From a5822c7c2fc34e52defe630b418db7f856bc4f89 Mon Sep 17 00:00:00 2001 From: Ruben ten Hove Date: Tue, 21 Jun 2022 18:52:43 +0200 Subject: various changes --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index eda8dfd0..d5dce05f 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -18,7 +18,7 @@ jobs: steps: - name: Checkout repository - uses: actions/checkout@v2 + uses: actions/checkout@v3 - name: Initialize CodeQL uses: github/codeql-action/init@v1 -- cgit 1.4.1 From 0da7ddb738df60b3650d36832c9ede040a7ba6b9 Mon Sep 17 00:00:00 2001 From: rhtenhove Date: Wed, 22 Jun 2022 06:36:35 -0400 Subject: concurrency and caching (#1) * use concurrency * run here too * allow test failure * only push on push * fix coresight mode build * support but disable coresight * woops * no unicorn for arm * update codeql and fix makefile * forgot those * disable forward cache * fix needing buildx Co-authored-by: Ruben ten Hove --- .dockerignore | 4 +- .github/workflows/build-push-test-container.yaml | 61 --------------- .github/workflows/build-test-push-container.yaml | 96 ++++++++++++++++++++++++ .github/workflows/codeql-analysis.yml | 6 +- Dockerfile | 16 ++-- GNUmakefile | 26 +++++-- 6 files changed, 134 insertions(+), 75 deletions(-) delete mode 100644 .github/workflows/build-push-test-container.yaml create mode 100644 .github/workflows/build-test-push-container.yaml (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.dockerignore b/.dockerignore index d05bf1c6..9d3d434b 100644 --- a/.dockerignore +++ b/.dockerignore @@ -1,3 +1,4 @@ +/.github .test .test2 .sync_tmp @@ -10,6 +11,7 @@ ld in out core* +!/coresight_mode afl-analyze afl-as afl-clang @@ -62,4 +64,4 @@ examples/afl_network_proxy/afl-network-client examples/afl_frida/afl-frida examples/afl_frida/libtestinstr.so examples/afl_frida/frida-gum-example.c -examples/afl_frida/frida-gum.h \ No newline at end of file +examples/afl_frida/frida-gum.h diff --git a/.github/workflows/build-push-test-container.yaml b/.github/workflows/build-push-test-container.yaml deleted file mode 100644 index e2b828ac..00000000 --- a/.github/workflows/build-push-test-container.yaml +++ /dev/null @@ -1,61 +0,0 @@ -name: Build, test and push container image - -on: - push: - branches: - - stable - - dev - tags: - - '*' - -jobs: - build: - name: Build, test and push container image - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build amd64 image - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64 - load: true - tags: aflplusplus/aflplusplus:test - - name: Build arm64 image - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/arm64 - load: true - tags: aflplusplus/aflplusplus:test - - name: Test linux/amd64 image - run: docker run --rm --platform linux/amd64 aflplusplus/aflplusplus:test make tests - - name: Test linux/arm64 image - run: docker run --rm --platform linux/arm64 aflplusplus/aflplusplus:test make tests - - name: Login to Dockerhub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - name: Publish ${{ github.ref_name }} to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: aflplusplus/aflplusplus:${{ github.ref_name }} - if: ${{ github.ref_name != 'stable' }} - - name: Publish stable and latest to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: aflplusplus/aflplusplus:${{ github.ref_name }},aflplusplus/aflplusplus:latest - if: ${{ github.ref_name == 'stable' }} diff --git a/.github/workflows/build-test-push-container.yaml b/.github/workflows/build-test-push-container.yaml new file mode 100644 index 00000000..5d9e69e4 --- /dev/null +++ b/.github/workflows/build-test-push-container.yaml @@ -0,0 +1,96 @@ +name: Build and test container image +on: + push: + branches: + - stable + - dev + tags: + - '*' + pull_request: + branch: + - stable + - dev + +jobs: + build-amd64: + name: Build and test amd64 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build amd64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64 + load: true + tags: aflplusplus/aflplusplus:test + # cache-from: type=gha # Ensure we always build a fresh image. We just use the cache for the subsequent push job. + cache-to: type=gha,mode=max + - name: Test linux/amd64 image + run: docker run --rm --platform linux/amd64 aflplusplus/aflplusplus:test make tests + continue-on-error: true + build-arm64: + name: Build and test arm64 + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build arm64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/arm64 + load: true + tags: aflplusplus/aflplusplus:test + # cache-from: type=gha # Ensure we always build a fresh image. We just use the cache for the subsequent push job. + cache-to: type=gha,mode=max + - name: Test linux/arm64 image + run: docker run --rm --platform linux/arm64 aflplusplus/aflplusplus:test make tests + continue-on-error: true + push: + needs: + - build-amd64 + - build-arm64 + if: ${{ github.event_name == 'push' }} + name: Push image + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to Dockerhub + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Publish ${{ github.ref_name }} for amd64 and arm64 to docker.io registry + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: aflplusplus/aflplusplus:${{ github.ref_name }} + cache-from: type=gha + # cache-to: type=gha,mode=max # No need to add to cache as we'll never use this + if: ${{ github.ref_name != 'stable' }} + - name: Publish stable and latest to docker.io registry + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: aflplusplus/aflplusplus:${{ github.ref_name }},aflplusplus/aflplusplus:latest + cache-from: type=gha + # cache-to: type=gha,mode=max # No need to add to cache as we'll never use this + if: ${{ github.ref_name == 'stable' }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index d5dce05f..55d477fc 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -21,12 +21,12 @@ jobs: uses: actions/checkout@v3 - name: Initialize CodeQL - uses: github/codeql-action/init@v1 + uses: github/codeql-action/init@v2 with: languages: ${{ matrix.language }} - name: Autobuild - uses: github/codeql-action/autobuild@v1 + uses: github/codeql-action/autobuild@v2 - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v2 diff --git a/Dockerfile b/Dockerfile index e9b1bc7e..b8b45ac5 100644 --- a/Dockerfile +++ b/Dockerfile @@ -33,9 +33,9 @@ ENV PATH=$PATH:/etc/cargo/bin ARG LLVM_VERSION=14 ARG GCC_VERSION=12 -RUN mkdir -p /usr/local/share/keyrings && \ - echo "deb [signed-by=/usr/local/share/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \ - wget -qO /usr/local/share/keyrings/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key +RUN mkdir -p /etc/apt/keyrings && \ + echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \ + wget -qO /etc/apt/keyrings/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key RUN apt-get update && \ apt-get -y install --no-install-recommends \ @@ -45,9 +45,11 @@ RUN apt-get update && \ libclang-common-${LLVM_VERSION}-dev libclang-cpp${LLVM_VERSION} libclang-cpp${LLVM_VERSION}-dev liblld-${LLVM_VERSION} \ liblld-${LLVM_VERSION}-dev liblldb-${LLVM_VERSION} liblldb-${LLVM_VERSION}-dev libllvm${LLVM_VERSION} libomp-${LLVM_VERSION}-dev \ libomp5-${LLVM_VERSION} lld-${LLVM_VERSION} lldb-${LLVM_VERSION} llvm-${LLVM_VERSION} llvm-${LLVM_VERSION}-dev llvm-${LLVM_VERSION}-runtime llvm-${LLVM_VERSION}-tools \ - $([ "$(dpkg --print-architecture)" = "amd64" ] && echo gcc-${GCC_VERSION}-multilib gcc-multilib) && \ + $([ "$(dpkg --print-architecture)" = "amd64" ] && echo gcc-${GCC_VERSION}-multilib gcc-multilib) \ + $([ "$(dpkg --print-architecture)" = "arm64" ] && echo libcapstone-dev) && \ rm -rf /var/lib/apt/lists/* - # arm64 doesn't have gcc-multilib, and it's only used for -m32 support on x86 + # gcc-multilib is only used for -m32 support on x86 + # libcapstone-dev is used for coresight_mode on arm64 RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_VERSION} 0 && \ update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-${GCC_VERSION} 0 @@ -66,6 +68,10 @@ COPY . . # Until gcc v12.1 is released for ubuntu https://bugs.launchpad.net/ubuntu/+source/gcc-11/+bug/1940029 ENV NO_NYX 1 +# Build currently broken +ENV NO_CORESIGHT 1 +ENV NO_UNICORN_ARM64 1 + RUN export CC=gcc-${GCC_VERSION} && export CXX=g++-${GCC_VERSION} && make clean && \ make distrib && make install && make clean diff --git a/GNUmakefile b/GNUmakefile index fad619cf..9982ad75 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -623,15 +623,23 @@ endif $(MAKE) -C frida_mode ifneq "$(SYS)" "Darwin" ifeq "$(ARCH)" "aarch64" + ifndef NO_CORESIGHT $(MAKE) -C coresight_mode + endif endif ifeq "$(SYS)" "Linux" -ifndef NO_NYX + ifndef NO_NYX cd nyx_mode && ./build_nyx_support.sh -endif + endif endif cd qemu_mode && sh ./build_qemu_support.sh + ifeq "$(ARCH)" "aarch64" + ifndef NO_UNICORN_ARM64 cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh + endif + else + cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh + endif endif .PHONY: binary-only @@ -645,15 +653,23 @@ binary-only: test_shm test_python ready $(PROGS) $(MAKE) -C frida_mode ifneq "$(SYS)" "Darwin" ifeq "$(ARCH)" "aarch64" + ifndef NO_CORESIGHT $(MAKE) -C coresight_mode + endif endif ifeq "$(SYS)" "Linux" ifndef NO_NYX - -cd nyx_mode && ./build_nyx_support.sh + cd nyx_mode && ./build_nyx_support.sh endif endif - -cd qemu_mode && sh ./build_qemu_support.sh - -cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh + cd qemu_mode && sh ./build_qemu_support.sh + ifeq "$(ARCH)" "aarch64" + ifndef NO_UNICORN_ARM64 + cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh + endif + else + cd unicorn_mode && unset CFLAGS && sh ./build_unicorn_support.sh + endif endif .PHONY: source-only -- cgit 1.4.1 From 1dac69b1eb16dff00d7a625138da5555c3acccb8 