doc UPDATE include a security policy #451
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: libnetconf2 CI | |
on: | |
push: | |
branches: | |
- master | |
- devel | |
pull_request: | |
branches: | |
- master | |
- devel | |
env: | |
DEFAULT_PACKAGES: libcmocka-dev zlib1g-dev libssh-dev libssl-dev libpam0g-dev libcurl4-openssl-dev | |
jobs: | |
git-branch: | |
name: Get git branch | |
runs-on: ubuntu-latest | |
outputs: | |
branch-name: ${{ steps.get-git-branch.outputs.branch-name }} | |
steps: | |
- id: get-git-branch | |
run: | | |
if ${{ github.event_name == 'push' }} | |
then export GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3` | |
else | |
export GIT_BRANCH=${{ github.base_ref }} | |
fi | |
echo "branch-name=$GIT_BRANCH" >> $GITHUB_OUTPUT | |
build: | |
name: ${{ matrix.config.name }} | |
runs-on: ${{ matrix.config.os }} | |
needs: git-branch | |
strategy: | |
fail-fast: false | |
matrix: | |
config: | |
- { | |
name: "Release, gcc, OpenSSL", | |
os: "ubuntu-22.04", | |
build-type: "Release", | |
dep-build-type: "Release", | |
cc: "gcc", | |
options: "-DENABLE_TESTS=ON -DENABLE_DNSSEC=ON", | |
tls-lib: "OpenSSL", | |
packages: "", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "Release, gcc, MbedTLS", | |
os: "ubuntu-22.04", | |
build-type: "Release", | |
dep-build-type: "Release", | |
cc: "gcc", | |
options: "-DENABLE_TESTS=ON -DENABLE_DNSSEC=ON", | |
tls-lib: "MbedTLS", | |
packages: "", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "Release, clang", | |
os: "ubuntu-22.04", | |
build-type: "Release", | |
dep-build-type: "Release", | |
cc: "clang", | |
options: "-DENABLE_TESTS=ON -DENABLE_DNSSEC=ON", | |
tls-lib: "OpenSSL", | |
packages: "", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "Debug, gcc, OpenSSL", | |
os: "ubuntu-22.04", | |
build-type: "Debug", | |
dep-build-type: "Release", | |
cc: "gcc", | |
options: "-DENABLE_DNSSEC=ON", | |
tls-lib: "OpenSSL", | |
packages: "valgrind", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "Debug, gcc, MbedTLS", | |
os: "ubuntu-22.04", | |
build-type: "Debug", | |
dep-build-type: "Release", | |
cc: "gcc", | |
options: "-DENABLE_DNSSEC=ON", | |
tls-lib: "MbedTLS", | |
packages: "valgrind", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "Debug, clang", | |
os: "ubuntu-22.04", | |
build-type: "Debug", | |
dep-build-type: "Release", | |
cc: "clang", | |
options: "-DENABLE_DNSSEC=ON", | |
tls-lib: "OpenSSL", | |
# no valgrind because it does not support DWARF5 yet generated by clang 14 | |
packages: "", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "No SSH nor TLS", | |
os: "ubuntu-22.04", | |
build-type: "Debug", | |
dep-build-type: "Release", | |
cc: "gcc", | |
options: "-DENABLE_SSH_TLS=OFF", | |
tls-lib: "", | |
packages: "valgrind", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "ASAN and UBSAN, OpenSSL", | |
os: "ubuntu-22.04", | |
build-type: "Debug", | |
dep-build-type: "Release", | |
cc: "clang", | |
options: "-DCMAKE_C_FLAGS=-fsanitize=address,undefined -DENABLE_VALGRIND_TESTS=OFF", | |
tls-lib: "OpenSSL", | |
packages: "", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "ASAN and UBSAN, MbedTLS", | |
os: "ubuntu-22.04", | |
build-type: "Debug", | |
dep-build-type: "Release", | |
cc: "clang", | |
options: "-DCMAKE_C_FLAGS=-fsanitize=address,undefined -DENABLE_VALGRIND_TESTS=OFF", | |
tls-lib: "MbedTLS", | |
packages: "", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
- { | |
name: "ABI Check", | |
os: "ubuntu-22.04", | |
build-type: "ABICheck", | |
