integrate zizmor in github actions #212
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Run tests | |
on: | |
push: | |
pull_request: | |
schedule: | |
- cron: '5 20 * * SUN' | |
jobs: | |
test: | |
runs-on: ubuntu-latest | |
env: | |
CFLAGS: -DMAXMINDDB_DEBUG=1 -std=c99 -Wall -Wextra -Werror -Wno-missing-field-initializers -fsanitize=address -Wpedantic -Wformat=2 -Walloca -Wvla -Wimplicit-fallthrough -Wcast-qual -Wconversion -Wshadow -Wundef -Wswitch-enum -fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2 | |
# Since we load ASAN with LD_PRELOAD, things like the Perl interpreter | |
# will get it as well. By default LeakSanitizer runs too. This leads to | |
# errors we don't care about, plus a much slower runtime. We're primarily | |
# interested in AddressSanitizer. Either way, disable LSAN for this test | |
# (the detect_leaks setting). | |
ASAN_OPTIONS: detect_leaks=0:strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:detect_invalid_pointer_pairs=2 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
submodules: true | |
persist-credentials: false | |
- run: sudo apt-get update | |
- run: sudo apt-get install --assume-yes libmaxminddb-dev apache2-bin apache2 libapache2-mod-perl2 libtool libpcre3-dev libapache2-mod-security2 libjson-xs-perl cpanminus apache2-dev | |
- run: sudo mkdir /etc/apache2/logs | |
- run: ./bootstrap | |
- run: ./configure | |
- run: make | |
- run: sudo make install | |
- run: sudo cpanm --installdeps --notest . | |
- run: perl Makefile.PL -configure -httpd_conf setup/apache2.conf -src_dir /usr/lib/apache2/modules | |
- run: mkdir t/logs | |
# ASAN expects to be linked to the runtime. In this case, apache. Since | |
# we're not building apache with ASAN, load it this way. This has the | |
# unfortunate side effect of loading it for things like Perl, and so does | |
# increase the runtime, but it seems tolerable. | |
- run: LD_PRELOAD=`clang -print-file-name=libclang_rt.asan-x86_64.so` ./t/TEST -v |