Skip to content

github: Minimize permissions granted to automated workflows / jobs #252

github: Minimize permissions granted to automated workflows / jobs

github: Minimize permissions granted to automated workflows / jobs #252

Workflow file for this run

on: [ push, pull_request ]
permissions:
contents: read
env:
CFLAGS: -Werror
UBUNTU_PACKAGES: |
xutils-dev xserver-xorg-dev libx11-dev libxi-dev libxrandr-dev libxinerama-dev libudev-dev
libgirepository1.0-dev libevdev-dev
python3-pip python3-gi python3-pytest
PIP_PACKAGES: meson ninja libevdev pytest pyyaml attrs
MESON_REQUIRED_VERSION: 0.51.0
jobs:
compile-with-autotools:
runs-on: ubuntu-20.04
strategy:
matrix:
compiler: [ gcc, clang ]
steps:
- name: Checkout the repo
uses: actions/checkout@v3
- uses: linuxwacom/libwacom/.github/actions/pkginstall@master
with:
apt: $UBUNTU_PACKAGES
- name: Build the driver
run: |
mkdir -p _build
pushd _build > /dev/null
# We don't want our CFLAGS (especially -Werror) to apply at `configure`
# time so short-circuit our environment at that moment and provide the
# flags to `make` instead. Not doing so results in an incorrect config:
# 'checking for rint in -lm... no' because of a builtin-declaration-mismatch
# warning (error) in the auto-generated feature test.
CFLAGS="" CC="${{ matrix.compiler }}" ../autogen.sh --disable-silent-rules
make CFLAGS="$CFLAGS"
popd > /dev/null
- name: Run unit tests
run: |
pushd _build > /dev/null
make check || (cat **/test-suite.log && false)
popd > /dev/null
- name: Run distcheck
run: |
pushd _build > /dev/null
make distcheck
popd > /dev/null
- name: move tarball to top level
run: |
mv _build/xf86-input-wacom-*tar.bz2 .
- uses: actions/upload-artifact@v3
with:
name: tarball
path: xf86-input-wacom-*tar.bz2
compile-with-meson:
runs-on: ubuntu-20.04
strategy:
matrix:
compiler:
- gcc
- clang
meson_options:
- ''
- '-Ddebug-messages=false'
# clang requires b_lundef=false for b_santize, see
# https://github.com/mesonbuild/meson/issues/764
- '-Db_sanitize=address,undefined -Db_lundef=false'
steps:
- uses: actions/checkout@v3
- uses: linuxwacom/libwacom/.github/actions/pkginstall@master
with:
apt: $UBUNTU_PACKAGES
pip: $PIP_PACKAGES
- name: meson test ${{matrix.meson_options}}
uses: linuxwacom/libwacom/./.github/actions/meson@master
with:
meson_args: -Dauto_features=enabled ${{matrix.meson_options}}
env:
CC: ${{matrix.compiler}}
# Capture all the meson logs, even if we failed
- uses: actions/upload-artifact@v3
if: ${{ always() }} # even if we fail
with:
name: meson-test-logs-${{github.job}}-${{matrix.compiler}}-${{matrix.meson_options}}
path: |
builddir/meson-logs/testlog*.txt
builddir/meson-logs/meson-log.txt
compile-with-meson-exact-version:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- uses: linuxwacom/libwacom/.github/actions/pkginstall@master
with:
apt: $UBUNTU_PACKAGES
pip: $PIP_PACKAGES
- name: install exact meson version
run: pip install "meson == $MESON_REQUIRED_VERSION"
- name: meson test
uses: linuxwacom/libwacom/./.github/actions/meson@master
with:
meson_args: -Dauto_features=enabled
# Capture all the meson logs, even if we failed
- uses: actions/upload-artifact@v3
if: ${{ always() }} # even if we fail
with:
name: meson-test-logs-${{github.job}}
path: |
builddir/meson-logs/testlog*.txt
builddir/meson-logs/meson-log.txt
###
#
# tarball verification
#
build-from-tarball-autotools:
needs: compile-with-autotools
runs-on: ubuntu-20.04
env:
TARBALLDIR: '_tarball_dir'
INSTALLDIR: '/tmp/_inst'
steps:
- uses: linuxwacom/libwacom/.github/actions/pkginstall@master
with:
apt: $UBUNTU_PACKAGES
- name: fetch tarball from previous job(s)
uses: actions/download-artifact@v3
with:
name: tarball
- name: extract tarball
run: |
mkdir -p "$TARBALLDIR"
tar xf xf86-input-wacom-*.tar.bz2 -C "$TARBALLDIR"
- run: mkdir -p "$INSTALLDIR"
- name: build from tarball with autotools
run: |
pushd "$TARBALLDIR"/xf86-input-wacom*/
autoreconf -ivf
# See comment in compile-with-autotools
CFLAGS="" ./configure --disable-silent-rules --prefix="$INSTALLDIR"
make CFLAGS="$CFLAGS"
make check || (cat **/test-suite.log && false)
popd > /dev/null
build-from-tarball-meson:
needs: compile-with-autotools
runs-on: ubuntu-20.04
env:
TARBALLDIR: '_tarball_dir'
INSTALLDIR: '/tmp/_inst'
steps:
- uses: linuxwacom/libwacom/.github/actions/pkginstall@master
with:
apt: $UBUNTU_PACKAGES
pip: $PIP_PACKAGES
- name: fetch tarball from previous job(s)
uses: actions/download-artifact@v3
with:
name: tarball
- name: extract tarball
run: |
mkdir -p "$TARBALLDIR"
tar xf xf86-input-wacom-*.tar.bz2 -C "$TARBALLDIR"
- run: mkdir -p "$INSTALLDIR"
- name: build from tarball with meson
uses: linuxwacom/libwacom/.github/actions/meson@master
with:
srcdir: $TARBALLDIR/xf86-input-wacom-*/
meson_args: -Dauto_features=enabled --prefix="$INSTALLDIR"
ninja_args: test
# Capture all the meson logs, even if we failed
- uses: actions/upload-artifact@v3
if: ${{ always() }} # even if we fail
with:
name: tarball-build-meson-test-logs
path: |
builddir/meson-logs/testlog*.txt
builddir/meson-logs/meson-log.txt
check-tarball-files:
needs: compile-with-autotools
runs-on: ubuntu-20.04
env:
TARBALLDIR: '_tarball_dir'
steps:
- name: Checkout the repo
uses: actions/checkout@v3
- name: fetch tarball from previous job(s)
uses: actions/download-artifact@v3
with:
name: tarball
- name: list git files
run: git ls-files | grep -v -e '.gitignore' -e '.github' -e '.editorconfig' -e 'release.sh' -e 'git-version-gen' > files-in-git.txt
- name: list tarball files
run: |
tar ft xf86-input-wacom-*.tar.bz2 | sed -e 's|^[^/]*/||' | sort > files-in-tarball.txt
- name: check for missing files
run: |
rm -f missing-files.txt
for filename in $(cat files-in-git.txt); do
if ! grep -q "$filename" files-in-tarball.txt; then
echo "$filename" >> missing-files.txt
fi
done
if [[ -e missing-files.txt ]]; then
echo "Files missing from tarball:"
cat missing-files.txt
exit 1
fi