Bump step-security/harden-runner from 2.4.0 to 2.4.1 (#3722) #725
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Build | |
on: | |
workflow_dispatch: | |
push: | |
branches: | |
- main | |
- release/* | |
pull_request: | |
branches: | |
- main | |
- release/* | |
concurrency: | |
# Cancel any workflow currently in progress for the same PR. | |
# Allow running concurrently with any other commits. | |
group: build-${{ github.event.pull_request.number || github.sha }} | |
cancel-in-progress: true | |
permissions: read-all | |
jobs: | |
build-ubuntu: | |
name: Build | |
strategy: | |
fail-fast: false | |
matrix: | |
plat: [linux, android] | |
os: ['20.04', '22.04'] | |
arch: [x86, x64] | |
tls: [openssl, openssl3] | |
systemcrypto: ['', '-UseSystemOpenSSLCrypto'] | |
static: ['', '-Static'] | |
clang: ['', '-Clang'] | |
codecheck: ['', '-CodeCheck'] | |
exclude: | |
# Android doesn't support x86 | |
- plat: android | |
arch: x86 | |
# Android doesn't use system crypto | |
- plat: android | |
systemcrypto: '-UseSystemOpenSSLCrypto' | |
# No openssl3 system crypto on 20.04 | |
- plat: linux ' | |
os: '20.04' | |
tls: 'openssl3' | |
systemcrypto: '-UseSystemOpenSSLCrypto' | |
# No openssl system crypto on 22.04 | |
- plat: linux ' | |
os: '22.04' | |
tls: 'openssl' | |
systemcrypto: '-UseSystemOpenSSLCrypto' | |
# Android doesn't use Clang | |
- plat: android | |
clang: '-Clang' | |
# Android doesn't use CodeCheck | |
- plat: android | |
codecheck: '-CodeCheck' | |
# No need to combine SystemCrypto and CodeCheck | |
- systemcrypto: '-UseSystemOpenSSLCrypto' | |
codecheck: '-CodeCheck' | |
# No need to combine Static and CodeCheck | |
- static: '-Static' | |
codecheck: '-CodeCheck' | |
# No need to combine Clang and CodeCheck | |
- clang: '-Clang' | |
codecheck: '-CodeCheck' | |
runs-on: ubuntu-${{ matrix.os }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
with: | |
fetch-depth: 0 | |
- name: Prepare Machine | |
shell: pwsh | |
run: scripts/prepare-machine.ps1 -ForBuild -Tls ${{ matrix.tls }} | |
- name: Build Debug | |
shell: pwsh | |
run: scripts/build.ps1 -Config Debug -Platform ${{ matrix.plat }} -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} ${{ matrix.static }} ${{ matrix.clang }} ${{ matrix.codecheck }} | |
- name: Build Release | |
if: matrix.codecheck != '-CodeCheck' # TODO: FIX: Release builds with CodeCheck fail | |
shell: pwsh | |
run: scripts/build.ps1 -Config Release -Platform ${{ matrix.plat }} -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} ${{ matrix.static }} ${{ matrix.clang }} ${{ matrix.codecheck }} | |
build-ubuntu-cross-compile: | |
name: Build | |
needs: [] | |
strategy: | |
fail-fast: false | |
matrix: | |
plat: [linux] | |
os: ['20.04', '22.04'] | |
arch: [arm, arm64] | |
tls: [openssl, openssl3] | |
toolchain: ['cmake/toolchains/arm-linux.cmake', 'cmake/toolchains/aarch64-linux.cmake'] | |
static: ['', '-Static'] | |
exclude: | |
- arch: arm | |
toolchain: 'cmake/toolchains/aarch64-linux.cmake' | |
- arch: arm64 | |
toolchain: 'cmake/toolchains/arm-linux.cmake' | |
runs-on: ubuntu-${{ matrix.os }} | |
container: | |
image: ghcr.io/microsoft/msquic/linux-build-xcomp | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
with: | |
fetch-depth: 0 | |
submodules: 'recursive' | |
- name: Set ownership | |
run: | | |
# this is to fix GIT not liking owner of the checkout dir | |
chown -R $(id -u):$(id -g) $PWD | |
- name: Prepare Machine | |
shell: pwsh | |
run: scripts/prepare-machine.ps1 -ForOneBranch -InitSubmodules | |
- name: Build Debug | |
shell: pwsh | |
run: scripts/build.ps1 -Config Debug -Arch ${{ matrix.arch }} -ToolchainFile ${{ matrix.toolchain }} -Tls ${{ matrix.tls }} -DisableLogs -OneBranch ${{ matrix.static }} | |
- name: Build Release | |
shell: pwsh | |
run: scripts/build.ps1 -Config Release -Arch ${{ matrix.arch }} -ToolchainFile ${{ matrix.toolchain }} -Tls ${{ matrix.tls }} -DisableLogs -OneBranch ${{ matrix.static }} | |
