Fix build failure when -Duse_system_json option is not specified #1180
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: MPL-2.0 | |
| name: CI for meson build | |
| on: | |
| push: | |
| branches: [ develop, master, release/*, feature/*, hotfix/* ] | |
| tags: [ v*, test-ci* ] | |
| pull_request: | |
| branches: [ develop ] | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: ${{ github.ref != 'refs/heads/master' && github.ref != 'refs/heads/develop' }} | |
| jobs: | |
| build: | |
| name: ${{ matrix.config.name }} | |
| runs-on: ${{ matrix.config.os }} | |
| container: ${{ matrix.config.image }} | |
| timeout-minutes: 120 | |
| permissions: | |
| contents: write | |
| packages: read | |
| strategy: | |
| fail-fast: false # so that if one config fails, other won't be cancelled automatically | |
| matrix: | |
| config: | |
| - { | |
| name: "Windows MSVC x64", | |
| os: windows-latest, | |
| cc: "cl.exe", | |
| cxx: "cl.exe", | |
| arch: "x64", | |
| publish_release: true, | |
| meson_opts: "-Db_vscrt=static_from_buildtype", | |
| release_name: "win-x64", | |
| release_extension: ".zip", | |
| archive_command: "7z a -tzip -mmt" | |
| } | |
| - { | |
| name: "Windows MSVC x86", | |
| os: windows-latest, | |
| cc: "cl.exe", | |
| cxx: "cl.exe", | |
| arch: "x64_x86", | |
| publish_release: true, | |
| meson_opts: "-Db_vscrt=static_from_buildtype", | |
| release_name: "win-x86", | |
| release_extension: ".zip", | |
| archive_command: "7z a -tzip -mmt" | |
| } | |
| - { | |
| name: "Windows MSVC ARM64", | |
| os: windows-latest, | |
| cc: "cl.exe", | |
| cxx: "cl.exe", | |
| arch: "x64_arm64", | |
| publish_release: true, | |
| meson_opts: "-Db_vscrt=static_from_buildtype --cross-file=./meson_crosscompile/msvc_arm64.txt", | |
| release_name: "win-ARM64", | |
| release_extension: ".zip", | |
| archive_command: "7z a -tzip -mmt" | |
| } | |
| - { | |
| name: "Windows GCC", | |
| os: windows-latest, | |
| cc: "gcc.exe", | |
| cxx: "g++.exe", | |
| release_name: "win-x86_64-gcc", | |
| release_extension: ".zip", | |
| archive_command: "7z a -tzip -mmt" | |
| } | |
| - { | |
| name: "Windows Clang", | |
| os: windows-latest, | |
| cc: "clang.exe", | |
| cxx: "clang++.exe", | |
| meson_opts: "--native-file=./meson_crosscompile/Windows-Clang.txt -Db_pie=false", | |
| release_name: "win-x86_64-clang", | |
| release_extension: ".zip", | |
| archive_command: "7z a -tzip -mmt" | |
| } | |
| - { | |
| name: "MSYS2 MINGW64 GCC", | |
| os: windows-latest, | |
| msys2_msystem: "MINGW64", | |
| cc: "gcc", | |
| cxx: "g++", | |
| release_name: "win-x86_64-msys2-mingw64", | |
| release_extension: ".zip", | |
| archive_command: "7z a -tzip -mmt" | |
| } | |
| - { | |
| name: "MSYS2 UCRT64 GCC", | |
| os: windows-latest, | |
| msys2_msystem: "UCRT64", | |
| cc: "gcc", | |
| cxx: "g++", | |
| release_name: "win-x86_64-msys2-ucrt64", | |
| release_extension: ".zip", | |
| archive_command: "7z a -tzip -mmt" | |
| } | |
| - { | |
| name: "MSYS2 CLANG64", | |
| os: windows-latest, | |
| msys2_msystem: "CLANG64", | |
| cc: "clang", | |
| cxx: "clang++", | |
| release_name: "win-x86_64-msys2-clang64", | |
| release_extension: ".zip", | |
| archive_command: "7z a -tzip -mmt" | |
| } | |
| - { | |
| name: "Ubuntu GCC", | |
| os: ubuntu-latest, | |
| cc: "gcc", | |
| cxx: "g++", | |
| release_name: "linux-x86_64-gcc", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ" | |
| } | |
| - { | |
| name: "Ubuntu Clang", | |
| os: ubuntu-latest, | |
| cc: "clang", | |
| cxx: "clang++", | |
| release_name: "linux-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ" | |
| } | |
| - { | |
| name: "MUSL Cross Compile x86_64", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| create_package: true, | |
| meson_opts: "--cross-file=./meson_crosscompile/x86_64-linux-musl-cross.txt", | |
| cross_compiler_arch: "x86_64", | |
| release_name: "linux-x86_64-portable", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| image: "vonericsen/muslcc@sha256:04b60fc27f45b69896855da46f5be09fa9816b00e9948bf86cc82e56b8ce4468" | |
| } | |
| - { | |
