Bump github/codeql-action from 4.31.2 to 4.31.3 #794
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| name: Build And Test | |
| on: | |
| push: | |
| branches: ["main"] | |
| pull_request: | |
| branches: ["main"] | |
| env: | |
| CARGO_TERM_COLOR: always | |
| PUBLIC_SIMICS_PKGS_URL_WINDOWS: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/simics-6-packages-2024-05-win64.ispm" | |
| # NOTE: We use the old ISPM because there is something wrong with 1.8.3 with unattended installation | |
| # PUBLIC_SIMICS_ISPM_URL_WINDOWS: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/881ee76a-c24d-41c0-af13-5d89b2a857ff/intel-simics-package-manager-1.7.5-win64.exe" | |
| PUBLIC_SIMICS_ISPM_URL_WINDOWS: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/intel-simics-package-manager-1.8.3-win64.exe" | |
| PUBLIC_SIMICS_PKGS_URL: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/simics-6-packages-2024-05-linux64.ispm" | |
| PUBLIC_SIMICS_ISPM_URL: "https://registrationcenter-download.intel.com/akdlm/IRC_NAS/ead79ef5-28b5-48c7-8d1f-3cde7760798f/intel-simics-package-manager-1.8.3-linux64.tar.gz" | |
| PUBLIC_SIMICS_PACKAGE_VERSION_1000: "6.0.185" | |
| PUBLIC_SIMICS_ISPM_VERSION: "1.8.3" | |
| MINGW_URL: "https://github.com/brechtsanders/winlibs_mingw/releases/download/13.2.0-16.0.6-11.0.0-ucrt-r1/winlibs-x86_64-posix-seh-gcc-13.2.0-llvm-16.0.6-mingw-w64ucrt-11.0.0-r1.7z" | |
| MINGW_VERSION: "13.2.0-16.0.6-11.0.0-ucrt-r1" | |
| permissions: | |
| contents: read | |
| jobs: | |
| cache_craff: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Add ISPM to PATH | |
| run: | | |
| echo "${HOME}/simics/ispm/" >> "${GITHUB_PATH}" | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get -y update && \ | |
| sudo apt-get -y install \ | |
| clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \ | |
| mtools ninja-build openssl libssl-dev python3 python3-pip | |
| - name: Cache SIMICS Dependencies | |
| id: cache-simics-packages | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: "${HOME}/simics" | |
| key: simics-linux-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}-${{ env.PUBLIC_SIMICS_ISPM_VERSION }} | |
| - name: Install SIMICS (External) | |
| if: ${{ steps.cache-simics-packages.outputs.cache-hit != 'true' }} | |
| run: | | |
| mkdir -p "${HOME}/simics/ispm/" && \ | |
| curl --noproxy -L -o "${HOME}/simics/ispm.tar.gz" \ | |
| "${{ env.PUBLIC_SIMICS_ISPM_URL }}" && \ | |
| curl --noproxy -L -o "${HOME}/simics/simics.ispm" \ | |
| "${{ env.PUBLIC_SIMICS_PKGS_URL }}" && \ | |
| tar -C "${HOME}/simics/ispm" --strip-components=1 \ | |
| -xvf "${HOME}/simics/ispm.tar.gz" | |
| - name: Set up SIMICS Install Directory | |
| run: | | |
| ispm settings install-dir "${HOME}/simics" | |
| - name: Install SIMICS Packages | |
| if: ${{ steps.cache-simics-packages.outputs.cache-hit != 'true' }} | |
| run: | | |
| ispm packages --install-bundle "${HOME}/simics/simics.ispm" \ | |
| --non-interactive --trust-insecure-packages | |
| - name: Copy CRAFF Utilities | |
| run: | | |
| mkdir bin && \ | |
| cp "${HOME}/simics/simics-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}/linux64/bin/craff" bin/craff && \ | |
| cp "${HOME}/simics/simics-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}/linux64/bin/craff-fs" bin/craff-fs | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: craff-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }} | |
| path: bin/ | |
| build_test_artifacts_riscv_64: | |
| name: Build Test Artifacts (RISCV-64) | |
| runs-on: ubuntu-latest | |
| needs: cache_craff | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get -y update && \ | |
