diff options
| author | rhtenhove <rhtenhove@users.noreply.github.com> | 2022-06-24 09:26:09 -0400 |
|---|---|---|
| committer | GitHub <noreply@github.com> | 2022-06-24 09:26:09 -0400 |
| commit | 1dac69b1eb16dff00d7a625138da5555c3acccb8 (patch) | |
| tree | f1fe87d36415044f0426a750a6406e6a630c0cb2 /.github/workflows/container.yaml | |
| parent | 0da7ddb738df60b3650d36832c9ede040a7ba6b9 (diff) | |
| download | afl++-1dac69b1eb16dff00d7a625138da5555c3acccb8.tar.gz | |
use container; more is built + tested; use make -i (#2)
Diffstat (limited to '.github/workflows/container.yaml')
| -rw-r--r-- | .github/workflows/container.yaml | 136 |
1 files changed, 136 insertions, 0 deletions
diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml new file mode 100644 index 00000000..504eadfa --- /dev/null +++ b/.github/workflows/container.yaml @@ -0,0 +1,136 @@ +name: Build, test, CodeQL and push container image +on: + push: + branches: + - stable + - dev + tags: + - "*" + pull_request: + branches: + - dev # No need for stable-pull-request, as that equals dev-push + +jobs: + build-amd64: + name: Build amd64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry # Container cache registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build amd64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64 + tags: ghcr.io/${{ github.actor }}/aflplusplus:amd64 + push: true + cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64 + + build-arm64: + name: Build arm64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry # Container cache registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Build arm64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/arm64 + tags: ghcr.io/${{ github.actor }}/aflplusplus:arm64 + push: true + cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64 + + test-amd64: + name: Test amd64 image + runs-on: ubuntu-latest + needs: build-amd64 + steps: + - name: Test amd64 + run: docker run --rm ghcr.io/${{ github.actor }}/aflplusplus:amd64 make tests + continue-on-error: true + + codeql-amd64: + name: CodeQL Analyze amd64 compiled code + runs-on: ubuntu-latest + needs: + - build-amd64 + container: + image: ghcr.io/${{ github.actor }}/aflplusplus:amd64 + steps: + - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760 + run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus + - name: Checkout + uses: actions/checkout@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: cpp + - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process + env: + CC: gcc # These are symlinked to the version used in the container build + CXX: g++ + run: make -i distrib # Best effort using -i + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + + push: + name: Push amd64 and arm64 image + runs-on: ubuntu-latest + needs: + - test-amd64 + - build-arm64 + if: ${{ github.event_name == 'push' }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to docker.io + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Set tags to push + id: push-tags + run: | + PUSH_TAGS=docker.io/aflplusplus/aflplusplus:${GITHUB_REF_NAME} + if [ "${GITHUB_REF_NAME}" = "stable" ]; then + PUSH_TAGS=${PUSH_TAGS},docker.io/aflplusplus/aflplusplus:latest + fi + export PUSH_TAGS + echo "::set-output name=PUSH_TAGS::${PUSH_TAGS}" + - name: Push to docker.io registry + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64,linux/arm64 # TODO: Fix: arm64 image doesn't use cached layer from COPY line + push: true + tags: ${{ steps.push-tags.outputs.PUSH_TAGS }} + cache-from: | + type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64 + type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64 |