| name: "MUSL Cross Compile i686", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| create_package: true, | |
| meson_opts: "--cross-file=./meson_crosscompile/i686-linux-musl-cross.txt", | |
| cross_compiler_arch: "i686", | |
| release_name: "linux-i686-portable", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| image: "vonericsen/muslcc@sha256:04b60fc27f45b69896855da46f5be09fa9816b00e9948bf86cc82e56b8ce4468" | |
| } | |
| - { | |
| name: "MUSL Cross Compile aarch64", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| create_package: true, | |
| meson_opts: "--cross-file=./meson_crosscompile/aarch64-linux-musl-cross.txt", | |
| cross_compiler_arch: "aarch64", | |
| release_name: "linux-aarch64-portable", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| image: "vonericsen/muslcc@sha256:04b60fc27f45b69896855da46f5be09fa9816b00e9948bf86cc82e56b8ce4468" | |
| } | |
| - { | |
| name: "MUSL Cross Compile armv7l", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| create_package: true, | |
| meson_opts: "--cross-file=./meson_crosscompile/armv7l-linux-musl-cross.txt", | |
| cross_compiler_arch: "armv7l", | |
| release_name: "linux-armv7l-portable", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| image: "vonericsen/muslcc@sha256:04b60fc27f45b69896855da46f5be09fa9816b00e9948bf86cc82e56b8ce4468" | |
| } | |
| - { | |
| name: "MUSL Cross Compile armv6", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| create_package: true, | |
| meson_opts: "--cross-file=./meson_crosscompile/armv6-linux-musl-cross.txt", | |
| cross_compiler_arch: "armv6", | |
| release_name: "linux-armv6-portable", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| image: "vonericsen/muslcc@sha256:04b60fc27f45b69896855da46f5be09fa9816b00e9948bf86cc82e56b8ce4468" | |
| } | |
| - { | |
| name: "MUSL Cross Compile armv5l", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| create_package: true, | |
| meson_opts: "--cross-file=./meson_crosscompile/armv5l-linux-musl-cross.txt", | |
| cross_compiler_arch: "armv5l", | |
| release_name: "linux-armv5l-portable", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| image: "vonericsen/muslcc@sha256:04b60fc27f45b69896855da46f5be09fa9816b00e9948bf86cc82e56b8ce4468" | |
| } | |
| - { | |
| name: "MUSL Cross Compile powerpc64", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| create_package: true, | |
| meson_opts: "--cross-file=./meson_crosscompile/powerpc64-linux-musl-cross.txt", | |
| cross_compiler_arch: "powerpc64", | |
| release_name: "linux-powerpc64-portable", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| image: "vonericsen/muslcc@sha256:04b60fc27f45b69896855da46f5be09fa9816b00e9948bf86cc82e56b8ce4468" | |
| } | |
| - { | |
| name: "MUSL Cross Compile powerpc64le", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| create_package: true, | |
| meson_opts: "--cross-file=./meson_crosscompile/powerpc64le-linux-musl-cross.txt", | |
| cross_compiler_arch: "powerpc64le", | |
| release_name: "linux-powerpc64le-portable", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| image: "vonericsen/muslcc@sha256:04b60fc27f45b69896855da46f5be09fa9816b00e9948bf86cc82e56b8ce4468" | |
| } | |
| - { | |
| name: "VMActions OmniOS Build (x86_64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "omnios_r151054-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "r151054", | |
| vm_arch: "x86_64", | |
| } | |
| # Disabled due to being extremely slow to install required packages for builds. | |
| # Will revisit in future versions of this action to see if it improves. Not sure if this is a | |
| # action issue or an OpenIndiana package repo issue. | |
| # - { | |
| # name: "VMActions OpenIndiana Build (x86_64)", | |
| # os: ubuntu-latest, | |
| # cc: "", | |
| # cxx: "", | |
| # publish_release: true, | |
| # release_name: "openindiana-x86_64", | |
| # release_extension: ".tar.xz", | |
| # archive_command: "tar cvfJ", | |
| # vm_actions: true, | |
| # vm_release: "", | |
| # vm_arch: "x86_64", | |
| # } | |
| - { | |
| name: "VMActions Solaris Build (x86_64)", | |
| os: ubuntu-latest, | |