| sudo apt-get -y install \ | |
| clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \ | |
| mtools ninja-build openssl libssl-dev python3 python3-pip lld | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Download Craff | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: craff-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }} | |
| path: bin/ | |
| - name: Make Craff Executable | |
| run: | | |
| chmod 755 bin/* | |
| chmod +x bin/* | |
| - name: Cache Test Artifacts | |
| id: cache-test-artifacts-riscv-64 | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: tests/rsrc/riscv-64/ | |
| key: cache-test-artifacts-${{ hashFiles('tests/rsrc/riscv-64/**/*') }} | |
| - name: Build Test Artifacts | |
| if: ${{ steps.cache-test-artifacts-riscv-64.outputs.cache-hit != 'true' }} | |
| run: | | |
| cd tests/rsrc/riscv-64 | |
| ./build.sh | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: test-artifacts-riscv-64 | |
| path: tests/rsrc/riscv-64 | |
| build_test_artifacts_x86_64_breakpoint_uefi_edk2: | |
| name: Build Test Artifacts (x86_64 Breakpoints UEFI EDK2) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get -y update && \ | |
| sudo apt-get -y install \ | |
| clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \ | |
| mtools ninja-build openssl libssl-dev python3 python3-pip lld | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Cache Test Artifacts | |
| id: cache-test-artifacts-x86_64-breakpoint-uefi-edk2 | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: tests/rsrc/x86_64-breakpoint-uefi-edk2 | |
| key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-breakpoint-uefi-edk2/**/*') }} | |
| - name: Build Test Artifacts | |
| if: ${{ steps.cache-test-artifacts-x86_64-breakpoint-uefi-edk2.outputs.cache-hit != 'true' }} | |
| run: | | |
| cd tests/rsrc/x86_64-breakpoint-uefi-edk2 | |
| ./build.sh | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: test-artifacts-x86_64-breakpoint-uefi-edk2 | |
| path: tests/rsrc/x86_64-breakpoint-uefi-edk2 | |
| build_test_artifacts_x86_64_crash-uefi: | |
| name: Build Test Artifacts (x86_64 Crash UEFI) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get -y update && \ | |
| sudo apt-get -y install \ | |
| clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \ | |
| mtools ninja-build openssl libssl-dev python3 python3-pip lld | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Cache Test Artifacts | |
| id: cache-test-artifacts-x86_64-crash-uefi | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: tests/rsrc/x86_64-crash-uefi | |
| key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-crash-uefi/**/*') }} | |
| - name: Build Test Artifacts | |
| if: ${{ steps.cache-test-artifacts-x86_64-crash-uefi.outputs.cache-hit != 'true' }} | |
| run: | | |
| cd tests/rsrc/x86_64-crash-uefi | |
| ./build.sh | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: test-artifacts-x86_64-crash-uefi | |
| path: tests/rsrc/x86_64-crash-uefi | |
| build_test_artifacts_x86_64_timeout_uefi_edk2: | |
| name: Build Test Artifacts (x86_64 Timeout UEFI EDK2) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get -y update && \ | |
| sudo apt-get -y install \ | |
| clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \ | |
| mtools ninja-build openssl libssl-dev python3 python3-pip lld | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Cache Test Artifacts | |
| id: cache-test-artifacts-x86_64-timeout-uefi-edk2 | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: tests/rsrc/x86_64-timeout-uefi-edk2 | |
| key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-timeout-uefi-edk2/**/*') }} | |
