Update description for alf_explicit_auths. (#8371) #313
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # | |
| # Copyright (c) 2014-present, The osquery authors | |
| # | |
| # This source code is licensed as defined by the LICENSE file found in the | |
| # root directory of this source tree. | |
| # | |
| # SPDX-License-Identifier: (Apache-2.0 OR GPL-2.0-only) | |
| # | |
| # Due to a limitation in how GitHub Actions works, we can't reference | |
| # jobs in another file inside the `needs` statement. | |
| # | |
| # This configuration file takes care of the Windows, macOS and Linux | |
| # builds on the x86 platform. | |
| name: build_x86 | |
| on: | |
| # Run this workflow once every 6 hours against the master branch | |
| schedule: | |
| - cron: "0 */6 * * *" | |
| push: | |
| branches: | |
| - 'master' | |
| - 'main' | |
| tags: | |
| - '*' | |
| pull_request: | |
| branches: | |
| - '*' | |
| # Cancel old jobs of a PR if a new job is started. | |
| # Fallback on using the run id if it's not a PR, which is unique, so no job canceling. | |
| concurrency: | |
| group: hosted-${{ github.event.pull_request.number || github.run_id }} | |
| cancel-in-progress: true | |
| # Please remember to update values for both x86 and aarch64 workflows. | |
| env: | |
| PACKAGING_REPO: https://github.com/osquery/osquery-packaging | |
| PACKAGING_COMMIT: c089fb2d3d796d976e3b2fbea7ee69a1616b9576 | |
| SUBMODULE_CACHE_VERSION: 3 | |
| # If the initial code sanity checks are passing, then one job | |
| # per [`platform` * `build_type`] will start, building osquery | |
| # and generating packages that are later attached to the commit | |
| # (or PR) as build artifacts. | |
| jobs: | |
| # This job performs basic source code check, looking for formatting | |
| # issues and missing copyright headers | |
| check_code_style: | |
| runs-on: ubuntu-20.04 | |
| container: | |
| image: osquery/builder20.04:7e9ee0339 | |
| options: --user 1001 | |
| steps: | |
| - name: Setup the build paths | |
| shell: bash | |
| id: build_paths | |
| run: | | |
| rel_build_path="workspace/build" | |
| rel_source_path="workspace/src" | |
| mkdir -p "${rel_build_path}" | |
| mkdir -p "${rel_source_path}" | |
| echo "SOURCE=$(realpath ${rel_source_path})" >> $GITHUB_OUTPUT | |
| echo "BINARY=$(realpath ${rel_build_path})" >> $GITHUB_OUTPUT | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ${{ steps.build_paths.outputs.SOURCE }} | |
| fetch-depth: 0 | |
| # This script makes sure that the copyright headers have been correctly | |
| # placed on all the source code files | |
| - name: Check the copyright headers | |
| working-directory: ${{ steps.build_paths.outputs.SOURCE }} | |
| run: | | |
| ./tools/ci/scripts/check_copyright_headers.py | |
| - name: Configure the project | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | | |
| cmake -G "Unix Makefiles" \ | |
| -DOSQUERY_TOOLCHAIN_SYSROOT:PATH="/usr/local/osquery-toolchain" \ | |
| -DOSQUERY_ENABLE_FORMAT_ONLY=ON \ | |
| "${{ steps.build_paths.outputs.SOURCE }}" | |
| # Formatting is tested against the clang-format binary we ship | |
| # with the osquery-toolchain, so this job is only performed once on | |
| # a Linux machine. | |
| - name: Check code formatting | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | |
| cmake --build . --target format_check | |
| # This jobs checks that the third party libraries manifest has the correct format | |
| # and that is up to date compared to the current state of the repository | |
| check_libraries_manifest: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v4 | |
| - name: Install python pre-requisites | |
| run: | | |
| pip3 install -r ./tools/ci/scripts/cve/requirements.txt | |
| - name: Verify the third party libraries manifest | |
| run: | | |
| ./tools/ci/scripts/cve/validate_manifest_libraries_versions.py --manifest libraries/third_party_libraries_manifest.json \ | |
| --repository . | |
| # Test generating the website json | |
| check_genwebsitejson: | |
| needs: [check_code_style, check_libraries_manifest] | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v4 | |
| - name: genwebsitejson.py | |
| run: python3 tools/codegen/genwebsitejson.py --specs=specs/ | |
| # This job runs source code analysis tools (currently, just cppcheck) | |
| check_source_code: | |
| needs: [check_code_style, check_libraries_manifest] | |
| runs-on: ${{ matrix.os }} | |
| container: | |
| image: osquery/builder20.04:7e9ee0339 | |
| options: --user 1001 | |
| strategy: | |
| matrix: | |
| os: [ubuntu-20.04] | |
| steps: | |
| - name: Setup the build paths | |
| shell: bash | |
| id: build_paths | |
| run: | | |
| rel_build_path="workspace/build" | |
| rel_source_path="workspace/src" | |
| rel_install_path="workspace/install" | |
| mkdir -p ${rel_build_path} \ | |
| ${rel_source_path} \ | |
| ${rel_install_path} | |
| echo "SOURCE=$(realpath ${rel_source_path})" >> $GITHUB_OUTPUT | |
| echo "BINARY=$(realpath ${rel_build_path})" >> $GITHUB_OUTPUT | |
| echo "REL_BINARY=${rel_build_path}" >> $GITHUB_OUTPUT | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ${{ steps.build_paths.outputs.SOURCE }} | |
| fetch-depth: 0 | |
| - name: Update the cache (git submodules) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.SOURCE }}/.git/modules | |
| key: | | |
| gitmodules_${{ matrix.os }}_${{env.SUBMODULE_CACHE_VERSION}}_${{ github.sha }} | |
| restore-keys: | | |
| gitmodules_${{ matrix.os }}_${{env.SUBMODULE_CACHE_VERSION}} | |
| - name: Update the git submodules | |