Mon Sep 17 00:00:00 2001 From: rhtenhove Date: Fri, 24 Jun 2022 09:26:09 -0400 Subject: use container; more is built + tested; use make -i (#2) --- .github/workflows/build-test-push-container.yaml | 96 ---------------- .github/workflows/codeql-analysis.yml | 32 ------ .github/workflows/container.yaml | 136 +++++++++++++++++++++++ Dockerfile | 64 ++++++----- GNUmakefile | 34 +++--- Makefile | 28 ++--- docs/INSTALL.md | 18 +-- qemu_mode/build_qemu_support.sh | 2 +- 8 files changed, 209 insertions(+), 201 deletions(-) delete mode 100644 .github/workflows/build-test-push-container.yaml delete mode 100644 .github/workflows/codeql-analysis.yml create mode 100644 .github/workflows/container.yaml (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/build-test-push-container.yaml b/.github/workflows/build-test-push-container.yaml deleted file mode 100644 index 5d9e69e4..00000000 --- a/.github/workflows/build-test-push-container.yaml +++ /dev/null @@ -1,96 +0,0 @@ -name: Build and test container image -on: - push: - branches: - - stable - - dev - tags: - - '*' - pull_request: - branch: - - stable - - dev - -jobs: - build-amd64: - name: Build and test amd64 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build amd64 - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64 - load: true - tags: aflplusplus/aflplusplus:test - # cache-from: type=gha # Ensure we always build a fresh image. We just use the cache for the subsequent push job. - cache-to: type=gha,mode=max - - name: Test linux/amd64 image - run: docker run --rm --platform linux/amd64 aflplusplus/aflplusplus:test make tests - continue-on-error: true - build-arm64: - name: Build and test arm64 - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build arm64 - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/arm64 - load: true - tags: aflplusplus/aflplusplus:test - # cache-from: type=gha # Ensure we always build a fresh image. We just use the cache for the subsequent push job. - cache-to: type=gha,mode=max - - name: Test linux/arm64 image - run: docker run --rm --platform linux/arm64 aflplusplus/aflplusplus:test make tests - continue-on-error: true - push: - needs: - - build-amd64 - - build-arm64 - if: ${{ github.event_name == 'push' }} - name: Push image - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Login to Dockerhub - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - name: Publish ${{ github.ref_name }} for amd64 and arm64 to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: aflplusplus/aflplusplus:${{ github.ref_name }} - cache-from: type=gha - # cache-to: type=gha,mode=max # No need to add to cache as we'll never use this - if: ${{ github.ref_name != 'stable' }} - - name: Publish stable and latest to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: aflplusplus/aflplusplus:${{ github.ref_name }},aflplusplus/aflplusplus:latest - cache-from: type=gha - # cache-to: type=gha,mode=max # No need to add to cache as we'll never use this - if: ${{ github.ref_name == 'stable' }} diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml deleted file mode 100644 index 55d477fc..00000000 --- a/.github/workflows/codeql-analysis.yml +++ /dev/null @@ -1,32 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [ stable, dev ] - pull_request: - branches: [ stable, dev ] - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - language: [ 'cpp' ] - - steps: - - name: Checkout repository - uses: actions/checkout@v3 - - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: ${{ matrix.language }} - - - name: Autobuild - uses: github/codeql-action/autobuild@v2 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml new file mode 100644 index 00000000..504eadfa --- /dev/null +++ b/.github/workflows/container.yaml @@ -0,0 +1,136 @@ +name: Build, test, CodeQL and push container image +on: + push: + branches: + - stable + - dev + tags: + - "*" + pull_request: + branches: + - dev # No need for stable-pull-request, as that equals dev-push + +jobs: + build-amd64: + name: Build amd64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry # Container cache registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Build amd64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64 + tags: ghcr.io/${{ github.actor }}/aflplusplus:amd64 + push: true + cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64 + + build-arm64: + name: Build arm64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to GitHub Container Registry # Container cache registry + uses: docker/login-action@v2 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Build arm64 + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/arm64 + tags: ghcr.io/${{ github.actor }}/aflplusplus:arm64 + push: true + cache-from: type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64 + + test-amd64: + name: Test amd64 image + runs-on: ubuntu-latest + needs: