore \ |
252 |
.pylintrc \ |
253 |
- .travis.yml \ |
254 |
BUGS \ |
255 |
COPYING \ |
256 |
Makefile \ |
257 |
|
258 |
diff --git a/README.md b/README.md |
259 |
index 6f2a3e7..7696374 100644 |
260 |
--- a/README.md |
261 |
+++ b/README.md |
262 |
@@ -5,7 +5,7 @@ |
263 |
| HOMEPAGE | https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities | |
264 |
| GIT | git clone git://anongit.gentoo.org/proj/pax-utils.git | |
265 |
| VIEWVCS | https://gitweb.gentoo.org/proj/pax-utils.git/ | |
266 |
-| STATUS | [![Build Status](https://travis-ci.org/gentoo/pax-utils.svg?branch=master)](https://travis-ci.org/gentoo/pax-utils) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) | |
267 |
+| STATUS | [![Build Status](https://github.com/gentoo/pax-utils/actions/workflows/build-test-ci/badge.svg) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) | |
268 |
|
269 |
pax-utils is a small set of utilities for peforming Q/A (mostly security) |
270 |
checks on systems (most notably, `scanelf`). It is focused on the ELF |
271 |
|
272 |
diff --git a/autogen.sh b/autogen.sh |
273 |
index a21b8e5..734596a 100755 |
274 |
--- a/autogen.sh |
275 |
+++ b/autogen.sh |
276 |
@@ -1,7 +1,5 @@ |
277 |
#!/bin/bash -e |
278 |
|
279 |
-. "${0%/*}"/travis/lib.sh |
280 |
- |
281 |
# NB: This script is normally run in a GNU environment (e.g. Linux), but we also run it on other |
282 |
# systems (e.g. macOS) as part of our automated CI. So a little care must be taken. |
283 |
|
284 |
@@ -26,13 +24,13 @@ if [[ $# -ne 0 ]] ; then |
285 |
exit 1 |
286 |
fi |
287 |
|
288 |
-v rm -rf autotools |
289 |
+rm -rf autotools |
290 |
if [[ ${FROM_TOOL} != "make" ]] ; then |
291 |
- v ${MAKE} autotools-update |
292 |
+ ${MAKE} autotools-update |
293 |
fi |
294 |
|
295 |
# reload the gnulib code if possible |
296 |
-PATH=/usr/local/src/gnu/gnulib:${PATH} |
297 |
+PATH="${PWD}/gnulib:${PWD}/../gnulib:/usr/local/src/gnu/gnulib:${PATH}" |
298 |
mods=" |
299 |
alloca |
300 |
euidaccess |
301 |
@@ -57,13 +55,13 @@ mods=" |
302 |
utimensat |
303 |
vasprintf-posix |
304 |
" |
305 |
-v --fold="gnulib-tool" gnulib-tool \ |
306 |
+gnulib-tool \ |
307 |
--source-base=autotools/gnulib --m4-base=autotools/m4 \ |
308 |
--import \ |
309 |
${mods} |
310 |
|
311 |
# not everyone has sys-devel/autoconf-archive installed |
312 |
-v tar xf travis/autotools.tar.xz |
313 |
+tar xf travis/autotools.tar.xz |
314 |
has() { [[ " ${*:2} " == *" $1 "* ]] ; } |
315 |
import_ax() { |
316 |
local macro content m4 lm4s=() |
317 |
@@ -89,7 +87,7 @@ while [[ ${curr} -ne ${new} ]] ; do |
318 |
done |
319 |
|
320 |
export AUTOMAKE="automake --foreign" |
321 |
-v autoreconf -i -f |
322 |
+autoreconf -i -f |
323 |
|
324 |
if [[ -x ./test.sh ]] ; then |
325 |
exec ./test.sh "$@" |
326 |
|
327 |
diff --git a/travis/lib.sh b/travis/lib.sh |
328 |
deleted file mode 100644 |
329 |
index 687ed41..0000000 |
330 |
--- a/travis/lib.sh |
331 |
+++ /dev/null |
332 |
@@ -1,38 +0,0 @@ |
333 |
-#!/bin/bash |
334 |
-# Common funcs for working w/Travis. |
335 |
- |
336 |
-travis_fold() { |
337 |
- if [[ -n ${TRAVIS_OS_NAME} ]] ; then |
338 |
- printf 'travis_fold:%s:%s\r\n' "$@" | sed 's: :_:g' |
339 |
- fi |
340 |
-} |
341 |
- |
342 |
-if [[ -n ${TRAVIS_OS_NAME} ]] ; then |
343 |
- whitebg=$(tput setab 7) |
344 |
- blackfg=$(tput setaf 0) |
345 |
- normal=$(tput sgr0) |
346 |
-else |
347 |
- whitebg= |
348 |
- blackbg= |
349 |
- normal= |
350 |
-fi |
351 |
-v() { |
352 |
- local fold="" |
353 |
- case $1 in |
