use container; more is built + tested; use make -i (#2)

3 files changed, 136 insertions, 128 deletions

diff --git a/.github/workflows/build-test-push-container.yaml b/.github/workflows/build-test-push-container.yaml
deleted file mode 100644
index 5d9e69e4..00000000
--- a/.github/workflows/build-test-push-container.yaml
+++ /dev/null
@@ -1,96 +0,0 @@
-name: Build and test container image
-on:
-  push:
-    branches:
-      - stable
-      - dev
-    tags:
-      - '*'
-  pull_request:
-    branch:
-      - stable
-      - dev
-
-jobs:
-  build-amd64:
-    name: Build and test amd64
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Build amd64
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          platforms: linux/amd64
-          load: true
-          tags: aflplusplus/aflplusplus:test
-          # cache-from: type=gha  # Ensure we always build a fresh image. We just use the cache for the subsequent push job.
-          cache-to: type=gha,mode=max
-      - name: Test linux/amd64 image
-        run: docker run --rm --platform linux/amd64 aflplusplus/aflplusplus:test make tests
-        continue-on-error: true
-  build-arm64:
-    name: Build and test arm64
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: arm64
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Build arm64
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          platforms: linux/arm64
-          load: true
-          tags: aflplusplus/aflplusplus:test
-          # cache-from: type=gha  # Ensure we always build a fresh image. We just use the cache for the subsequent push job.
-          cache-to: type=gha,mode=max
-      - name: Test linux/arm64 image
-        run: docker run --rm --platform linux/arm64 aflplusplus/aflplusplus:test make tests
-        continue-on-error: true
-  push:
-    needs:
-      - build-amd64
-      - build-arm64
-    if: ${{ github.event_name == 'push' }}
-    name: Push image
-    runs-on: ubuntu-latest
-    steps:
-      - uses: actions/checkout@v3
-      - name: Set up QEMU
-        uses: docker/setup-qemu-action@v2
-        with:
-          platforms: arm64
-      - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@v2
-      - name: Login to Dockerhub
-        uses: docker/login-action@v2
-        with:
-          username: ${{ secrets.DOCKER_USERNAME }}
-          password: ${{ secrets.DOCKER_TOKEN }}
-      - name: Publish ${{ github.ref_name }} for amd64 and arm64 to docker.io registry
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: aflplusplus/aflplusplus:${{ github.ref_name }}
-          cache-from: type=gha
-          # cache-to: type=gha,mode=max  # No need to add to cache as we'll never use this
-        if: ${{ github.ref_name != 'stable' }}
-      - name: Publish stable and latest to docker.io registry
-        uses: docker/build-push-action@v3
-        with:
-          context: .
-          platforms: linux/amd64,linux/arm64
-          push: true
-          tags: aflplusplus/aflplusplus:${{ github.ref_name }},aflplusplus/aflplusplus:latest
-          cache-from: type=gha
-          # cache-to: type=gha,mode=max  # No need to add to cache as we'll never use this
-        if: ${{ github.ref_name == 'stable' }}
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
deleted file mode 100644
index 55d477fc..00000000
--- a/.github/workflows/codeql-analysis.yml
+++ /dev/null
@@ -1,32 +0,0 @@
-name: "CodeQL"
-
-on:
-  push:
-    branches: [ stable, dev ]
-  pull_request:
-    branches: [ stable, dev ]
-
-jobs:
-  analyze:
-    name: Analyze
-    runs-on: ubuntu-latest
-
-    strategy:
-      fail-fast: false
-      matrix:
-        language: [ 'cpp' ]
-
-    steps:
-    - name: Checkout repository
-      uses: actions/checkout@v3
-
-    - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
-      with:
-        languages: ${{ matrix.language }}
-
-    - name: Autobuild
-      uses: github/codeql-action/autobuild@v2
-
-    - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml
new file mode 100644
index 00000000..504eadfa
--- /dev/null
+++ b/.github/workflows/container.yaml
@@ -0,0 +1,136 @@
+name: Build, test, CodeQL and push container image
+on:
+  push:
+    branches:
+      - stable
+      - dev
+    tags:
+      - "*"
+  pull_request:
+    branches:
+      - dev # No need for stable-pull-request, as that equals dev-push
+
+jobs:
+  build-amd64:
+    name: Build amd64 image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to GitHub Container Registry # Container cache registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Build amd64
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/amd64
+          tags: ghcr.io/${{ github.actor }}/aflplusplus:amd64
+          push: true
+          cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64
+
+  build-arm64:
+    name: Build arm64 image
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to GitHub Container Registry # Container cache registry
+        uses: docker/login-action@v2
+        with:
+          registry: ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ secrets.GITHUB_TOKEN }}
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: arm64
+      - name: Build arm64
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/arm64
+          tags: ghcr.io/${{ github.actor }}/aflplusplus:arm64
+          push: true
+          cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64
+
+  test-amd64:
+    name: Test amd64 image
+    runs-on: ubuntu-latest
+    needs: build-amd64
+    steps:
+      - name: Test amd64
+        run: docker run --rm ghcr.io/${{ github.actor }}/aflplusplus:amd64 make tests
+        continue-on-error: true
+
+  codeql-amd64:
+    name: CodeQL Analyze amd64 compiled code
+    runs-on: ubuntu-latest
+    needs:
+      - build-amd64
+    container:
+      image: ghcr.io/${{ github.actor }}/aflplusplus:amd64
+    steps:
+      - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760
+        run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v2
+        with:
+          languages: cpp
+      - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process
+        env:
+          CC: gcc # These are symlinked to the version used in the container build
+          CXX: g++
+        run: make -i distrib # Best effort using -i
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v2
+
+  push:
+    name: Push amd64 and arm64 image
+    runs-on: ubuntu-latest
+    needs:
+      - test-amd64
+      - build-arm64
+    if: ${{ github.event_name == 'push' }}
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v3
+      - name: Set up QEMU
+        uses: docker/setup-qemu-action@v2
+        with:
+          platforms: arm64
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@v2
+      - name: Login to docker.io
+        uses: docker/login-action@v2
+        with:
+          username: ${{ secrets.DOCKER_USERNAME }}
+          password: ${{ secrets.DOCKER_TOKEN }}
+      - name: Set tags to push
+        id: push-tags
+        run: |
+          PUSH_TAGS=docker.io/aflplusplus/aflplusplus:${GITHUB_REF_NAME}
+          if [ "${GITHUB_REF_NAME}" = "stable" ]; then
+            PUSH_TAGS=${PUSH_TAGS},docker.io/aflplusplus/aflplusplus:latest
+          fi
+          export PUSH_TAGS
+          echo "::set-output name=PUSH_TAGS::${PUSH_TAGS}"
+      - name: Push to docker.io registry
+        uses: docker/build-push-action@v3
+        with:
+          context: .
+          platforms: linux/amd64,linux/arm64 # TODO: Fix: arm64 image doesn't use cached layer from COPY line
+          push: true
+          tags: ${{ steps.push-tags.outputs.PUSH_TAGS }}
+          cache-from: |
+            type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64
+            type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64