diff options
Diffstat (limited to '.github/workflows')
| -rw-r--r-- | .github/workflows/build-test-push-container.yaml | 96 | ||||
| -rw-r--r-- | .github/workflows/codeql-analysis.yml | 32 | ||||
| -rw-r--r-- | .github/workflows/container.yaml | 136 |
3 files changed, 136 insertions, 128 deletions
diff --git a/.github/workflows/build-test-push-container.yaml b/.github/workflows/build-test-push-container.yaml deleted file mode 100644 index 5d9e69e4..00000000 --- a/.github/workflows/build-test-push-container.yaml +++ /dev/null @@ -1,96 +0,0 @@ -name: Build and test container image -on: - push: - branches: - - stable - - dev - tags: - - '*' - pull_request: - branch: - - stable - - dev - -jobs: - build-amd64: - name: Build and test amd64 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build amd64 - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64 - load: true - tags: aflplusplus/aflplusplus:test - # cache-from: type=gha # Ensure we always build a fresh image. We just use the cache for the subsequent push job. - cache-to: type=gha,mode=max - - name: Test linux/amd64 image - run: docker run --rm --platform linux/amd64 aflplusplus/aflplusplus:test make tests - continue-on-error: true - build-arm64: - name: Build and test arm64 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build arm64 - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/arm64 - load: true - tags: aflplusplus/aflplusplus:test - # cache-from: type=gha # Ensure we always build a fresh image. We just use the cache for the subsequent push job. - cache-to: type=gha,mode=max - - name: Test linux/arm64 image - run: docker run --rm --platform linux/arm64 aflplusplus/aflplusplus:test make tests - continue-on-error: true - push: - needs: - - build-amd64 - - build-arm64 - if: ${{ github.event_name == 'push' }} - name: Push image - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Login to Dockerhub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - name: Publish ${{ github.ref_name }} for amd64 and arm64 to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: aflplusplus/aflplusplus:${{ github.ref_name }} - cache-from: type=gha - # cache-to: type=gha,mode=max # No need to add to cache as we'll never use this - if: ${{ github.ref_name != 'stable' }} - - name: Publish stable and latest to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: aflplusplus/aflplusplus:${{ github.ref_name }},aflplusplus/aflplusplus:latest - cache-from: type=gha - # cache-to: type=gha,mode=max # No need to add to cache as we'll never use this - if: ${{ github.ref_name == 'stable' }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 55d477fc..00000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ stable, dev ] - pull_request: - branches: [ stable, dev ] - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'cpp' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml new file mode 100644 index 00000000..504eadfa --- /dev/null +++ b/.github/workflows/container.yaml @@ -0,0 +1,136 @@ +name: Build, test, CodeQL and push container image +on: + push: + branches: + - stable + - dev + tags: + - "*" + pull_request: + branches: + - dev # No need for stable-pull-request, as that equals dev-push + +jobs: + build-amd64: + name: Build amd64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry # Container cache registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build amd64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64 + tags: ghcr.io/${{ github.actor }}/aflplusplus:amd64 + push: true + cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64 + + build-arm64: + name: Build arm64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry # Container cache registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Build arm64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/arm64 + tags: ghcr.io/${{ github.actor }}/aflplusplus:arm64 + push: true + cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64 + + test-amd64: + name: Test amd64 image + runs-on: ubuntu-latest + needs: build-amd64 + steps: + - name: Test amd64 + run: docker run --rm ghcr.io/${{ github.actor }}/aflplusplus:amd64 make tests + continue-on-error: true + + codeql-amd64: + name: CodeQL Analyze amd64 compiled code + runs-on: ubuntu-latest + needs: + - build-amd64 + container: + image: ghcr.io/${{ github.actor }}/aflplusplus:amd64 + steps: + - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760 + run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus + - name: Checkout + uses: actions/checkout@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: cpp + - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process + env: + CC: gcc # These are symlinked to the version used in the container build + CXX: g++ + run: make -i distrib # Best effort using -i + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + + push: + name: Push amd64 and arm64 image + runs-on: ubuntu-latest + needs: + - test-amd64 + - build-arm64 + if: ${{ github.event_name == 'push' }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to docker.io + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Set tags to push + id: push-tags + run: | + PUSH_TAGS=docker.io/aflplusplus/aflplusplus:${GITHUB_REF_NAME} + if [ "${GITHUB_REF_NAME}" = "stable" ]; then + PUSH_TAGS=${PUSH_TAGS},docker.io/aflplusplus/aflplusplus:latest + fi + export PUSH_TAGS + echo "::set-output name=PUSH_TAGS::${PUSH_TAGS}" + - name: Push to docker.io registry + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64,linux/arm64 # TODO: Fix: arm64 image doesn't use cached layer from COPY line + push: true + tags: ${{ steps.push-tags.outputs.PUSH_TAGS }} + cache-from: | + type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64 + type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64 |