aboutsummaryrefslogtreecommitdiff
path: root/.github (follow)
AgeCommit message (Collapse)AuthorFilesLines
2023-10-24CI: Disable sandboxing in fsanitize=address,undefined job.Jia Tan1-2/+6
The sandboxing on Linux now supports Landlock, which restricts all supported filesystem actions after xz opens the files it needs. The sandbox is only enabled when one file is input and we are writing to standard out. With fsanitize=address,undefined, the instrumentation needs to read additional files after the sandbox is in place. This forces all xz based test to fail, so the sandbox must instead be disabled.
2023-10-13CI: Bump and ref actions by commit SHA in windows-ci.ymlGabriela Gutierrez1-3/+3
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch. It's important to make sure the SHA's are from the original repositories and not forks. For reference: https://github.com/msys2/setup-msys2/releases/tag/v2.20.1 https://github.com/msys2/setup-msys2/commit/27b3aa77f672cb6b3054121cfd80c3d22ceebb1d https://github.com/actions/checkout/releases/tag/v4.1.0 https://github.com/actions/checkout/commit/8ade135a41bc03ea155e62e844d188df1ea18608 https://github.com/actions/upload-artifact/releases/tag/v3.1.3 https://github.com/actions/upload-artifact/commit/a8a3f3ad30e3422c9c7b888a15615d19a852ae32 Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-10-13CI: Bump and ref actions by commit SHA in ci.ymlGabriela Gutierrez1-2/+2
Referencing actions by commit SHA in GitHub workflows guarantees you are using an immutable version. Actions referenced by tags and branches are more vulnerable to attacks, such as the tag being moved to a malicious commit or a malicious commit being pushed to the branch. It's important to make sure the SHA's are from the original repositories and not forks. For reference: https://github.com/actions/checkout/releases/tag/v4.1.0 https://github.com/actions/checkout/commit/8ade135a41bc03ea155e62e844d188df1ea18608 https://github.com/actions/upload-artifact/releases/tag/v3.1.3 https://github.com/actions/upload-artifact/commit/a8a3f3ad30e3422c9c7b888a15615d19a852ae32 Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-09-29CI: Disable CLANG64 MSYS2 environment until bug is resolved.Jia Tan1-3/+5
lld 17.0.1 searches for libraries to link first in the toolchain directories before the local directory when building. The is a problem for us because liblzma.a is installed in MSYS2 CLANG64 by default and xz.exe will thus use the installed library instead of the one being built. This causes tests to fail when they are expecting features to be disabled. More importantly, it will compile xz.exe with an incorrect liblzma and could cause unexpected behavior by being unable to update liblzma code in static builds. The CLANG64 environment can be tested again once this is fixed. Link to bug: https://github.com/llvm/llvm-project/issues/67779.
2023-09-14CI: Enable CLMUL in address sanitization test.Jia Tan1-8/+4
The crc64_clmul() function should be ignored by the address sanitizer now so these builds should still pass.
2023-07-28CI: Fix windows-ci dependency installation.Jia Tan1-3/+3
All of the MSYS2 environments need make, and it does not come with the toolchain package. The toolchain package will install the needed compiler toolchains since without this package CMake cannot properly generate the Makefiles.
2023-07-25CI: Test CMake builds and test framework with MSYS2.Jia Tan1-12/+20
2023-07-25CI: Windows CI rename system matrix variable -> msys2_env.Jia Tan1-10/+5
Calling the MSYS2 environment "system" was a bit vague and should be more specific.