| cc: "gcc", | |
| cxx: "g++", | |
| publish_release: true, | |
| release_name: "solaris_11_4-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "11.4-gcc", | |
| vm_arch: "x86_64", | |
| } | |
| - { | |
| name: "VMActions FreeBSD 15.0 Build (x86_64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "freebsd_15_0-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "15.0", | |
| vm_arch: "x86_64", | |
| } | |
| - { | |
| name: "VMActions FreeBSD 14.3 Build (x86_64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "freebsd_14_3-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "14.3", | |
| vm_arch: "x86_64", | |
| } | |
| - { | |
| name: "VMActions FreeBSD 13.5 Build (x86_64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "freebsd_13_5-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "13.5", | |
| vm_arch: "x86_64", | |
| } | |
| - { | |
| name: "VMActions FreeBSD 15.0 Build (aarch64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "freebsd_15_0-aarch64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "15.0", | |
| vm_arch: "aarch64", | |
| } | |
| - { | |
| name: "VMActions FreeBSD 14.3 Build (aarch64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "freebsd_14_3-aarch64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "14.3", | |
| vm_arch: "aarch64", | |
| } | |
| - { | |
| name: "VMActions FreeBSD 13.5 Build (aarch64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "freebsd_13_5-aarch64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "13.5", | |
| vm_arch: "aarch64", | |
| } | |
| # Disabled FreeBSD riscv64 builds due to lack of pkg support to setup build environment. | |
| # Likely a FreeBSD riscv64 issue rather than an action issue. | |
| # - { | |
| # name: "VMActions FreeBSD 15.0 Build (riscv64)", | |
| # os: ubuntu-latest, | |
| # cc: "", | |
| # cxx: "", | |
| # publish_release: true, | |
| # release_name: "freebsd_15_0-riscv64", | |
| # release_extension: ".tar.xz", | |
| # archive_command: "tar cvfJ", | |
| # vm_actions: true, | |
| # vm_release: "15.0", | |
| # vm_arch: "riscv64", | |
| # } | |
| # - { | |
| # name: "VMActions FreeBSD 14.3 Build (riscv64)", | |
| # os: ubuntu-latest, | |
| # cc: "", | |
| # cxx: "", | |
| # publish_release: true, | |
| # release_name: "freebsd_14_3-riscv64", | |
| # release_extension: ".tar.xz", | |
| # archive_command: "tar cvfJ", | |
| # vm_actions: true, | |
| # vm_release: "14.3", | |
| # vm_arch: "riscv64", | |
| # } | |
| # - { | |
| # name: "VMActions FreeBSD 13.5 Build (riscv64)", | |
| # os: ubuntu-latest, | |
| # cc: "", | |
| # cxx: "", | |
| # publish_release: true, | |
| # release_name: "freebsd_13_5-riscv64", | |
| # release_extension: ".tar.xz", | |
| # archive_command: "tar cvfJ", | |
| # vm_actions: true, | |
| # vm_release: "13.5", | |
| # vm_arch: "riscv64", | |
| # } | |
| - { | |
| name: "VMActions DragonFlyBSD latest Build (x86_64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "dragonflybsd-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "", | |
| vm_arch: "x86_64", | |
| } | |
| - { | |
| name: "VMActions OpenBSD latest Build (x86_64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "openbsd-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "", | |
| vm_arch: "x86_64", | |
| } | |
| - { | |
| name: "VMActions OpenBSD latest Build (aarch64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "openbsd-aarch64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "", | |
| vm_arch: "aarch64", | |
| } | |
| - { | |
| name: "VMActions OpenBSD latest Build (riscv64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "openbsd-riscv64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "", | |
| vm_arch: "riscv64", | |
| } | |
| - { | |
| name: "VMActions NetBSD latest Build (x86_64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "netbsd-x86_64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "", | |
| vm_arch: "x86_64", | |
| } | |
| - { | |
| name: "VMActions NetBSD latest Build (aarch64)", | |
| os: ubuntu-latest, | |
| cc: "", | |
| cxx: "", | |
| publish_release: true, | |
| release_name: "netbsd-aarch64", | |