| working-directory: ${{ steps.build_paths.outputs.SOURCE }} | |
| run: | | |
| git submodule sync --recursive | |
| - name: Configure the project (Release) | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | | |
| cmake -G "Unix Makefiles" \ | |
| -DOSQUERY_TOOLCHAIN_SYSROOT:PATH="/usr/local/osquery-toolchain" \ | |
| -DCMAKE_BUILD_TYPE:STRING=Release \ | |
| -DOSQUERY_BUILD_TESTS=ON \ | |
| -DOSQUERY_BUILD_ROOT_TESTS=ON \ | |
| "${{ steps.build_paths.outputs.SOURCE }}" | |
| - name: Initialize the project (Release) | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | | |
| cmake --build . --target prepare_for_ide | |
| - name: Run cppcheck (Release) | |
| shell: bash | |
| id: release_cppcheck_runner | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | | |
| cmake --build . --target cppcheck 2>&1 | tee cppcheck_release.txt | |
| - name: Store the cppcheck log (Release) | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: cppcheck-release | |
| path: ${{ steps.build_paths.outputs.REL_BINARY }}/cppcheck_release.txt | |
| - name: Configure the project (Debug) | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | | |
| cmake -G "Unix Makefiles" \ | |
| -DOSQUERY_TOOLCHAIN_SYSROOT:PATH="/usr/local/osquery-toolchain" \ | |
| -DCMAKE_BUILD_TYPE:STRING=Debug \ | |
| -DOSQUERY_BUILD_TESTS=ON \ | |
| -DOSQUERY_BUILD_ROOT_TESTS=ON \ | |
| "${{ steps.build_paths.outputs.SOURCE }}" | |
| - name: Initialize the project (Debug) | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | | |
| cmake --build . --target prepare_for_ide | |
| - name: Run cppcheck (Debug) | |
| shell: bash | |
| id: debug_cppcheck_runner | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | | |
| cmake --build . --target cppcheck 2>&1 | tee cppcheck_debug.txt | |
| - name: Store the cppcheck log (Debug) | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: cppcheck-debug | |
| path: ${{ steps.build_paths.outputs.REL_BINARY }}/cppcheck_debug.txt | |
| # The Linux build will only start once we know that the code | |
| # has been properly formatted | |
| build_linux: | |
| needs: [check_code_style, check_libraries_manifest] | |
| runs-on: ${{ matrix.os }} | |
| container: | |
| image: osquery/builder20.04:7e9ee0339 | |
| options: --privileged --init -v /var/run/docker.sock:/var/run/docker.sock --pid=host --user 1001 | |
| strategy: | |
| matrix: | |
| build_type: [Release, RelWithDebInfo, Debug] | |
| os: [ubuntu-20.04] | |
| steps: | |
| - name: Make space uninstalling packages | |
| shell: bash | |
| run: | | |
| run_on_host="sudo nsenter -t 1 -m -u -n -i" | |
| packages_to_remove=$($run_on_host dpkg-query -f '${Package}\n' -W | grep "^clang-.*\|^llvm-.*\|^php.*\|^mono-.*\|^mongodb-.*\ | |
| \|^libmono-.*\|^temurin-8-jdk\|^temurin-11-jdk\|^temurin-17-jdk\|^dotnet-.*\|^google-chrome-stable\|^microsoft-edge-stable\|^google-cloud-sdk\|^firefox\|^hhvm\|^snapd") | |
| $run_on_host apt purge $packages_to_remove | |
| # Due to how the RPM packaging tools work, we have to adhere to some | |
| # character count requirements in the build path vs source path. | |
| # | |
| # Failing to do so, will break the debuginfo RPM package. | |
| - name: Setup the build paths | |
| id: build_paths | |
| run: | | |
| rel_build_path="workspace/usr/src/debug/osquery/build" | |
| rel_src_path="workspace/padding-required-by-rpm-packages/src" | |
| rel_ccache_path="workspace/ccache" | |
| rel_package_data_path="workspace/package_data" | |
| rel_packaging_path="workspace/osquery-packaging" | |
| rel_package_build_path="workspace/package-build" | |
| mkdir -p ${rel_build_path} \ | |
| ${rel_src_path} \ | |
| ${rel_ccache_path} \ | |
| ${rel_src_path} \ | |
| ${rel_package_data_path} \ | |
| ${rel_package_build_path} | |
| echo "SOURCE=$(realpath ${rel_src_path})" >> $GITHUB_OUTPUT | |
| echo "BINARY=$(realpath ${rel_build_path})" >> $GITHUB_OUTPUT | |
| echo "CCACHE=$(realpath ${rel_ccache_path})" >> $GITHUB_OUTPUT | |
| echo "PACKAGING=$(realpath ${rel_packaging_path})" >> $GITHUB_OUTPUT | |
| echo "PACKAGE_DATA=$(realpath ${rel_package_data_path})" >> $GITHUB_OUTPUT | |
| echo "REL_PACKAGE_BUILD=${rel_package_build_path}" >> $GITHUB_OUTPUT | |
| echo "PACKAGE_BUILD=$(realpath ${rel_package_build_path})" >> $GITHUB_OUTPUT | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ${{ steps.build_paths.outputs.SOURCE }} | |
| fetch-depth: 0 | |
| - name: Select the build job count | |
| shell: bash | |
| id: build_job_count | |
| run: | | |
| echo "VALUE=$(($(nproc) + 1))" >> $GITHUB_OUTPUT | |
| - name: Select the build options for the tests | |
| shell: bash | |
| id: tests_build_settings | |
| run: | | |
| if [[ "${{ matrix.build_type }}" == "RelWithDebInfo" ]] ; then | |
| echo "VALUE=OFF" >> $GITHUB_OUTPUT | |
| else | |
| echo "VALUE=ON" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Get runner hardware info | |
| shell: bash | |
| id: runner_stats | |
| run: | | |
| df -h | |
| echo "Cores: $(nproc)" | |
| free -m | |
| # We don't have enough space on the worker to actually generate all | |
| # the debug symbols (osquery + dependencies), so we have a flag to | |
| # disable them when running a Debug build | |
| - name: Select the debug symbols options | |
| shell: bash | |
| id: debug_symbols_settings | |
| run: | | |
| if [[ "${{ matrix.build_type }}" == "Debug" ]] ; then | |
| echo "VALUE=ON" >> $GITHUB_OUTPUT | |
| else | |
| echo "VALUE=OFF" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Clone the osquery-packaging repository | |
| run: | | |
