Skip to content

Upgrade OpenSSL 3.0.11 and Android NDK r26 (#558) #970

Upgrade OpenSSL 3.0.11 and Android NDK r26 (#558)

Upgrade OpenSSL 3.0.11 and Android NDK r26 (#558) #970

Workflow file for this run

name: CI
on: [push, pull_request]
permissions:
contents: read
env:
BUILD_NUMBER: ${{ github.run_number }}
MAKEFLAGS: -j3
jobs:
macos:
name: Build on macOS for ${{ matrix.target }}
runs-on: macos-latest
strategy:
matrix:
target: [osx, ios, iossimulator, androidarm, androidarm64, androidx86_64]
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Install dependencies
env:
HOMEBREW_NO_INSTALLED_DEPENDENTS_CHECK: YES
run: |
brew update
brew install doxygen boost xsd || brew link --overwrite xsd
brew unlink xerces-c [email protected] [email protected]
- name: Cache
uses: actions/cache@v3
id: cache
with:
path: cache
key: ${{ matrix.target }}-${{ hashFiles('prepare_osx_build_environment.sh') }}
- name: Build xerces-c
if: steps.cache.outputs.cache-hit != 'true'
run: ./prepare_osx_build_environment.sh xerces ${{ matrix.target }}
- name: Build xalan-c
if: steps.cache.outputs.cache-hit != 'true'
run: ./prepare_osx_build_environment.sh xalan ${{ matrix.target }}
- name: Build openssl
if: steps.cache.outputs.cache-hit != 'true'
run: ./prepare_osx_build_environment.sh openssl ${{ matrix.target }}
- name: Build xml-security-c
if: steps.cache.outputs.cache-hit != 'true'
run: ./prepare_osx_build_environment.sh xmlsec ${{ matrix.target }}
- name: Move to cache
if: steps.cache.outputs.cache-hit != 'true'
run: |
mkdir cache
sudo mv /Library/libdigidocpp* cache
- name: Setup cache
run: sudo ln -s $PWD/cache/* /Library/
- name: Build macOS
if: matrix.target == 'osx'
run: ./build-library.sh test pkcs11sign zipdebug embedlibs pkgbuild
- name: Build ${{ matrix.target }}
if: matrix.target != 'osx'
run: |
./build-library.sh ${{ matrix.target }} install/strip
cd /Library
zip -q -r ${OLDPWD}/libdigidocpp.${{ matrix.target }}.zip libdigidocpp.*
- name: Archive artifacts
if: matrix.target == 'osx'
uses: actions/upload-artifact@v3
with:
name: pkgs
path: macOS/libdigidocpp*.*
- name: Archive artifacts
if: matrix.target != 'osx'
uses: actions/upload-artifact@v3
with:
name: ${{ matrix.target }}
path: libdigidocpp*.zip
fedora:
name: Build on Fedora to ${{ matrix.container }}
runs-on: ubuntu-latest
container: ${{ matrix.container }}
strategy:
matrix:
container: ['fedora:37', 'fedora:38']
env:
MAKEFLAGS: -j3
steps:
- name: Install Deps
run: |
dnf install -y \
git gcc-c++ cmake rpm-build xml-security-c-devel zlib-devel vim-common doxygen boost-test swig python3-devel java-1.8.0-openjdk-devel \
https://www.codesynthesis.com/download/xsd/4.0/linux-gnu/x86_64/xsd-4.0.0-1.x86_64.rpm
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Build
run: |
cmake -DCMAKE_INSTALL_SYSCONFDIR=/etc -B build -S .
cmake --build build
cmake --build build --target package
- name: Archive artifacts
uses: actions/upload-artifact@v3
with:
name: rpms
path: build/libdigidocpp*.rpm
ubuntu:
name: Build on Ubuntu to ${{ matrix.container }}
runs-on: ubuntu-latest
container: ${{ matrix.container }}
strategy:
matrix:
container: ['ubuntu:20.04', 'ubuntu:22.04', 'ubuntu:23.04']
env:
DEBIAN_FRONTEND: noninteractive
DEBFULLNAME: github-actions
DEBEMAIL: [email protected]
steps:
- name: Install dependencies
run: apt update -qq && apt install --no-install-recommends -y git lsb-release fakeroot build-essential devscripts debhelper cmake xxd xsdcxx libxml-security-c-dev zlib1g-dev doxygen swig openjdk-8-jdk-headless libpython3-dev python3-distutils libboost-test-dev lintian
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Setup changelog
run: |
export VERSION=$(grep project CMakeLists.txt | egrep -o "([0-9]{1,}\.)+[0-9]{1,}")
export VERSIONEX=${VERSION}.${BUILD_NUMBER}.$(lsb_release -rs)
dch --distribution $(lsb_release -cs) -v ${VERSIONEX} "Release ${VERSIONEX}."
- name: Build packages
run: |
dpkg-buildpackage -us -uc
mv ../libdigidocpp*.* .
- name: Lintian
run: lintian *.deb;
- name: Archive artifacts
uses: actions/upload-artifact@v3
with:
name: debs
path: libdigidocpp*.*
windows:
name: Build on Windows
runs-on: ${{ matrix.image }}
strategy:
matrix:
toolset: [143, 142]
include:
- toolset: 143
image: windows-2022
vcvars: "C:\\Program Files\\Microsoft Visual Studio\\2022\\Enterprise\\VC\\Auxiliary\\Build\\vcvarsall.bat"
- toolset: 142
image: windows-2019
vcvars: "C:\\Program Files (x86)\\Microsoft Visual Studio\\2019\\Enterprise\\VC\\Auxiliary\\Build\\vcvarsall.bat"
env:
MAKEFLAGS: ""
VER_SUFFIX: .VS${{ matrix.toolset }}
