forked from semgrep/semgrep
-
Notifications
You must be signed in to change notification settings - Fork 0
130 lines (130 loc) · 4.12 KB
/
build-test-osx-arm64.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
# AUTOGENERATED FROM build-test-osx-arm64.jsonnet DO NOT MODIFY
jobs:
build-core:
runs-on:
- self-hosted
- macOS
- ARM64
- ghcr.io/cirruslabs/macos-monterey-xcode:latest
steps:
- name: Setup runner directory
run: |
sudo mkdir -p /Users/runner
sudo chown admin:staff /Users/runner
sudo chmod 750 /Users/runner
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- uses: actions/checkout@v3
with:
submodules: true
- env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
if: ${{ inputs.use-cache}}
name: Set GHA cache for OPAM in ~/.opam
uses: actions/cache@v3
with:
key: ${{ runner.os }}-${{ runner.arch }}-v1-opam-4.14.0-${{hashFiles('semgrep.opam')}}
path: ~/.opam
- name: Install dependencies
run: ./scripts/osx-setup-for-release.sh "4.14.0"
- name: Compile semgrep
run: opam exec -- make core
- name: Make artifact for ./bin/semgrep-core
run: |
mkdir artifacts
cp ./bin/semgrep-core artifacts/
tar czf artifacts.tgz artifacts
- uses: actions/upload-artifact@v3
with:
name: semgrep-osx-arm64-${{ github.sha }}
path: artifacts.tgz
- name: Test semgrep-core
run: opam exec -- make core-test
build-wheels:
needs:
- build-core
runs-on:
- self-hosted
- macOS
- ARM64
- ghcr.io/cirruslabs/macos-monterey-xcode:latest
steps:
- name: Setup runner directory
run: |
sudo mkdir -p /Users/runner
sudo chown admin:staff /Users/runner
sudo chmod 750 /Users/runner
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions/download-artifact@v3
with:
name: semgrep-osx-arm64-${{ github.sha }}
- run: |
tar xvfz artifacts.tgz
cp artifacts/semgrep-core cli/src/semgrep/bin
./scripts/build-wheels.sh --plat-name macosx_11_0_arm64
- uses: actions/upload-artifact@v3
with:
name: osx-arm64-wheel
path: cli/dist.zip
test-wheels:
needs:
- build-wheels
runs-on:
- self-hosted
- macOS
- ARM64
- ghcr.io/cirruslabs/macos-monterey-xcode:latest
steps:
- name: Setup runner directory
run: |
sudo mkdir -p /Users/runner
sudo chown admin:staff /Users/runner
sudo chmod 750 /Users/runner
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- uses: actions/download-artifact@v3
with:
name: osx-arm64-wheel
- run: unzip dist.zip
- name: install package
run: pip3 install dist/*.whl
- run: semgrep --version
- name: e2e semgrep-core test
run: echo '1 == 1' | semgrep -l python -e '$X == $X' -
- name: test dynamically linked libraries are in /usr/lib/
run: |
otool -L $(semgrep --dump-engine-path) | tee otool.txt
if [ $? -ne 0 ]; then
echo "Failed to list dynamically linked libraries.";
exit 1;
fi
NON_USR_LIB_DYNAMIC_LIBRARIES=$(tail -n +2 otool.txt | grep -v "^\\s*/usr/lib/")
if [ $? -eq 0 ]; then
echo "Error: semgrep-core has been dynamically linked against libraries outside /usr/lib:"
echo $NON_USR_LIB_DYNAMIC_LIBRARIES
exit 1;
fi;
shell: bash {0}
name: build-test-osx-arm64
on:
workflow_call:
inputs:
use-cache:
default: true
description: Use Opam Cache - uncheck the box to disable use of the opam cache, meaning a long-running but completely from-scratch build.
required: false
type: boolean
workflow_dispatch:
inputs:
use-cache:
default: true
description: Use Opam Cache - uncheck the box to disable use of the opam cache, meaning a long-running but completely from-scratch build.
required: true
type: boolean