cbmc-6.3.1 #123
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| on: | |
| release: | |
| types: [created] | |
| env: | |
| cvc5-version: "1.1.2" | |
| name: Upload additional release assets | |
| jobs: | |
| ubuntu-22_04-package: | |
| runs-on: ubuntu-22.04 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Fetch dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install --no-install-recommends -y g++ gdb flex bison cmake ninja-build maven jq libxml2-utils dpkg-dev ccache z3 | |
| - name: Confirm z3 solver is available and log the version installed | |
| run: z3 --version | |
| - name: Download cvc-5 from the releases page and make sure it can be deployed | |
| run: | | |
| wget https://github.com/cvc5/cvc5/releases/download/cvc5-${{env.cvc5-version}}/cvc5-Linux-static.zip | |
| unzip -j -d /usr/local/bin cvc5-Linux-static.zip cvc5-Linux-static/bin/cvc5 | |
| rm cvc5-Linux-static.zip | |
| cvc5 --version | |
| - name: Prepare ccache | |
| uses: actions/cache@v4 | |
| with: | |
| save-always: true | |
| path: .ccache | |
| key: ${{ runner.os }}-22.04-Release-${{ github.ref }}-${{ github.sha }}-RELEASEPKG | |
| restore-keys: | |
| ${{ runner.os }}-22.04-Release-${{ github.ref }} | |
| ${{ runner.os }}-22.04-Release | |
| - name: ccache environment | |
| run: | | |
| echo "CCACHE_BASEDIR=$PWD" >> $GITHUB_ENV | |
| echo "CCACHE_DIR=$PWD/.ccache" >> $GITHUB_ENV | |
| - name: Configure CMake | |
| run: cmake -S . -Bbuild -G Ninja -DCMAKE_BUILD_TYPE=Release -DCMAKE_C_COMPILER=/usr/bin/gcc -DCMAKE_CXX_COMPILER=/usr/bin/g++ -Dsat_impl="minisat2;cadical" | |
| - name: Zero ccache stats and limit in size | |
| run: ccache -z --max-size=500M | |
| - name: Build using Ninja | |
| run: ninja -C build -j4 | |
| - name: Print ccache stats | |
| run: ccache -s | |
| - name: Run CTest | |
| run: cd build; ctest . -V -L CORE -C Release -j4 | |
| - name: Create packages | |
| id: create_packages | |
| run: | | |
| cd build | |
| ninja package | |
| deb_package_name="$(ls *.deb)" | |
| echo "deb_package=./build/$deb_package_name" >> $GITHUB_OUTPUT | |
| echo "deb_package_name=ubuntu-22.04-$deb_package_name" >> $GITHUB_OUTPUT | |
| - name: Get release info | |
| id: get_release_info | |
| uses: bruceadams/[email protected] | |
| - name: Upload binary packages | |
| uses: actions/upload-release-asset@v1 | |
| with: | |
| upload_url: ${{ steps.get_release_info.outputs.upload_url }} | |
| asset_path: ${{ steps.create_packages.outputs.deb_package }} | |
| asset_name: ${{ steps.create_packages.outputs.deb_package_name }} | |
| asset_content_type: application/x-deb | |
| - name: Slack notification of CI status | |
| uses: rtCamp/action-slack-notify@v2 | |
| if: success() || failure() | |
| env: | |
| SLACK_CHANNEL: aws-cbmc | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_USERNAME: Github Actions CI bot | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_MESSAGE: "${{ job.status == 'success' && 'Ubuntu 22.04 package built and uploaded successfully' || 'Ubuntu 22.04 package build failed' }}" | |
| ubuntu-20_04-package: | |
| runs-on: ubuntu-20.04 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Fetch dependencies | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install --no-install-recommends -y g++ gdb flex bison cmake ninja-build maven jq libxml2-utils dpkg-dev ccache z3 | |
| - name: Confirm z3 solver is available and log the version installed | |
| run: z3 --version | |
| - name: Download cvc-5 from the releases page and make sure it can be deployed | |
| run: | | |
| wget https://github.com/cvc5/cvc5/releases/download/cvc5-${{env.cvc5-version}}/cvc5-Linux-static.zip | |
| unzip -j -d /usr/local/bin cvc5-Linux-static.zip cvc5-Linux-static/bin/cvc5 | |
| rm cvc5-Linux-static.zip | |
| cvc5 --version | |
| - name: Prepare ccache | |
| uses: actions/cache@v4 | |
| with: | |
| save-always: true | |
| path: .ccache | |
| key: ${{ runner.os }}-20.04-Release-${{ github.ref }}-${{ github.sha }}-RELEASEPKG | |
| restore-keys: | | |
| ${{ runner.os }}-20.04-Release-${{ github.ref }} | |
| ${{ runner.os }}-20.04-Release | |
| - name: ccache environment | |