| - name: Build Test Artifacts | |
| if: ${{ steps.cache-test-artifacts-x86_64-timeout-uefi-edk2.outputs.cache-hit != 'true' }} | |
| run: | | |
| cd tests/rsrc/x86_64-timeout-uefi-edk2 | |
| ./build.sh | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: test-artifacts-x86_64-timeout-uefi-edk2 | |
| path: tests/rsrc/x86_64-timeout-uefi-edk2 | |
| build_test_artifacts_x86_64_uefi: | |
| name: Build Test Artifacts (x86_64 UEFI) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get -y update && \ | |
| sudo apt-get -y install \ | |
| clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \ | |
| mtools ninja-build openssl libssl-dev python3 python3-pip lld | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Cache Test Artifacts | |
| id: cache-test-artifacts-x86_64-uefi | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: tests/rsrc/x86_64-uefi | |
| key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-uefi/**/*') }} | |
| - name: Build Test Artifacts | |
| if: ${{ steps.cache-test-artifacts-x86_64-uefi.outputs.cache-hit != 'true' }} | |
| run: | | |
| cd tests/rsrc/x86_64-uefi | |
| ./build.sh | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: test-artifacts-x86_64-uefi | |
| path: tests/rsrc/x86_64-uefi | |
| build_test_artifacts_x86_64_uefi_edk2: | |
| name: Build Test Artifacts (x86_64 UEFI EDK2) | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get -y update && \ | |
| sudo apt-get -y install \ | |
| clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \ | |
| mtools ninja-build openssl libssl-dev python3 python3-pip lld | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Cache Test Artifacts | |
| id: cache-test-artifacts-x86_64-uefi-edk2 | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: tests/rsrc/x86_64-uefi-edk2 | |
| key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86_64-uefi-edk2/**/*') }} | |
| - name: Build Test Artifacts | |
| if: ${{ steps.cache-test-artifacts-x86_64-uefi-edk2.outputs.cache-hit != 'true' }} | |
| run: | | |
| cd tests/rsrc/x86_64-uefi-edk2 | |
| ./build.sh | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: test-artifacts-x86_64-uefi-edk2 | |
| path: tests/rsrc/x86_64-uefi-edk2 | |
| build_test_artifacts_x86_user: | |
| name: Build Test Artifacts (x86) | |
| runs-on: ubuntu-latest | |
| needs: cache_craff | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get -y update && \ | |
| sudo apt-get -y install \ | |
| clang libclang-dev cmake curl dosfstools g++ gcc git llvm make \ | |
| mtools ninja-build openssl libssl-dev python3 python3-pip lld \ | |
| build-essential gcc-multilib | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Download Craff | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: craff-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }} | |
| path: bin/ | |
| - name: Make Craff Executable | |
| run: | | |
| chmod 755 bin/* | |
| chmod +x bin/* | |
| - name: Cache Test Artifacts | |
| id: cache-test-artifacts-x86-user | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: tests/rsrc/x86-user/ | |
| key: cache-test-artifacts-${{ hashFiles('tests/rsrc/x86-user/**/*') }} | |
| - name: Build Test Artifacts | |
| if: ${{ steps.cache-test-artifacts-x86-user.outputs.cache-hit != 'true' }} | |
| run: | | |
| cd tests/rsrc/x86-user | |
| ./build.sh | |
| - name: Upload Test Artifacts | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: test-artifacts-x86-user | |
| path: tests/rsrc/x86-user | |
| build_and_test: | |
| name: Build and Test (Linux) | |
| container: fedora:38 | |
| runs-on: ubuntu-latest | |
| needs: | |
| - build_test_artifacts_riscv_64 | |
| - build_test_artifacts_x86_64_breakpoint_uefi_edk2 | |