| git clone ${{ env.PACKAGING_REPO }} \ | |
| ${{ steps.build_paths.outputs.PACKAGING }} | |
| cd ${{ steps.build_paths.outputs.PACKAGING }} | |
| git checkout ${{ env.PACKAGING_COMMIT }} | |
| - name: Update the cache (ccache) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.CCACHE }} | |
| key: | | |
| ccache_${{ matrix.os }}_${{ matrix.build_type }}_${{ github.sha }} | |
| restore-keys: | | |
| ccache_${{ matrix.os }}_${{ matrix.build_type }} | |
| - name: Update the cache (git submodules) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.SOURCE }}/.git/modules | |
| key: | | |
| gitmodules_${{ matrix.os }}_${{env.SUBMODULE_CACHE_VERSION}}_${{ github.sha }} | |
| restore-keys: | | |
| gitmodules_${{ matrix.os }}_${{env.SUBMODULE_CACHE_VERSION}} | |
| - name: Update the git submodules | |
| working-directory: ${{ steps.build_paths.outputs.SOURCE }} | |
| run: | | |
| git submodule sync --recursive | |
| - name: Configure the project | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| cmake -G "Unix Makefiles" \ | |
| -DOSQUERY_NO_DEBUG_SYMBOLS=${{ steps.debug_symbols_settings.outputs.VALUE }} \ | |
| -DOSQUERY_TOOLCHAIN_SYSROOT:PATH="/usr/local/osquery-toolchain" \ | |
| -DCMAKE_BUILD_TYPE:STRING="${{ matrix.build_type }}" \ | |
| -DOSQUERY_BUILD_TESTS=${{ steps.tests_build_settings.outputs.VALUE }} \ | |
| -DOSQUERY_BUILD_ROOT_TESTS=${{ steps.tests_build_settings.outputs.VALUE }} \ | |
| "${{ steps.build_paths.outputs.SOURCE }}" | |
| - name: Build the project | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| cmake --build . -j ${{ steps.build_job_count.outputs.VALUE }} | |
| - name: Disk space information | |
| shell: bash | |
| id: disk_space_info_post_build | |
| run: | | |
| df -h | |
| du -sh ${{ steps.build_paths.outputs.BINARY }} | |
| # Only run the tests on Debug and Release configurations; skip RelWithDebInfo | |
| - name: Run the tests as normal user | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| if: matrix.build_type != 'RelWithDebInfo' | |
| run: | | |
| ctest --build-nocmake -LE "root-required" -V | |
| - name: Run the tests as root user | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| if: matrix.build_type != 'RelWithDebInfo' | |
| run: | | |
| sudo -u root ctest --build-nocmake -L "root-required" -V | |
| - name: Run the install target | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| DESTDIR: ${{ steps.build_paths.outputs.PACKAGE_DATA }} | |
| run: | | |
| cmake \ | |
| --build . \ | |
| --target install \ | |
| -j ${{ steps.build_job_count.outputs.VALUE }} | |
| - name: Create the packages | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| working-directory: ${{ steps.build_paths.outputs.PACKAGE_BUILD }} | |
| shell: bash | |
| run: | | |
| osquery_version=$(cd ${{ steps.build_paths.outputs.SOURCE }} && git describe --tags --always ) | |
| tar pcvzf package_data.tar.gz \ | |
| ${{ steps.build_paths.outputs.PACKAGE_DATA }} | |
| package_format_list=( "DEB" "RPM" "TGZ" ) | |
| for package_format in "${package_format_list[@]}" ; do | |
| cmake -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} \ | |
| -DCPACK_GENERATOR=${package_format} \ | |
| -DOSQUERY_PACKAGE_VERSION=${osquery_version} \ | |
| -DOSQUERY_DATA_PATH=${{ steps.build_paths.outputs.PACKAGE_DATA }} \ | |
| -DOSQUERY_SOURCE_DIRECTORY_LIST="${{ steps.build_paths.outputs.SOURCE }};${{ steps.build_paths.outputs.BINARY }}" \ | |
| ${{ steps.build_paths.outputs.PACKAGING }} | |
| cmake --build . \ | |
| --target package | |
| done | |
| - name: Locate the packages | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| id: packages | |
| shell: bash | |
| run: | | |
| echo "REL_UNSIGNED_RELEASE_PACKAGE_DATA_PATH=${{ steps.build_paths.outputs.REL_PACKAGE_BUILD }}/package_data.tar.gz" >> $GITHUB_OUTPUT | |
| echo "REL_UNSIGNED_RELEASE_DEB_PATH=$(ls ${{ steps.build_paths.outputs.REL_PACKAGE_BUILD }}/*.deb)" >> $GITHUB_OUTPUT | |
| echo "REL_UNSIGNED_DEBUG_DEB_PATH=$(ls ${{ steps.build_paths.outputs.REL_PACKAGE_BUILD }}/*.ddeb)" >> $GITHUB_OUTPUT | |
| echo "REL_UNSIGNED_RELEASE_RPM_PATH=$(ls ${{ steps.build_paths.outputs.REL_PACKAGE_BUILD }}/osquery-?.*.rpm)" >> $GITHUB_OUTPUT | |
| echo "REL_UNSIGNED_DEBUG_RPM_PATH=$(ls ${{ steps.build_paths.outputs.REL_PACKAGE_BUILD }}/osquery-debuginfo-*.rpm)" >> $GITHUB_OUTPUT | |
| echo "REL_UNSIGNED_RELEASE_TGZ_PATH=$(ls ${{ steps.build_paths.outputs.REL_PACKAGE_BUILD }}/*linux_x86_64.tar.gz)" >> $GITHUB_OUTPUT | |
| - name: Store the unsigned release package data artifact | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: linux_unsigned_release_package_data | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_PACKAGE_DATA_PATH }} | |
| - name: Store the unsigned release DEB artifact | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: linux_unsigned_release_deb | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_DEB_PATH }} | |
| - name: Store the unsigned debug DEB artifact | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: linux_unsigned_debug_deb | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_DEBUG_DEB_PATH }} | |
| - name: Store the unsigned release RPM artifact | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: linux_unsigned_release_rpm | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_RPM_PATH }} | |
| - name: Store the unsigned debug RPM artifact | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: linux_unsigned_debug_rpm | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_DEBUG_RPM_PATH }} | |
| - name: Store the unsigned release TGZ artifact | |
