diff options
| -rw-r--r-- | .github/workflows/codeql.yaml | 30 | ||||
| -rw-r--r-- | .github/workflows/container.yaml | 95 |
2 files changed, 40 insertions, 85 deletions
diff --git a/.github/workflows/codeql.yaml b/.github/workflows/codeql.yaml new file mode 100644 index 00000000..9398df75 --- /dev/null +++ b/.github/workflows/codeql.yaml @@ -0,0 +1,30 @@ +name: "CodeQL" + +on: + push: + branches: [stable, dev] + pull_request: + branches: [stable, dev] + +jobs: + codeql: + name: Analyze + runs-on: ubuntu-latest + container: # We use a previous image as it's expected to have all the dependencies + image: docker.io/aflplusplus/aflplusplus:dev + steps: + - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760 + run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus + - name: Checkout + uses: actions/checkout@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: cpp + - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process + env: + CC: gcc # These are symlinked to the version used in the container build + CXX: g++ + run: make -i distrib # Best effort using -i + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml index d4731775..0fd20dd7 100644 --- a/.github/workflows/container.yaml +++ b/.github/workflows/container.yaml @@ -1,4 +1,4 @@ -name: Build, test, CodeQL and push container image +name: Container on: push: branches: @@ -11,102 +11,29 @@ on: - dev # No need for stable-pull-request, as that equals dev-push jobs: - build-amd64: - name: Build amd64 image + build-and-test-amd64: + name: Build and test amd64 image runs-on: ubuntu-latest steps: - name: Checkout uses: actions/checkout@v3 - name: Set up Docker Buildx uses: docker/setup-buildx-action@v2 - - name: Login to GitHub Container Registry # Container cache registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - name: Build amd64 uses: docker/build-push-action@v3 with: context: . - platforms: linux/amd64 - tags: ghcr.io/${{ github.actor }}/aflplusplus:amd64 - push: true - cache-to: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus/cache:amd64,mode=max - cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus/cache:amd64 - - build-arm64: - name: Build arm64 image - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Login to GitHub Container Registry # Container cache registry - uses: docker/login-action@v2 - with: - registry: ghcr.io - username: ${{ github.actor }} - password: ${{ secrets.GITHUB_TOKEN }} - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Build arm64 - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/arm64 - tags: ghcr.io/${{ github.actor }}/aflplusplus:arm64 - push: true - cache-to: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus/cache:arm64,mode=max - cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus/cache:arm64 - - test-amd64: - name: Test amd64 image - runs-on: ubuntu-latest - needs: build-amd64 - container: - image: ghcr.io/${{ github.actor }}/aflplusplus:amd64 - steps: + tags: aflplusplus:amd64 + load: true + cache-to: type=gha,mode=max - name: Test amd64 - working-directory: /AFLplusplus - run: | - apt-get update - apt-get install -y libcmocka-dev - make -i tests - - codeql-amd64: - name: CodeQL Analyze amd64 compiled code - runs-on: ubuntu-latest - needs: - - build-amd64 - container: - image: ghcr.io/${{ github.actor }}/aflplusplus:amd64 - steps: - - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760 - run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus - - name: Checkout - uses: actions/checkout@v3 - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: cpp - - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process - env: - CC: gcc # These are symlinked to the version used in the container build - CXX: g++ - run: make -i distrib # Best effort using -i - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 + run: docker run --rm aflplusplus:amd64 bash -c "apt-get update && apt-get install -y libcmocka-dev && make -i tests" push: - name: Push amd64 and arm64 image + name: Build and push amd64 and arm64 image runs-on: ubuntu-latest needs: - - test-amd64 - - build-arm64 + - build-and-test-amd64 if: ${{ github.event_name == 'push' && github.repository == 'AFLplusplus/AFLplusplus' }} steps: - name: Checkout @@ -138,6 +65,4 @@ jobs: platforms: linux/amd64,linux/arm64 push: true tags: ${{ steps.push-tags.outputs.PUSH_TAGS }} - cache-from: | # TODO: From COPY line on is not cached - type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus/cache:amd64 - type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus/cache:arm64 + cache-from: type=gha |