dep-build-type: "Debug", | |
cc: "gcc", | |
options: "", | |
tls-lib: "OpenSSL", | |
packages: "abi-dumper abi-compliance-checker snap", | |
snaps: "core universal-ctags", | |
make-prepend: "", | |
make-target: "abi-check" | |
} | |
- { | |
name: "DEB Package", | |
os: "ubuntu-22.04", | |
build-type: "Release", | |
dep-build-type: "Release", | |
cc: "gcc", | |
options: "", | |
tls-lib: "OpenSSL", | |
packages: "cmake debhelper valgrind python3-pip", | |
snaps: "", | |
make-prepend: "", | |
make-target: "" | |
} | |
steps: | |
- uses: actions/checkout@main | |
with: | |
fetch-depth: 100 | |
- name: Deps-packages | |
shell: bash | |
run: | | |
sudo apt-get update | |
sudo apt-get install $DEFAULT_PACKAGES ${{ matrix.config.packages }} | |
if ${{ matrix.config.snaps != '' }} | |
then sudo snap refresh; sudo snap install ${{ matrix.config.snaps }} | |
fi | |
if ${{ matrix.config.name == 'DEB Package' }}; then | |
pip install apkg | |
apkg system-setup | |
fi | |
- name: Deps-uncrustify | |
shell: bash | |
working-directory: ${{ github.workspace }} | |
run: | | |
git clone --branch uncrustify-0.77.1 https://github.com/uncrustify/uncrustify | |
cd uncrustify | |
mkdir build | |
cd build | |
CC=${{ matrix.config.cc }} cmake .. | |
make | |
sudo make install | |
if: ${{ matrix.config.name == 'Debug, gcc, OpenSSL' || matrix.config.name == 'Debug, gcc, MbedTLS' }} | |
- name: Deps-libyang | |
shell: bash | |
run: | | |
git clone -b ${{ needs.git-branch.outputs.branch-name }} https://github.com/CESNET/libyang.git | |
cd libyang | |
if ${{ matrix.config.name == 'DEB Package' }}; then | |
apkg build | |
apkg install | |
else | |
mkdir build | |
cd build | |
CC=${{ matrix.config.cc }} cmake -DCMAKE_BUILD_TYPE=${{ matrix.config.dep-build-type }} -DENABLE_TESTS=OFF .. | |
make -j2 | |
sudo make install | |
fi | |
- name: Build-and-install-package | |
shell: bash | |
working-directory: ${{ github.workspace }} | |
run: | | |
apkg build | |
apkg install | |
if: ${{ matrix.config.name == 'DEB Package' }} | |
- name: Deps-libval | |
shell: bash | |
run: | | |
git clone https://github.com/DNSSEC-Tools/DNSSEC-Tools.git dnssec-tools | |
cd dnssec-tools/dnssec-tools/validator | |
./configure | |
make -j2 | |
sudo make install | |
if: ${{ matrix.config.name != 'DEB Package' }} | |
- name: Deps-MbedTLS | |
shell: bash | |
run: | | |
git clone -b mbedtls-3.5.2 https://github.com/Mbed-TLS/mbedtls.git | |
cd mbedtls | |
mkdir build | |
cd build | |
CC=${{ matrix.config.cc }} cmake -DUSE_SHARED_MBEDTLS_LIBRARY=On -DENABLE_TESTING=Off .. | |
make -j2 | |
sudo make install | |
if: ${{ matrix.config.tls-lib == 'MbedTLS' }} | |
- name: Configure | |
shell: bash | |
working-directory: ${{ github.workspace }} | |
run: | | |
mkdir build | |
cd build | |
CC=${{ matrix.config.cc }} cmake -DCMAKE_BUILD_TYPE=${{ matrix.config.build-type }} ${{ matrix.config.options }} .. | |
if: ${{ matrix.config.name != 'DEB Package' }} | |
- name: Build | |
shell: bash | |
working-directory: ${{ github.workspace }}/build | |
run: | | |
export LC_ALL=C.UTF-8 | |
export PATH=/snap/bin:${{ github.workspace }}/coverity-tools/bin:$PATH | |
${{ matrix.config.make-prepend }} make ${{ matrix.config.make-target }} | |
if: ${{ matrix.config.name != 'DEB Package' }} | |
- name: Test | |
shell: bash | |
working-directory: ${{ github.workspace }}/build | |
run: | | |
export LSAN_OPTIONS=suppressions=${{ github.workspace }}/tests/library_lsan.supp | |
ctest -j4 --output-on-failure | |
if: ${{ matrix.config.name != 'DEB Package' }} |