Skip to content

integrate zizmor in github actions #212

integrate zizmor in github actions

integrate zizmor in github actions #212

Workflow file for this run

name: Run tests
on:
push:
pull_request:
schedule:
- cron: '5 20 * * SUN'
jobs:
test:
runs-on: ubuntu-latest
env:
CFLAGS: -DMAXMINDDB_DEBUG=1 -std=c99 -Wall -Wextra -Werror -Wno-missing-field-initializers -fsanitize=address -Wpedantic -Wformat=2 -Walloca -Wvla -Wimplicit-fallthrough -Wcast-qual -Wconversion -Wshadow -Wundef -Wswitch-enum -fstack-protector -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=2
# Since we load ASAN with LD_PRELOAD, things like the Perl interpreter
# will get it as well. By default LeakSanitizer runs too. This leads to
# errors we don't care about, plus a much slower runtime. We're primarily
# interested in AddressSanitizer. Either way, disable LSAN for this test
# (the detect_leaks setting).
ASAN_OPTIONS: detect_leaks=0:strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1:detect_invalid_pointer_pairs=2
steps:
- uses: actions/checkout@v4
with:
submodules: true
persist-credentials: false
- run: sudo apt-get update
- run: sudo apt-get install --assume-yes libmaxminddb-dev apache2-bin apache2 libapache2-mod-perl2 libtool libpcre3-dev libapache2-mod-security2 libjson-xs-perl cpanminus apache2-dev
- run: sudo mkdir /etc/apache2/logs
- run: ./bootstrap
- run: ./configure
- run: make
- run: sudo make install
- run: sudo cpanm --installdeps --notest .
- run: perl Makefile.PL -configure -httpd_conf setup/apache2.conf -src_dir /usr/lib/apache2/modules
- run: mkdir t/logs
# ASAN expects to be linked to the runtime. In this case, apache. Since
# we're not building apache with ASAN, load it this way. This has the
# unfortunate side effect of loading it for things like Perl, and so does
# increase the runtime, but it seems tolerable.
- run: LD_PRELOAD=`clang -print-file-name=libclang_rt.asan-x86_64.so` ./t/TEST -v