| release_extension: ".tar.xz", | |
| archive_command: "tar cvfJ", | |
| vm_actions: true, | |
| vm_release: "", | |
| vm_arch: "aarch64", | |
| } | |
| outputs: #where hashes need to be stored for slsa provenance | |
| #NOTE: Only doing this for builds with "publish_release: true" | |
| #format is hash-${{release_name}} for the zipped packages | |
| # | |
| hash-win-x64: ${{ steps.hash.outputs.hash-win-x64 }} | |
| hash-win-x86: ${{ steps.hash.outputs.hash-win-x86 }} | |
| hash-win-ARM64: ${{ steps.hash.outputs.hash-win-ARM64 }} | |
| hash-linux-x86_64-portable: ${{ steps.hash.outputs.hash-linux-x86_64-portable }} | |
| hash-linux-i686-portable: ${{ steps.hash.outputs.hash-linux-i686-portable }} | |
| hash-linux-aarch64-portable: ${{ steps.hash.outputs.hash-linux-aarch64-portable }} | |
| hash-linux-armv7l-portable: ${{ steps.hash.outputs.hash-linux-armv7l-portable }} | |
| hash-linux-armv6-portable: ${{ steps.hash.outputs.hash-linux-armv6-portable }} | |
| hash-linux-armv5l-portable: ${{ steps.hash.outputs.hash-linux-armv5l-portable }} | |
| hash-linux-powerpc64-portable: ${{ steps.hash.outputs.hash-linux-powerpc64-portable }} | |
| hash-linux-powerpc64le-portable: ${{ steps.hash.outputs.hash-linux-powerpc64le-portable }} | |
| hash-omnios_r151054-x86_64: ${{ steps.hash.outputs.hash-omnios_r151054-x86_64 }} | |
| # hash-openindiana-x86_64: ${{ steps.hash.outputs.hash-openindiana-x86_64 }} | |
| hash-solaris_11_4-x86_64: ${{ steps.hash.outputs.hash-solaris_11_4-x86_64 }} | |
| hash-freebsd_15_0-x86_64: ${{ steps.hash.outputs.hash-freebsd_15_0-x86_64 }} | |
| hash-freebsd_14_3-x86_64: ${{ steps.hash.outputs.hash-freebsd_14_3-x86_64 }} | |
| hash-freebsd_13_5-x86_64: ${{ steps.hash.outputs.hash-freebsd_13_5-x86_64 }} | |
| hash-freebsd_15_0-aarch64: ${{ steps.hash.outputs.hash-freebsd_15_0-aarch64 }} | |
| hash-freebsd_14_3-aarch64: ${{ steps.hash.outputs.hash-freebsd_14_3-aarch64 }} | |
| hash-freebsd_13_5-aarch64: ${{ steps.hash.outputs.hash-freebsd_13_5-aarch64 }} | |
| # hash-freebsd_15_0-riscv64: ${{ steps.hash.outputs.hash-freebsd_15_0-riscv64 }} | |
| # hash-freebsd_14_3-riscv64: ${{ steps.hash.outputs.hash-freebsd_14_3-riscv64 }} | |
| # hash-freebsd_13_5-riscv64: ${{ steps.hash.outputs.hash-freebsd_13_5-riscv64 }} | |
| hash-dragonflybsd-x86_64: ${{ steps.hash.outputs.hash-dragonflybsd-x86_64 }} | |
| hash-openbsd-x86_64: ${{ steps.hash.outputs.hash-openbsd-x86_64 }} | |
| hash-openbsd-aarch64: ${{ steps.hash.outputs.hash-openbsd-aarch64 }} | |
| hash-openbsd-riscv64: ${{ steps.hash.outputs.hash-openbsd-riscv64 }} | |
| hash-netbsd-x86_64: ${{ steps.hash.outputs.hash-netbsd-x86_64 }} | |
| hash-netbsd-aarch64: ${{ steps.hash.outputs.hash-netbsd-aarch64 }} | |
| steps: | |
| # Even with the if's this still interferes with the VMs so disabling until we get a better idea. | |
| # - name: Harden Runner | |
| # if: matrix.config.image == '' && matrix.config.vm_actions != true | |
| # uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.14.1 | |
| # with: | |
| # egress-policy: audit | |
| - uses: actions/checkout@v6.0.2 | |
| continue-on-error: true # rsync code 24: harmless cleanup-phase race during VM setup | |
| with: | |
| submodules: recursive | |
| - name: Setup MSYS2 | |
| if: matrix.config.msys2_msystem != '' | |
| uses: msys2/setup-msys2@v2 | |
| with: | |
| msystem: ${{ matrix.config.msys2_msystem }} | |
| update: true | |
| install: >- | |
| base-devel | |
| git | |
| pacboy: >- | |
| toolchain:p | |
| meson:p | |
| ninja:p | |
| - name: Settings vars for MSVC | |
| if: startsWith(matrix.config.name, 'Windows MSVC') | |
| uses: ilammy/msvc-dev-cmd@v1 | |
| with: | |
| arch: ${{ matrix.config.arch }} | |
| - name: Get latest LLVM version | |
| if: startsWith(matrix.config.name, 'Windows Clang') | |
| run: | | |
| $headers = @{ Authorization = 'Bearer ${{ secrets.GITHUB_TOKEN }}' } | |
| $latestRelease = Invoke-WebRequest -Headers $headers 'https://api.github.com/repos/llvm/llvm-project/releases/latest' | |
| $releaseData = $latestRelease.Content | ConvertFrom-Json | |
