fix: prevent SQL injection in user-provided queries #1385
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: ci | |
on: | |
push: | |
branches: [main] | |
paths-ignore: | |
- '**.md' | |
- 'setup-action/**' | |
- '.github/workflows/codeql.yml' | |
- '.github/workflows/benchmarks.yml' | |
- 'scripts/ci-run-benchmarks.sh' | |
pull_request: | |
branches: [main] | |
paths-ignore: | |
- '**.md' | |
- 'setup-action/**' | |
- '.github/workflows/codeql.yml' | |
- '.github/workflows/benchmarks.yml' | |
- 'scripts/ci-run-benchmarks.sh' | |
release: | |
types: [published] | |
permissions: | |
contents: write | |
id-token: write | |
attestations: write | |
defaults: | |
run: | |
shell: bash | |
env: | |
AMD64_LINUX_GCC: amd64-linux-gcc | |
AMD64_LINUX_CLANG: amd64-linux-clang | |
AMD64_LINUX_MUSL: amd64-linux-musl | |
AMD64_WINDOWS_MINGW: amd64-windows-mingw | |
AMD64_LINUX_WASM: amd64-linux-wasm | |
AMD64_MACOSX_GCC: amd64-macosx-gcc | |
ARM64_MACOSX_GCC: arm64-macosx-gcc | |
AMD64_FREEBSD_GCC: amd64-freebsd-gcc | |
ARTIFACT_DIR: .artifacts | |
ARTIFACT_RETENTION_DAYS: 5 | |
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
jobs: | |
tag: | |
runs-on: ubuntu-22.04 | |
outputs: | |
TAG: ${{ steps.tag.outputs.TAG }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
sparse-checkout: | | |
scripts/ci-set-tag-output-parameter.sh | |
- name: Set TAG output parameter | |
id: tag | |
env: | |
TAG: ${{ startsWith(github.ref, 'refs/tags/v') && github.ref_name || '' }} | |
run: ./scripts/ci-set-tag-output-parameter.sh | |
clang-format: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run clang-format | |
run: | | |
sudo ln -sf /usr/bin/clang-format-15 /usr/bin/clang-format | |
./scripts/ci-run-clang-format.sh | |
cppcheck: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Install cppcheck | |
run: | | |
sudo apt update | |
sudo apt install -y cppcheck | |
cppcheck --version | |
- name: Run cppcheck | |
run: ./scripts/ci-run-cppcheck.sh | |
- name: Upload (${{ env.CPPCHECK_XML_ARTIFACT_NAME }}) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.CPPCHECK_XML_ARTIFACT_NAME }} | |
path: ${{ env.CPPCHECK_XML_ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (${{ env.CPPCHECK_HTML_ARTIFACT_NAME }}) | |
uses: actions/upload-artifact@v4 | |
with: | |
name: ${{ env.CPPCHECK_HTML_ARTIFACT_NAME }} | |
path: ${{ env.CPPCHECK_HTML_ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
shellcheck: | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Run shellcheck | |
run: ./scripts/ci-run-shellcheck.sh | |
ci-linux: | |
needs: [tag, clang-format, cppcheck, shellcheck] | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
env: | |
TAG: ${{ needs.tag.outputs.TAG }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up apt dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y rpm alien tmux | |
sudo apt remove -y jq | |
- name: Build on Linux (${{ env.AMD64_LINUX_GCC }}) | |
env: | |
PREFIX: ${{ env.AMD64_LINUX_GCC }} | |
CC: gcc | |
MAKE: make | |
RUN_TESTS: true | |
run: | | |
./scripts/ci-build.sh | |
./scripts/ci-create-debian-package.sh | |
./scripts/ci-create-rpm-package.sh | |
- name: Build on Linux (${{ env.AMD64_LINUX_CLANG }}) | |
env: | |
PREFIX: ${{ env.AMD64_LINUX_CLANG }} | |
CC: clang | |
MAKE: make | |
RUN_TESTS: true | |
run: | | |
./scripts/ci-build.sh | |
./scripts/ci-create-debian-package.sh | |
./scripts/ci-create-rpm-package.sh | |
- name: Prepare build artifacts for upload | |
run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
- name: Attest build artifacts for release | |
if: startsWith(github.ref, 'refs/tags/v') | |
uses: actions/attest-build-provenance@v2 | |
with: | |
subject-path: ${{ env.ARTIFACT_DIR }}/* | |