build-amd64 + steps: + - name: Test amd64 + run: docker run --rm ghcr.io/${{ github.actor }}/aflplusplus:amd64 make tests + continue-on-error: true + + codeql-amd64: + name: CodeQL Analyze amd64 compiled code + runs-on: ubuntu-latest + needs: + - build-amd64 + container: + image: ghcr.io/${{ github.actor }}/aflplusplus:amd64 + steps: + - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760 + run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus + - name: Checkout + uses: actions/checkout@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: cpp + - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process + env: + CC: gcc # These are symlinked to the version used in the container build + CXX: g++ + run: make -i distrib # Best effort using -i + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + + push: + name: Push amd64 and arm64 image + runs-on: ubuntu-latest + needs: + - test-amd64 + - build-arm64 + if: ${{ github.event_name == 'push' }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to docker.io + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Set tags to push + id: push-tags + run: | + PUSH_TAGS=docker.io/aflplusplus/aflplusplus:${GITHUB_REF_NAME} + if [ "${GITHUB_REF_NAME}" = "stable" ]; then + PUSH_TAGS=${PUSH_TAGS},docker.io/aflplusplus/aflplusplus:latest + fi + export PUSH_TAGS + echo "::set-output name=PUSH_TAGS::${PUSH_TAGS}" + - name: Push to docker.io registry + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64,linux/arm64 # TODO: Fix: arm64 image doesn't use cached layer from COPY line + push: true + tags: ${{ steps.push-tags.outputs.PUSH_TAGS }} + cache-from: | + type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:amd64 + type=registry,ref=ghcr.io/${{ github.actor }}/aflplusplus:arm64 diff --git a/Dockerfile b/Dockerfile index b8b45ac5..24bf0dda 100644 --- a/Dockerfile +++ b/Dockerfile @@ -5,46 +5,41 @@ FROM ubuntu:22.04 AS aflplusplus LABEL "maintainer"="afl++ team " -LABEL "about"="AFLplusplus docker image" +LABEL "about"="AFLplusplus container image" ARG DEBIAN_FRONTEND=noninteractive -ENV NO_ARCH_OPT 1 -ENV IS_DOCKER="1" +ENV NO_ARCH_OPT=1 +ENV IS_DOCKER=1 RUN apt-get update && apt-get full-upgrade -y && \ - apt-get -y install --no-install-recommends \ - make cmake automake \ - meson ninja-build bison flex \ - xz-utils bzip2 \ - git \ - python3 python3-dev python3-setuptools python-is-python3 \ - libtool libtool-bin \ - libglib2.0-dev \ - wget vim jupp nano bash-completion less \ - apt-utils apt-transport-https ca-certificates gnupg dialog \ - libpixman-1-dev \ - gnuplot-nox && \ + apt-get install -y --no-install-recommends wget ca-certificates && \ rm -rf /var/lib/apt/lists/* -RUN wget -qO- https://sh.rustup.rs | CARGO_HOME=/etc/cargo sh -s -- -y -q --no-modify-path -ENV PATH=$PATH:/etc/cargo/bin - ARG LLVM_VERSION=14 ARG GCC_VERSION=12 -RUN mkdir -p /etc/apt/keyrings && \ - echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \ +RUN echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \ wget -qO /etc/apt/keyrings/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key RUN apt-get update && \ apt-get -y install --no-install-recommends \ + make cmake automake meson ninja-build bison flex \ + git xz-utils bzip2 wget vim jupp nano bash-completion less \ + python3 python3-dev python3-setuptools python-is-python3 \ + libtool libtool-bin libglib2.0-dev \ + apt-utils apt-transport-https gnupg dialog \ + gnuplot-nox libpixman-1-dev \ gcc-${GCC_VERSION} g++-${GCC_VERSION} gcc-${GCC_VERSION}-plugin-dev gdb lcov \ - clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} libc++-${LLVM_VERSION}-dev \ - libc++abi1-${LLVM_VERSION} libc++abi-${LLVM_VERSION}-dev libclang1-${LLVM_VERSION} libclang-${LLVM_VERSION}-dev \ - libclang-common-${LLVM_VERSION}-dev libclang-cpp${LLVM_VERSION} libclang-cpp${LLVM_VERSION}-dev liblld-${LLVM_VERSION} \ - liblld-${LLVM_VERSION}-dev liblldb-${LLVM_VERSION} liblldb-${LLVM_VERSION}-dev libllvm${LLVM_VERSION} libomp-${LLVM_VERSION}-dev \ - libomp5-${LLVM_VERSION} lld-${LLVM_VERSION} lldb-${LLVM_VERSION} llvm-${LLVM_VERSION} llvm-${LLVM_VERSION}-dev llvm-${LLVM_VERSION}-runtime llvm-${LLVM_VERSION}-tools \ + clang-${LLVM_VERSION} clang-tools-${LLVM_VERSION} libc++1-${LLVM_VERSION} \ + libc++-${LLVM_VERSION}-dev libc++abi1-${LLVM_VERSION} libc++abi-${LLVM_VERSION}-dev \ + libclang1-${LLVM_VERSION} libclang-${LLVM_VERSION}-dev \ + libclang-common-${LLVM_VERSION}-dev libclang-cpp${LLVM_VERSION} \ + libclang-cpp${LLVM_VERSION}-dev liblld-${LLVM_VERSION} \ + liblld-${LLVM_VERSION}-dev liblldb-${LLVM_VERSION} liblldb-${LLVM_VERSION}-dev \ + libllvm${LLVM_VERSION} libomp-${LLVM_VERSION}-dev libomp5-${LLVM_VERSION} \ + lld-${LLVM_VERSION} lldb-${LLVM_VERSION} llvm-${LLVM_VERSION} \ + llvm-${LLVM_VERSION}-dev llvm-${LLVM_VERSION}-runtime llvm-${LLVM_VERSION}-tools \ $([ "$(dpkg --print-architecture)" = "amd64" ] && echo gcc-${GCC_VERSION}-multilib gcc-multilib) \ $([ "$(dpkg --print-architecture)" = "arm64" ] && echo libcapstone-dev) && \ rm -rf /var/lib/apt/lists/* @@ -54,6 +49,9 @@ RUN apt-get update && \ RUN update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-${GCC_VERSION} 0 && \ update-alternatives --install /usr/bin/g++ g++ /usr/bin/g++-${GCC_VERSION} 0 +RUN wget -qO- https://sh.rustup.rs | CARGO_HOME=/etc/cargo sh -s -- -y -q --no-modify-path +ENV PATH=$PATH:/etc/cargo/bin + ENV LLVM_CONFIG=llvm-config-${LLVM_VERSION} ENV AFL_SKIP_CPUFREQ=1 ENV AFL_TRY_AFFINITY=1 @@ -62,18 +60,18 @@ ENV AFL_I_DONT_CARE_ABOUT_MISSING_CRASHES=1 RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov && \ (cd afl-cov && make install) && rm -rf afl-cov -WORKDIR /AFLplusplus -COPY . . - # Until gcc v12.1 is released for ubuntu https://bugs.launchpad.net/ubuntu/+source/gcc-11/+bug/1940029 -ENV NO_NYX 1 +ARG NO_NYX=1 # Build currently broken -ENV NO_CORESIGHT 1 -ENV NO_UNICORN_ARM64 1 +ARG NO_CORESIGHT=1 +ARG NO_UNICORN_ARM64=1 + +WORKDIR /AFLplusplus +COPY . . -RUN export CC=gcc-${GCC_VERSION} && export CXX=g++-${GCC_VERSION} && make clean && \ - make distrib && make install && make clean +RUN export CC=gcc-${GCC_VERSION} && export CXX=g++-${GCC_VERSION} && gmake clean && \ + gmake distrib && gmake install && gmake clean RUN echo "set encoding=utf-8" > /root/.vimrc && \ echo ". /etc/bash_completion" >> ~/.bashrc && \ diff --git a/GNUmakefile b/GNUmakefile index 9982ad75..477518fa 100644 --- a/GNUmakefile +++ b/GNUmakefile @@ -308,17 +308,17 @@ endif .PHONY: all all: test_x86 test_shm test_python ready $(PROGS) afl-as llvm gcc_plugin test_build all_done - -$(MAKE) -C utils/aflpp_driver + $(MAKE) -C utils/aflpp_driver .PHONY: llvm llvm: - -$(MAKE) -j4 -f GNUmakefile.llvm + $(MAKE) -j$(nproc) -f GNUmakefile.llvm @test -e afl-cc || { echo "[-] Compiling afl-cc failed. You seem not to have a working compiler." ; exit 1; } .PHONY: gcc_plugin gcc_plugin: ifneq "$(SYS)" "Darwin" - -$(MAKE) -f GNUmakefile.gcc_plugin + $(MAKE) -f GNUmakefile.gcc_plugin endif .PHONY: man @@ -568,19 +568,19 @@ all_done: test_build .PHONY: clean clean: rm -rf $(PROGS) afl-fuzz-document afl-as as afl-g++ afl-clang afl-clang++ *.o src/*.o *~ a.out core core.[1-9][0-9]* *.stackdump .test .test1 .test2 test-instr .test-instr0 .test-instr1 afl-cs-proxy afl-qemu-trace afl-gcc-fast afl-g++-fast ld *.so *.8 test/unittests/*.o test/unittests/unit_maybe_alloc test/unittests/preallocable .afl-* afl-gcc afl-g++ afl-clang afl-clang++ test/unittests/unit_hash test/unittests/unit_rand *.dSYM lib*.a - -$(MAKE) -f GNUmakefile.llvm clean - -$(MAKE) -f GNUmakefile.gcc_plugin clean - -$(MAKE) -C utils/libdislocator clean - -$(MAKE) -C utils/libtokencap clean + $(MAKE) -f GNUmakefile.llvm clean + $(MAKE) -f GNUmakefile.gcc_plugin clean + $(MAKE) -C utils/libdislocator clean + $(MAKE) -C utils/libtokencap clean $(MAKE) -C utils/aflpp_driver clean - -$(MAKE) -C utils/afl_network_proxy clean - -$(MAKE) -C utils/socket_fuzzing clean - -$(MAKE) -C utils/argv_fuzzing clean - -$(MAKE) -C utils/plot_ui clean - -$(MAKE) -C qemu_mode/unsigaction clean - -$(MAKE) -C qemu_mode/libcompcov clean - -$(MAKE) -C qemu_mode/libqasan clean - -$(MAKE) -C frida_mode clean + $(MAKE) -C utils/afl_network_proxy clean + $(MAKE) -C utils/socket_fuzzing clean + $(MAKE) -C utils/argv_fuzzing clean + $(MAKE) -C utils/plot_ui clean + $(MAKE) -C qemu_mode/unsigaction clean + $(MAKE) -C qemu_mode/libcompcov clean + $(MAKE) -C qemu_mode/libqasan clean + $(MAKE) -C frida_mode clean rm -rf nyx_mode/packer/linux_initramfs/init.cpio.gz nyx_mode/libnyx/libnyx/target/release/* nyx_mode/QEMU-Nyx/x86_64-softmmu/qemu-system-x86_64 ifeq "$(IN_REPO)" "1" -test -e coresight_mode/coresight-trace/Makefile && $(MAKE) -C coresight_mode/coresight-trace clean || true @@ -610,7 +610,7 @@ endif .PHONY: distrib distrib: all - $(MAKE) -j4 -f GNUmakefile.llvm + $(MAKE) -j$(nproc) -f GNUmakefile.llvm ifneq "$(SYS)" "Darwin" $(MAKE) -f GNUmakefile.gcc_plugin endif @@ -674,7 +674,7 @@ endif .PHONY: source-only source-only: all - $(MAKE) -j4 -f GNUmakefile.llvm + $(MAKE) -j$(nproc) -f GNUmakefile.llvm ifneq "$(SYS)" "Darwin" $(MAKE) -f GNUmakefile.gcc_plugin endif diff --git a/Makefile b/Makefile index 96f67991..972ef84a 100644 --- a/Makefile +++ b/Makefile @@ -1,42 +1,42 @@ all: @echo trying to use GNU make... - @gmake all || echo please install GNUmake + -@gmake all source-only: - @gmake source-only + -@gmake source-only binary-only: - @gmake binary-only + -@gmake binary-only distrib: - @gmake distrib + -@gmake distrib man: - @gmake man + -@gmake man install: - @gmake install + -@gmake install document: - @gmake document + -@gmake document deepclean: - @gmake deepclean + -@gmake deepclean code-format: - @gmake code-format + -@gmake code-format help: - @gmake help + -@gmake help tests: - @gmake tests + -@gmake tests unit: - @gmake unit + -@gmake unit unit_clean: - @gmake unit_clean + -@gmake unit_clean clean: - @gmake clean + -@gmake clean diff --git a/docs/INSTALL.md b/docs/INSTALL.md index e29fca96..98fb024a 100644 --- a/docs/INSTALL.md +++ b/docs/INSTALL.md @@ -30,20 +30,22 @@ sudo apt-get install -y gcc-$(gcc --version|head -n1|sed 's/\..