nix: Disable hardening for OpenSBI #423
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Copyright 2023, Colias Group, LLC | |
| # | |
| # SPDX-License-Identifier: BSD-2-Clause | |
| # | |
| name: CI | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| workflow_dispatch: | |
| jobs: | |
| check-licenses: | |
| name: Check licenses | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: seL4/ci-actions/license-check@master | |
| check-source: | |
| name: Check source | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cachix/install-nix-action@v26 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: coliasgroup | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - uses: actions/checkout@v4 | |
| - name: Check source | |
| run: make check-source | |
| check-dependencies: | |
| name: Check dependencies | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cachix/install-nix-action@v26 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: coliasgroup | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - uses: actions/checkout@v4 | |
| - name: Check dependencies | |
| run: make check-dependencies | |
| run-other-tests: | |
| name: Run other tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Prepare to maximize build space | |
| run: sudo mkdir /nix | |
| - name: Maximize build space | |
| uses: easimon/maximize-build-space@master | |
| with: | |
| build-mount-path: /nix | |
| root-reserve-mb: 8192 | |
| remove-dotnet: 'true' | |
| remove-android: 'true' | |
| remove-haskell: 'true' | |
| remove-codeql: 'true' | |
| remove-docker-images: 'true' | |
| - uses: cachix/install-nix-action@v26 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: coliasgroup | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - uses: actions/checkout@v4 | |
| - name: Run tests | |
| run: make run-fast-tests | |
| build-docs: | |
| name: Build docs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cachix/install-nix-action@v26 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: coliasgroup | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - uses: actions/checkout@v4 | |
| - name: Build docs | |
| run: make html-links | |
| build-everything: | |
| name: Build everything | |
| runs-on: ubuntu-latest | |
| needs: [check-licenses, check-source, run-other-tests, build-docs] | |
| steps: | |
| - name: Prepare to maximize build space | |
| run: sudo mkdir /nix | |
| - name: Maximize build space | |
| uses: easimon/maximize-build-space@master | |
| with: | |
| build-mount-path: /nix | |
| root-reserve-mb: 8192 | |
| remove-dotnet: 'true' | |
| remove-android: 'true' | |
| remove-haskell: 'true' | |
| remove-codeql: 'true' | |
| remove-docker-images: 'true' | |
| - uses: cachix/install-nix-action@v26 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| extra_nix_config: | | |
| auto-optimise-store = true | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: coliasgroup | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - uses: actions/checkout@v4 | |
| - name: Build everything | |
| run: make everything | |
| - name: Expose docs | |
| run: make html | |
| - name: Upload Pages artifact | |
| if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| uses: actions/upload-pages-artifact@v3 | |
| with: | |
| path: out/html | |
| check-kani-proofs: | |
| name: Check Kani proofs | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: cachix/install-nix-action@v26 | |
| with: | |
| nix_path: nixpkgs=channel:nixos-unstable | |
| - uses: cachix/cachix-action@v14 | |
| with: | |
| name: coliasgroup | |
| authToken: '${{ secrets.CACHIX_AUTH_TOKEN }}' | |
| - uses: actions/checkout@v4 | |
| - name: Check Kani proofs | |
| run: make check-kani-proofs | |
| deploy-docs: | |
| name: Deploy docs | |
| if: github.ref == format('refs/heads/{0}', github.event.repository.default_branch) | |
| needs: [check-dependencies, build-everything, check-kani-proofs] | |
| permissions: | |
| pages: write | |
| id-token: write | |
| environment: | |
| name: github-pages | |
| url: ${{ steps.deployment.outputs.page_url }} | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Deploy to GitHub Pages | |
| id: deployment | |
| uses: actions/deploy-pages@v4 |