| if: matrix.build_type == 'RelWithDebInfo' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: linux_unsigned_release_tgz | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_TGZ_PATH }} | |
| # Before we terminate this job, delete the build folder. The cache | |
| # actions will require the disk space to create the archives. | |
| - name: Reclaim disk space | |
| run: | | |
| rm -rf ${{ steps.build_paths.outputs.BINARY }} | |
| # The macOS build will only start once we know that the code | |
| # has been properly formatted | |
| build_macos: | |
| needs: [check_code_style, check_libraries_manifest] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| build_type: [Release, Debug] | |
| architecture: [x86_64, arm64] | |
| os: [macos-14] | |
| steps: | |
| - name: Select the build job count | |
| shell: bash | |
| id: build_job_count | |
| run: | | |
| echo "VALUE=$(($(sysctl -n hw.logicalcpu) + 1))" >> $GITHUB_OUTPUT | |
| - name: Setup the build paths | |
| shell: bash | |
| id: build_paths | |
| run: | | |
| rel_build_path="workspace/build" | |
| rel_src_path="workspace/src" | |
| rel_ccache_path="workspace/ccache" | |
| rel_downloads_path="workspace/downloads" | |
| rel_install_path="workspace/install" | |
| rel_package_data_path="workspace/package_data" | |
| rel_packaging_path="workspace/osquery-packaging" | |
| rel_package_build_path="workspace/package-build" | |
| mkdir -p ${rel_build_path} \ | |
| ${rel_ccache_path} \ | |
| ${rel_downloads_path} \ | |
| ${rel_install_path} \ | |
| ${rel_package_data_path} \ | |
| ${rel_package_build_path} | |
| echo "SOURCE=$(pwd)/${rel_src_path}" >> $GITHUB_OUTPUT | |
| echo "REL_SOURCE=${rel_src_path}" >> $GITHUB_OUTPUT | |
| echo "BINARY=$(pwd)/${rel_build_path}" >> $GITHUB_OUTPUT | |
| echo "CCACHE=$(pwd)/${rel_ccache_path}" >> $GITHUB_OUTPUT | |
| echo "DOWNLOADS=$(pwd)/${rel_downloads_path}" >> $GITHUB_OUTPUT | |
| echo "INSTALL=$(pwd)/${rel_install_path}" >> $GITHUB_OUTPUT | |
| echo "PACKAGING=$(pwd)/${rel_packaging_path}" >> $GITHUB_OUTPUT | |
| echo "PACKAGE_DATA=$(pwd)/${rel_package_data_path}" >> $GITHUB_OUTPUT | |
| echo "REL_PACKAGE_BUILD=${rel_package_build_path}" >> $GITHUB_OUTPUT | |
| echo "PACKAGE_BUILD=$(pwd)/${rel_package_build_path}" >> $GITHUB_OUTPUT | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| path: ${{ steps.build_paths.outputs.REL_SOURCE }} | |
| - name: Get runner hardware info | |
| shell: bash | |
| id: runner_stats | |
| run: | | |
| df -h | |
| echo "Cores: $(sysctl -n hw.logicalcpu)" | |
| vm_stat | |
| - name: Update the cache (ccache) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.CCACHE }} | |
| key: | | |
| ccache_${{ matrix.os }}_${{ matrix.architecture }}_${{ matrix.build_type }}_${{ github.sha }} | |
| restore-keys: | | |
| ccache_${{ matrix.os }}_${{ matrix.architecture }}_${{ matrix.build_type }} | |
| - name: Update the cache (git submodules) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.SOURCE }}/.git/modules | |
| key: | | |
| gitmodules_${{ matrix.os }}_${{ matrix.architecture }}_${{env.SUBMODULE_CACHE_VERSION}}_${{ github.sha }} | |
| restore-keys: | | |
| gitmodules_${{ matrix.os }}_${{ matrix.architecture }}_${{env.SUBMODULE_CACHE_VERSION}} | |
| - name: Update the cache (downloads) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.DOWNLOADS }} | |
| key: | | |
| downloads_${{ matrix.os }}_${{ matrix.architecture }}_${{ github.sha }} | |
| restore-keys: | | |
| downloads_${{ matrix.os }}_${{ matrix.architecture }} | |
| - name: Update the git submodules | |
| working-directory: ${{ steps.build_paths.outputs.SOURCE }} | |
| run: | | |
| git submodule sync --recursive | |
| - name: Install build dependencies | |
| run: | | |
| brew install \ | |
| ccache \ | |
| flex \ | |
| bison \ | |
| coreutils \ | |
| gnu-sed | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12.2' | |
| architecture: 'x64' | |
| - name: Install tests dependencies | |
| id: install_test_deps | |
| run: | | |
| pip3 install setuptools \ | |
| pexpect==3.3 \ | |
| psutil \ | |
| timeout_decorator \ | |
| six \ | |
| thrift==0.11.0 \ | |
| osquery | |
| - name: Install CMake | |
| shell: bash | |
| run: | | |
| ${{ steps.build_paths.outputs.REL_SOURCE }}/tools/ci/scripts/macos/install_cmake.sh \ | |
| "${{ steps.build_paths.outputs.DOWNLOADS }}" \ | |
| "${{ steps.build_paths.outputs.INSTALL }}" \ | |
| "3.21.4" | |
| - name: Select the Xcode version | |
| shell: bash | |
| id: xcode_selector | |
| run: | | |
| xcode_path="/Applications/Xcode_14.3.1.app/Contents/Developer" | |
| echo "PATH=${path}" >> $GITHUB_OUTPUT | |
| sudo xcode-select -s "${xcode_path}" | |
| echo "DEPLOYMENT_TARGET=10.15" >> $GITHUB_OUTPUT | |
| # We don't have enough space on the worker to actually generate all | |
| # the debug symbols (osquery + dependencies), so we have a flag to | |
| # disable them when running a Debug build | |
| - name: Select the debug symbols options | |
| shell: bash | |
| id: debug_symbols_settings | |
| run: | | |
| if [[ "${{ matrix.build_type }}" == "Debug" ]] ; then | |
| echo "VALUE=ON" >> $GITHUB_OUTPUT | |
| else | |
| echo "VALUE=OFF" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Configure the project | |
| shell: bash | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| cmake -G "Unix Makefiles" \ | |
| -DCMAKE_C_COMPILER=clang \ | |
| -DCMAKE_CXX_COMPILER=clang++ \ | |
| -DCMAKE_OSX_ARCHITECTURES="${{ matrix.architecture }}" \ | |
| -DCMAKE_OSX_DEPLOYMENT_TARGET="${{ steps.xcode_selector.outputs.DEPLOYMENT_TARGET }}" \ | |