- name: Verify attestations of release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-verify-attestations.sh | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.zip) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.zip | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.zip) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.zip | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.deb) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.deb | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.deb) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.deb | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.rpm) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.rpm | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.rpm) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.rpm | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.tar.gz) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_GCC }}.tar.gz | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.tar.gz) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_CLANG }}.tar.gz | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-upload-release-artifacts.sh | |
ci-macos: | |
needs: [tag, clang-format, cppcheck, shellcheck] | |
strategy: | |
matrix: | |
os: [macos-13, macos-14] | |
runs-on: ${{ matrix.os }} | |
timeout-minutes: 30 | |
outputs: | |
TAG: ${{ needs.tag.outputs.TAG }} | |
env: | |
TAG: ${{ needs.tag.outputs.TAG }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Set up homebrew dependencies | |
run: brew install --quiet coreutils tree autoconf automake libtool tmux sqlite3 | |
- name: Set PREFIX and ZIP env var | |
env: | |
PREFIX: ${{ runner.arch == 'X64' && env.AMD64_MACOSX_GCC || env.ARM64_MACOSX_GCC }} | |
run: | | |
{ | |
echo "PREFIX=$PREFIX" | |
echo "ZIP=zsv-$TAG-$PREFIX.zip" | |
} | tee -a "$GITHUB_ENV" | |
- name: Build on macOS (${{ env.AMD64_MACOSX_GCC }}) | |
env: | |
CC: gcc-13 | |
MAKE: make | |
RUN_TESTS: true | |
SKIP_TAR_ARCHIVE: true | |
run: ./scripts/ci-build.sh | |
- name: Prepare build artifacts for upload | |
run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
- name: Codesign and notarize (${{ env.PREFIX }}) | |
if: startsWith(github.ref, 'refs/tags/v') | |
env: | |
MACOS_CERT_P12: ${{ secrets.MACOS_CERT_P12 }} | |
MACOS_CERT_PASSWORD: ${{ secrets.MACOS_CERT_PASSWORD }} | |
APPLE_APP_SPECIFIC_PASSWORD: ${{ secrets.APPLE_APP_SPECIFIC_PASSWORD }} | |
run: ./scripts/ci-macos-codesign-and-notarize.sh "$PWD/$ARTIFACT_DIR/$ZIP" | |
- name: Attest build artifacts for release | |
if: startsWith(github.ref, 'refs/tags/v') | |
uses: actions/attest-build-provenance@v2 | |
with: | |
subject-path: ${{ env.ARTIFACT_DIR }}/* | |
- name: Verify attestations of release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-verify-attestations.sh | |
- name: Upload (${{ env.ZIP }}) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: ${{ env.ZIP }} | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-upload-release-artifacts.sh | |
update-homebrew-tap: | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
needs: ci-macos | |
runs-on: ubuntu-22.04 | |
env: | |
TAG: ${{ needs.ci-macos.outputs.TAG }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
sparse-checkout: | | |
scripts/ci-update-homebrew-tap.sh | |
- name: Update | |
env: | |
HOMEBREW_TAP_DEPLOY_KEY: ${{ secrets.HOMEBREW_TAP_DEPLOY_KEY }} | |
run: ./scripts/ci-update-homebrew-tap.sh | |
ci-bsd: | |
needs: [tag, clang-format, cppcheck, shellcheck] | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
env: | |
TAG: ${{ needs.tag.outputs.TAG }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build (${{ env.AMD64_FREEBSD_GCC }}) | |
uses: cross-platform-actions/[email protected] | |
env: | |
PREFIX: ${{ env.AMD64_FREEBSD_GCC }} | |
CC: gcc | |
MAKE: gmake | |
RUN_TESTS: true | |
with: | |
operating_system: freebsd | |
version: '13.2' | |
environment_variables: 'PREFIX CC MAKE RUN_TESTS ARTIFACT_DIR' | |
shell: sh | |
run: | | |
./scripts/ci-freebsd-setup.sh | |
./scripts/ci-build.sh | |
- name: Prepare build artifacts for upload | |
run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
- name: Attest build artifacts for release | |
if: startsWith(github.ref, 'refs/tags/v') | |
uses: actions/attest-build-provenance@v2 | |
with: | |
subject-path: ${{ env.ARTIFACT_DIR }}/* | |