| - build_test_artifacts_x86_64_crash-uefi | |
| - build_test_artifacts_x86_64_timeout_uefi_edk2 | |
| - build_test_artifacts_x86_64_uefi | |
| - build_test_artifacts_x86_64_uefi_edk2 | |
| - build_test_artifacts_x86_user | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Add ISPM to PATH | |
| run: | | |
| echo "${HOME}/simics/ispm/" >> "${GITHUB_PATH}" | |
| - name: Install Dependencies | |
| run: | | |
| dnf -y update && \ | |
| dnf -y install \ | |
| alsa-lib atk clang clang-libs clang-resource-filesystem \ | |
| clang-tools-extra cmake cups curl dosfstools g++ gcc git \ | |
| git-lfs glibc-devel glibc-devel.i686 glibc-static \ | |
| glibc-static.i686 gtk3 jq lld lld-devel lld-libs llvm llvm-libs \ | |
| llvm-static make mesa-libgbm mtools ninja-build openssl \ | |
| openssl-devel openssl-libs python3 python3-pip yamllint | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Delete Un-Built Test Dependencies | |
| run: | | |
| rm -rf tests/rsrc/ | |
| - name: Download Test Artifacts (RISCV-64) | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: test-artifacts-riscv-64 | |
| path: tests/rsrc/riscv-64 | |
| - name: Download Test Artifacts (x86_64 Breakpoints UEFI EDK2) | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: test-artifacts-x86_64-breakpoint-uefi-edk2 | |
| path: tests/rsrc/x86_64-breakpoint-uefi-edk2 | |
| - name: Download Test Artifacts (x86_64 Timeout UEFI EDK2) | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: test-artifacts-x86_64-crash-uefi | |
| path: tests/rsrc/x86_64-crash-uefi | |
| - name: Download Test Artifacts (x86_64 Timeout UEFI EDK2) | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: test-artifacts-x86_64-timeout-uefi-edk2 | |
| path: tests/rsrc/x86_64-timeout-uefi-edk2 | |
| - name: Download Test Artifacts (x86_64 UEFI) | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: test-artifacts-x86_64-uefi | |
| path: tests/rsrc/x86_64-uefi | |
| - name: Download Test Artifacts (x86_64 UEFI EDK2) | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: test-artifacts-x86_64-uefi-edk2 | |
| path: tests/rsrc/x86_64-uefi-edk2 | |
| - name: Download Test Artifacts (x86) | |
| uses: actions/download-artifact@018cc2cf5baa6db3ef3c5f8a56943fffe632ef53 # v6.0.0 | |
| with: | |
| name: test-artifacts-x86-user | |
| path: tests/rsrc/x86-user | |
| - name: Take Ownership of Test Dependencies | |
| run: | | |
| ls -lahR tests/rsrc/ | |
| chown -R "${USER}:${USER}" tests/rsrc/ | |
| chmod -R 0755 tests/rsrc/ | |
| - uses: dtolnay/rust-toolchain@83bdede770b06329615974cf8c786f845d824dfb # nightly | |
| - name: Cache SIMICS Dependencies | |
| id: cache-simics-packages | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: ~/simics | |
| key: simics-linux-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}-${{ env.PUBLIC_SIMICS_ISPM_VERSION }} | |
| - name: Install SIMICS (External) | |
| if: ${{ steps.cache-simics-packages.outputs.cache-hit != 'true' }} | |
| run: | | |
| mkdir -p "${HOME}/simics/ispm/" && \ | |
| curl -L -o "${HOME}/simics/ispm.tar.gz" \ | |
| "${{ env.PUBLIC_SIMICS_ISPM_URL }}" && \ | |
| curl -L -o "${HOME}/simics/simics.ispm" \ | |
| "${{ env.PUBLIC_SIMICS_PKGS_URL }}" && \ | |
| tar -C "${HOME}/simics/ispm" --strip-components=1 \ | |
| -xvf "${HOME}/simics/ispm.tar.gz" | |
| - name: Set up SIMICS Install Directory | |
| run: | | |
| ispm settings install-dir "${HOME}/simics" | |
| - name: Install SIMICS Packages | |
| if: ${{ steps.cache-simics-packages.outputs.cache-hit != 'true' }} | |
| run: | | |
| ispm packages --install-bundle "${HOME}/simics/simics.ispm" \ | |
| --non-interactive --trust-insecure-packages | |