VERSION: 3.17.0.${{ github.run_number }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- uses: mad9000/actions-find-and-replace-string@3
id: path
with:
source: ${{ github.workspace }}
find: '\'
replace: '/'
replaceAll: true
- name: Prepare vcpkg X64
uses: lukka/run-vcpkg@v11
with:
vcpkgGitCommitId: 6a349fe1fbea1e5fcda2e0775f555d829a5e82df
vcpkgJsonGlob: ${{ steps.path.outputs.value }}/vcpkg.json
runVcpkgInstall: true
runVcpkgFormatString: "[`install`, `--recurse`, `--clean-after-build`, `--x-install-root`, `$[env.VCPKG_INSTALLED_DIR]`, `--triplet`, `$[env.VCPKG_DEFAULT_TRIPLET]`, `--x-feature`, `tests`]"
env:
VCPKG_DEFAULT_TRIPLET: x64-windows-v${{ matrix.toolset }}
VCPKG_INSTALLED_DIR: ${{ github.workspace }}/vcpkg_installed
- name: Prepare vcpkg X86
uses: lukka/run-vcpkg@v11
with:
vcpkgGitCommitId: 6a349fe1fbea1e5fcda2e0775f555d829a5e82df
vcpkgJsonGlob: ${{ steps.path.outputs.value }}/vcpkg.json
runVcpkgInstall: true
runVcpkgFormatString: "[`install`, `--recurse`, `--clean-after-build`, `--x-install-root`, `$[env.VCPKG_INSTALLED_DIR]`, `--triplet`, `$[env.VCPKG_DEFAULT_TRIPLET]`, `--x-feature`, `tests`]"
env:
VCPKG_DEFAULT_TRIPLET: x86-windows-v${{ matrix.toolset }}
VCPKG_INSTALLED_DIR: ${{ github.workspace }}/vcpkg_installed
- name: Install dependencies
run: choco install doxygen.install swig -y > $null
- uses: actions/setup-python@v4
with:
python-version: 3.11
architecture: x86
- name: Build xsd
run: .\prepare_win_build_environment.ps1 -xsd
- name: Build
run: |
& .\build.ps1 `
-msiversion $env:VERSION `
-toolset ${{ matrix.toolset }} `
-vcvars "${{ matrix.vcvars }}" `
-swig C:/ProgramData/chocolatey/bin/swig.exe `
-doxygen "C:/Program files/doxygen/bin/doxygen.exe" `
-boost
- name: Archive artifacts
uses: actions/upload-artifact@v3
with:
name: msi
path: ./*.msi
pages:
name: Deploy pages
if: github.repository == 'open-eid/libdigidocpp' && contains(github.ref, 'master')
runs-on: ubuntu-22.04
permissions:
contents: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Install dependencies
run: sudo apt update -qq && sudo apt install --no-install-recommends -y cmake xxd xsdcxx libxml-security-c-dev zlib1g-dev doxygen
- name: Build docs
run: |
cmake -B build -S .
cmake --build build --target docs
- name: Deploy
uses: peaceiris/actions-gh-pages@v3
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
publish_dir: ./build/doc
force_orphan: true
coverity:
name: Run Coverity tests
if: github.repository == 'open-eid/libdigidocpp' && contains(github.ref, 'coverity_scan')
runs-on: ubuntu-22.04
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
PROJECTNAME: ${{ github.repository }}
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Install dependencies
run: sudo apt update -qq && sudo apt install --no-install-recommends -y cmake xxd xsdcxx libxml-security-c-dev zlib1g-dev curl ca-certificates
- name: Download Coverity Build Tool
run: |
curl --silent --data "token=$TOKEN&project=$PROJECTNAME" -o cov-analysis-linux64.tar.gz https://scan.coverity.com/download/cxx/linux64
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
- name: Build
run: |
cmake .
export PATH=$PWD/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int make
- name: Submit the result to Coverity Scan
run: |
tar czvf upload.tgz cov-int
curl --silent \
--form project=$PROJECTNAME \
--form token=$TOKEN \
--form [email protected] \
--form [email protected] \
--form version=master \
--form description="Github Actions CI build" \
https://scan.coverity.com/builds?project=$PROJECTNAME
codeql:
name: Run CodeQL tests
if: github.repository == 'open-eid/libdigidocpp'
runs-on: ubuntu-20.04
permissions:
security-events: write
steps:
- name: Checkout
uses: actions/checkout@v3
with:
submodules: recursive
- name: Install dependencies
run: sudo apt update -qq && sudo apt install --no-install-recommends -y cmake vim-common xsdcxx libxml-security-c-dev zlib1g-dev curl ca-certificates
- name: Initialize CodeQL
uses: github/codeql-action/init@v2
with:
languages: cpp
queries: +security-and-quality
- name: Build
run: |
cmake -B build -S . \
-DSWIG_EXECUTABLE=NOTFOUND \
-DBoost_INCLUDE_DIR=NOTFOUND \
-DDOXYGEN_EXECUTABLE=NOTFOUND \
-DBUILD_TOOLS=NO
cmake --build build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v2
with:
upload: False
output: sarif-results
- name: Filter results
uses: advanced-security/filter-sarif@develop
with:
patterns: |
-src/json.hpp
-src/minizip/*
-build/src/xml/*
-**:cpp/poorly-documented-function
-**:cpp/loop-variable-changed
input: sarif-results/cpp.sarif
output: sarif-results/cpp.sarif
- name: Upload results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: sarif-results/cpp.sarif