diff --git a/.ci-local/disable-fortify.py b/.ci-local/disable-fortify.py new file mode 100755 index 0000000..b7ab35f --- /dev/null +++ b/.ci-local/disable-fortify.py @@ -0,0 +1,6 @@ +#!/bin/env python + +with open('configure/CONFIG_SITE', 'wa') as F: + F.write(''' +OP_SYS_CPPFLAGS += -U_FORTIFY_SOURCE +''') diff --git a/.ci-local/nofortify.set b/.ci-local/nofortify.set new file mode 100644 index 0000000..8f12b56 --- /dev/null +++ b/.ci-local/nofortify.set @@ -0,0 +1,8 @@ +# EPICS Base +BASE_DIRNAME=base +BASE_REPONAME=epics-base +BASE_REPOOWNER=epics-base +BASE_VARNAME=EPICS_BASE +BASE_RECURSIVE=no + +BASE_HOOKS=.ci-local/disable-fortify.py diff --git a/.github/workflows/ci-scripts-build.yml b/.github/workflows/ci-scripts-build.yml index f964ab6..d3a19f6 100644 --- a/.github/workflows/ci-scripts-build.yml +++ b/.github/workflows/ci-scripts-build.yml @@ -29,6 +29,7 @@ jobs: runs-on: ${{ matrix.os }} # Set environment variables from matrix parameters env: + SET: ${{ matrix.set || 'defaults' }} CMP: ${{ matrix.cmp }} BCFG: ${{ matrix.configuration }} BASE: ${{ matrix.base }} @@ -104,25 +105,31 @@ jobs: cmp: gcc configuration: default base: "7.0" - libevent: "release-2.0.22-stable" + libevent: "release-2.1.12-stable" - name: Native Linux with 7.0.2 os: ubuntu-latest cmp: gcc configuration: default + set: "nofortify" base: "R7.0.2" + extra: "CMD_CPPFLAGS=\"-U_FORTIFY_SOURCE\"" - name: Native Linux with 3.15 os: ubuntu-latest cmp: gcc configuration: default + set: "nofortify" base: "3.15" + extra: "CMD_CPPFLAGS=\"-U_FORTIFY_SOURCE\"" - name: Native Linux with 3.14 os: ubuntu-latest cmp: gcc configuration: default + set: "nofortify" base: "3.14" + extra: "CMD_CPPFLAGS=\"-U_FORTIFY_SOURCE\"" - name: OSX os: macos-latest @@ -145,13 +152,13 @@ jobs: extra: "CMD_CXXFLAGS=-analysis" steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: true - name: "apt-get install" run: | sudo apt-get update - sudo apt-get -y install g++-mingw-w64-x86-64 cmake gdb qemu-system-x86 + sudo apt-get -y install libreadline-dev g++-mingw-w64-x86-64 cmake gdb qemu-system-x86 if: runner.os == 'Linux' - name: Automatic core dumper analysis uses: mdavidsaver/ci-core-dumper@master @@ -210,8 +217,6 @@ jobs: docker: name: ${{ matrix.name }} runs-on: ubuntu-latest - container: - image: ${{ matrix.image }} env: CMP: ${{ matrix.cmp }} BCFG: ${{ matrix.configuration }} @@ -219,16 +224,12 @@ jobs: LIBEVENT_TAG: ${{ matrix.libevent }} EXTRA: ${{ matrix.extra }} VV: "1" - # The Node version was updated to Node20 in 'checkout', which breaks stuff - # This allows the use of the "unsecure" Node16 - # THIS IS VERY MUCH A TEMPORARY FIX AND WILL STOP WORKING IN THE FUTURE - # https://github.blog/changelog/2024-03-07-github-actions-all-actions-will-run-on-node20-instead-of-node16-by-default/ - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true + strategy: fail-fast: false matrix: include: - - name: Linux centos 7 + - name: Linux CentOS 7 image: centos:7 cmp: gcc configuration: default @@ -241,61 +242,48 @@ jobs: base: "7.0" steps: - - name: "Build newer Git" - # actions/checkout@v2 wants git >=2.18 - # centos:7 has 1.8 - if: matrix.image=='centos:7' - # By default, Centos 7 uses mirrorlist.centos.org for yum - # mirrorlist.centos.org no longer exists (as of 1st July 2024), so need to update repolist - run: | - sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo - sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo - sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo - yum -y install curl make gcc curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker - curl