ci: add virustotal analysis of published binaries #175
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: cjit | |
on: | |
push: | |
paths-ignore: | |
- 'docs/**' | |
- '*.md' | |
branches: | |
- main | |
pull_request: | |
paths-ignore: | |
- 'docs/**' | |
- '*.md' | |
branches: | |
- main | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref_name }} | |
cancel-in-progress: true | |
jobs: | |
reuse: | |
name: π¨ REUSE Compliance | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: fsfe/reuse-action@v4 | |
c-lint: | |
name: π¨ C lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: reviewdog/action-cpplint@master | |
env: | |
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
reporter: github-pr-check | |
targets: --recursive src | |
level: warning | |
flags: --linelength=120 # Optional | |
filter: "-readability/braces\ | |
,-readability/casting\ | |
,-readability/multiline_comment\ | |
,-whitespace/comma\ | |
,-whitespace/braces\ | |
,-whitespace/comments\ | |
,-whitespace/indent\ | |
,-whitespace/newline\ | |
,-whitespace/operators\ | |
,-whitespace/parens\ | |
,-whitespace/tab\ | |
,-whitespace/end_of_line\ | |
" # Optional | |
# - name: Fail fast?! | |
# if: steps.linter.outputs.checks-failed > 0 | |
# run: | | |
# echo "π€ Some files failed the C linting checks!" | |
musl-test: | |
name: π§ Musl Linux test | |
needs: [reuse, c-lint] | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: install dependencies | |
run: | | |
sudo apt install -yq musl-tools musl-dev | |
- name: Build x86_64 with musl-system | |
run: | | |
make musl-linux | |
- name: Run tests | |
run: | | |
make check | |
win-native-test: | |
name: πͺ Windows native test | |
needs: [reuse, c-lint] | |
runs-on: "windows-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build native windows exe for x86_64 | |
run: | | |
make win-native | |
- name: Run tests | |
run: | | |
make check CJIT=./cjit.exe | |
osx-native-test: | |
name: π OSX native test | |
needs: [reuse, c-lint] | |
runs-on: "macos-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build native Apple/OSX command executable | |
run: | | |
make apple-osx | |
- name: Run tests | |
run: | | |
./cjit.command test/hello.c | |
semantic-release: | |
name: π€ Semantic release | |
needs: [musl-test, osx-native-test, win-native-test] | |
runs-on: ubuntu-latest | |
outputs: | |
new_release_published: ${{ steps.semantic-release.outputs.new_release_published }} | |
new_release_version: ${{ steps.semantic-release.outputs.new_release_version }} | |
if: ${{ github.ref_name == 'main' && github.event_name == 'push' }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Semantic Release | |
uses: cycjimmy/semantic-release-action@v4 | |
id: semantic-release | |
with: | |
extra_plugins: | | |
@semantic-release/changelog | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
- name: Upload release docs artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: documentation | |
path: | | |
build/release-intro.md | |
linux-release: | |
name: π§ Linux shared binary release build | |
runs-on: ubuntu-latest | |
needs: [semantic-release] | |
if: ${{ needs.semantic-release.outputs.new_release_published == 'true' }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install build deps | |
run: | | |
sudo apt install -qy make | |
- name: Build x86_64 on Linux | |
run: | | |
make linux-x86 RELEASE=1 | |
mv cjit cjit-Linux-x86_64 | |
- name: Upload artifact linux-amd64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-shared-linux-x86_64 | |
path: | | |
cjit-Linux-x86_64 | |
musl-release: | |
name: π§ Musl Linux binary release build | |
runs-on: ubuntu-latest | |
needs: [semantic-release] | |
if: ${{ needs.semantic-release.outputs.new_release_published == 'true' }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Install build deps | |
run: | | |
sudo apt install -qy make musl-tools musl-dev | |
- name: Build x86_64 with musl-system | |
run: | | |
make musl-linux RELEASE=1 | |
mv cjit cjit-Linux-x86_64-static | |
- name: Upload artifact linux-amd64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-musl-linux-x86_64 | |
path: | | |
cjit-Linux-x86_64-static | |
win-native-release: | |
name: πͺ Windows native binary release build | |
needs: [semantic-release] | |
runs-on: "windows-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Build native windows exe for x86_64 | |
run: | | |
make win-native RELEASE=1 | |
- name: Upload artifact windows-amd64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-win-native-x86_64 | |
path: | | |
cjit.exe | |
osx-native-release: | |
name: π OSX native binary release build | |
needs: [semantic-release] | |
runs-on: "macos-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Build native Apple/OSX command executable | |
run: | | |
make apple-osx RELEASE=1 | |
mv cjit.command cjit-Darwin-arm64 | |
- name: Upload artifact apple-osx | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-osx-native | |
path: | | |
cjit-Darwin-arm64 | |
draft-binary-release: | |
name: π¦ Pack release | |
needs: [semantic-release, osx-native-release, musl-release, linux-release, win-native-release] | |
runs-on: ubuntu-latest | |
steps: | |
- name: download binary artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: | | |
cjit-bin | |
- name: show directory structure | |
run: tree -dL 3 | |
- name: relase all binary artifacts | |
uses: softprops/action-gh-release@v2 | |
with: | |
files: | | |
cjit-bin/release*/* | |
tag_name: v${{ needs.semantic-release.outputs.new_release_version }} | |
body_path: cjit-bin/documentation/release-intro.md | |
append_body: true | |
draft: false | |
prerelease: false | |
fail_on_unmatched_files: true | |
generate_release_notes: true | |
remove-tag-on-fail: | |
name: 𧻠Remove tag on fail | |
needs: [semantic-release, osx-native-release, musl-release, linux-release, win-native-release] | |
runs-on: ubuntu-latest | |
if: ${{ (failure() || cancelled()) && needs.semantic-release.outputs.new_release_published == 'true' }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Remove tag | |
uses: dev-drprasad/[email protected] | |
with: | |
tag_name: v${{ needs.semantic-release.outputs.new_release_version }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
delete_release: false | |
repo: dyne/cjit |