| -DCMAKE_BUILD_TYPE:STRING="${{ matrix.build_type }}" \ | |
| -DOSQUERY_BUILD_TESTS=ON \ | |
| -DOSQUERY_NO_DEBUG_SYMBOLS=${{ steps.debug_symbols_settings.outputs.VALUE }} \ | |
| ${{ steps.build_paths.outputs.SOURCE }} | |
| - name: Build the project | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| cmake --build . -j ${{ steps.build_job_count.outputs.VALUE }} | |
| - name: Disk space information | |
| shell: bash | |
| id: disk_space_info_post_build | |
| run: | | |
| df -h | |
| du -sh ${{ steps.build_paths.outputs.BINARY }} | |
| - name: Run the tests | |
| if: matrix.architecture == 'arm64' | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| run: | | |
| ctest --build-nocmake -V | |
| - name: Run the install target | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| DESTDIR: ${{ steps.build_paths.outputs.PACKAGE_DATA }} | |
| run: | | |
| cmake \ | |
| --build . \ | |
| --target install \ | |
| -j ${{ steps.build_job_count.outputs.VALUE }} | |
| - name: Create the package data | |
| working-directory: ${{ steps.build_paths.outputs.PACKAGE_BUILD }} | |
| run: | | |
| tar pcvzf package_data.tar.gz \ | |
| -C ${{ steps.build_paths.outputs.PACKAGE_DATA }} \ | |
| . | |
| - name: Locate the package data | |
| if: matrix.build_type == 'Release' | |
| id: packages | |
| shell: bash | |
| run: | | |
| echo "REL_UNSIGNED_RELEASE_PACKAGE_DATA_PATH=$(ls ${{ steps.build_paths.outputs.REL_PACKAGE_BUILD }}/package_data.tar.gz)" >> $GITHUB_OUTPUT | |
| - name: Store the ${{ matrix.architecture }} unsigned release package data artifact | |
| if: matrix.build_type == 'Release' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: macos_unsigned_release_package_data_${{ matrix.architecture }} | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_PACKAGE_DATA_PATH }} | |
| - name: Package the tests for the x86_64 macOS-12 worker | |
| if: matrix.architecture == 'x86_64' | |
| working-directory: ${{ github.workspace }}/workspace | |
| run: | | |
| mkdir macos_tests_${{ matrix.build_type }} | |
| ${{ steps.build_paths.outputs.SOURCE }}/tools/ci/scripts/macos/package_tests.sh build macos_tests_${{ matrix.build_type }} | |
| - name: Store the packaged tests for the x86_64 macOS-12 worker | |
| if: matrix.architecture == 'x86_64' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: macos_tests_${{ matrix.build_type }} | |
| path: workspace/macos_tests_${{ matrix.build_type }}.tar.gz | |
| # Before we terminate this job, delete the build folder. The cache | |
| # actions will require the disk space to create the archives. | |
| - name: Reclaim disk space | |
| run: | | |
| rm -rf ${{ steps.build_paths.outputs.BINARY }} | |
| # This job takes the packaged tests (Release + Debug) from the Sonoma | |
| # builder and runs them on a new Monterey instance | |
| test_macos_monterey: | |
| needs: build_macos | |
| runs-on: macos-12 | |
| steps: | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/download-artifact@v2 | |
| with: | |
| name: macos_tests_Release | |
| - uses: actions/download-artifact@v2 | |
| with: | |
| name: macos_tests_Debug | |
| - name: Setup python | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.12.2' | |
| architecture: 'x64' | |
| - name: Install tests dependencies | |
| id: install_test_deps | |
| run: | | |
| pip3 install setuptools \ | |
| pexpect==3.3 \ | |
| psutil \ | |
| timeout_decorator \ | |
| six \ | |
| thrift==0.11.0 \ | |
| osquery | |
| - name: Install CMake | |
| shell: bash | |
| run: | | |
| mkdir -p "workspace/downloads" \ | |
| "workspace/install" | |
| ./tools/ci/scripts/macos/install_cmake.sh \ | |
| "workspace/downloads" \ | |
| "workspace/install" \ | |
| "3.21.4" | |
| - name: Extract the tests | |
| run: | | |
| tar xzf macos_tests_Release.tar.gz | |
| tar xzf macos_tests_Debug.tar.gz | |
| - name: Run the Debug tests | |
| run: | | |
| ( cd macos_tests_Debug && ./run.sh ) | |
| - name: Run the Release tests | |
| run: | | |
| ( cd macos_tests_Release && ./run.sh ) | |
| # This job builds the universal macOS artifacts | |
| build_universal_macos_artifacts: | |
| needs: test_macos_monterey | |
| runs-on: macos-14 | |
| steps: | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| - name: Install CMake | |
| shell: bash | |
| run: | | |
| mkdir -p "workspace/downloads" \ | |
| "workspace/install" | |
| ./tools/ci/scripts/macos/install_cmake.sh \ | |
| "workspace/downloads" \ | |
| "workspace/install" \ | |
| "3.21.4" | |
| - uses: actions/download-artifact@v2 | |
| with: | |
| name: macos_unsigned_release_package_data_x86_64 | |
| path: macos_unsigned_release_package_data_x86_64 | |
| - uses: actions/download-artifact@v2 | |
| with: | |
| name: macos_unsigned_release_package_data_arm64 | |
| path: macos_unsigned_release_package_data_arm64 | |
| - name: Create the universal package data | |
| run: | | |
| tools/ci/scripts/macos/build_universal_package_data.sh | |
| - name: Store the universal unsigned release package data artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: macos_unsigned_release_package_data_universal | |
| path: package_data.tar.gz | |
| - name: Clone the osquery-packaging repository | |
| run: | | |
| git clone ${{ env.PACKAGING_REPO }} osquery-packaging | |
| cd osquery-packaging | |
| git checkout ${{ env.PACKAGING_COMMIT }} | |
| - name: Create the packages | |
| shell: bash | |
| run: | | |
| osquery_version=$(git describe --tags --always ) | |
| package_format_list=( "productbuild" "TGZ" ) | |