2023-07-24CI: Add Clang64 MSYS2 environment to Windows CI.Jia Tan1-0/+1
2023-07-22CI: Add Windows runner for Autotools builds with MSYS2.Jia Tan1-0/+119
Only a subset of the tests run by the Linux and MacOS Autotools builds are run. The most interesting tests are the ones that disable threads, encoders, and decoders. The Windows runner will only be run manually since these tests will likely take much longer than the Linux and MacOS runners. This runner should be used before merging any large features and before releases. Currently the clang64 environment fails to due to a warning and -Werror is enabled for the CI tests. This is still an early version since the CMake build can be done for MSVC and optionally each of the MSYS2 environments. GitHub does not allow manually running the CI tests unless the workflow is checked on the default branch so checking in a minimum version is a good idea. Thanks to Arthur S for the original proposing the original patch. Closes: https://github.com/tukaani-project/xz/pull/34
2023-06-28CI: Add test with -fsanitize=address,undefined.Jia Tan1-4/+19
ci_build.sh was updated to accept disabling of __attribute__ ifunc and CLMUL. This will allow -fsanitize=address to pass because ifunc is incompatible with -fsanitize=address. The CLMUL implementation has optimizations that potentially read past the buffer and mask out the unwanted bytes. This test will only run on Autotools Linux.
2023-06-28CI: Upgrade checkout action from v2 to v3.Jia Tan1-1/+1
2023-06-07CI: Add apt update command before installing dependencies.Jia Tan1-2/+6
Without the extra command, all of the CI tests were automatically failing because the Ubuntu servers could not be reached properly.
2023-04-25CI: Adds a build and test for small configuration.Jia Tan1-0/+5
2023-04-07Docs: Add missing word to SECURITY.md.Jia Tan1-1/+1
2023-04-07Docs: Minor edits to SECURITY.md.Jia Tan1-5/+20
2023-04-07Docs: Create SECURITY.mdGabriela Gutierrez1-0/+14
Signed-off-by: Gabriela Gutierrez <gabigutierrez@google.com>
2023-03-29CI: Tests for disabling threading on CMake builds.Jia Tan1-3/+0
2023-03-24CI: Runs CMake feature tests.Jia Tan1-114/+55
Now, CMake will run similar feature disable tests that the Autotools version did before. In order to do this without repeating lines in ci.yml, it now makes sense to use the GitHub Workflow matrix to create a loop.
2023-03-17CI: Add doxygen as a dependency.Jia Tan1-3/+2
Autogen now requires --no-doxygen or having doxygen installed to run without errors.
2023-02-01CI: Upload test logs as artifacts if a test fails.Jia Tan1-17/+43
2023-01-18CI: Reorder 32-bit build first for Linux autotool builds.Jia Tan1-5/+12
The 32-bit build needs to be first so the configure cache only needs to be reset one time. The 32-bit build sets the CFLAGS env variable, so any build using that flag after will fail unless the cache is reset.
2023-01-12CI: Disable shared and nls from various jobs in autotool runners.Jia Tan1-28/+28
Disabling shared library generation and linking should help speed up the runners. The shared library is still being tested in the 32 bit build and the full feature. Disabling nls is to check for any unexpected warnings or errors.
2023-01-12CI: Reorder the 32-bit job in the Ubuntu runner.Jia Tan1-5/+5
Run the 32 bit job sooner since this is a more interesting test than some of the later jobs.
2023-01-11CI/CD: Add 32-bit build and test steps to Ubuntu autotools runner.Jia Tan1-1/+6
If all goes well, Mac autotools and Linux and Mac CMake will be added later for 32-bit builds.
2023-01-07CI/CD: Split CMake Linux and MacOS build phase to build and test.Jia Tan1-2/+6
The phase split was only done for Autotools before, so should also apply to CMake.
2023-01-07CI/CD: Reduce job runners to 4 instead of using matrix strategy.Jia Tan1-12/+83
The old version used too many runners that resulted in unnecessary dependency downloads. Now, the runners are reused for the different configurations for each OS and build system.
2022-12-30CI/CD: Create initial version of CI/CD workflow.Jia Tan1-0/+72
The CI/CD workflow will only execute on Ubuntu and MacOS latest version. The workflow will attempt to build with autotools and CMake and execute the tests. The workflow will run for all pull requests and pushes done to the master branch.