| - name: Install SIMICS Build | |
| run: | | |
| cargo install cargo-simics-build | |
| - name: Build TSFFS Package | |
| run: | | |
| cargo simics-build -r | |
| - name: CT39 - Clippy Check Project | |
| run: | | |
| cargo clippy > clippy.log \ | |
| || ( echo "❗ [CT39 (1/2)] Failed clippy static analysis checks" && exit 1 ) | |
| cargo clippy --message-format=json 2> /dev/null | jq 'select(.reason == "compiler-message")' 2>/dev/null > clippy.json | |
| cargo clippy --message-format=json > clippy-full.json 2>&1 | |
| echo "✅ [CT39 (1/2)] Passed clippy static analysis checks" | |
| - name: Upload Clippy Check Results | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: clippy-json | |
| path: | | |
| clippy.json | |
| clippy-full.json | |
| clippy.log | |
| - name: Test Project | |
| run: | | |
| SIMICS_TEST_CLEANUP_EACH=1 SIMICS_TEST_LOCAL_PACKAGES_ONLY=1 cargo test --no-fail-fast -r _latest || ( echo "❗ Tests failed" && exit 1 ) | |
| echo "✅ Tests passed" | |
| - name: Build Docs | |
| run: | | |
| cargo doc --workspace --no-deps | |
| build_windows: | |
| name: Build and Test (Windows) | |
| runs-on: windows-2022 | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - name: Add ISPM and MinGW to PATH | |
| run: | | |
| set PATH $env:PATH | |
| "C:\MinGW\bin" | Out-File -FilePath $env:GITHUB_PATH | |
| "C:\ISPM\" | Out-File -FilePath $env:GITHUB_PATH -Append | |
| "$PATH" | Out-File -FilePath $env:GITHUB_PATH -Append | |
| echo "Current PATH: " $env:GITHUB_PATH | |
| - name: Cache MinGW | |
| id: cache-mingw | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: C:\MinGW\ | |
| key: mingw-${{ env.MINGW_VERSION }} | |
| - name: Download and Extract MinGW-w64 | |
| if: ${{ steps.cache-mingw.outputs.cache-hit != 'true' }} | |
| run: | | |
| $ProgressPreference = 'SilentlyContinue' | |
| echo "Downloading MinGW" | |
| Invoke-WebRequest -URI ${{ env.MINGW_URL }} -OutFile mingw.7z | |
| echo "Downloaded MinGW. Extracting MinGW." | |
| 7z x mingw.7z -oC:\mingw-w64\ | |
| echo "Extracted MinGW." | |
| mv C:\mingw-w64\mingw64\ C:\MinGW\ | |
| - name: Download and Install Rust | |
| run: | | |
| $ProgressPreference = 'SilentlyContinue' | |
| echo "Downloading Rustup" | |
| Invoke-WebRequest -URI https://win.rustup.rs/x86_64 -OutFile C:\rustup-init.exe | |
| echo "Installing Rust" | |
| C:\rustup-init.exe --default-host x86_64-pc-windows-gnu --default-toolchain none -y | |
| - name: Cache SIMICS | |
| id: cache-simics-packages-windows | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: | | |
| C:\ISPM\ | |
| C:\SIMICS\ | |
| key: simics-windows-${{ env.PUBLIC_SIMICS_PACKAGE_VERSION_1000 }}-${{ env.PUBLIC_SIMICS_ISPM_VERSION }} | |
| # ispm-installer.exe is a NSIS installer for the elctron build. We want the | |
| # default options, so we pass /S to install silently and /D to change directory. | |
| # NOTE that the argument to /D must never contain quotes!: | |
| # https://nsis.sourceforge.io/Docs/Chapter3.html#installerusage | |
| # | |
| # NOTE: We use | Out-Null on the installer command to make powershell wait for it | |
| # to actually finish instead of forking it to the background | |
| - name: Download and Install ISPM | |
| shell: powershell | |
| if: ${{ steps.cache-simics-packages-windows.outputs.cache-hit != 'true' }} | |
| run: | | |
| Invoke-WebRequest -URI ${{ env.PUBLIC_SIMICS_ISPM_URL_WINDOWS }} -OutFile C:\ispm-installer.exe | |
| C:\ispm-installer.exe /S /D=C:\ISPM\ | Out-Null | |
| - name: Set SIMICS Install Directory | |
| run: | | |
| ispm.exe settings install-dir C:\SIMICS\ | |
| - name: Download and Install SIMICS Packages | |