https://mirrors.edge.kernel.org/pub/software/scm/git/git-2.29.0.tar.gz | tar -xz - cd git-* - make -j2 prefix=/usr/local all - make prefix=/usr/local install - cd .. - rm -rf git-* - type -a git - git --version - - name: "Redhat setup" - run: | - dnfyum() { - dnf -y "$@" || yum -y "$@" - return $? - } - dnfyum install python3 gdb make perl gcc-c++ glibc-devel readline-devel ncurses-devel perl-devel libevent-devel - git --version || dnfyum install git - # rather than just bite the bullet and link python3 -> python, - # people would rather just break all existing scripts... - [ -e /usr/bin/python ] || ln -sf /usr/bin/python3 /usr/bin/python - python --version - uses: actions/checkout@v3 with: submodules: true - - name: Automatic core dumper analysis - uses: mdavidsaver/ci-core-dumper@master - if: matrix.image!='centos:7' - - name: Automatic core dumper analysis - uses: mdavidsaver/ci-core-dumper@node16 - if: matrix.image=='centos:7' - - name: Prepare and compile dependencies - run: python .ci/cue.py prepare - - name: Build main module - run: python .ci/cue.py build - - name: Host info - run: python .ci/cue.py --add-path "{TOP}/bin/{EPICS_HOST_ARCH}" exec pvxinfo -D - - name: Run main module tests - run: python -m ci_core_dumper exec python .ci/cue.py test - - name: Collect and show test results - run: python .ci/cue.py test-results - - name: CDT Check - run: ./.ci-local/cdt-check.sh - - name: Upload tapfiles Artifact - if: ${{ always() }} - uses: actions/upload-artifact@v3 - with: - name: tapfiles ${{ matrix.name }} - path: '**/O.*/*.tap' + + - name: Run... + run: | + env > env.list + cat < runit.sh + #!/bin/sh + set -e -x + cd /io + id + + if [ "${{ matrix.image }}" = "centos:7" ] + then + sed -i s/mirror.centos.org/vault.centos.org/g /etc/yum.repos.d/*.repo + sed -i s/^#.*baseurl=http/baseurl=http/g /etc/yum.repos.d/*.repo + sed -i s/^mirrorlist=http/#mirrorlist=http/g /etc/yum.repos.d/*.repo + yum -y install epel-release + alias dnf=yum + fi + dnf -y install \ + curl make gcc curl-devel expat-devel gettext-devel openssl-devel zlib-devel perl-ExtUtils-MakeMaker \ + python3 gdb make perl gcc-c++ glibc-devel readline-devel ncurses-devel perl-devel libevent-devel \ + sudo re2c git + + # fake out cue.py + ln -s /bin/true /usr/bin/apt-get + + # quiet warnings spam from perl + export LANG=C + + python3 --version + python3 .ci/cue.py prepare + python3 .ci/cue.py build + python3 .ci/cue.py -T 15M test + python3 .ci/cue.py test-results + EOF + chmod +x runit.sh + docker run --rm --quiet \ + --pull=always \ + --env-file env.list \ + -v `pwd`:/io \ + ${{ matrix.image }} \ + /io/runit.sh diff --git a/.github/workflows/codespell.yml b/.github/workflows/codespell.yml index bc978ba..a36e846 100644 --- a/.github/workflows/codespell.yml +++ b/.github/workflows/codespell.yml @@ -21,7 +21,7 @@ jobs: runs-on: ubuntu-latest steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 - name: Apt run: | sudo apt-get update diff --git a/.github/workflows/python.yml b/.github/workflows/python.yml index 22c8a2f..004344b 100644 --- a/.github/workflows/python.yml +++ b/.github/workflows/python.yml @@ -118,7 +118,7 @@ jobs: piparch: win_amd64 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: true - name: Automatic core dumper analysis @@ -317,14 +317,15 @@ jobs: pre: linux32 steps: - - uses: actions/checkout@v3 + - uses: actions/checkout@v4 with: submodules: recursive - name: Setup native python uses: actions/setup-python@v5 with: - python-version: ${{ matrix.python || '3.7' }} + # used to run twine for uploads + python-version: '3.11' #architecture: x64 - name: Native Prep/Info