| for package_format in "${package_format_list[@]}" ; do | |
| cmake -DCMAKE_BUILD_TYPE=Release \ | |
| -DCPACK_GENERATOR=${package_format} \ | |
| -DOSQUERY_PACKAGE_VERSION=${osquery_version} \ | |
| -DOSQUERY_DATA_PATH=$(pwd)/universal \ | |
| -S osquery-packaging \ | |
| -B package_build | |
| cmake --build package_build \ | |
| --target package | |
| done | |
| - name: Locate the packages | |
| id: packages | |
| shell: bash | |
| run: | | |
| echo "REL_UNSIGNED_RELEASE_PKG_PATH=$(ls package_build/*.pkg)" >> $GITHUB_OUTPUT | |
| echo "REL_UNSIGNED_RELEASE_TGZ_PATH=$(ls package_build/*.tar.gz)" >> $GITHUB_OUTPUT | |
| - name: Store the PKG unsigned release packages | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: macos_unsigned_pkg_universal | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_PKG_PATH }} | |
| - name: Store the TGZ unsigned release packages | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: macos_unsigned_tgz_universal | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_TGZ_PATH }} | |
| # The Windows build will only start once we know that the code | |
| # has been properly formatted | |
| build_windows: | |
| needs: [check_code_style, check_libraries_manifest] | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| build_type: [Release] | |
| bitness: [64, arm64] | |
| os: [windows-2019] | |
| steps: | |
| - name: Select the build job count | |
| shell: powershell | |
| id: build_job_count | |
| run: | | |
| $cores=(Get-CIMInstance Win32_ComputerSystem).NumberOfLogicalProcessors + 1 | |
| echo "VALUE=$cores" >> $env:GITHUB_OUTPUT | |
| - name: Setup the build paths | |
| shell: powershell | |
| id: build_paths | |
| run: | | |
| $rel_src_path = "w\src" | |
| $rel_build_path = "w\build" | |
| $rel_sccache_path = "w\sccache" | |
| $rel_downloads_path = "w\downloads" | |
| $rel_install_path = "w\install" | |
| $rel_package_data_path = "w\package_data" | |
| $rel_packaging_path = "w\osquery-packaging" | |
| New-Item -ItemType Directory -Force -Path $rel_build_path | |
| New-Item -ItemType Directory -Force -Path $rel_sccache_path | |
| New-Item -ItemType Directory -Force -Path $rel_downloads_path | |
| New-Item -ItemType Directory -Force -Path $rel_install_path | |
| New-Item -ItemType Directory -Force -Path $rel_package_data_path | |
| $base_dir = (Get-Item .).FullName | |
| echo "SOURCE=$base_dir\$rel_src_path" >> $env:GITHUB_OUTPUT | |
| echo "REL_SOURCE=$rel_src_path" >> $env:GITHUB_OUTPUT | |
| echo "BINARY=$base_dir\$rel_build_path" >> $env:GITHUB_OUTPUT | |
| echo "SCCACHE=$base_dir\$rel_sccache_path" >> $env:GITHUB_OUTPUT | |
| echo "DOWNLOADS=$base_dir\$rel_downloads_path" >> $env:GITHUB_OUTPUT | |
| echo "INSTALL=$base_dir\$rel_install_path" >> $env:GITHUB_OUTPUT | |
| echo "PACKAGING=$base_dir\$rel_packaging_path" >> $env:GITHUB_OUTPUT | |
| echo "PACKAGE_DATA=$base_dir\$rel_package_data_path" >> $env:GITHUB_OUTPUT | |
| - name: Setup the VC arch | |
| shell: powershell | |
| id: vc_arch | |
| run: | | |
| $arch = switch ("${{ matrix.bitness }}") | |
| { | |
| "64" { "x64" } | |
| "arm64" { "x64_arm64" } | |
| } | |
| echo "VC_ARCH=$arch" >> $env:GITHUB_OUTPUT | |
| # Symbolic links are supported by default on Linux and macOS. On | |
| # Windows, we have to enable them explicitly. They are used to | |
| # handle the include header namespace support that came with | |
| # the initial Buck build system refactor | |
| - name: Configure git | |
| run: | | |
| git config --global core.autocrlf false | |
| git config --global core.symlinks true | |
| - name: Clone the osquery repository | |
| uses: actions/checkout@v2 | |
| with: | |
| fetch-depth: 0 | |
| path: ${{ steps.build_paths.outputs.REL_SOURCE }} | |
| - name: Get runner hardware info | |
| id: runner_stats | |
| shell: powershell | |
| run: | | |
| Get-CIMInstance Win32_LogicalDisk | |
| Get-CIMInstance Win32_ComputerSystem | Select-Object -Property NumberOfLogicalProcessors | |
| Get-CIMInstance Win32_ComputerSystem | Select-Object -Property TotalPhysicalMemory | |
| - name: Detect the osquery version | |
| shell: powershell | |
| id: osquery_version | |
| run: | | |
| cd ${{ steps.build_paths.outputs.SOURCE }} | |
| $osquery_version=$(git describe --tags --abbrev=0) | |
| echo "VALUE=$osquery_version" >> $env:GITHUB_OUTPUT | |
| - name: Clone the osquery-packaging repository | |
| run: | | |
| cd w | |
| git clone ${{ env.PACKAGING_REPO }} | |
| cd ${{ steps.build_paths.outputs.PACKAGING }} | |
| git checkout ${{ env.PACKAGING_COMMIT }} | |
| - name: Update the cache (git submodules) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.SOURCE }}\.git\modules | |
| key: | | |
| gitmodules_${{ matrix.os }}_${{env.SUBMODULE_CACHE_VERSION}}_${{ github.sha }} | |
| restore-keys: | | |
| gitmodules_${{ matrix.os }}_${{env.SUBMODULE_CACHE_VERSION}} | |
| - name: Update the cache (downloads) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.DOWNLOADS }} | |
| key: | | |
| downloads_${{ matrix.os }}_${{ github.sha }} | |
| restore-keys: | | |
| downloads_${{ matrix.os }} | |
| - name: Initialize the Python 3 installation | |
| uses: actions/setup-python@v2 | |
| with: | |
| python-version: "3.x" | |
| architecture: "x64" | |
| # The runners will likely have both the x86 and x64 versions of | |
| # Python but we always need the 64-bit one regardless of which | |
| # architecture we are building for. | |
| # | |
| # The setup-python action should have put the right Python version | |
| # in the PATH variable for us, so locate the installation directory | |
