forked from dogtagpki/jss
-
Notifications
You must be signed in to change notification settings - Fork 0
161 lines (137 loc) · 4.37 KB
/
build-tests.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
name: Build Tests
on: [push, pull_request]
jobs:
build-test:
name: Build Test
runs-on: ubuntu-latest
continue-on-error: true
strategy:
matrix:
os:
- 'fedora:latest'
- 'debian:testing'
- 'ubuntu:rolling'
# Disable CentOS due to missing dependencies
# - 'centos:7'
# - 'centos:8'
container: ${{ matrix.os }}
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Set up Java
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'adopt'
- name: Install Fedora/CentOS dependencies
if: ${{ startsWith(matrix.os, 'fedora:') || startsWith(matrix.os, 'centos:') }}
run: |
dnf install -y dnf-plugins-core rpm-build maven
dnf builddep -y --spec jss.spec
- name: Install Debian/Ubuntu dependencies
if: ${{ startsWith(matrix.os, 'debian:') || startsWith(matrix.os, 'ubuntu:') }}
run: |
apt-get update
apt-get install -y \
cmake zip unzip \
g++ libnss3-dev libnss3-tools \
openjdk-17-jdk libcommons-lang3-java libslf4j-java \
junit5 libopentest4j-java maven
- name: Build JSS with CMake
run: ./build.sh --with-tests
- name: Build JSS with Maven
run: mvn package
- name: Compare jss.jar
run: |
jar tvf ~/build/jss/jss.jar | awk '{print $8;}' | sort \
| grep -v '/$' \
| tee cmake.out
jar tvf base/target/jss.jar | awk '{print $8;}' | sort \
| grep -v '/$' \
| grep -v '^META-INF/maven/' \
| tee maven.out
diff cmake.out maven.out
# TODO: Run examples
# Compare JNI symbols in the code and in the version script.
# If there are JNI symbols in the code but not in the version script -> fail.
symbol-test:
name: Symbol Test
runs-on: ubuntu-latest
env:
JAVA_HOME: /usr/lib/jvm/java-17-openjdk-amd64
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Get JNI symbols in the code
run: |
grep -iroh '^Java_org_mozilla[^(;]*' native/src/main/native/ | sort -u > /tmp/functions.txt
cat /tmp/functions.txt
- name: Get JNI symbols in the version script
run: |
grep -iroh '^Java_org_mozilla[^(;]*' lib/ | sort -u > /tmp/version.txt
cat /tmp/version.txt
- name: Compare JNI symbols
run: |
diff /tmp/functions.txt /tmp/version.txt || true
comm -23 --check-order /tmp/functions.txt /tmp/version.txt > /tmp/diff.txt
test ! -s /tmp/diff.txt
rpminspect:
name: RPMInspect
runs-on: ubuntu-latest
container: 'fedora:latest'
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Set up Java
uses: actions/setup-java@v3
with:
java-version: '17'
distribution: 'adopt'
- name: Install Fedora dependencies
run: |
dnf install -y dnf-plugins-core rpm-build maven
dnf builddep -y --spec jss.spec
- name: Build JSS RPMs with CMake
run: ./build.sh --work-dir=build rpm
- name: Install RPMInspect
run: |
dnf install -y dnf-plugins-core
dnf copr enable -y copr.fedorainfracloud.org/dcantrell/rpminspect
dnf install -y rpminspect rpminspect-data-fedora
- name: Run RPMInspect on SRPM and RPMs
run: ./tests/bin/rpminspect.sh
sandbox-test:
name: Sandbox Test
runs-on: ubuntu-latest
container: fedora:rawhide
steps:
- name: Clone repository
uses: actions/checkout@v3
- name: Install build dependencies
run: |
dnf install -y dnf-plugins-core
dnf builddep -y nspr nss jss
dnf builddep -y jss.spec
dnf install -y mercurial \
python-unversioned-command \
gyp \
ninja-build
- name: Build NSPR and NSS
run: |
cd ..
hg clone https://hg.mozilla.org/projects/nspr
hg clone https://hg.mozilla.org/projects/nss
cd nss
./build.sh --enable-fips --enable-libpkix
- name: Build JSS
run: |
cd build
cmake -DCMAKE_BUILD_TYPE=Debug ..
make all
env:
SANDBOX: 1
CFLAGS: -Wall -Wextra -Werror -Og -ggdb
- name: Run JSS tests
run: |
cd build
ctest --output-on-failure