*//'|sed 's/.* // sudo apt-get install -y ninja-build # for QEMU mode git clone https://github.com/AFLplusplus/AFLplusplus cd AFLplusplus -make distrib +make -i distrib sudo make install ``` +> We add the `-i` to make so it will skip any features that fail to install. + It is recommended to install the newest available gcc, clang and llvm-dev possible in your distribution! -Note that `make distrib` also builds FRIDA mode, QEMU mode, unicorn_mode, and +Note that `make -i distrib` also builds FRIDA mode, QEMU mode, unicorn_mode, and more. If you just want plain AFL++, then do `make all`. If you want some assisting tooling compiled but are not interested in binary-only targets, then instead choose: ```shell -make source-only +make -i source-only ``` These build targets exist: @@ -70,7 +72,7 @@ you can also build statically linked versions of the AFL++ binaries by passing the `STATIC=1` argument to make: ```shell -make STATIC=1 +make -i STATIC=1 ``` These build options exist: @@ -88,7 +90,7 @@ These build options exist: * LLVM_CONFIG - if your distro doesn't use the standard name for llvm-config (e.g., Debian) -e.g.: `make ASAN_BUILD=1` +e.g.: `make -i ASAN_BUILD=1` ## MacOS X on x86 and arm64 (M1) @@ -114,11 +116,11 @@ export PATH="/usr/local/opt/llvm/bin:$PATH" export PATH="/usr/local/opt/coreutils/libexec/gnubin:/usr/local/bin:$PATH" export CC=clang export CXX=clang++ -gmake +gmake -i cd frida_mode -gmake +gmake -i cd .. -sudo gmake install +sudo gmake -i install ``` `afl-gcc` will fail unless you have GCC installed, but that is using outdated diff --git a/qemu_mode/build_qemu_support.sh b/qemu_mode/build_qemu_support.sh index 5dbd9d44..277a6323 100755 --- a/qemu_mode/build_qemu_support.sh +++ b/qemu_mode/build_qemu_support.sh @@ -273,7 +273,7 @@ echo "[+] Configuration complete." echo "[*] Attempting to build QEMU (fingers crossed!)..." -make -j `nproc` || exit 1 +make -j$(nproc) || exit 1 echo "[+] Build process successful!" -- cgit 1.4.1 From 3e65e1a029c44b33a77ca04724335ee3ecd30e67 Mon Sep 17 00:00:00 2001 From: Ruben ten Hove Date: Tue, 28 Jun 2022 15:59:56 +0000 Subject: fix test using test specific build --- .github/workflows/codeql-analysis.yaml | 30 -------------- .github/workflows/codeql-analysis.yml | 30 ++++++++++++++ .github/workflows/container.yaml | 68 ------------------------------ .github/workflows/container.yml | 75 ++++++++++++++++++++++++++++++++++ Dockerfile | 12 ++++-- 5 files changed, 113 insertions(+), 102 deletions(-) delete mode 100644 .github/workflows/codeql-analysis.yaml create mode 100644 .github/workflows/codeql-analysis.yml delete mode 100644 .github/workflows/container.yaml create mode 100644 .github/workflows/container.yml (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yaml b/.github/workflows/codeql-analysis.yaml deleted file mode 100644 index c9efb296..00000000 --- a/.github/workflows/codeql-analysis.yaml +++ /dev/null @@ -1,30 +0,0 @@ -name: "CodeQL" - -on: - push: - branches: [stable, dev] - pull_request: - branches: [stable, dev] - -jobs: - codeql: - name: Analyze - runs-on: ubuntu-latest - container: # We use a previous image as it's expected to have all the dependencies - image: docker.io/aflplusplus/aflplusplus:dev - steps: - - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760 - run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus - - name: Checkout - uses: actions/checkout@v3 - - name: Initialize CodeQL - uses: github/codeql-action/init@v2 - with: - languages: cpp, python - - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process - env: - CC: gcc # These are symlinked to the version used in the container build - CXX: g++ - run: make -i distrib # Best effort using -i - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 00000000..ba6792b1 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,30 @@ +name: "CodeQL" + +on: + push: + branches: [stable, dev] + pull_request: + branches: [stable, dev] + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + container: # We use a previous image as it's expected to have all the dependencies + image: docker.io/aflplusplus/aflplusplus:dev + steps: + - name: Fix for using external repo in container build # https://github.com/actions/checkout/issues/760 + run: git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus + - name: Checkout + uses: actions/checkout@v3 + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: cpp, python + - name: Build AFLplusplus # Rebuild because