| # so we can use it as a hint when we configure the project with | |
| # CMake | |
| - name: Locate the Python root directory | |
| id: python_root_directory | |
| shell: powershell | |
| run: | | |
| $python_executable_path = $(Get-Command python.exe | Select-Object -ExpandProperty Definition) | |
| $python_root_directory = (Get-Item $python_executable_path).Directory.FullName | |
| echo "VALUE=$python_root_directory" >> $env:GITHUB_OUTPUT | |
| # Install the Python dependencies needed for our testing framework | |
| - name: Install tests prerequisites | |
| run: | | |
| python -m pip install --upgrade pip | |
| python -m pip install wheel ` | |
| setuptools ` | |
| psutil ` | |
| timeout_decorator ` | |
| thrift==0.11.0 ` | |
| osquery ` | |
| pywin32 | |
| - name: Install Strawberry Perl | |
| working-directory: ${{ steps.build_paths.outputs.SOURCE }} | |
| shell: powershell | |
| run: | | |
| tools\ci\scripts\install_openssl_formula_dependencies.ps1 | |
| # TODO: Implement a cache so we don't keep hitting the server at each run | |
| - name: Install CMake | |
| working-directory: ${{ steps.build_paths.outputs.DOWNLOADS }} | |
| shell: powershell | |
| run: | | |
| $long_cmake_ver = "3.21.4" | |
| $short_cmake_ver = $($long_cmake_ver.split(".")[0] + "." + $long_cmake_ver.split(".")[1]) | |
| $folder_name = $("cmake-" + $long_cmake_ver + "-windows-x86_64") | |
| $archive_name = $($folder_name + ".zip") | |
| $url = $("https://cmake.org/files/v" + $short_cmake_ver + "/" + $archive_name) | |
| (New-Object System.Net.WebClient).DownloadFile($url, $archive_name) | |
| 7z x -o${{ steps.build_paths.outputs.INSTALL }} -y $archive_name | |
| echo "${{ steps.build_paths.outputs.INSTALL }}\$folder_name\bin" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
| # TODO: Implement a cache so we don't keep hitting the server at each run | |
| - name: Install sccache | |
| working-directory: ${{ steps.build_paths.outputs.DOWNLOADS }} | |
| shell: powershell | |
| run: | | |
| $long_version = "0.0.1" | |
| $archive_name = $("sccache-" + $long_version + "-windows.7z") | |
| $url = $("https://github.com/osquery/sccache/releases/download/" + $long_version + "-osquery/" + $archive_name) | |
| (New-Object System.Net.WebClient).DownloadFile($url, $archive_name) | |
| 7z x -o${{ steps.build_paths.outputs.INSTALL }}\sccache -y $archive_name | |
| echo "${{ steps.build_paths.outputs.INSTALL }}\sccache" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
| # TODO: Implement a cache so we don't keep hitting the server at each run | |
| - name: Install Ninja | |
| working-directory: ${{ steps.build_paths.outputs.DOWNLOADS }} | |
| shell: powershell | |
| run: | | |
| $long_version = "1.10.0" | |
| $archive_name = "ninja-win.zip" | |
| $url = $("https://github.com/ninja-build/ninja/releases/download/v" + $long_version + "/" + $archive_name) | |
| (New-Object System.Net.WebClient).DownloadFile($url, $archive_name) | |
| 7z x -o${{ steps.build_paths.outputs.INSTALL }}\ninja -y $archive_name | |
| echo "${{ steps.build_paths.outputs.INSTALL }}\ninja" | Out-File -FilePath $env:GITHUB_PATH -Encoding utf8 -Append | |
| - name: Configure the project | |
| shell: cmd | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| SCCACHE_DIR: ${{ steps.build_paths.outputs.SCCACHE }} | |
| SCCACHE_CACHE_SIZE: "5G" | |
| run: | | |
| call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" ${{ steps.vc_arch.outputs.VC_ARCH }} | |
| @echo on | |
| set cross_compilation= | |
| if ${{ matrix.bitness }}==arm64 ( | |
| echo set (CMAKE_SYSTEM_NAME Windows^) > cross.cmake | |
| echo set (CMAKE_SYSTEM_PROCESSOR ARM64^) >> cross.cmake | |
| set cross_compilation=-DCMAKE_TOOLCHAIN_FILE=cross.cmake | |
| ) | |
| cmake -G Ninja ^ | |
| -DCMAKE_C_COMPILER=cl.exe ^ | |
| -DCMAKE_CXX_COMPILER=cl.exe ^ | |
| -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} ^ | |
| -DOSQUERY_BUILD_TESTS=ON ^ | |
| -DCMAKE_C_COMPILER_LAUNCHER="sccache.exe" ^ | |
| -DCMAKE_CXX_COMPILER_LAUNCHER="sccache.exe" ^ | |
| -DPython3_ROOT_DIR=${{ steps.python_root_directory.outputs.VALUE }} ^ | |
| ${{ steps.build_paths.outputs.SOURCE }} ^ | |
| %cross_compilation% | |
| - name: Determine compiler version | |
| id: determine_compiler_version | |
| shell: pwsh | |
| run: | | |
| $compiler = (Get-Content "${{ steps.build_paths.outputs.BINARY }}\CMakeCache.txt" | Select-String -Pattern "CMAKE_CXX_COMPILER:STRING=(.*)").Matches[0].Groups[1].Value | |
| echo "Compiler configured by CMake is $compiler" | |
| if ($compiler -eq $null || $compiler -eq "") { | |
| Write-Error "Could not find the configured compiler" -ErrorAction Stop | |
| } | |
| <# | |
| We run the compiler help option; the compiler will write its version in stderr. | |
| Due to how powershell works, we have to go through some hoops to extract the stderr to a variable | |
| and also avoid it considering the command as failed because stderr contains messages. | |
| The expression runs the compiler in a subshell, discards its stdout, then the stderr of the subshell is redirected | |
| to the stdout of the parent shell. | |
| #> | |
| $ErrorActionPreference = 'Continue' | |
| $erroutput = $( & "$compiler" /? 1>$null ) 2>&1 | |
| $ErrorActionPreference = 'Stop' | |
| if ($erroutput -eq $null || $erroutput -eq "") { | |
| Write-Error "Failed to run the compiler at $compiler" -ErrorAction Stop | |
| } | |
| $version = ($erroutput | Select-String -Pattern "Compiler Version (.*) for").Matches[0].Groups[1].Value.Replace(".", "") | |