| $assets = $releaseData.assets | Where-Object { $_.name -like "*win64.exe" } | |
| if ($assets) { | |
| $downloadUrl = $assets.browser_download_url | |
| echo "LLVM_RELID=$($releaseData.id)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
| echo "LLVM_DOWNLOAD_URL=$downloadUrl" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
| } else { | |
| Write-Host "No current Windows build available for the latest release. Searching for previous releases..." | |
| $releases = Invoke-WebRequest -Headers $headers 'https://api.github.com/repos/llvm/llvm-project/releases' | |
| $found = $false | |
| foreach ($release in $releases.Content | ConvertFrom-Json) { | |
| $assets = $release.assets | Where-Object { $_.name -like "*win64.exe" } | |
| if ($assets) { | |
| $downloadUrl = $assets.browser_download_url | |
| echo "LLVM_RELID=$($release.id)" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
| echo "LLVM_DOWNLOAD_URL=$downloadUrl" | Out-File -FilePath $env:GITHUB_ENV -Encoding utf8 -Append | |
| $found = $true | |
| break | |
| } | |
| } | |
| if (-not $found) { | |
| Write-Host "No Windows build available for any recent releases." | |
| exit 0 | |
| } | |
| } | |
| - name: Restore LLVM from cache | |
| if: startsWith(matrix.config.name, 'Windows Clang') | |
| id: llvm-cache | |
| uses: actions/cache@v5 | |
| with: | |
| path: C:/Program Files/LLVM | |
| key: 'llvm-llvm-project-relid-${{ env.LLVM_RELID }}' | |
| - name: Downloading latest clang for Windows | |
| if: ${{ steps.llvm-cache.outputs.cache-hit != 'true' && startsWith(matrix.config.name, 'Windows Clang') }} | |
| run: | | |
| $headers = @{ Authorization = 'Bearer ${{ secrets.GITHUB_TOKEN }}' } | |
| Invoke-WebRequest -Headers $headers -OutFile "LLVM.exe" ((Invoke-WebRequest -Headers $headers "https://api.github.com/repos/llvm/llvm-project/releases/$($env:LLVM_RELID)").Content | ConvertFrom-Json | Select-Object -ExpandProperty assets | Where -Property name -Like "*win64.exe" | Select-Object -First 1).browser_download_url | |
| 7z x LLVM.exe -y -o"C:/Program Files/LLVM" | |
| - name: Escape backslash in branch name | |
| shell: bash | |
| run: echo "BRANCH_NAME=$(echo ${{ github.ref_name }} | tr / -)" >> $GITHUB_ENV | |
| - name: Set release name | |
| run: | | |
| DESTDIR="openSeaChest-${BRANCH_NAME}-${{ matrix.config.release_name }}" | |
| echo "DESTDIR=${DESTDIR}" >> $GITHUB_ENV | |
| shell: bash | |
| - name: Set SOURCE_DATE_EPOCH for Reproducible Builds | |
| shell: bash | |
| run: | | |
| # Fix git ownership in containers | |
| if [[ -n "${{ matrix.config.image }}" ]]; then | |
| git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| fi | |
| # Get commit timestamp as Unix epoch for reproducible builds | |
| COMMIT_TIMESTAMP=$(git log -1 --pretty=%ct) | |
| echo "SOURCE_DATE_EPOCH=${COMMIT_TIMESTAMP}" >> $GITHUB_ENV | |
| echo "Reproducible build timestamp: ${COMMIT_TIMESTAMP} ($(date -u -d @${COMMIT_TIMESTAMP} 2>/dev/null || date -u -r ${COMMIT_TIMESTAMP} 2>/dev/null))" | |
| - name: Install Meson and Ninja and Build (MUSL container) | |
| if: matrix.config.image != '' && matrix.config.vm_actions != true | |
| shell: bash | |
| env: | |
| DESTDIR: ${{ env.DESTDIR }} | |
| run: | | |
| # Install GNU tar for reproducible archives (BusyBox tar lacks --sort option) | |
| if command -v apk &> /dev/null; then | |
| apk add --no-cache tar | |
| elif command -v apt-get &> /dev/null; then | |
| apt-get update && apt-get install -y tar | |
| elif command -v dnf &> /dev/null; then | |
| dnf install -y tar | |
| elif command -v yum &> /dev/null; then | |
| yum install -y tar | |
| elif command -v pacman &> /dev/null; then | |
| pacman -Sy --noconfirm tar | |
| elif command -v zypper &> /dev/null; then | |
| zypper install -y tar | |
| fi | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (MSYS2) | |
| if: matrix.config.msys2_msystem != '' | |
| shell: msys2 {0} | |
| env: | |
| CC: ${{ matrix.config.cc }} | |
| CXX: ${{ matrix.config.cxx }} | |
| run: | | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| # Disabled since this caused strange behavior with openBSD VMActions. Can investigate fixes in the future. | |
