Use libxml2/xmsec1 for TSL parsing and validation #1388
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: [push, pull_request] | |
permissions: | |
contents: read | |
env: | |
BUILD_NUMBER: ${{ github.run_number }} | |
CMAKE_BUILD_PARALLEL_LEVEL: 4 | |
UBUNTU_DEPS: cmake libldap2-dev gettext libpcsclite-dev libgl-dev libqt6svg6-dev qt6-tools-dev qt6-tools-dev-tools qt6-l10n-tools libflatbuffers-dev zlib1g-dev | |
jobs: | |
macos: | |
name: Build on macOS | |
runs-on: macos-latest | |
env: | |
MACOSX_DEPLOYMENT_TARGET: 12.0 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Download artifact | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
workflow: build.yml | |
branch: master | |
name: macOS | |
path: libdigidocpp-pkg | |
repo: open-eid/libdigidocpp | |
- name: Install dependencies | |
env: | |
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: YES | |
run: | | |
brew install ninja flatbuffers | |
HASH=($(shasum prepare_osx_build_environment.sh)) | |
curl -O -L -s https://installer.id.ee/media/github/opensc_0.23.0.pkg | |
curl -O -L -s https://installer.id.ee/media/github/${HASH}.zip | |
sudo installer -verboseR -pkg libdigidocpp-pkg/libdigidocpp*.pkg -target / | |
sudo installer -verboseR -pkg opensc_*.pkg -target / | |
sudo unzip -qq -d /Library/Developer ${HASH}.zip | |
- name: Build | |
run: | | |
QT_DIR=$(ls -d /Library/Developer/Qt-*-OpenSSL | tail -n 1) | |
cmake "-GNinja" \ | |
-DCMAKE_PREFIX_PATH=${QT_DIR} \ | |
-DOPENSSL_ROOT_DIR=/Library/Developer/OpenSSL \ | |
-DLDAP_ROOT=/Library/Developer/OpenLDAP \ | |
-DCMAKE_OSX_ARCHITECTURES="x86_64;arm64" -B build -S . | |
cmake --build build --target zipdebug macdeployqt zip | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: macOS | |
path: build/qdigidoc4*.zip | |
ubuntu: | |
name: Build on Ubuntu ${{ matrix.container }} | |
runs-on: ubuntu-latest | |
container: ubuntu:${{ matrix.container }} | |
strategy: | |
matrix: | |
container: ['20.04', '22.04', '24.04'] | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
DEBFULLNAME: github-actions | |
DEBEMAIL: [email protected] | |
steps: | |
- name: Install dependencies | |
if: matrix.container == '20.04' | |
run: apt update -qq && apt install --no-install-recommends -y git lsb-release build-essential devscripts debhelper pkg-config lintian cmake libldap2-dev gettext libpcsclite-dev libqt5svg5-dev qttools5-dev-tools qttools5-dev libflatbuffers-dev zlib1g-dev | |
- name: Install dependencies | |
if: matrix.container != '20.04' | |
run: apt update -qq && apt install --no-install-recommends -y git lsb-release build-essential devscripts debhelper pkg-config lintian ${UBUNTU_DEPS} | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Download artifact | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
workflow: build.yml | |
branch: master | |
name: ubuntu_${{ matrix.container }} | |
path: libdigidocpp-pkg | |
repo: open-eid/libdigidocpp | |
- name: Install artifact | |
run: | | |
apt install --no-install-recommends -y ./libdigidocpp-pkg/*.deb | |
rm -rf libdigidocpp-pkg | |
- name: Setup changelog | |
run: | | |
export VERSION=$(grep project CMakeLists.txt | egrep -o "([0-9]{1,}\.)+[0-9]{1,}") | |
export VERSIONEX=${VERSION}.${BUILD_NUMBER}.$(lsb_release -rs) | |
dch --distribution $(lsb_release -cs) -v ${VERSIONEX} "Release ${VERSIONEX}." | |
- name: Build packages | |
run: | | |
dpkg-buildpackage -us -uc | |
mv ../qdigidoc4*.* . | |
- name: Lintian | |
run: lintian *.deb; | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ubuntu_${{ matrix.container }} | |
path: qdigidoc4*.* | |
fedora: | |
name: Build on Fedora ${{ matrix.container }} | |
runs-on: ubuntu-latest | |
container: fedora:${{ matrix.container }} | |
strategy: | |
matrix: | |
container: [39, 40] | |
steps: | |
- name: Install Deps | |
run: | | |
dnf install -y --setopt=install_weak_deps=False \ | |
git gcc-c++ cmake rpm-build gettext openssl-devel openldap-devel pcsc-lite-devel qt6-qtsvg-devel qt6-qttools-devel flatbuffers-devel flatbuffers-compiler zlib-devel | |
- name: Install CMake | |
if: matrix.container == 39 | |
run: | | |
dnf install -y --setopt=install_weak_deps=False wget | |
wget -q https://github.com/Kitware/CMake/releases/download/v3.28.1/cmake-3.28.1-linux-x86_64.sh | |
sh cmake-3.28.1-linux-x86_64.sh --skip-license --prefix=/usr/local | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Download artifact | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
workflow: build.yml | |
branch: master | |
name: fedora_${{ matrix.container }} | |
path: libdigidocpp-pkg | |
repo: open-eid/libdigidocpp | |
- name: Install artifact | |
run: dnf install -y ./libdigidocpp-pkg/*.rpm | |
- name: Build | |