build-macOS: | |
name: Build | |
needs: [] | |
strategy: | |
fail-fast: false | |
matrix: | |
plat: [macos, ios] | |
os: ['12'] | |
arch: [x86, x64, arm64] | |
tls: [openssl, openssl3] | |
static: ['', '-Static'] | |
exclude: | |
# iOS doesn't support x86 | |
- plat: ios | |
arch: x86 | |
runs-on: macos-${{ matrix.os }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
with: | |
fetch-depth: 0 | |
- name: Prepare Machine | |
shell: pwsh | |
run: scripts/prepare-machine.ps1 -ForBuild -Tls ${{ matrix.tls }} | |
- name: Build Debug | |
shell: pwsh | |
run: scripts/build.ps1 -Config Debug -Platform ${{ matrix.plat }} -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} ${{ matrix.static }} | |
- name: Build Release | |
shell: pwsh | |
run: scripts/build.ps1 -Config Release -Platform ${{ matrix.plat }} -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} ${{ matrix.static }} | |
build-windows: | |
name: Build | |
needs: [] | |
strategy: | |
fail-fast: false | |
matrix: | |
plat: [windows, uwp] # TODO: Support gamecore_console | |
os: ['2019', '2022'] | |
arch: [x86, x64, arm64] | |
tls: [schannel, openssl, openssl3] | |
static: ['', '-Static'] | |
xdp: ['', '-UseXdp'] | |
exclude: | |
# OpenSSL doesn't support arm64 | |
- tls: openssl | |
arch: arm64 | |
# OpenSSL3 doesn't support arm64 | |
- tls: openssl3 | |
arch: arm64 | |
# TODO: FIX: OpenSSL3 build fails with UWP | |
- plat: uwp | |
tls: openssl3 | |
# TODO: FIX: Static builds fail with UWP | |
- plat: uwp | |
static: '-Static' | |
# XDP not supported in UWP | |
- plat: uwp | |
xdp: '-UseXdp' | |
# XDP only supports x64 currently | |
- arch: x86 | |
xdp: '-UseXdp' | |
# XDP only supports x64 currently | |
- arch: arm64 | |
xdp: '-UseXdp' | |
runs-on: windows-${{ matrix.os }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
with: | |
fetch-depth: 0 | |
- name: Install Perl | |
uses: shogo82148/actions-setup-perl@0bb5af61b3945a80585229183e7ac50a97d7996c | |
with: | |
perl-version: '5.34' | |
- name: Install NASM | |
uses: ilammy/setup-nasm@321e6ed62a1fc77024a3bd853deb33645e8b22c4 | |
- name: Prepare Machine | |
shell: pwsh | |
run: scripts/prepare-machine.ps1 -ForBuild -Tls ${{ matrix.tls }} | |
- name: Build Debug | |
shell: pwsh | |
run: scripts/build.ps1 -Config Debug -Platform ${{ matrix.plat }} -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} ${{ matrix.static }} ${{ matrix.xdp }} | |
- name: Build Release | |
shell: pwsh | |
run: scripts/build.ps1 -Config Release -Platform ${{ matrix.plat }} -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} ${{ matrix.static }} ${{ matrix.xdp }} | |
build-windows-kernel: | |
name: Build | |
needs: [] | |
strategy: | |
fail-fast: false | |
matrix: | |
plat: [winkernel] | |
os: ['2019', '2022'] | |
arch: [x64, arm64] | |
tls: [schannel] | |
runs-on: windows-${{ matrix.os }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@c85c95e3d7251135ab7dc9ce3241c5835cc595a9 | |
with: | |
fetch-depth: 0 | |
- name: Prepare Machine | |
shell: pwsh | |
run: scripts/prepare-machine.ps1 -ForBuild -ForKernel | |
- name: Add msbuild to PATH | |
uses: microsoft/setup-msbuild@1ff57057b5cfdc39105cd07a01d78e9b0ea0c14c | |
- name: Nuget Restore Debug | |
shell: pwsh | |
run: msbuild msquic.kernel.sln -t:restore /p:RestorePackagesConfig=true /p:Configuration=Debug /p:Platform=${{ matrix.arch }} | |
- name: Build Debug | |
shell: pwsh | |
run: msbuild msquic.kernel.sln /p:Configuration=Debug /p:Platform=${{ matrix.arch }} /p:QUIC_VER_SUFFIX=-official | |
- name: Nuget Restore Release | |
shell: pwsh | |
run: msbuild msquic.kernel.sln -t:restore /p:RestorePackagesConfig=true /p:Configuration=Release /p:Platform=${{ matrix.arch }} | |
- name: Build Release | |
shell: pwsh | |
run: msbuild msquic.kernel.sln /p:Configuration=Release /p:Platform=${{ matrix.arch }} /p:QUIC_VER_SUFFIX=-official |