- name: Verify attestations of release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-verify-attestations.sh | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_FREEBSD_GCC }}.zip) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_FREEBSD_GCC }}.zip | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_FREEBSD_GCC }}.tar.gz) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_FREEBSD_GCC }}.tar.gz | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-upload-release-artifacts.sh | |
ci-mingw: | |
needs: [tag, clang-format, cppcheck, shellcheck] | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
env: | |
TAG: ${{ needs.tag.outputs.TAG }} | |
steps: | |
- name: Set up apt dependencies | |
run: | | |
sudo apt update | |
sudo apt install -y mingw-w64 nuget | |
sudo apt remove -y jq | |
- name: Set VCPKG_MINGW_INSTALL_ROOT env var | |
run: echo "VCPKG_MINGW_INSTALL_ROOT=$VCPKG_INSTALLATION_ROOT/installed/x64-mingw-static" >>"$GITHUB_ENV" | |
- name: Cache ncurses | |
uses: actions/cache@v4 | |
id: cache-ncurses | |
with: | |
key: ncurses:x64-mingw-static | |
path: ${{ env.VCPKG_MINGW_INSTALL_ROOT }} | |
- name: Install ncurses with wide character support using vcpkg | |
if: ${{ steps.cache-ncurses.outputs.cache-hit != 'true' }} | |
run: | | |
NCURSES_PORTFILE="$VCPKG_INSTALLATION_ROOT/ports/ncurses/portfile.cmake" | |
cd "$VCPKG_INSTALLATION_ROOT" | |
if ! grep -- "--enable-widec" "$NCURSES_PORTFILE" >/dev/null; then | |
sed 's|--enable-pc-files|--enable-pc-files --enable-widec|' -i "$NCURSES_PORTFILE" | |
fi | |
./vcpkg install ncurses:x64-mingw-static | |
tree ./installed/x64-mingw-static | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build (${{ env.AMD64_WINDOWS_MINGW }}) | |
env: | |
PREFIX: ${{ env.AMD64_WINDOWS_MINGW }} | |
CC: x86_64-w64-mingw32-gcc | |
MAKE: make | |
RUN_TESTS: false | |
CXX: x86_64-w64-mingw32-g++ | |
CPP: x86_64-w64-mingw32-cpp | |
RANLIB: x86_64-w64-mingw32-gcc-ranlib | |
AR: x86_64-w64-mingw32-gcc-ar | |
NM: x86_64-w64-mingw32-gcc-nm | |
WINDRES: x86_64-w64-mingw32-windres | |
CFLAGS: -I${{ env.VCPKG_MINGW_INSTALL_ROOT }}/include | |
LDFLAGS: -L${{ env.VCPKG_MINGW_INSTALL_ROOT }}/lib | |
run: | | |
./scripts/ci-build.sh | |
./scripts/ci-create-nuget-package.sh | |
- name: Prepare build artifacts for upload | |
run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
- name: Attest build artifacts for release | |
if: startsWith(github.ref, 'refs/tags/v') | |
uses: actions/attest-build-provenance@v2 | |
with: | |
subject-path: ${{ env.ARTIFACT_DIR }}/* | |
- name: Verify attestations of release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-verify-attestations.sh | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.zip) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.zip | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.tar.gz) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.tar.gz | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.nupkg) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_WINDOWS_MINGW }}.nupkg | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-upload-release-artifacts.sh | |
ci-musl: | |
needs: [tag, clang-format, cppcheck, shellcheck] | |
runs-on: ubuntu-22.04 | |
container: alpine:latest | |
timeout-minutes: 15 | |
outputs: | |
TAG: ${{ needs.tag.outputs.TAG }} | |
env: | |
TAG: ${{ needs.tag.outputs.TAG }} | |
steps: | |
- name: Set up dependencies | |
shell: sh | |
run: apk add bash gcc make musl-dev perl ncurses-dev ncurses-static tmux file sqlite curl zip wget tar git | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Build (${{ env.AMD64_LINUX_MUSL }}) | |
env: | |
PREFIX: ${{ env.AMD64_LINUX_MUSL }} | |
CC: gcc | |
MAKE: make | |
RUN_TESTS: true | |
STATIC_BUILD: "1" | |
run: ./scripts/ci-build.sh | |
- name: Prepare build artifacts for upload | |
run: ./scripts/ci-prepare-artifacts-for-upload.sh | |
- name: Attest build artifacts for release | |
if: startsWith(github.ref, 'refs/tags/v') | |
uses: actions/attest-build-provenance@v2 | |
with: | |
subject-path: ${{ env.ARTIFACT_DIR }}/* | |
- name: Set up GitHub CLI | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: | | |
wget https://github.com/cli/cli/releases/download/v2.63.2/gh_2.63.2_linux_amd64.tar.gz | |
