added codeql config #1
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI | |
on: | |
pull_request: | |
push: | |
branches: | |
- auto | |
jobs: | |
complete: | |
if: always() | |
needs: [fmt, cackle, cargo-deny, rust-check-git-rev-deps, build] | |
runs-on: ubuntu-latest | |
steps: | |
- if: contains(needs.*.result, 'failure') || contains(needs.*.result, 'cancelled') | |
run: exit 1 | |
fmt: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- run: rustup component add rustfmt | |
- run: rustup update | |
- run: cargo fmt --all --check | |
cackle: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: cackle-rs/cackle-action@997327f77e59d9cda7b0b6217f0fbdbd3f3ca904 | |
- run: cargo acl -n test | |
cargo-deny: | |
runs-on: ubuntu-latest | |
strategy: | |
matrix: | |
checks: | |
- advisories | |
- bans licenses sources | |
# Prevent sudden announcement of a new advisory from failing ci: | |
continue-on-error: ${{ matrix.checks == 'advisories' }} | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: EmbarkStudios/cargo-deny-action@1e59595bed8fc55c969333d08d7817b36888f0c5 | |
with: | |
command: check ${{ matrix.checks }} | |
# leave arguments empty so we don't test --all-features | |
# which will see conflicting env versions | |
arguments: | |
rust-check-git-rev-deps: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- uses: stellar/actions/rust-check-git-rev-deps@main | |
build: | |
runs-on: ubuntu-latest | |
strategy: | |
fail-fast: false | |
matrix: | |
toolchain: [ "gcc", "clang"] | |
protocol: ["current", "next"] | |
scenario: ["", "--check-test-tx-meta"] | |
steps: | |
- name: Fix kernel mmap rnd bits | |
# Asan in llvm provided in ubuntu 22.04 is incompatible with | |
# high-entropy ASLR in much newer kernels that GitHub runners are | |
# using leading to random crashes: https://reviews.llvm.org/D148280 | |
run: sudo sysctl vm.mmap_rnd_bits=28 | |
- name: Compute cache key | |
# this step works around a limitation in actions/cache | |
# that does not allow updating a cache | |
# so what we do here instead is | |
# 1. generate a new id that gets refreshed every hour | |
# the limit is to reduce the chance of hitting the | |
# global 5GB limit per repo | |
# 2. use that id as part of the cache identifier | |
# 3. fallback (restore-keys) to the most recent cache | |
id: cache_extra_id | |
run: | | |
echo "id=$(( $(date +'%s') / 60 / 60 ))" >> $GITHUB_OUTPUT | |
- name: Cache | |
uses: actions/[email protected] | |
with: | |
path: | | |
/home/runner/.ccache | |
key: ${{ runner.os }}-${{ matrix.toolchain }}-${{ matrix.protocol }}-cacheID-${{ steps.cache_extra_id.outputs.id }} | |
restore-keys: | | |
${{ runner.os }}-${{ matrix.toolchain }}-${{ matrix.protocol }}-cacheID- | |
- uses: actions/[email protected] | |
with: | |
fetch-depth: 200 | |
submodules: true | |
- name: install core packages | |
run: | | |
sudo apt-get update | |
sudo apt-get -y install --no-install-recommends apt-utils dialog git iproute2 procps lsb-release | |
- name: install tool chain | |
run: | | |
sudo apt-get -y install libstdc++-10-dev clang-format-12 ccache lldb | |
if test "${{ matrix.toolchain }}" = "gcc" ; then | |
sudo apt-get -y install cpp-10 gcc-10 g++-10 | |
else | |
sudo apt-get -y install clang-12 llvm-12 | |
fi | |
- name: install rustup components | |
run: rustup component add rustfmt | |
- name: install dependencies | |
run: sudo apt-get -y install postgresql git build-essential pkg-config autoconf automake libtool bison flex libpq-dev parallel libunwind-dev sed perl | |
- name: Build | |
run: | | |
if test "${{ matrix.toolchain }}" = "gcc" ; then | |
export CC='gcc' | |
export CXX='g++' | |
else | |
export CC='clang' | |
export CXX='clang++' | |
fi | |
echo Build with $CC and $CXX | |
./ci-build.sh --use-temp-db --protocol ${{ matrix.protocol }} ${{ matrix.scenario }} |