| # - name: Setup pip cache | |
| # if: matrix.config.image == '' && matrix.config.vm_actions == false | |
| # uses: actions/cache@v5.0.0 | |
| # with: | |
| # path: | | |
| # ~/.cache/pip | |
| # ~\AppData\Local\pip\Cache | |
| # key: ${{ runner.os }}-pip-meson-${{ hashFiles('**/meson.build') }} | |
| # restore-keys: | | |
| # ${{ runner.os }}-pip-meson- | |
| # ${{ runner.os }}-pip- | |
| - name: Install Meson and Ninja and Build (Github runners - MSVC) | |
| if: matrix.config.image == '' && matrix.config.vm_actions == false && matrix.config.msys2_msystem == '' && startsWith(matrix.config.name, 'Windows MSVC') | |
| shell: pwsh | |
| env: | |
| CC: ${{ matrix.config.cc }} | |
| CXX: ${{ matrix.config.cxx }} | |
| run: | | |
| pip install meson ninja | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (Github runners - non-MSVC) | |
| if: matrix.config.image == '' && matrix.config.vm_actions == false && matrix.config.msys2_msystem == '' && !startsWith(matrix.config.name, 'Windows MSVC') | |
| shell: bash | |
| env: | |
| CC: ${{ matrix.config.cc }} | |
| CXX: ${{ matrix.config.cxx }} | |
| run: | | |
| pip install meson ninja | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (VMActions OmniOS) | |
| if: matrix.config.vm_actions == true && startsWith(matrix.config.name, 'VMActions OmniOS') | |
| uses: vmactions/omnios-vm@v1 | |
| with: | |
| envs: 'DESTDIR' | |
| release: ${{ matrix.config.vm_release }} | |
| arch: ${{ matrix.config.vm_arch }} | |
| usesh: true | |
| prepare: | | |
| pkg install pkg:/package/pkg || true | |
| pkg update || true | |
| pkg install socat | |
| run: | | |
| pkg install build-essential ninja pkg-config | |
| python3 -m pip install --upgrade pip setuptools wheel --root-user-action=ignore | |
| python3 -m pip install meson --root-user-action=ignore | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (VMActions OpenIndiana) | |
| if: matrix.config.vm_actions == true && startsWith(matrix.config.name, 'VMActions OpenIndiana') | |
| uses: vmactions/openindiana-vm@v1 | |
| with: | |
| envs: 'DESTDIR' | |
| release: ${{ matrix.config.vm_release }} | |
| arch: ${{ matrix.config.vm_arch }} | |
| usesh: true | |
| prepare: | | |
| pkg install pkg:/package/pkg || true | |
| pkg update || true | |
| pkg install socat | |
| run: | | |
| pkg install build-essential ninja pkg-config | |
| python3 -m pip install --upgrade pip setuptools wheel --root-user-action=ignore | |
| python3 -m pip install meson --root-user-action=ignore | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (VMActions Solaris) | |
| if: matrix.config.vm_actions == true && startsWith(matrix.config.name, 'VMActions Solaris') | |
| uses: vmactions/solaris-vm@v1 | |
| with: | |
| envs: 'DESTDIR' | |
| release: ${{ matrix.config.vm_release }} | |
| arch: ${{ matrix.config.vm_arch }} | |
| usesh: true | |
| prepare: | | |
| pkg update --accept || true | |
| pkgutil -y -i socat | |
| ntpdate -u pool.ntp.org | |
| run: | | |
| pkg install --accept developer/build/meson | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (VMActions FreeBSD) | |
| if: matrix.config.vm_actions == true && startsWith(matrix.config.name, 'VMActions FreeBSD') | |
| uses: vmactions/freebsd-vm@v1 | |
| with: | |
| envs: 'DESTDIR' | |
| release: ${{ matrix.config.vm_release }} | |
| arch: ${{ matrix.config.vm_arch }} | |
| usesh: true | |
| prepare: | | |
| pkg update || true | |
| pkg install -y curl | |
| pkg install -y ntp | |
| ntpdate -u pool.ntp.org | |
| run: | | |
| pkg install -y meson | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (VMActions DragonFlyBSD) | |
| if: matrix.config.vm_actions == true && startsWith(matrix.config.name, 'VMActions DragonFlyBSD') | |
| uses: vmactions/dragonflybsd-vm@v1 | |
| with: | |
| envs: 'DESTDIR' | |
| release: ${{ matrix.config.vm_release }} | |
| arch: ${{ matrix.config.vm_arch }} | |
| usesh: true | |
| prepare: | | |
| pkg update || true | |
| pkg install -y socat | |
| /usr/sbin/dntpd -s | |
| run: | | |
| pkg install -y meson | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (VMActions OpenBSD) | |