| run: | | |
| echo "CCACHE_BASEDIR=$PWD" >> $GITHUB_ENV | |
| echo "CCACHE_DIR=$PWD/.ccache" >> $GITHUB_ENV | |
| - name: Configure CMake | |
| run: | | |
| mkdir build | |
| cd build | |
| cmake .. -G Ninja -DCMAKE_BUILD_TYPE=Release -Dsat_impl="minisat2;cadical" | |
| - name: Zero ccache stats and limit in size | |
| run: ccache -z --max-size=500M | |
| - name: Build using Ninja | |
| run: ninja -C build -j4 | |
| - name: Print ccache stats | |
| run: ccache -s | |
| - name: Run CTest | |
| run: cd build; ctest . -V -L CORE -C Release -j4 | |
| - name: Create packages | |
| id: create_packages | |
| run: | | |
| cd build | |
| ninja package | |
| deb_package_name="$(ls *.deb)" | |
| echo "deb_package=./build/$deb_package_name" >> $GITHUB_OUTPUT | |
| echo "deb_package_name=ubuntu-20.04-$deb_package_name" >> $GITHUB_OUTPUT | |
| - name: Get release info | |
| id: get_release_info | |
| uses: bruceadams/[email protected] | |
| - name: Upload binary packages | |
| uses: actions/upload-release-asset@v1 | |
| with: | |
| upload_url: ${{ steps.get_release_info.outputs.upload_url }} | |
| asset_path: ${{ steps.create_packages.outputs.deb_package }} | |
| asset_name: ${{ steps.create_packages.outputs.deb_package_name }} | |
| asset_content_type: application/x-deb | |
| - name: Slack notification of CI status | |
| uses: rtCamp/action-slack-notify@v2 | |
| if: success() || failure() | |
| env: | |
| SLACK_CHANNEL: aws-cbmc | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_USERNAME: Github Actions CI bot | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_MESSAGE: "${{ job.status == 'success' && 'Ubuntu 20.04 package built and uploaded successfully' || 'Ubuntu 20.04 package build failed' }}" | |
| homebrew-pr: | |
| runs-on: macos-13 | |
| steps: | |
| - name: Get release tag name | |
| # The GITHUB_REF we get has refs/tags/ in front of the tag name so we | |
| # strip that here | |
| run: echo "RELEASE_TAG=${GITHUB_REF/refs\/tags\/}" >> $GITHUB_ENV | |
| - name: Configure git user name and email | |
| uses: Homebrew/actions/git-user-config@c62170a03ff2bcb9ab097fd7d6acbc905618e42a | |
| with: | |
| username: db-ci-cprover | |
| - name: Create homebrew PR | |
| run: | | |
| brew update-reset | |
| brew bump-formula-pr --tag "$RELEASE_TAG" --revision "$GITHUB_SHA" cbmc | |
| env: | |
| HOMEBREW_GITHUB_API_TOKEN: ${{ secrets.DB_CI_CPROVER_ACCESS_TOKEN }} | |
| - name: Checkout CBMC project source code to obtain access to scripts | |
| if: always() | |
| uses: actions/checkout@v4 | |
| - name: Slack notification of CI status | |
| if: success() || failure() | |
| env: | |
| SLACK_CHANNEL: aws-cbmc | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_USERNAME: Github Actions CI bot | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_MESSAGE: "${{ job.status == 'success' && 'Homebrew PR submitted successfully' || 'Homebrew PR failed' }}" | |
| run: | | |
| brew install go | |
| go run scripts/slack_notification_action.go | |
| windows-msi-package: | |
| runs-on: windows-2019 | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Setup Visual Studio environment | |
| uses: microsoft/setup-msbuild@v2 | |
| - name: Fetch dependencies | |
| run: | | |
| choco install winflexbison3 | |
| nuget install clcache -OutputDirectory "c:\tools" -ExcludeVersion -Version 4.1.0 | |
| echo "c:\tools\clcache\clcache-4.1.0" >> $env:GITHUB_PATH | |
| - name: Setup code sign environment | |
| run: | | |
| dotnet tool install --global AzureSignTool --version 5.0.0 | |
| echo "$(Split-Path -Path $(Get-ChildItem -Path "${env:ProgramFiles(x86)}\Windows Kits\10\App Certification Kit\signtool.exe"))" >> $env:GITHUB_PATH | |
| - name: Prepare ccache | |
| uses: actions/cache@v4 | |
| with: | |
| save-always: true | |
| path: .ccache | |
| key: ${{ runner.os }}-msbuild-${{ github.ref }}-${{ github.sha }}-RELEASEPKG | |
| restore-keys: | | |
| ${{ runner.os }}-msbuild-${{ github.ref }} | |
| ${{ runner.os }}-msbuild | |
| - name: ccache environment | |
| run: | | |
| echo "CLCACHE_BASEDIR=$((Get-Item -Path '.\').FullName)" >> $env:GITHUB_ENV | |
