Bump 3rdparty/vcpkg from c4467cb
to b8d688b
#661
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: CI pipeline | |
on: push | |
jobs: | |
debug_ubuntu_22: | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
zeek: [{version: 6.0.2-0, tag: -lts}] | |
env: | |
ZEEK_VERSION: ${{ matrix.zeek.version }} | |
ZEEK_TAG: ${{ matrix.zeek.tag }} | |
ZEEK_AGENT_CONFIGURE_ADDL: ${{ matrix.configure }} | |
LD_LIBRARY_PATH: /usr/lib/llvm-17/lib/clang/17/lib/linux | |
steps: | |
- name: Prepare | |
run: | | |
export DEBIAN_FRONTEND=noninteractive | |
sudo apt-get update | |
sudo apt-get install -y ninja-build ccache curl ca-certificates | |
sudo pip3 install btest zkg pre-commit | |
# LLVM toolchain | |
echo 'deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-17 main' | sudo tee -a /etc/apt/sources.list.d/llvm17.list | |
echo 'deb-src http://apt.llvm.org/jammy/ llvm-toolchain-jammy-17 main' | sudo tee -a /etc/apt/sources.list.d/llvm17.list | |
sudo curl https://apt.llvm.org/llvm-snapshot.gpg.key -o /etc/apt/trusted.gpg.d/llvm.asc | |
sudo apt-get update | |
sudo apt-get install -y llvm-17-dev clang-17 libclang-17-dev clang-format-17 clang-tidy-17 libclang-rt-17-dev | |
# for bpftool | |
sudo ln -s $(which llvm-strip-17) /usr/local/bin/llvm-strip | |
sudo apt-get install libelf-dev gcc-multilib | |
- name: Install Zeek | |
run: | | |
(cd /tmp && curl -L -O https://download.zeek.org/binary-packages/xUbuntu_22.04/amd64/zeek${ZEEK_TAG}-core_${ZEEK_VERSION}_amd64.deb) | |
sudo apt install -y /tmp/zeek${ZEEK_TAG}-core_${ZEEK_VERSION}_amd64.deb | |
echo "/opt/zeek/bin:$PATH" >> $GITHUB_PATH | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set up ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: ${{ github.job }} | |
- name: Build | |
run: | | |
./configure --prefix=/tmp/zeek-agent --enable-debug --enable-sanitizer --enable-ccache --enable-werror --generator=Ninja $ZEEK_AGENT_CONFIGURE_ADDL | |
ninja -C build | |
- name: Test | |
run: | | |
make test | |
- name: Check code | |
run: | | |
pre-commit run -a --show-diff-on-failure | |
# TODO: tidy fails in Broker currently | |
# ninja -C build tidy | |
- uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: Test output | |
path: | | |
tests/.tmp | |
zeek-agent/tests/.tmp | |
# TODO: Install Zeek and run Zeek tests. | |
release_alpine_3_19_static: | |
runs-on: ubuntu-22.04 | |
environment: ${{ (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/topic/ci-release-test' || startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }} | |
container: | |
image: alpine:3.19 | |
steps: | |
- name: Prepare | |
run: | | |
apk update | |
apk add linux-headers ccache cmake g++ gcc git make ninja tar zlib-static zlib-dev openssl-libs-static openssl-dev zstd-static python3 py3-pip bash | |
pip3 install --break-system-packages btest zkg | |
# for bpftool | |
apk add clang llvm libelf elfutils-dev | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set up ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: ${{ github.job }} | |
- name: Build | |
run: | | |
./configure --prefix=/tmp/zeek-agent --enable-ccache --enable-werror --enable-static --generator=Ninja --with-openssl= | |
ninja -C build | |
- name: Test | |
run: | | |
ldd build/bin/zeek-agent 2>&1 | grep -q "Not a valid dynamic program" | |
make -C tests test-no-zeek | |
- name: Install | |
run: | | |
ninja -C build install | |
find /tmp/zeek-agent -exec ls -ald '{}' ';' | |
- name: Package | |