| if: matrix.config.vm_actions == true && startsWith(matrix.config.name, 'VMActions OpenBSD') | |
| uses: vmactions/openbsd-vm@v1 | |
| with: | |
| envs: 'DESTDIR' | |
| release: ${{ matrix.config.vm_release }} | |
| arch: ${{ matrix.config.vm_arch }} | |
| usesh: true | |
| prepare: | | |
| pkg_add curl | |
| # force a sync in the VM | |
| ntpctl -s status || true | |
| run: | | |
| pkg_add meson | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Meson and Ninja and Build (VMActions NetBSD) | |
| if: matrix.config.vm_actions == true && startsWith(matrix.config.name, 'VMActions NetBSD') | |
| uses: vmactions/netbsd-vm@v1 | |
| with: | |
| envs: 'DESTDIR' | |
| release: ${{ matrix.config.vm_release }} | |
| arch: ${{ matrix.config.vm_arch }} | |
| usesh: true | |
| prepare: | | |
| /usr/sbin/pkg_add curl | |
| /usr/sbin/pkg_add ntp | |
| # Removed for now because this crashes from errors in a config file for unknown reasons. | |
| # /usr/pkg/sbin/ntpd -gq | |
| run: | | |
| /usr/sbin/pkg_add meson | |
| meson setup build -Dprefix=/ -Dmandir=/man -Dbindir=/ ${{ matrix.config.meson_opts }} --buildtype=release | |
| meson install -C build | |
| - name: Install Go for nfpm | |
| if: ${{ matrix.config.create_package }} | |
| uses: actions/setup-go@v6 | |
| with: | |
| go-version: 'stable' | |
| cache: false | |
| - name: Create packages | |
| if: ${{ matrix.config.create_package }} | |
| working-directory: ${{ format('build/{0}', env.DESTDIR) }} | |
| shell: bash | |
| run: | | |
| # Install nfpm | |
| go install github.com/goreleaser/nfpm/v2/cmd/nfpm@latest | |
| # Map cross_compiler_arch to Debian/RPM package arch | |
| case "${{ matrix.config.cross_compiler_arch }}" in | |
| x86_64) package_arch="amd64" ;; | |
| i686) package_arch="i386" ;; | |
| aarch64) package_arch="arm64" ;; | |
| armv7l) package_arch="armhf" ;; | |
| armv6) package_arch="armhf" ;; | |
| armv5l) package_arch="armel" ;; | |
| powerpc64) package_arch="ppc64" ;; | |
| powerpc64le) package_arch="ppc64el" ;; | |
| *) package_arch="amd64" ;; # fallback | |
| esac | |
| # Set version and arch | |
| if [[ ${{ github.ref }} =~ ^refs/tags/v[0-9\.]+$ ]]; then | |
| version=$(echo ${{ github.ref_name }} | tr -d 'v') | |
| else | |
| version=$(printf "%s-dev" $(date +'%y.%m.%d')) | |
| fi | |
| sed -i '/version:/ s/"[^"][^"]*"/"'"$version"'"/' ../../nfpm.yaml | |
| sed -i '/^arch:/ s/"[^"][^"]*"/"'"$package_arch"'"/' ../../nfpm.yaml | |
| nfpm package -f ../../nfpm.yaml -p deb -t .. | |
| nfpm package -f ../../nfpm.yaml -p rpm -t .. | |
| - name: Set ownership of executables to root:root | |
| if: ${{ matrix.config.os != 'windows-latest' }} | |
| shell: bash | |
| run: | | |
| if [[ -z "${{ matrix.config.image }}" ]]; then | |
| sudo chown -R root:root build | |
| else | |
| chown -R root:root build | |
| fi | |
| - name: Normalize file timestamps for reproducibility | |
| if: ${{ matrix.config.os != 'windows-latest' }} | |
| shell: bash | |
| run: | | |
| # Touch all files to set mtime to SOURCE_DATE_EPOCH for reproducible archives | |
| echo "Clamping file timestamps to SOURCE_DATE_EPOCH: ${SOURCE_DATE_EPOCH}" | |
| find build/$DESTDIR -print0 | xargs -0 touch -h -d "@${SOURCE_DATE_EPOCH}" 2>/dev/null || true | |
| - name: Packing release | |
| env: | |
| ARCHIVE_EXT: ${{ matrix.config.release_extension }} | |
| run: | | |
| cd build | |
| ls -la | |
| if [[ "${{ matrix.config.os }}" != "windows-latest" ]]; then | |
| # Create reproducible tar archive | |
| echo "Creating reproducible tar.xz archive with SOURCE_DATE_EPOCH=${SOURCE_DATE_EPOCH}" | |
| # Check if we have GNU tar (supports --sort) or BusyBox tar | |
| if tar --sort=name --version &>/dev/null; then | |
| TAR_TYPE="GNU tar" | |
| # GNU tar with full reproducible options | |
| TAR_CMD="tar --sort=name --mtime=\"@${SOURCE_DATE_EPOCH}\" --owner=0 --group=0 --numeric-owner --pax-option=exthdr.name=%d/PaxHeaders/%f,delete=atime,delete=ctime -cf -" | |
| else | |
| TAR_TYPE="BusyBox tar" | |
| # BusyBox tar: basic options only (files already have correct timestamps from previous step) | |
