[1.14.x] Backport various bug fixes from main #3259
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Flatpak CI | |
on: | |
push: | |
branches: | |
- main | |
- flatpak-1.0.x | |
- flatpak-1.2.x | |
- flatpak-1.4.x | |
- flatpak-1.6.x | |
- flatpak-1.8.x | |
- flatpak-1.10.x | |
- flatpak-1.12.x | |
- flatpak-1.14.x | |
pull_request: | |
paths-ignore: | |
- README.md | |
- CONTRIBUTING.md | |
- NEWS | |
- COPYING | |
- CODE_OF_CONDUCT.md | |
- uncrustify.cfg | |
- uncrustify.sh | |
branches: | |
- main | |
- flatpak-1.0.x | |
- flatpak-1.2.x | |
- flatpak-1.4.x | |
- flatpak-1.6.x | |
- flatpak-1.8.x | |
- flatpak-1.10.x | |
- flatpak-1.12.x | |
- flatpak-1.14.x | |
permissions: | |
contents: read | |
jobs: | |
check: | |
name: Build with gcc and test | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Install Dependencies | |
run: | | |
head -v -n-0 /etc/apt/sources.list || : | |
head -v -n-0 /etc/apt/sources.list.d/* || : | |
# Workaround for https://github.com/orgs/community/discussions/120966 | |
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list | |
sudo apt-get update | |
sudo apt-get install -y libglib2.0-dev attr automake gettext autopoint bison dbus gtk-doc-tools \ | |
libfuse3-dev ostree libostree-dev libarchive-dev libzstd-dev libcap-dev libattr1-dev libdw-dev libelf-dev python3-pyparsing \ | |
libjson-glib-dev shared-mime-info desktop-file-utils libpolkit-agent-1-dev libpolkit-gobject-1-dev \ | |
libseccomp-dev libsoup2.4-dev libcurl4-openssl-dev libsystemd-dev libxml2-utils libgpgme11-dev gobject-introspection \ | |
libgirepository1.0-dev libappstream-dev libdconf-dev clang socat meson libdbus-1-dev e2fslibs-dev bubblewrap xdg-dbus-proxy \ | |
python3-pip meson ninja-build libyaml-dev libstemmer-dev gperf itstool libmalcontent-0-dev | |
# One of the tests wants this | |
sudo mkdir /tmp/flatpak-com.example.App-OwnedByRoot | |
- name: Check out flatpak | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Build appstream dependency # (We need at least 0.15.3 for the g_once fix) | |
run: | | |
sudo pip3 install 'meson~=0.62' | |
git clone --branch v0.15.4 --depth 1 --no-tags https://github.com/ximion/appstream.git ./appstream | |
pushd ./appstream | |
meson setup --prefix=/usr _build | |
ninja -C _build | |
sudo ninja -C _build install | |
popd | |
- name: Create logs dir | |
run: mkdir test-logs | |
- name: autogen.sh | |
run: NOCONFIGURE=1 ./autogen.sh | |
- name: configure | |
# We don't do gtk-doc or GObject-Introspection here, because they can | |
# clash with AddressSanitizer. Instead, the clang build enables those. | |
run: | | |
mkdir _build | |
pushd _build | |
../configure --enable-internal-checks --enable-asan --disable-introspection --with-curl --with-system-bubblewrap --with-system-dbus-proxy | |
popd | |
env: | |
CFLAGS: -O2 -Wp,-D_FORTIFY_SOURCE=2 | |
- name: Build flatpak | |
run: make -C _build -j $(getconf _NPROCESSORS_ONLN) | |
- name: Run tests | |
run: make -C _build check -j $(getconf _NPROCESSORS_ONLN) | |
env: | |
ASAN_OPTIONS: detect_leaks=0 # Right now we're not fully clean, but this gets us use-after-free etc | |
- name: Collect overall test logs on failure | |
if: failure() | |
run: mv _build/test-suite.log test-logs/ || true | |
- name: Collect individual test logs on cancel | |
if: failure() || cancelled() | |
run: mv _build/tests/*.log test-logs/ || true | |
- name: Upload test logs | |
uses: actions/upload-artifact@v3 | |
if: failure() || cancelled() | |
with: | |
name: test logs | |
path: test-logs | |
# This is similar to the above, but runs on an older OS with some different configuration: | |
# * Soup instead of curl | |
# * Use built in bubblewrap instead of external | |
# * Use built in xdg-dbus-proxy instead of external | |
# * Disable malcontent build-dependency | |
check-alt2: | |
name: Build with gcc and test (older) | |
runs-on: ubuntu-20.04 | |
steps: | |
- name: Install Dependencies | |
run: | | |
sudo add-apt-repository ppa:flatpak/stable | |
sudo apt-get update | |
sudo apt-get install -y libglib2.0-dev attr automake gettext autopoint bison dbus gtk-doc-tools \ | |
libfuse-dev ostree libostree-dev libarchive-dev libzstd-dev libcap-dev libattr1-dev libdw-dev libelf-dev python3-pyparsing \ | |
libjson-glib-dev shared-mime-info desktop-file-utils libpolkit-agent-1-dev libpolkit-gobject-1-dev \ | |
libseccomp-dev libsoup2.4-dev libcurl4-openssl-dev libsystemd-dev libxml2-utils libgpgme11-dev gobject-introspection \ | |
libgirepository1.0-dev libappstream-dev libdconf-dev clang socat meson libdbus-1-dev e2fslibs-dev | |
# One of the tests wants this | |
sudo mkdir /tmp/flatpak-com.example.App-OwnedByRoot | |
- name: Check out flatpak | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Create logs dir | |
run: mkdir test-logs | |
- name: autogen.sh | |
run: NOCONFIGURE=1 ./autogen.sh | |