run: | | |
ninja -C build package | |
(cd build/dist && echo "ZA_DIST=$(echo *.tar.gz)" >>$GITHUB_ENV) | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{env.ZA_DIST}} | |
path: build/dist/${{env.ZA_DIST}} | |
# TODO: Install Zeek and run Zeek tests. | |
release_macos_13: | |
env: | |
MACOS_VERSION: 13.0 | |
runs-on: macos-13 | |
environment: ${{ (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/topic/ci-release-test' || startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }} | |
steps: | |
- name: Prepare | |
run: | | |
brew update | |
brew upgrade cmake | |
brew install ninja ccache | |
pip3 install btest zkg | |
# time can be off, which confuses codesigning; this host can be accessed from GH actions | |
sudo sntp -sS time.windows.com | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set up ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: ${{ github.job }} | |
- name: Build universal arch OpenSSL | |
env: | |
OPENSSL_VERSION: 1.1.1w | |
run: | | |
curl -O https://www.openssl.org/source/openssl-${OPENSSL_VERSION}.tar.gz | |
tar xvzf openssl-${OPENSSL_VERSION}.tar.gz && mv openssl-${OPENSSL_VERSION} openssl_x86_64 | |
tar xvzf openssl-${OPENSSL_VERSION}.tar.gz && mv openssl-${OPENSSL_VERSION} openssl_arm64 | |
(cd openssl_x86_64 && CC="ccache cc" ./Configure darwin64-x86_64-cc no-shared no-tests -mmacosx-version-min=${MACOS_VERSION} && make -j) | |
(cd openssl_arm64 && CC="ccache cc" ./Configure darwin64-arm64-cc no-shared no-tests -mmacosx-version-min=${MACOS_VERSION} && make -j) | |
mkdir -p /tmp/openssl/lib /tmp/openssl/include | |
lipo -create openssl_arm64/libcrypto.a openssl_x86_64/libcrypto.a -output /tmp/openssl/lib/libcrypto.a | |
lipo -create openssl_arm64/libssl.a openssl_x86_64/libssl.a -output /tmp/openssl/lib/libssl.a | |
cp -r openssl_x86_64/include/openssl /tmp/openssl/include/ | |
rm -rf openssl-${OPENSSL_VERSION}* | |
- name: Build | |
run: | | |
./configure --prefix=${{runner.temp}}/zeek-agent --enable-ccache --enable-werror --enable-osx-universal --generator=Ninja --with-openssl=/tmp/openssl --osx-deployment-target=${MACOS_VERSION} | |
ninja -C build | |
- name: Test | |
run: | | |
file build/bin/zeek-agent | grep -q "universal binary with 2 architectures" | |
make -C tests test-no-zeek || true | |
- name: Install | |
run: | | |
ninja -C build install | |
find ${{runner.temp}}/zeek-agent -exec ls -ald '{}' ';' | |
### Only on topic branches | |
- name: Package (without codesign) | |
if: github.ref_name != 'main' && github.ref != 'refs/heads/topic/ci-release-test' && !startsWith(github.ref, 'refs/tags/v') | |
run: | | |
ninja -C build package | |
(cd build/dist && echo "ZA_DIST=$(echo *.dmg)" >>$GITHUB_ENV) | |
### Only on the main branch | |
- name: Set up keychain for code signing | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/topic/ci-release-test' || startsWith(github.ref, 'refs/tags/v') | |
env: | |
MACOS_APP_STORE_CONNECT_ISSUER_ID: ${{ secrets.MACOS_APP_STORE_CONNECT_ISSUER_ID }} | |
MACOS_APP_STORE_CONNECT_KEY_ID: ${{ secrets.MACOS_APP_STORE_CONNECT_KEY_ID }} | |
MACOS_APP_STORE_CONNECT_KEY_P8: ${{ secrets.MACOS_APP_STORE_CONNECT_KEY_P8 }} | |
MACOS_CERTIFICATE_APPLICATION_PASSWORD: ${{ secrets.MACOS_CERTIFICATE_APPLICATION_PASSWORD }} | |
MACOS_CERTIFICATE_APPLICATION_PEM: ${{ secrets.MACOS_CERTIFICATE_APPLICATION_PEM }} | |
MACOS_KEYCHAIN_PASSWORD: ${{ secrets.MACOS_KEYCHAIN_PASSWORD }} | |
run: | | |