| echo "CLCACHE_DIR=$pwd\.ccache" >> $env:GITHUB_ENV | |
| - name: Configure with cmake | |
| run: cmake -S . -B build | |
| - name: Build Release | |
| run: cmake --build build --config Release -- /p:UseMultiToolTask=true /p:CLToolExe=clcache | |
| - name: Print ccache stats | |
| run: clcache -s | |
| - name: Create packages | |
| id: create_packages | |
| # We need to get the path to cpack because fascinatingly, | |
| # chocolatey also includes a command called "cpack" which takes precedence | |
| run: | | |
| Set-Location build | |
| $cpack = "$(Split-Path -Parent (Get-Command cmake).Source)\cpack.exe" | |
| & $cpack . -C Release | |
| $msi_name = Get-ChildItem -Filter *.msi -Name | |
| echo "msi_installer=build/$msi_name" >> $env:GITHUB_OUTPUT | |
| echo "msi_name=$msi_name" >> $env:GITHUB_OUTPUT | |
| - name: Sign the installer | |
| id: code_sign | |
| run: | | |
| $servers = @('http://ts.ssl.com', 'http://timestamp.digicert.com', 'http://timestamp.sectigo.com') | |
| foreach($ts_server in $servers) | |
| { | |
| & AzureSignTool sign ` | |
| --azure-key-vault-url "${{ secrets.AZURE_KEYVAULT_URL }}" ` | |
| --azure-key-vault-client-id "${{ secrets.AZURE_CLIENT_ID }}" ` | |
| --azure-key-vault-tenant-id "${{ secrets.AZURE_TENANT_ID }}" ` | |
| --azure-key-vault-client-secret "${{ secrets.AZURE_CLIENT_SECRET }}" ` | |
| --azure-key-vault-certificate "${{ secrets.AZURE_CERTIFICATE_NAME }}" ` | |
| --timestamp-rfc3161 $ts_server ` | |
| --timestamp-digest sha256 ` | |
| --file-digest sha256 ` | |
| --verbose ${{ steps.create_packages.outputs.msi_installer }} | |
| if ($LastExitCode -eq "0") | |
| { | |
| # Stop if code-signing the binary using this server was successful. | |
| break | |
| } | |
| } | |
| - name: Verify installer signature | |
| id: verify_codesign | |
| run: | | |
| & signtool.exe verify /pa ${{ steps.create_packages.outputs.msi_installer }} | |
| - name: Get release info | |
| id: get_release_info | |
| uses: bruceadams/[email protected] | |
| - name: Upload binary packages | |
| uses: actions/upload-release-asset@v1 | |
| with: | |
| upload_url: ${{ steps.get_release_info.outputs.upload_url }} | |
| asset_path: ${{ steps.create_packages.outputs.msi_installer }} | |
| asset_name: ${{ steps.create_packages.outputs.msi_name }} | |
| asset_content_type: application/x-msi | |
| - name: Slack notification of CI status | |
| if: success() || failure() | |
| env: | |
| SLACK_CHANNEL: aws-cbmc | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_USERNAME: Github Actions CI bot | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_MESSAGE: "${{ job.status == 'success' && 'Windows package built and uploaded successfully' || 'Windows package build failed' }}" | |
| run: go run scripts/slack_notification_action.go | |
| push-docker-image-dockerhub: | |
| runs-on: ubuntu-20.04 | |
| steps: | |
| - name: Checkout CBMC source | |
| uses: actions/checkout@v4 | |
| with: | |
| submodules: recursive | |
| - name: Set Image Tag | |
| run: | | |
| # Isolate the version number from a reference to a tag, for example, | |
| # '5.20.3' from a string like 'refs/tags/cbmc-5.20.3-exp' | |
| VERSION=$(echo ${{ github.ref }} | cut -d "/" -f 3 | cut -d "-" -f 2) | |
| echo "IMAGE_TAG=diffblue/cbmc:$VERSION" >> $GITHUB_ENV | |
| - name: Build docker image | |
| run: docker build -t "$IMAGE_TAG" . | |
| - name: Push docker image to DockerHub | |
| run: | | |
| echo ${{ secrets.DOCKERHUB_ACCESS_DB_CI_CPROVER }} | docker login --username=dbcicprover --password-stdin | |
| docker image push "$IMAGE_TAG" | |
| # For security reasons remove stored login credentials from | |
| # configuration file they are stored at by docker login. | |
| docker logout | |
| - name: Slack notification of CI status | |
| uses: rtCamp/action-slack-notify@v2 | |
| if: success() || failure() | |
| env: | |
| SLACK_CHANNEL: aws-cbmc | |
| SLACK_COLOR: ${{ job.status }} | |
| SLACK_USERNAME: Github Actions CI bot | |
| SLACK_WEBHOOK: ${{ secrets.SLACK_WEBHOOK }} | |
| SLACK_MESSAGE: "${{ job.status == 'success' && 'Docker Image built and submitted to DockerHub successfully' || 'Docker Image build failed' }}" |