| if: ${{ steps.cache-simics-packages-windows.outputs.cache-hit != 'true' }} | |
| run: | | |
| $ProgressPreference = 'SilentlyContinue' | |
| echo "Downloading Simics 6 Packages" | |
| Invoke-WebRequest -URI ${{ env.PUBLIC_SIMICS_PKGS_URL_WINDOWS }} -OutFile C:\simics-6-packages.ispm | |
| echo "Installing ISPM packages" | |
| ispm.exe packages --install-bundle C:\simics-6-packages.ispm --non-interactive --trust-insecure-packages | |
| echo "Installed ISPM packages" | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Setup, Build, and Install TSFFS | |
| run: | | |
| cargo install cargo-simics-build | |
| cargo simics-build -r | |
| - name: Upload Distribution Package | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: simics-pkg-31337-win64 | |
| path: target/release/simics-pkg-31337-*-win64.ispm | |
| build_dist: | |
| name: Build for Distribution | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - name: Aggressive cleanup | |
| run: | | |
| # Remove Java (JDKs) | |
| sudo rm -rf /usr/lib/jvm | |
| # Remove .NET SDKs | |
| sudo rm -rf /usr/share/dotnet | |
| # Remove Swift toolchain | |
| sudo rm -rf /usr/share/swift | |
| # Remove Haskell (GHC) | |
| sudo rm -rf /usr/local/.ghcup | |
| # Remove Julia | |
| sudo rm -rf /usr/local/julia* | |
| # Remove Android SDKs | |
| sudo rm -rf /usr/local/lib/android | |
| # Remove Chromium (optional if not using for browser tests) | |
| sudo rm -rf /usr/local/share/chromium | |
| # Remove Microsoft/Edge and Google Chrome builds | |
| sudo rm -rf /opt/microsoft /opt/google | |
| # Remove Azure CLI | |
| sudo rm -rf /opt/az | |
| # Remove PowerShell | |
| sudo rm -rf /usr/local/share/powershell | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| lfs: true | |
| - name: Cache Builder Dependencies | |
| id: cache-builder-dependencies | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: .github/builder/rsrc | |
| key: "cache-builder-dependencies-${{ hashFiles('.github/builder/common.sh') }}" | |
| # tomllib is available in Python 3.11 and later | |
| - name: Set up Python 3.11 | |
| uses: actions/setup-python@v6 | |
| with: | |
| python-version: '3.11' | |
| - name: Extract Rust channel from rust-toolchain.toml | |
| id: rust-channel | |
| shell: python3 {0} | |
| run: | | |
| import tomllib | |
| import os | |
| with open('rust-toolchain.toml', 'rb') as f: | |
| data = tomllib.load(f) | |
| channel = data['toolchain']['channel'] | |
| with open(os.environ['GITHUB_OUTPUT'], 'a') as out: | |
| out.write(f'rust_version={channel}\n') | |
| # NOTE: This script only downloads the builder dependencies if they do not already exist, | |
| # but it always verifies them. | |
| - name: Build Distribution Package | |
| run: | | |
| RUST_VERSION="${{ steps.rust-channel.outputs.rust_version }}" | |
| export RUST_VERSION | |
| ./scripts/build.sh | |
| - name: Upload Distribution Package | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| with: | |
| name: simics-pkg-31337-linux64 | |
| path: packages/simics-pkg-31337-*-linux64.ispm | |
| check_docker_image: | |
| name: Check Docker Image | |
| runs-on: ubuntu-latest | |
| strategy: | |
| matrix: | |
| target: [tsffs-dev, tsffs-prod] | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 | |
| with: | |
| fetch-depth: 0 | |
| lfs: false | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3 | |
| - name: Build ${{ matrix.target }} target | |
| uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 | |
| with: | |
| context: . | |
| target: ${{ matrix.target }} | |
| push: false | |
| tags: tsffs:${{ matrix.target }} | |
| cache-from: type=gha | |
| cache-to: type=gha,mode=max |