CodeQL needs to monitor the build process + env: + CC: gcc # These are symlinked to the version used in the container build + CXX: g++ + run: make -i distrib # Best effort using -i + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 diff --git a/.github/workflows/container.yaml b/.github/workflows/container.yaml deleted file mode 100644 index 81e2a3f8..00000000 --- a/.github/workflows/container.yaml +++ /dev/null @@ -1,68 +0,0 @@ -name: Container -on: - push: - branches: - - stable - - dev - tags: - - "*" - pull_request: - branches: - - dev # No need for stable-pull-request, as that equals dev-push - -jobs: - build-and-test-amd64: - name: Test amd64 image - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Build amd64 - uses: docker/build-push-action@v3 - with: - context: . - tags: aflplusplus:amd64 - load: true - cache-to: type=gha,mode=max - - name: Test amd64 - run: docker run --rm aflplusplus:amd64 bash -c "apt-get update && apt-get install -y libcmocka-dev && make -i tests" - - push: - name: Push amd64 and arm64 images - runs-on: ubuntu-latest - needs: - - build-and-test-amd64 - if: ${{ github.event_name == 'push' && github.repository == 'AFLplusplus/AFLplusplus' }} - steps: - - name: Checkout - uses: actions/checkout@v3 - - name: Set up QEMU - uses: docker/setup-qemu-action@v2 - with: - platforms: arm64 - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v2 - - name: Login to docker.io - uses: docker/login-action@v2 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_TOKEN }} - - name: Set tags to push - id: push-tags - run: | - PUSH_TAGS=docker.io/aflplusplus/aflplusplus:${GITHUB_REF_NAME} - if [ "${GITHUB_REF_NAME}" = "stable" ]; then - PUSH_TAGS=${PUSH_TAGS},docker.io/aflplusplus/aflplusplus:latest - fi - export PUSH_TAGS - echo "::set-output name=PUSH_TAGS::${PUSH_TAGS}" - - name: Push to docker.io registry - uses: docker/build-push-action@v3 - with: - context: . - platforms: linux/amd64,linux/arm64 - push: true - tags: ${{ steps.push-tags.outputs.PUSH_TAGS }} - cache-from: type=gha diff --git a/.github/workflows/container.yml b/.github/workflows/container.yml new file mode 100644 index 00000000..8836997d --- /dev/null +++ b/.github/workflows/container.yml @@ -0,0 +1,75 @@ +name: Container +on: + push: + branches: + - stable + - dev + tags: + - "*" + pull_request: + branches: + - dev # No need for stable-pull-request, as that equals dev-push + +jobs: + build-and-test-amd64: + name: Test amd64 image + runs-on: ubuntu-latest + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Build amd64 + uses: docker/build-push-action@v3 + with: + context: . + tags: aflplusplus:test-amd64 + load: true + cache-to: type=gha,mode=max + build-args: | + TEST_BUILD=1 + - name: Test amd64 + run: > + docker run --rm aflplusplus:test-amd64 bash -c " + apt-get update && + apt-get install -y libcmocka-dev && + make -i tests + " + + push: + name: Push amd64 and arm64 images + runs-on: ubuntu-latest + needs: + - build-and-test-amd64 + if: ${{ github.event_name == 'push' && github.repository == 'AFLplusplus/AFLplusplus' }} + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Set up QEMU + uses: docker/setup-qemu-action@v2 + with: + platforms: arm64 + - name: Set up Docker Buildx + uses: docker/setup-buildx-action@v2 + - name: Login to docker.io + uses: docker/login-action@v2 + with: + username: ${{ secrets.DOCKER_USERNAME }} + password: ${{ secrets.DOCKER_TOKEN }} + - name: Set tags to push + id: push-tags + run: | + PUSH_TAGS=docker.io/aflplusplus/aflplusplus:${GITHUB_REF_NAME} + if [ "${GITHUB_REF_NAME}" = "stable" ]; then + PUSH_TAGS=${PUSH_TAGS},docker.io/aflplusplus/aflplusplus:latest + fi + export PUSH_TAGS + echo "::set-output name=PUSH_TAGS::${PUSH_TAGS}" + - name: Push to docker.io registry + uses: docker/build-push-action@v3 + with: + context: . + platforms: linux/amd64,linux/arm64 + push: true + tags: ${{ steps.push-tags.outputs.PUSH_TAGS }} + cache-from: type=gha diff --git a/Dockerfile b/Dockerfile index a9be22de..29ca2a5f 100644 --- a/Dockerfile +++ b/Dockerfile @@ -63,11 +63,11 @@ RUN git clone --depth=1 https://github.com/vanhauser-thc/afl-cov && \ (cd afl-cov && make install) && rm -rf afl-cov # Until gcc v12.1 is released for ubuntu https://bugs.launchpad.net/ubuntu/+source/gcc-11/+bug/1940029 -ARG NO_NYX=1 +ENV NO_NYX=1 # Build currently broken -ARG NO_CORESIGHT=1 -ARG NO_UNICORN_ARM64=1 +ENV NO_CORESIGHT=1 +ENV NO_UNICORN_ARM64=1 WORKDIR /AFLplusplus COPY . . @@ -75,8 +75,12 @@ COPY . . ARG CC=gcc-$GCC_VERSION ARG CXX=g++-$GCC_VERSION +# Used in CI to prevent a 'make clean' which would remove the binaries to be tested +ARG TEST_BUILD + RUN sed -i.bak 's/^ -/ /g' GNUmakefile && \ - make clean && make distrib && make install && make clean && \ + make clean && make distrib && \ + ([ "${TEST_BUILD}" ] || (make install && make clean)) && \ mv