| TAR_CMD="tar --numeric-owner -cf -" | |
| fi | |
| echo "Using ${TAR_TYPE} for archive creation" | |
| if [[ -z "${{ matrix.config.image }}" ]]; then | |
| # GitHub-hosted runner: use sudo for tar command | |
| sudo bash -c "${TAR_CMD} $DESTDIR | xz -c > \"${DESTDIR}${ARCHIVE_EXT}\"" | |
| sudo chown $(id -u):$(id -g) "${DESTDIR}${ARCHIVE_EXT}" | |
| else | |
| # Container: already running as root | |
| bash -c "${TAR_CMD} $DESTDIR | xz -c > \"${DESTDIR}${ARCHIVE_EXT}\"" | |
| fi | |
| else | |
| # Windows: 7zip (not fully reproducible, will address with strip-nondeterminism later) | |
| ${{ matrix.config.archive_command }} "${DESTDIR}${ARCHIVE_EXT}" $DESTDIR | |
| fi | |
| shell: bash | |
| - name: Verify Archive Reproducibility | |
| if: ${{ matrix.config.os != 'windows-latest' }} | |
| shell: bash | |
| env: | |
| ARCHIVE_EXT: ${{ matrix.config.release_extension }} | |
| run: | | |
| cd build | |
| echo "Verifying archive timestamps:" | |
| tar -tvf "${DESTDIR}${ARCHIVE_EXT}" | |
| echo "" | |
| echo "Expected timestamp: $(date -u -d @${SOURCE_DATE_EPOCH} 2>/dev/null || date -u -r ${SOURCE_DATE_EPOCH} 2>/dev/null)" | |
| - name: Set ownership of tar archive to root:root | |
| if: ${{ matrix.config.os != 'windows-latest' }} | |
| shell: bash | |
| run: | | |
| if [[ -z "${{ matrix.config.image }}" ]]; then | |
| sudo chown root:root build/"${DESTDIR}${ARCHIVE_EXT}" | |
| else | |
| chown root:root build/"${DESTDIR}${ARCHIVE_EXT}" | |
| fi | |
| - name: Generate Hashes | |
| if: ${{ matrix.config.publish_release }} | |
| shell: bash | |
| id: hash | |
| run: | | |
| # sha256sum generates sha256 hash for all artifacts. | |
| # base64 -w0 encodes to base64 and outputs on a single line. | |
| # sha256sum artifact | base64 -w0 | |
| # NOTE: Using suggested method to generate sha across OS's from slsa documentation | |
| # https://github.com/slsa-framework/slsa-github-generator/blob/main/internal/builders/generic/README.md#provenance-for-artifacts-built-across-multiple-operating-systems | |
| set -euo pipefail | |
| (sha256sum -t ${{ format('./build/{0}{1}', env.DESTDIR, matrix.config.release_extension) }} || shasum -a 256 ${{ format('./build/{0}{1}', env.DESTDIR, matrix.config.release_extension) }}) > checksum | |
| echo "hash-${{ matrix.config.release_name }}=$(base64 -w0 checksum || base64 checksum)" >> "${GITHUB_OUTPUT}" | |
| - name: Uploading artifacts | |
| uses: actions/upload-artifact@v7.0.0 | |
| with: | |
| name: ${{ format('{0}', matrix.config.release_name) }} | |
| path: | | |
| ${{ format('./build/{0}{1}', env.DESTDIR, matrix.config.release_extension) }} | |
| build/*.deb | |
| build/*.rpm | |
| - name: Publish release | |
| if: ${{ (startsWith(github.ref, 'refs/tags/v') || startsWith(github.ref, 'refs/tags/test-ci')) && matrix.config.publish_release }} | |
| uses: softprops/action-gh-release@v2.5.0 | |
| with: | |
| files: | | |
| ${{ format('./build/{0}{1}', env.DESTDIR, matrix.config.release_extension) }} | |
| build/*.deb | |
| build/*.rpm | |
| # This step takes all the generated hashes from all build targets and combines them so slsa provenance step can run | |
| combine_hashes: | |
| runs-on: ubuntu-latest | |
| needs: [build] | |
| outputs: | |
| hashes: ${{ steps.hashes.outputs.hashes }} | |
| env: | |
| HASHES: ${{ toJSON(needs.build.outputs) }} | |
| steps: | |
| - id: hashes | |
| shell: bash | |
| run: | | |
| echo "$HASHES" | |
| echo "$HASHES" | jq -r '.[] | @base64d' | sed "/^$/d" > hashes.txt | |
| echo "hashes=$(cat hashes.txt | base64 -w0)" >> "$GITHUB_OUTPUT" | |
| # Generate the slsa provenance | |
| provenance: | |
| needs: [combine_hashes] | |
| permissions: | |
| actions: read # To read the workflow path. | |
| id-token: write # To sign the provenance. | |
| contents: write # To add assets to a release. | |
| uses: slsa-framework/slsa-github-generator/.github/workflows/generator_generic_slsa3.yml@v2.1.0 | |
| with: | |
| base64-subjects: "${{ needs.combine_hashes.outputs.hashes }}" | |
| upload-assets: true # Optional: Upload to a new release |