mirror of
				https://github.com/upx/upx
				synced 2025-10-26 23:36:41 +08:00 
			
		
		
		
	
		
			
				
	
	
		
			104 lines
		
	
	
		
			4.9 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
			
		
		
	
	
			104 lines
		
	
	
		
			4.9 KiB
		
	
	
	
		
			YAML
		
	
	
	
	
	
| # Copyright (C) Markus Franz Xaver Johannes Oberhumer
 | |
| # RT RunTime checks
 | |
| 
 | |
| # runs ASAN, MSAN, qemu and valgrind checkers; slow!
 | |
| 
 | |
| name: 'Weekly CI RT - ASAN MSAN Valgrind'
 | |
| on:
 | |
|   schedule: [cron: '00 3 * * 3'] # run weekly Wednesday 03:00 UTC
 | |
|   workflow_dispatch:
 | |
| env:
 | |
|   CMAKE_REQUIRED_QUIET: OFF
 | |
|   DEBIAN_FRONTEND: noninteractive
 | |
| 
 | |
| jobs:
 | |
|   job-runtime-checkers: # uses cmake + make
 | |
|     if: github.repository_owner == 'upx'
 | |
|     strategy:
 | |
|       fail-fast: false
 | |
|       matrix:
 | |
|         include:
 | |
|           - container: 'alpine:3.18'
 | |
|             release: debug
 | |
|             qemu: 'qemu-x86_64 -cpu Westmere'
 | |
|           - container: 'alpine:3.18'
 | |
|             release: release
 | |
|             qemu: 'qemu-x86_64 -cpu Westmere'
 | |
|           - container: 'alpine:edge'
 | |
|             release: release
 | |
|             qemu: 'qemu-x86_64 -cpu Westmere'
 | |
|           - container: 'i386/alpine:edge'
 | |
|             release: release
 | |
|             qemu: 'qemu-i386'
 | |
|     name: ${{ format('{0} {1}', matrix.container, matrix.release) }}
 | |
|     runs-on: ubuntu-latest
 | |
|     container: ${{ matrix.container }}
 | |
|     env:
 | |
|       release: ${{ matrix.release }}
 | |
|     steps:
 | |
|       - name: ${{ format('Install packages {0} {1}', matrix.container, matrix.release) }}
 | |
|         run: |
 | |
|           apk update && apk upgrade
 | |
|           apk add bash clang cmake compiler-rt coreutils g++ git make qemu-i386 qemu-x86_64 tar valgrind
 | |
|           # this seems to be needed when running in a container (beause of UID mismatch??)
 | |
|           git config --global --add safe.directory '*'          
 | |
|       - name: ${{ format('Check out UPX {0} source code', github.ref_name) }}
 | |
|         run: |
 | |
|           git clone --branch "$GITHUB_REF_NAME" --depth 1 https://github.com/upx/upx .
 | |
|           git submodule update --init
 | |
|           git clone --depth=1 https://github.com/upx/upx-testsuite ../upx-testsuite          
 | |
|       - name: 'Build clang-static'
 | |
|         run: |
 | |
|           export CC="clang -static" CXX="clang++ -static"
 | |
|           make UPX_XTARGET=clang-static xtarget/$release          
 | |
|       - name: 'Build clang-asan'
 | |
|         if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: ASAN not supported
 | |
|         run: |
 | |
|           # unfortunately ASAN does not support static linking
 | |
|           flags="-fsanitize=address -fsanitize=pointer-compare -fsanitize=pointer-subtract -fsanitize=undefined -fno-omit-frame-pointer -D__SANITIZE_ADDRESS__=1"
 | |
|           export CC="clang $flags" CXX="clang++ $flags"
 | |
|           make UPX_XTARGET=clang-asan xtarget/$release          
 | |
|       - name: 'Build clang-msan'
 | |
|         if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: MSAN not supported
 | |
|         run: |
 | |
|           # unfortunately MSAN does not support static linking
 | |
|           flags="-fsanitize=memory -fsanitize=undefined -fno-omit-frame-pointer -D__SANITIZE_ADDRESS__=1 -DDOCTEST_CONFIG_DISABLE=1"
 | |
|           export CC="clang $flags" CXX="clang++ $flags"
 | |
|           make UPX_XTARGET=clang-msan xtarget/$release          
 | |
|       - name: 'Make artifact'
 | |
|         run: |
 | |
|           N=$(echo "upx-${GITHUB_REF_NAME}-${GITHUB_SHA:0:7}-weekly-ci-runtime-checkers-${{ matrix.container }}-${{ matrix.release }}" | sed 's/[^0-9a-zA-Z_.-]/-/g')
 | |
|           mkdir -p "tmp/artifact/$N"
 | |
|           (cd build && cp -ai --parents */*/*/upx "../tmp/artifact/$N")
 | |
|           (cd tmp/artifact && tar --sort=name -czf "$N.tar.gz" "$N" && rm -rf "./$N")
 | |
|           # GitHub Actions magic: set "artifact_name" environment value for use in next step
 | |
|           echo "artifact_name=$N" >> $GITHUB_ENV          
 | |
|       - name: ${{ format('Upload artifact {0}', env.artifact_name) }}
 | |
|         if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: missing nodejs on host
 | |
|         uses: actions/upload-artifact@v3
 | |
|         with:
 | |
|           name: ${{ env.artifact_name }}
 | |
|           path: tmp/artifact
 | |
|       - name: 'Run testsuite clang-asan'
 | |
|         if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: ASAN not supported
 | |
|         run: |
 | |
|           export ASAN_OPTIONS=detect_invalid_pointer_pairs=2
 | |
|           env -C build/xtarget/clang-asan/$release "$PWD"/misc/testsuite/upx_testsuite_1.sh          
 | |
|       - name: 'Run testsuite clang-msan'
 | |
|         if: ${{ !startsWith(matrix.container, 'i386/') }} # i386: MSAN not supported
 | |
|         run: |
 | |
|           env -C build/xtarget/clang-msan/$release "$PWD"/misc/testsuite/upx_testsuite_1.sh          
 | |
|       - name: 'Run testsuite clang-static - QEMU'
 | |
|         if: ${{ matrix.qemu }}
 | |
|         run: |
 | |
|           export upx_exe_runner="${{ matrix.qemu }}"
 | |
|           env -C build/xtarget/clang-static/$release "$PWD"/misc/testsuite/upx_testsuite_1.sh          
 | |
|       - name: 'Run testsuite clang-static - Valgrind'
 | |
|         if: true # very slow
 | |
|         run: |
 | |
|           export upx_exe_runner="valgrind --error-exitcode=1 --quiet"
 | |
|           # on current GitHub CI, takes about 30 minutes for release and 80 minutes for debug builds
 | |
|           # reduce time for debug builds to about 30 minutes
 | |
|           test $release = debug && export UPX_TESTSUITE_LEVEL=4
 | |
|           env -C build/xtarget/clang-static/$release "$PWD"/misc/testsuite/upx_testsuite_1.sh          
 | 