| if ($version -eq $null || $version -eq "") { | |
| Write-Error "Failed to determine compiler version for $compiler and output $erroutput" -ErrorAction Stop | |
| } | |
| echo "Found compiler version $version" | |
| echo "COMPILER_VERSION=$version" >> $env:GITHUB_OUTPUT | |
| - name: Update the cache (sccache) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.SCCACHE }} | |
| key: | | |
| sccache_${{ matrix.os }}_${{ matrix.bitness }}_${{ matrix.build_type }}_${{ steps.determine_compiler_version.outputs.COMPILER_VERSION }}_${{ github.sha }} | |
| restore-keys: | | |
| sccache_${{ matrix.os }}_${{ matrix.bitness }}_${{ matrix.build_type }}_${{ steps.determine_compiler_version.outputs.COMPILER_VERSION }} | |
| - name: Build the project | |
| shell: cmd | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| SCCACHE_DIR: ${{ steps.build_paths.outputs.SCCACHE }} | |
| SCCACHE_CACHE_SIZE: "5G" | |
| run: | | |
| call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" ${{ steps.vc_arch.outputs.VC_ARCH }} | |
| @echo on | |
| cmake --build . -j ${{ steps.build_job_count.outputs.VALUE }} | |
| if %errorlevel% neq 0 exit /b %errorlevel% | |
| sccache.exe --stop-server | |
| - name: Disk space information | |
| id: disk_space_info_post_build | |
| shell: powershell | |
| run: | | |
| Get-CIMInstance Win32_LogicalDisk | |
| $bindir_size = (Get-ChildItem -Path ${{ steps.build_paths.outputs.BINARY }} -Recurse | Measure-Object -Property Length -Sum).sum / 1MB | |
| echo "Binary dir size: $bindir_size MBs" | |
| - name: Run the tests | |
| # arm64 tests can't be run on x64 machine | |
| if: matrix.bitness != 'arm64' | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| shell: cmd | |
| run: | | |
| call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" ${{ steps.vc_arch.outputs.VC_ARCH }} | |
| @echo on | |
| ctest --build-nocmake -C Release -V | |
| - name: Run the install target | |
| working-directory: ${{ steps.build_paths.outputs.BINARY }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.SCCACHE }} | |
| DESTDIR: ${{ steps.build_paths.outputs.PACKAGE_DATA }} | |
| run: | | |
| cmake --build . --target install -j 3 | |
| - name: Create the packages | |
| shell: cmd | |
| run: | | |
| call "C:\Program Files (x86)\Microsoft Visual Studio\2019\Enterprise\VC\Auxiliary\Build\vcvarsall.bat" ${{ steps.vc_arch.outputs.VC_ARCH }} | |
| @echo on | |
| cd ${{ steps.build_paths.outputs.PACKAGE_BUILD }} | |
| 7z ^ | |
| a windows_package_data.zip ^ | |
| ${{ steps.build_paths.outputs.PACKAGE_DATA }} | |
| if %errorlevel% neq 0 exit /b %errorlevel% | |
| if ${{ matrix.bitness }}==arm64 ( | |
| echo Do not create other packages for arm64 | |
| exit 0 | |
| ) | |
| cmake -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} ^ | |
| -DCPACK_GENERATOR=WIX ^ | |
| -DOSQUERY_PACKAGE_VERSION=${{ steps.osquery_version.outputs.VALUE }} ^ | |
| -DOSQUERY_DATA_PATH=${{ steps.build_paths.outputs.PACKAGE_DATA }} ^ | |
| -DOSQUERY_BITNESS=${{ matrix.bitness }} ^ | |
| ${{ steps.build_paths.outputs.PACKAGING }} | |
| if %errorlevel% neq 0 exit /b %errorlevel% | |
| cmake --build . ^ | |
| --config Release ^ | |
| --target package | |
| if %errorlevel% neq 0 exit /b %errorlevel% | |
| cmake -DCMAKE_BUILD_TYPE=${{ matrix.build_type }} ^ | |
| -DCPACK_GENERATOR=NuGet ^ | |
| -DOSQUERY_PACKAGE_VERSION=${{ steps.osquery_version.outputs.VALUE }} ^ | |
| -DOSQUERY_DATA_PATH=${{ steps.build_paths.outputs.PACKAGE_DATA }} ^ | |
| -DOSQUERY_BITNESS=${{ matrix.bitness }} ^ | |
| ${{ steps.build_paths.outputs.PACKAGING }} | |
| if %errorlevel% neq 0 exit /b %errorlevel% | |
| cmake --build . ^ | |
| --config Release ^ | |
| --target package | |
| if %errorlevel% neq 0 exit /b %errorlevel% | |
| - name: Locate the packages | |
| working-directory: ${{ steps.build_paths.outputs.PACKAGE_BUILD }} | |
| id: packages | |
| shell: bash | |
| run: | | |
| echo "REL_UNSIGNED_RELEASE_PACKAGE_DATA_PATH=$(ls *.zip)" >> $GITHUB_OUTPUT | |
| echo "REL_UNSIGNED_RELEASE_MSI_PATH=$(ls *.msi)" >> $GITHUB_OUTPUT | |
| echo "REL_UNSIGNED_RELEASE_NUPKG_PATH=$(ls *.nupkg)" >> $GITHUB_OUTPUT | |
| - name: Store the unsigned release package data artifact | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: windows${{ matrix.bitness }}_unsigned_release_package_data | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_PACKAGE_DATA_PATH }} | |
| - name: Store the unsigned release MSI artifact | |
| if: matrix.bitness != 'arm64' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: windows${{ matrix.bitness }}_unsigned_release_msi | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_MSI_PATH }} | |
| - name: Store the unsigned release NUPKG artifact | |
| if: matrix.bitness != 'arm64' | |
| uses: actions/upload-artifact@v1 | |
| with: | |
| name: windows${{ matrix.bitness }}_unsigned_release_nupkg | |
| path: ${{ steps.packages.outputs.REL_UNSIGNED_RELEASE_NUPKG_PATH }} | |
| # Before we terminate this job, delete the build folder. The cache | |
| # actions will require the disk space to create the archives. | |
| - name: Reclaim disk space | |
| shell: powershell | |
| run: | | |
| rm -r -Force ${{ steps.build_paths.outputs.BINARY }} | |
| # This job is here as a github status check -- it allows us to move the dependency from | |
| # being on all the jobs to this single one. | |
| mergeable: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - run: true | |
| needs: | |
| - build_macos | |
| - build_linux | |
| - build_windows | |
| - build_universal_macos_artifacts | |
| - check_source_code |