-
Notifications
You must be signed in to change notification settings - Fork 0
85 lines (70 loc) · 2.4 KB
/
linux.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
# Copyright (c) 2023 Sebastian Pipping <sebastian@pipping.org>
# SPDX-License-Identifier: Apache-2.0
name: Build and on Linux
# Drop permissions to minimum, for security
permissions:
contents: read
on:
pull_request:
push:
schedule:
- cron: '0 3 * * 5' # Every Friday at 3am
jobs:
linux:
name: Build (${{ matrix.cc }})
runs-on: ${{ matrix.runs-on }}
strategy:
fail-fast: false
matrix:
include:
- cc: gcc-13
cxx: g++-13
clang_major_version: null
clang_repo_suffix: null
runs-on: ubuntu-22.04
- cc: clang-18
cxx: clang++-18
clang_major_version: 18
clang_repo_suffix: -18
runs-on: ubuntu-22.04
steps:
- name: Add Clang/LLVM repositories
if: "${{ contains(matrix.cxx, 'clang') }}"
run: |-
set -x
source /etc/os-release
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
sudo add-apt-repository "deb http://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}${{ matrix.clang_repo_suffix }} main"
- name: Install build dependencies
run: |-
sudo apt-get update
sudo apt-get install --yes --no-install-recommends \
libseccomp-dev
- name: Install build dependency Clang ${{ matrix.clang_major_version }}
if: "${{ contains(matrix.cxx, 'clang') }}"
run: |-
sudo apt-get install --yes --no-install-recommends -V \
clang-${{ matrix.clang_major_version }}
- name: Checkout Git branch
uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: 'Build'
env:
CC: ${{ matrix.cc }}
CXX: ${{ matrix.cxx }}
CFLAGS: -Werror
LDFLAGS: -Wl,--as-needed
run: |-
make
- name: 'Smoke test'
run: |-
set -x
git clone https://github.com/jwilk/ttyjack
pushd ttyjack
git checkout -q 8e47f74fb288ca85bbb1b1ff63755a7ba8d56247 # for CI stability
make
popd
./antijack --help
./antijack -- echo hello
( set +e ; ./antijack -- sh -c 'exit 123' ; [[ $? == 123 ]] )
( set +e ; ./antijack -v --dump filter.bpf -- ttyjack/ttyjack echo nope ; [[ $? == 159 ]] )
[[ $(wc -c < filter.bpf) -gt 0 ]]