tar xvf gh_2.63.2_linux_amd64.tar.gz | |
cp gh_2.63.2_linux_amd64/bin/gh /usr/bin | |
rm -rf gh_2.63.2_linux_amd64 | |
- name: Verify attestations of release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: ./scripts/ci-verify-attestations.sh | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.tar.gz) | |
uses: actions/upload-artifact@v4 | |
env: | |
ARTIFACT_NAME: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.tar.gz | |
with: | |
name: ${{ env.ARTIFACT_NAME }} | |
path: ${{ env.ARTIFACT_DIR }}/${{ env.ARTIFACT_NAME }} | |
retention-days: ${{ env.ARTIFACT_RETENTION_DAYS }} | |
if-no-files-found: error | |
- name: Upload release artifacts | |
if: startsWith(github.ref, 'refs/tags/v') | |
run: | | |
git config --global --add safe.directory "$PWD" | |
./scripts/ci-upload-release-artifacts.sh | |
ghcr: | |
needs: ci-musl | |
runs-on: ubuntu-22.04 | |
permissions: | |
packages: write | |
env: | |
TAG: ${{ needs.ci-musl.outputs.TAG }} | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
sparse-checkout: | | |
Dockerfile.ci | |
- name: Download (zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip) | |
uses: actions/download-artifact@v4 | |
with: | |
name: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip | |
path: ${{ env.AMD64_LINUX_MUSL }} | |
- name: Unzip | |
env: | |
ZIP: zsv-${{ env.TAG }}-${{ env.AMD64_LINUX_MUSL }}.zip | |
DIR: ${{ env.AMD64_LINUX_MUSL }} | |
run: | | |
cd "$DIR" | |
unzip -o "$ZIP" | |
cd .. | |
mkdir -p ./ci | |
mv ./"$DIR"/bin/zsv ./ci/ | |
rm -rf ./"$DIR" | |
- name: Set up QEMU | |
uses: docker/setup-qemu-action@v3 | |
- name: Set up Docker Buildx | |
uses: docker/setup-buildx-action@v3 | |
- name: Login to GitHub Container Registry | |
if: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
uses: docker/login-action@v3 | |
with: | |
registry: ghcr.io | |
username: ${{ github.repository_owner }} | |
password: ${{ secrets.GITHUB_TOKEN }} | |
- name: Build and push (on release) | |
uses: docker/build-push-action@v6 | |
env: | |
DOCKER_BUILD_RECORD_UPLOAD: false | |
with: | |
no-cache: true | |
context: . | |
file: Dockerfile.ci | |
platforms: linux/amd64 | |
push: ${{ startsWith(github.ref, 'refs/tags/v') }} | |
tags: | | |
ghcr.io/liquidaty/zsv:${{ env.TAG }} | |
ghcr.io/liquidaty/zsv:latest | |
ci-wasm: | |
needs: [tag, clang-format, cppcheck, shellcheck] | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
env: | |
TAG: ${{ needs.tag.outputs.TAG }} | |
steps: | |
- name: Set up emsdk | |
uses: mymindstorm/setup-emsdk@v14 | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Update version in index.html | |
run: sed "s|__VERSION__|$TAG|g" -i playground/index.html | |
- name: Build with SIMD (${{ env.AMD64_LINUX_WASM }}) | |
env: | |
PREFIX: ${{ env.AMD64_LINUX_WASM }} | |
CC: emcc | |
MAKE: make | |
RUN_TESTS: false | |
CONFIGFILE: "config.emcc" | |
CFLAGS: "-msse2 -msimd128" | |
CROSS_COMPILING: "yes" | |
NO_THREADING: "1" | |
STATIC_BUILD: "1" | |
run: | | |
emconfigure ./configure --enable-pic --disable-pie | |
emmake make install NO_STDIN=1 NO_PLAYGROUND=0 | |
cp "$PREFIX"/bin/cli.em.{js,wasm} playground | |
- name: Build without SIMD (${{ env.AMD64_LINUX_WASM }}) | |
env: | |
PREFIX: ${{ env.AMD64_LINUX_WASM }} | |
CC: emcc | |
MAKE: make | |
RUN_TESTS: false | |
CONFIGFILE: "config.emcc" | |
CROSS_COMPILING: "yes" | |
NO_THREADING: "1" | |
STATIC_BUILD: "1" | |
run: | | |
emconfigure ./configure --enable-pic --disable-pie | |
emmake make clean install NO_STDIN=1 NO_PLAYGROUND=0 | |
mkdir -p playground/non-simd | |
cp "$PREFIX"/bin/cli.em.{js,wasm} playground/non-simd | |
- name: Upload GitHub Pages artifacts | |
uses: actions/upload-pages-artifact@v3 | |
with: | |
path: playground | |
deploy-wasm-playground: | |
if: ${{ github.ref_name == 'main' || startsWith(github.ref, 'refs/tags/v') }} | |
needs: ci-wasm | |
runs-on: ubuntu-22.04 | |
permissions: | |
pages: write | |
id-token: write | |
environment: | |
name: github-pages | |
url: ${{ steps.deployment.outputs.page_url }} | |
steps: | |
- name: Deploy to GitHub Pages | |
id: deployment | |
uses: actions/deploy-pages@v4 |