- name: configure | |
# We don't do gtk-doc or GObject-Introspection here, because they can | |
# clash with AddressSanitizer. Instead, the clang build enables those. | |
run: | | |
mkdir _build | |
pushd _build | |
../configure --enable-internal-checks --enable-asan --disable-introspection --without-curl | |
popd | |
env: | |
CFLAGS: -O2 -Wp,-D_FORTIFY_SOURCE=2 | |
- name: Build flatpak | |
run: make -C _build -j $(getconf _NPROCESSORS_ONLN) | |
- name: Run tests | |
run: make -C _build check -j $(getconf _NPROCESSORS_ONLN) | |
env: | |
ASAN_OPTIONS: detect_leaks=0 # Right now we're not fully clean, but this gets us use-after-free etc | |
- name: Collect overall test logs on failure | |
if: failure() | |
run: mv _build/test-suite.log test-logs/ || true | |
- name: Collect individual test logs on cancel | |
if: failure() || cancelled() | |
run: mv _build/tests/*.log test-logs/ || true | |
- name: Upload test logs | |
uses: actions/upload-artifact@v3 | |
if: failure() || cancelled() | |
with: | |
name: test logs | |
path: test-logs | |
clang: | |
permissions: | |
security-events: write # for codeql | |
name: Build with clang and analyze | |
runs-on: ubuntu-20.04 | |
strategy: | |
fail-fast: false | |
matrix: | |
language: [ 'cpp', 'python' ] | |
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ] | |
# Learn more: | |
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed | |
steps: | |
# Initializes the CodeQL tools for scanning. | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v2 | |
with: | |
languages: ${{ matrix.language }} | |
# If you wish to specify custom queries, you can do so here or in a config file. | |
# By default, queries listed here will override any specified in a config file. | |
# Prefix the list here with "+" to use these queries and those in the config file. | |
# queries: ./path/to/local/query, your-org/your-repo/queries@main | |
- name: Install Dependencies | |
run: | | |
sudo add-apt-repository ppa:flatpak/stable | |
sudo apt-get update | |
sudo apt-get install -y libglib2.0-dev attr automake gettext autopoint bison dbus gtk-doc-tools \ | |
libfuse-dev ostree libostree-dev libarchive-dev libzstd-dev libcap-dev libattr1-dev libdw-dev libelf-dev python3-pyparsing \ | |
libjson-glib-dev shared-mime-info desktop-file-utils libpolkit-agent-1-dev libpolkit-gobject-1-dev \ | |
libseccomp-dev libsoup2.4-dev libcurl4-openssl-dev libsystemd-dev libxml2-utils libgpgme11-dev gobject-introspection \ | |
libgirepository1.0-dev libappstream-dev libdconf-dev clang e2fslibs-dev | |
- name: Check out flatpak | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: configure | |
run: ./autogen.sh | |
env: | |
CC: clang | |
CFLAGS: -Werror=unused-variable | |
- name: Build flatpak | |
run: make -j $(getconf _NPROCESSORS_ONLN) | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v2 | |
valgrind: | |
name: Run tests in valgrind | |
needs: check # Don't run expensive test if main check fails | |
runs-on: ubuntu-22.04 # Might as well test with a different one too | |
if: ${{ false }} # Currently Valgrind takes too long and always fails | |
steps: | |
- name: Install Dependencies | |
run: | | |
sudo add-apt-repository ppa:flatpak/stable | |
sudo apt-get update | |
sudo apt-get install -y libglib2.0-dev attr automake gettext autopoint bison dbus gtk-doc-tools \ | |
libfuse-dev ostree libostree-dev libarchive-dev libzstd-dev libcap-dev libattr1-dev libdw-dev libelf-dev python3-pyparsing \ | |
libjson-glib-dev shared-mime-info desktop-file-utils libpolkit-agent-1-dev libpolkit-gobject-1-dev \ | |
libseccomp-dev libsoup2.4-dev libcurl4-openssl-dev libsystemd-dev libxml2-utils libgpgme11-dev gobject-introspection \ | |
libgirepository1.0-dev libappstream-dev libdconf-dev clang socat meson libdbus-1-dev \ | |
valgrind e2fslibs-dev | |
- name: Check out flatpak | |
uses: actions/checkout@v3 | |
with: | |
submodules: true | |
- name: Create logs dir | |
run: mkdir test-logs | |
- name: autogen.sh | |
run: NOCONFIGURE=1 ./autogen.sh | |
- name: configure | |
run: | | |
mkdir _build | |
pushd _build | |
../configure --enable-gtk-doc --enable-gtk-doc-html --enable-introspection | |
popd | |
env: | |
CFLAGS: -O2 | |
- name: Build flatpak | |
run: make -C _build -j $(getconf _NPROCESSORS_ONLN) | |
- name: Distcheck | |
run: make -C _build distcheck | |
- name: Run tests under valgrind | |
run: make -C _build check | |
env: | |
FLATPAK_TESTS_VALGRIND: true | |
- name: Collect overall test logs on failure | |
if: failure() | |
run: mv _build/test-suite.log test-logs/ || true | |
- name: Collect individual test logs on cancel | |
if: failure() || cancelled() | |
run: mv _build/tests/*.log test-logs/ || true | |
- name: Upload test logs | |
uses: actions/upload-artifact@v3 | |
if: failure() || cancelled() | |
with: | |
name: test logs | |
path: test-logs |