echo -n "${MACOS_CERTIFICATE_APPLICATION_PEM}" >"${RUNNER_TEMP}/cert.pem" | |
security create-keychain -p "${MACOS_KEYCHAIN_PASSWORD}" "${RUNNER_TEMP}/keychain-db" | |
security set-keychain-settings -lut 100 "${RUNNER_TEMP}/keychain-db" | |
security default-keychain -s "${RUNNER_TEMP}/keychain-db" | |
security unlock-keychain -p "${MACOS_KEYCHAIN_PASSWORD}" "${RUNNER_TEMP}/keychain-db" | |
security import "${RUNNER_TEMP}/cert.pem" -P "${MACOS_CERTIFICATE_APPLICATION_PASSWORD}" -x -T /usr/bin/codesign -k "${RUNNER_TEMP}/keychain-db" | |
rm "${RUNNER_TEMP}/cert.pem" | |
echo -n "${MACOS_APP_STORE_CONNECT_KEY_P8}" >"${RUNNER_TEMP}/key.p8" | |
xcrun notarytool store-credentials -k "${RUNNER_TEMP}/key.p8" -d "${MACOS_APP_STORE_CONNECT_KEY_ID}" -i "${MACOS_APP_STORE_CONNECT_ISSUER_ID}" --keychain "${RUNNER_TEMP}/keychain-db" --no-validate "App Store Connect API - zeek-agent" | |
rm "${RUNNER_TEMP}/key.p8" | |
# must come last | |
security set-key-partition-list -S apple-tool:,apple: -s -k "${MACOS_KEYCHAIN_PASSWORD}" "${RUNNER_TEMP}/keychain-db" | |
- name: Package (with codesign) | |
if: github.ref == 'refs/heads/main' || github.ref == 'refs/heads/topic/ci-release-test' || startsWith(github.ref, 'refs/tags/v') | |
env: | |
MACOS_NOTARIZE: 1 | |
MACOS_CERTIFICATE_APPLICATION_ID: ${{ secrets.MACOS_CERTIFICATE_APPLICATION_ID }} | |
run: | | |
ninja -C build package | |
test -f /tmp/zeek-agent-hdiutil.log && cat /tmp/zeek-agent-hdiutil.log | |
(cd build/dist && echo "ZA_DIST=$(echo *.dmg)" >>$GITHUB_ENV) | |
- name: Clean up keychain | |
if: always() && (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/topic/ci-release-test' || startsWith(github.ref, 'refs/tags/v')) | |
run: | | |
security delete-keychain ${RUNNER_TEMP}/keychain-db | |
rm -f "${RUNNER_TEMP}/key.p8" "${RUNNER_TEMP}/cert.p8" | |
### Back to running on all branches | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{env.ZA_DIST}} | |
path: build/dist/${{env.ZA_DIST}} | |
release_windows_2022: | |
runs-on: windows-2022 | |
env: | |
VCPKG_ROOT: ${{ github.workspace }}/3rdparty/vcpkg | |
VCPKG_DEFAULT_BINARY_CACHE: ${{ github.workspace }}/3rdparty/vcpkg/bincache | |
VCPKG_TARGET_TRIPLET: x64-windows-static | |
# Something in the Windows build configuration breaks ccache and causes it to forget | |
# what its configuration is by the time we call configure and run the build. This | |
# forces it to remember. | |
CCACHE_CONFIGPATH: ~/ccache/ccache.conf | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Create vcpkg binary cache directory | |
run: mkdir -p $VCPKG_DEFAULT_BINARY_CACHE | |
shell: bash | |
# The github runner provides a version of ccache, but it's too old to | |
# properly support use with cl.exe. We need at least version 4.6 for | |
# everything to work right. The ccache-action below should be doing | |
# if but it's still picking up the wrong version of ccache. | |
- name: Install newer ccache | |
run: > | |
choco install ccache | |
shell: cmd | |
- name: Set up ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: ${{ github.job }} | |
- name: Set up Visual Studio shell | |
uses: egor-tensin/vs-shell@v2 | |
with: | |
arch: x64 | |
- name: Cache vcpkg output | |
uses: actions/cache@v4 | |
with: | |
path: | | |
${{ env.VCPKG_ROOT }} | |
!${{ env.VCPKG_ROOT }}/buildtrees | |
!${{ env.VCPKG_ROOT }}/packages | |
!${{ env.VCPKG_ROOT }}/downloads | |
!${{ env.VCPKG_ROOT }}/installed | |
key: | | |
