SandboxCallCheck: new check for invalid sandbox calls #240
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: test | |
| on: | |
| push: | |
| branches-ignore: [deploy] | |
| pull_request: | |
| branches: [master] | |
| jobs: | |
| test: | |
| runs-on: ${{ matrix.os }} | |
| continue-on-error: ${{ matrix.experimental }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest] | |
| python-version: ['3.9', '3.10', '3.11'] | |
| deps: [newest-deps] | |
| experimental: [false] | |
| tree-sitter-bash: [bundled] | |
| include: | |
| # - os: ubuntu-latest | |
| # python-version: '3.11.0-beta - 3.11' | |
| # deps: newest-deps | |
| # experimental: true | |
| # tree-sitter-bash: bundled | |
| - os: ubuntu-latest | |
| python-version: '3.10' | |
| deps: minimal-deps | |
| experimental: false | |
| tree-sitter-bash: bundled | |
| - os: ubuntu-latest | |
| python-version: '3.10' | |
| deps: newest-deps | |
| experimental: false | |
| tree-sitter-bash: system | |
| - os: macos-latest | |
| python-version: '3.10' | |
| deps: newest-deps | |
| experimental: false | |
| tree-sitter-bash: bundled | |
| fail-fast: false | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| # experimental targets generally lack lxml wheels | |
| - name: Install libxml2 and libxslt development packages | |
| if: ${{ matrix.experimental }} | |
| run: sudo apt install libxml2-dev libxslt-dev python3-dev | |
| # macos needs newer bash | |
| - name: Install macos deps | |
| if: ${{ matrix.os == 'macos-latest' }} | |
| run: | | |
| brew install bash gnu-sed | |
| # enable gnu-sed usage as "sed" | |
| echo "/usr/local/opt/gnu-sed/libexec/gnubin" >> $GITHUB_PATH | |
| - name: Install non-python deps | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| run: | | |
| sudo apt install cpanminus | |
| # dep for perl checks | |
| sudo cpanm --quiet --notest Gentoo::PerlMod::Version | |
| - name: Pin dependencies to minimal versions | |
| if: ${{ matrix.deps == 'minimal-deps' }} | |
| run: sed -e '/^requires-python/!s/~=/==/' -i pyproject.toml | |
| # To use libtree-sitter-bash.so installed on the system, we need to compile | |
| # it manually, because ubuntu doesn't yet package (but Gentoo does) | |
| - name: Install tree-sitter-bash | |
| if: ${{ matrix.os == 'ubuntu-latest' && matrix.tree-sitter-bash == 'system' }} | |
| run: | | |
| sudo apt install build-essential | |
| TS_VER=fd4e40dab883d6456da4d847de8321aee9c80805 | |
| curl -L "https://github.com/tree-sitter/tree-sitter-bash/archive/${TS_VER}.tar.gz" | tar -xvz | |
| pushd "tree-sitter-bash-${TS_VER}/src" | |
| objects=( parser.o scanner.o ) | |
| make CFLAGS="-I${PWD}" CXXFLAGS="-I${PWD}" "${objects[@]}" | |
| g++ -Wl,-O1 -Wl,--as-needed -shared "${objects[@]}" -Wl,--soname=libtree-sitter-bash.so.14 -o libtree-sitter-bash.so.14 | |
| ln -s libtree-sitter-bash.so.14 libtree-sitter-bash.so | |
| echo "LD_LIBRARY_PATH=${PWD}" >> $GITHUB_ENV | |
| echo "USE_SYSTEM_TREE_SITTER_BASH=1" >> $GITHUB_ENV | |
| popd | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| cache: 'pip' | |
| cache-dependency-path: pyproject.toml | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install ".[test]" pytest-github-actions-annotate-failures | |
| - name: Test with pytest | |
| env: | |
| PY_COLORS: 1 # forcibly enable pytest colors | |
| run: | | |
| pytest --cov --cov-report=term --cov-report=xml -v | |
| - name: Check whether bundled tree-sitter-bash was built | |
| if: ${{ matrix.os == 'ubuntu-latest' && matrix.tree-sitter-bash }} | |
| run: | | |
| if [[ -v USE_SYSTEM_TREE_SITTER_BASH ]]; then EXPECTED=0; else EXPECTED=1; fi | |
| if [[ "$(find -name 'lang.so' | wc -l)" -eq 0 ]]; then ACTUAL=0; else ACTUAL=1; fi | |
| if [[ $ACTUAL -ne $EXPECTED ]]; then | |
| echo "::error Expected ${{ matrix.tree-sitter-bash }} tree-sitter-bash, found the other" | |
| false | |
| fi | |
| - name: Submit code coverage to codecov | |
| if: ${{ matrix.os == 'ubuntu-latest' }} | |
| uses: codecov/codecov-action@v3 | |
| with: | |
| files: ./coverage.xml | |
| lint: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - name: Set up Python 3 | |
| uses: actions/setup-python@v4 | |
| with: | |
| python-version: '3.x' | |
| - name: Install dependencies | |
| run: | | |
| python -m pip install --upgrade pip | |
| pip install . pylint | |
| - name: Run linting tools | |
| run: | | |
| pylint --exit-zero src/pkgcheck | |
| format: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v3 | |
| - uses: psf/black@stable |