354 |
- --fold=*) fold=${1:7}; shift;; |
355 |
- esac |
356 |
- if [[ -n ${fold} ]] ; then |
357 |
- travis_fold start "${fold}" |
358 |
- echo "\$ $*" |
359 |
- "$@" |
360 |
- travis_fold end "${fold}" |
361 |
- else |
362 |
- echo "${whitebg}${blackfg}\$ $*${normal}" |
363 |
- "$@" |
364 |
- fi |
365 |
-} |
366 |
- |
367 |
-ncpus=$(getconf _NPROCESSORS_ONLN) |
368 |
-m() { |
369 |
- v make -j${ncpus} "$@" |
370 |
-} |
371 |
|
372 |
diff --git a/travis/main.sh b/travis/main.sh |
373 |
deleted file mode 100755 |
374 |
index 50e8a2f..0000000 |
375 |
--- a/travis/main.sh |
376 |
+++ /dev/null |
377 |
@@ -1,75 +0,0 @@ |
378 |
-#!/bin/bash -e |
379 |
- |
380 |
-. "${0%/*}"/lib.sh |
381 |
- |
382 |
-# We have to do this by hand rather than use the coverity addon because of |
383 |
-# matrix explosion: https://github.com/travis-ci/travis-ci/issues/1975 |
384 |
-# We also do it by hand because when we're throttled, the addon will exit |
385 |
-# the build immediately and skip the main script! |
386 |
-coverity_scan() { |
387 |
- local reason |
388 |
- [[ ${TRAVIS_JOB_NUMBER} != *.1 ]] && reason="not first build job" |
389 |
- [[ -n ${TRAVIS_TAG} ]] && reason="git tag" |
390 |
- [[ ${TRAVIS_PULL_REQUEST} == "true" ]] && reason="pull request" |
391 |
- if [[ -n ${reason} ]] ; then |
392 |
- echo "Skipping coverity scan due to: ${reason}" |
393 |
- return |
394 |
- fi |
395 |
- |
396 |
- export COVERITY_SCAN_PROJECT_NAME="${TRAVIS_REPO_SLUG}" |
397 |
- export COVERITY_SCAN_NOTIFICATION_EMAIL="vapier@g.o" |
398 |
- export COVERITY_SCAN_BUILD_COMMAND="make -j${ncpus}" |
399 |
- export COVERITY_SCAN_BUILD_COMMAND_PREPEND="git clean -q -x -d -f; git checkout -f" |
400 |
- export COVERITY_SCAN_BRANCH_PATTERN="master" |
401 |
- |
402 |
- curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || : |
403 |
-} |
404 |
- |
405 |
-main() { |
406 |
- if [[ ${TRAVIS_OS_NAME} == "osx" ]] ; then |
407 |
- # Note: Linux deps are maintained in .travis.yml. |
408 |
- v --fold="brew_update" brew update |
409 |
- v --fold="brew_install" brew install xmlto xz |
410 |
- fi |
411 |
- |
412 |
- # See if we have to bootstrap gnulib. This is the case on OS X, and on |
413 |
- # Linux until they whitelist the package: |
414 |
- # https://github.com/travis-ci/apt-package-whitelist/issues/727 |
415 |
- if ! gnulib-tool --version >&/dev/null ; then |
416 |
- if [[ ! -d ../gnulib ]] ; then |
417 |
- v --fold="git_clone_gnulib" \ |
418 |
- git clone --depth=1 https://github.com/coreutils/gnulib.git ../gnulib |
419 |
- else |
420 |
- pushd ../gnulib |
421 |
- v --fold="git_pull_gnulib" git pull |
422 |
- popd |
423 |
- fi |
424 |
- export PATH="${PATH}:${PWD}/../gnulib" |
425 |
- fi |
426 |
- |
427 |
- if [[ ${TRAVIS_OS_NAME} == "linux" ]] ; then |
428 |
- # Standard optimized build. |
429 |
- m |
430 |
- m check |
431 |
- |
432 |
- # Debug build w/ASAN and such enabled. |
433 |
- m debug |
434 |
- m check |
435 |
- fi |
436 |
- |
437 |
- # Autotools based build. |
438 |
- v ./autogen.sh |
439 |
- if [[ ${TRAVIS_OS_NAME} == "linux" ]] ; then |
440 |
- v --fold="configure" ./configure |
441 |
- m V=1 distcheck |
442 |
- else |
443 |
- # ELF checks don't work on OS X -- no ELFs! |
444 |
- v ./configure |
445 |
- m V=1 |
446 |
- fi |
447 |
- |
448 |
- # Do scans last as they like to dirty the tree and some tests |
449 |
- # expect a clean tree (like code style checks). |
450 |
- v --fold="coverity_scan" coverity_scan |
451 |
-} |
452 |
-main "$@" |