${{ hashFiles( 'vcpkg.json' ) }}-${{ hashFiles( '.git/modules/vcpkg/HEAD' )}}-${{ env.VCPKG_TARGET_TRIPLET }} | |
- name: Configure | |
run: > | |
cmake -S . -B build -G Ninja -DCMAKE_C_COMPILER=cl.exe -DCMAKE_CXX_COMPILER=cl.exe -DCMAKE_MAKE_PROGRAM=ninja.exe -DCMAKE_BUILD_TYPE=Release -DCMAKE_VERBOSE_MAKEFILE=ON -DUSE_CCACHE=yes -DCMAKE_TOOLCHAIN_FILE="3rdparty/vcpkg/scripts/buildsystems/vcpkg.cmake" -DVCPKG_TARGET_TRIPLET=${{env.VCPKG_TARGET_TRIPLET}} | |
shell: cmd | |
- name: Build | |
run: > | |
cmake --build build --target install --config Release --parallel 2 | |
shell: cmd | |
### We can't run btest here for a number of reasons. See | |
### https://github.com/zeek/btest/issues/26. This also means | |
### there's no artifacts to upload upon failure. | |
- name: Test | |
run: > | |
"C:\Program Files (x86)\ZeekAgent\bin\zeek-agent.exe" -T | |
shell: cmd | |
- name: Build installer | |
run: | | |
cmake --build build --target package --config Release | |
(cd build/dist && echo "ZA_DIST=$(echo *.msi)" >>$GITHUB_ENV) | |
shell: bash | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{env.ZA_DIST}} | |
path: build/dist/${{env.ZA_DIST}} | |
release_source: | |
runs-on: ubuntu-22.04 | |
environment: ${{ (github.ref == 'refs/heads/main' || github.ref == 'refs/heads/topic/ci-release-test' || startsWith(github.ref, 'refs/tags/v')) && 'release' || '' }} | |
steps: | |
- name: Prepare | |
run: | | |
export DEBIAN_FRONTEND=noninteractive | |
sudo apt-get update | |
sudo apt-get install -y ninja-build ccache curl ca-certificates | |
# for bpftool | |
sudo apt-get install llvm libelf-dev gcc-multilib | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Set up ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: ${{ github.job }} | |
- name: Configure | |
run: | | |
./configure --generator=Ninja | |
- name: Package source code | |
run: | | |
ninja -C build package_source | |
(cd build/dist && echo "ZA_DIST=$(echo *.tar.gz)" >>$GITHUB_ENV) | |
- name: Test build of source code | |
run: | | |
mkdir -p ${{ runner.temp }}/test-build | |
cat build/dist/${{env.ZA_DIST}} | (cd ${{ runner.temp }}/test-build && tar xzvf -) | |
(cd $(echo ${{ runner.temp }}/test-build/zeek-agent*) && ./configure --generator=Ninja --enable-ccache && ninja -C build && ninja -C build test) | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: ${{env.ZA_DIST}} | |
path: build/dist/${{env.ZA_DIST}} | |
publish_release: | |
permissions: | |
contents: write | |
runs-on: ubuntu-22.04 | |
if: (startsWith(github.ref, 'refs/tags/v') && !contains(github.ref, '-dev')) | |
needs: [debug_ubuntu_22, release_alpine_3_19_static, release_macos_13, release_windows_2022, release_source] | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v4 | |
with: | |
submodules: recursive | |
- name: Prepare release message | |
run: | | |
cat CHANGES | awk '/^[0-9]+\./{ n++; next; } n < 2 { print }' >${{ runner.temp }}/release-msg | |
echo "release_name=$(echo ${{ github.ref_name }} | sed 's/^v//')" >> $GITHUB_ENV | |
- uses: actions/download-artifact@v4 | |
with: | |
path: artifacts | |
- name: Display artifacts | |
run: ls -al artifacts/*/* | |
- name: Upload artifacts | |
uses: softprops/action-gh-release@v1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
draft: false | |
prerelease: false | |
name: ${{ env.release_name }} | |
body_path: ${{ runner.temp }}/release-msg | |
files: | | |
artifacts/*/*.tar.gz | |
artifacts/*/*.dmg | |
artifacts/*/*.msi |