GNUmakefile.bak GNUmakefile RUN echo "set encoding=utf-8" > /root/.vimrc && \ -- cgit 1.4.1 From 6c9c8fdc651e3c3376f3ba6590c49424be1844d7 Mon Sep 17 00:00:00 2001 From: rhtenhove Date: Mon, 4 Jul 2022 14:32:48 -0400 Subject: check code formatting (#5) --- .custom-format.py | 5 +++++ .github/workflows/ci.yml | 7 ++++-- .github/workflows/code-format.yml | 36 +++++++++++++++++++++++++++++++ .github/workflows/codeql-analysis.yml | 7 ++++-- .github/workflows/rust_custom_mutator.yml | 7 ++++-- Dockerfile | 4 ++-- 6 files changed, 58 insertions(+), 8 deletions(-) create mode 100644 .github/workflows/code-format.yml (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.custom-format.py b/.custom-format.py index 7ac63396..8c7ea404 100755 --- a/.custom-format.py +++ b/.custom-format.py @@ -19,6 +19,7 @@ import subprocess import sys import os import re +import shutil # string_re = re.compile('(\\"(\\\\.|[^"\\\\])*\\")') # future use @@ -26,6 +27,10 @@ with open(".clang-format") as f: fmt = f.read() CLANG_FORMAT_BIN = os.getenv("CLANG_FORMAT_BIN") + +if CLANG_FORMAT_BIN is None: + CLANG_FORMAT_BIN = shutil.which("clang-format") + if CLANG_FORMAT_BIN is None: o = 0 try: diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 906267a0..4ca76f2d 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -2,9 +2,12 @@ name: CI on: push: - branches: [stable, dev] + branches: + - stable + - dev pull_request: - branches: [stable, dev] + branches: + - dev # No need for stable-pull-request, as that equals dev-push jobs: linux: diff --git a/.github/workflows/code-format.yml b/.github/workflows/code-format.yml new file mode 100644 index 00000000..f24e652b --- /dev/null +++ b/.github/workflows/code-format.yml @@ -0,0 +1,36 @@ +name: Formatting + +on: + push: + branches: + - stable + - dev + pull_request: + branches: + - dev # No need for stable-pull-request, as that equals dev-push + +jobs: + code-format-check: + name: Check code format + runs-on: ubuntu-22.04 + container: + image: docker.io/aflplusplus/aflplusplus:dev + env: + LLVM_VERSION: 14 # Remove _after_ this branch's image is built and pushed. The new image will have this var in ENV. + steps: + - name: Checkout + uses: actions/checkout@v3 + - name: Format + run: | + git config --global --add safe.directory /__w/AFLplusplus/AFLplusplus + apt-get update + apt-get install -y clang-format-${LLVM_VERSION} + update-alternatives --install /usr/bin/clang-format clang-format /usr/bin/clang-format-${LLVM_VERSION} 0 + make code-format + - name: Check if code needed formatting + run: | + git --no-pager -c color.ui=always diff HEAD + if ! git diff HEAD --quiet; then + echo "[!] Please run 'make code-format' and push its changes." + exit 1 + fi diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ba6792b1..54934395 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -2,9 +2,12 @@ name: "CodeQL" on: push: - branches: [stable, dev] + branches: + - stable + - dev pull_request: - branches: [stable, dev] + branches: + - dev # No need for stable-pull-request, as that equals dev-push jobs: analyze: diff --git a/.github/workflows/rust_custom_mutator.yml b/.github/workflows/rust_custom_mutator.yml index eb3e2581..7c2f0c12 100644 --- a/.github/workflows/rust_custom_mutator.yml +++ b/.github/workflows/rust_custom_mutator.yml @@ -2,9 +2,12 @@ name: Rust Custom Mutators on: push: - branches: [ stable, dev ] + branches: + - stable + - dev pull_request: - branches: [ stable, dev ] + branches: + - dev # No need for stable-pull-request, as that equals dev-push jobs: test: diff --git a/Dockerfile b/Dockerfile index 29ca2a5f..a82fffdc 100644 --- a/Dockerfile +++ b/Dockerfile @@ -16,8 +16,8 @@ RUN apt-get update && apt-get full-upgrade -y && \ apt-get install -y --no-install-recommends wget ca-certificates && \ rm -rf /var/lib/apt/lists/* -ARG LLVM_VERSION=14 -ARG GCC_VERSION=12 +ENV LLVM_VERSION=14 +ENV GCC_VERSION=12 RUN echo "deb [signed-by=/etc/apt/keyrings/llvm-snapshot.gpg.key] http://apt.llvm.org/jammy/ llvm-toolchain-jammy-${LLVM_VERSION} main" > /etc/apt/sources.list.d/llvm.list && \ wget -qO /etc/apt/keyrings/llvm-snapshot.gpg.key https://apt.llvm.org/llvm-snapshot.gpg.key -- cgit 1.4.1 From 1f17aa082d4ee75c5a034a1ec32025fb828357d2 Mon Sep 17 00:00:00 2001 From: rhtenhove Date: Fri, 8 Jul 2022 08:32:17 -0400 Subject: Dont codeql submodules --- .github/workflows/codeql-analysis.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to '.github/workflows/codeql-analysis.yml') diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 54934395..75935123 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -28,6 +28,6 @@ jobs: env: CC: gcc # These are symlinked to the version used in the container build CXX: g++ - run: make -i distrib # Best effort using -i + run: make -i all # Best effort using -i - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2 -- cgit 1.4.1