run: | | |
cmake -DCMAKE_INSTALL_PREFIX=/usr -B build -S . | |
cmake --build build --target all package | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: fedora_${{ matrix.container }} | |
path: build/qdigidoc4*.rpm | |
windows: | |
name: Build on Windows | |
runs-on: ${{ matrix.image }} | |
strategy: | |
matrix: | |
vcver: [142, 143] | |
include: | |
- vcver: 142 | |
image: windows-2019 | |
- vcver: 143 | |
image: windows-2022 | |
env: | |
VER_SUFFIX: .VS${{ matrix.vcver }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Download artifact | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
workflow: build.yml | |
branch: master | |
name: msi_${{ matrix.vcver }}_x64 | |
path: ./ | |
repo: open-eid/libdigidocpp | |
- name: Install artifact | |
run: | | |
Rename-Item "libdigidocpp*.msi" libdigidocpp.msi | |
msiexec /qn /a libdigidocpp.msi "TARGETDIR=$($pwd.Path)\\libs" | |
- name: Prepare vcpkg | |
uses: lukka/run-vcpkg@v7 | |
with: | |
vcpkgArguments: openssl zlib flatbuffers | |
vcpkgGitCommitId: 18b028fe785e707265fa0e35590b7537ae1d12ea | |
vcpkgTriplet: x64-windows | |
- name: Install Qt | |
uses: jurplel/install-qt-action@v4 | |
with: | |
version: 6.7.2 | |
arch: win64_msvc2019_64 | |
- name: Setup dev env | |
uses: ilammy/msvc-dev-cmd@v1 | |
with: | |
arch: x64 | |
- name: Install WiX | |
run: | | |
dotnet tool install -g wix --version 5.0.0 | |
wix extension -g add WixToolset.UI.wixext/5.0.0 | |
- name: Build | |
run: | | |
cmake "-GNinja" -B build -S . -DCMAKE_BUILD_TYPE=RelWithDebInfo ` | |
-DCMAKE_TOOLCHAIN_FILE=${{ env.RUNVCPKG_VCPKG_ROOT }}/scripts/buildsystems/vcpkg.cmake ` | |
"-DLibDigiDocpp_ROOT=libs/PFiles64/libdigidocpp" | |
cmake --build build --target msi | |
cmake --build build --target msishellext | |
cmake --build build --target appx | |
- name: Archive artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: msi_${{ matrix.vcver }}_x64 | |
path: | | |
build/*.msi | |
build/*.appx | |
coverity: | |
name: Run Coverity tests | |
if: github.repository == 'open-eid/DigiDoc4-Client' && contains(github.ref, 'coverity_scan') | |
runs-on: ubuntu-22.04 | |
env: | |
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
PROJECTNAME: open-eid/DigiDoc4-Client | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install dependencies | |
run: sudo apt update -qq && sudo apt install --no-install-recommends -y ${UBUNTU_DEPS} | |
- name: Download artifact | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
workflow: build.yml | |
branch: master | |
name: ubuntu_22.04 | |
path: libdigidocpp-pkg | |
repo: open-eid/libdigidocpp | |
- name: Install artifact | |
run: sudo dpkg -i libdigidocpp-pkg/*.deb | |
- name: Download Coverity Build Tool | |
run: | | |
curl -s -d "token=$TOKEN&project=$PROJECTNAME" -o cov-analysis-linux64.tar.gz https://scan.coverity.com/download/cxx/linux64 | |
mkdir cov-analysis-linux64 | |
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 | |
- name: Build | |
run: | | |
cmake . | |
export PATH=$PWD/cov-analysis-linux64/bin:$PATH | |
cov-build --dir cov-int make | |
- name: Submit the result to Coverity Scan | |
run: | | |
tar czvf upload.tgz cov-int | |
curl -s \ | |
-F project=$PROJECTNAME \ | |
-F token=$TOKEN \ | |
-F [email protected] \ | |
-F [email protected] \ | |
-F version=master \ | |
-F description="Github Actions CI build" \ | |
https://scan.coverity.com/builds?project=$PROJECTNAME | |
codeql: | |
name: Run CodeQL tests | |
if: github.repository == 'open-eid/DigiDoc4-Client' | |
runs-on: ubuntu-22.04 | |
permissions: | |
security-events: write | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Install dependencies | |
run: sudo apt update -qq && sudo apt install --no-install-recommends -y ${UBUNTU_DEPS} | |
- name: Download artifact | |
uses: dawidd6/action-download-artifact@v6 | |
with: | |
workflow: build.yml | |
branch: master | |
name: ubuntu_22.04 | |
path: libdigidocpp-pkg | |
repo: open-eid/libdigidocpp | |
- name: Install artifact | |
run: sudo dpkg -i libdigidocpp-pkg/*.deb | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: cpp | |
queries: +security-and-quality | |
- name: Autobuild | |
uses: github/codeql-action/autobuild@v3 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
with: | |
upload: False | |
output: sarif-results | |
- name: Filter results | |
uses: advanced-security/filter-sarif@develop | |
with: | |
patterns: | | |
-**/*autogen*/** | |
-**/common/qtsingleapplication/** | |
-**:cpp/loop-variable-changed | |
-**:cpp/poorly-documented-function | |
input: sarif-results/cpp.sarif | |
output: sarif-results/cpp.sarif | |
- name: Upload results | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: sarif-results/cpp.sarif |