summaryrefslogtreecommitdiffstats
path: root/.github/workflows
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows')
-rwxr-xr-x.github/workflows/build_test.sh25
-rw-r--r--.github/workflows/build_test.yml2
-rw-r--r--.github/workflows/cflite_pr.yml2
-rw-r--r--.github/workflows/cifuzz.yml3
-rw-r--r--.github/workflows/codeql.yml2
-rw-r--r--.github/workflows/coverity.yml2
-rw-r--r--.github/workflows/development_freeze.yml2
-rw-r--r--.github/workflows/differential-shellcheck.yml2
-rw-r--r--.github/workflows/gather-pr-metadata.yml2
-rw-r--r--.github/workflows/issue_labeler.yml2
-rw-r--r--.github/workflows/labeler.yml2
-rw-r--r--.github/workflows/linter.yml4
-rw-r--r--.github/workflows/make_release.yml2
-rw-r--r--.github/workflows/mkosi.yml3
-rw-r--r--.github/workflows/scorecards.yml2
-rwxr-xr-x.github/workflows/unit_tests.sh15
-rw-r--r--.github/workflows/unit_tests.yml2
17 files changed, 46 insertions, 28 deletions
diff --git a/.github/workflows/build_test.sh b/.github/workflows/build_test.sh
index 8d5dc660de..f9bbdcee72 100755
--- a/.github/workflows/build_test.sh
+++ b/.github/workflows/build_test.sh
@@ -84,6 +84,14 @@ if [[ "$COMPILER" == clang ]]; then
CXX="clang++-$COMPILER_VERSION"
AR="llvm-ar-$COMPILER_VERSION"
+ if systemd-analyze compare-versions "$COMPILER_VERSION" ge 17; then
+ CFLAGS="-fno-sanitize=function"
+ CXXFLAGS="-fno-sanitize=function"
+ else
+ CFLAGS=""
+ CXXFLAGS=""
+ fi
+
# Prefer the distro version if available
if ! apt-get -y install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/
@@ -99,6 +107,8 @@ elif [[ "$COMPILER" == gcc ]]; then
CC="gcc-$COMPILER_VERSION"
CXX="g++-$COMPILER_VERSION"
AR="gcc-ar-$COMPILER_VERSION"
+ CFLAGS=""
+ CXXFLAGS=""
if ! apt-get -y install --dry-run "gcc-$COMPILER_VERSION" >/dev/null; then
# Latest gcc stack deb packages provided by
@@ -112,10 +122,11 @@ else
fi
# This is added by default, and it is often broken, but we don't need anything from it
-sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
-# PPA with some newer build dependencies (like zstd)
-sudo add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci
-sudo add-apt-repository -y --no-update --enable-source
+sudo rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources}
+# add-apt-repository --enable-source does not work on deb822 style sources.
+for f in /etc/apt/sources.list.d/*.sources; do
+ sudo sed -i "s/Types: deb/Types: deb deb-src/g" "$f"
+done
sudo apt-get -y update
sudo apt-get -y build-dep systemd
sudo apt-get -y install "${PACKAGES[@]}"
@@ -123,7 +134,7 @@ sudo apt-get -y install "${PACKAGES[@]}"
# always support all the features we need (like --optimization=). Since the build-dep
# command above installs the distro versions, let's install the pip ones just
# locally and add the local bin directory to the $PATH.
-pip3 install --user -r .github/workflows/requirements.txt --require-hashes
+pip3 install --user -r .github/workflows/requirements.txt --require-hashes --break-system-packages
export PATH="$HOME/.local/bin:$PATH"
$CC --version
@@ -141,8 +152,8 @@ for args in "${ARGS[@]}"; do
info "Checking build with $args"
# shellcheck disable=SC2086
if ! AR="$AR" \
- CC="$CC" CC_LD="$LINKER" CFLAGS="-Werror" \
- CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="-Werror" \
+ CC="$CC" CC_LD="$LINKER" CFLAGS="$CFLAGS" \
+ CXX="$CXX" CXX_LD="$LINKER" CXXFLAGS="$CXXFLAGS" \
meson setup \
-Dtests=unsafe -Dslow-tests=true -Dfuzz-tests=true --werror \
-Dnobody-group=nogroup -Dcryptolib="${CRYPTOLIB:?}" -Ddebug=false \
diff --git a/.github/workflows/build_test.yml b/.github/workflows/build_test.yml
index 1fdf39bf56..164b3a0542 100644
--- a/.github/workflows/build_test.yml
+++ b/.github/workflows/build_test.yml
@@ -17,7 +17,7 @@ permissions:
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ toJSON(matrix.env) }}-${{ github.ref }}
cancel-in-progress: true
diff --git a/.github/workflows/cflite_pr.yml b/.github/workflows/cflite_pr.yml
index 707ea0b6ba..f0d321794a 100644
--- a/.github/workflows/cflite_pr.yml
+++ b/.github/workflows/cflite_pr.yml
@@ -13,7 +13,7 @@ permissions: read-all
jobs:
PR:
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
if: github.repository != 'systemd/systemd' || github.event.pull_request.user.login == 'dependabot[bot]'
concurrency:
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ github.ref }}
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
index a12ad9335f..9b917405fe 100644
--- a/.github/workflows/cifuzz.yml
+++ b/.github/workflows/cifuzz.yml
@@ -22,7 +22,8 @@ on:
- main
jobs:
Fuzzing:
- runs-on: ubuntu-latest
+ # FIXME: Figure out why 32-bit applications fail to run in docker on Ubuntu 24.04.
+ runs-on: ubuntu-22.04
if: github.repository == 'systemd/systemd'
concurrency:
group: ${{ github.workflow }}-${{ matrix.sanitizer }}-${{ matrix.architecture }}-${{ github.ref }}
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
index c840b18372..0d284f75f1 100644
--- a/.github/workflows/codeql.yml
+++ b/.github/workflows/codeql.yml
@@ -27,7 +27,7 @@ jobs:
analyze:
name: Analyze
if: github.repository != 'systemd/systemd-security'
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ matrix.language }}-${{ github.ref }}
cancel-in-progress: true
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 4ac3443c60..ad7a5d2f49 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -14,7 +14,7 @@ permissions:
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
if: github.repository == 'systemd/systemd'
env:
# Set in repo settings -> secrets -> actions
diff --git a/.github/workflows/development_freeze.yml b/.github/workflows/development_freeze.yml
index f8a2e6c94c..c2360a35ef 100644
--- a/.github/workflows/development_freeze.yml
+++ b/.github/workflows/development_freeze.yml
@@ -17,7 +17,7 @@ jobs:
github.event.workflow_run.event == 'pull_request' &&
github.event.workflow_run.conclusion == 'success' &&
github.repository == 'systemd/systemd'
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
permissions:
pull-requests: write
diff --git a/.github/workflows/differential-shellcheck.yml b/.github/workflows/differential-shellcheck.yml
index bc9b22c497..244f5d503b 100644
--- a/.github/workflows/differential-shellcheck.yml
+++ b/.github/workflows/differential-shellcheck.yml
@@ -16,7 +16,7 @@ permissions:
jobs:
lint:
if: github.event.repository.name != 'systemd-security'
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
permissions:
security-events: write
diff --git a/.github/workflows/gather-pr-metadata.yml b/.github/workflows/gather-pr-metadata.yml
index 29b8c578d5..e4a0caff03 100644
--- a/.github/workflows/gather-pr-metadata.yml
+++ b/.github/workflows/gather-pr-metadata.yml
@@ -12,7 +12,7 @@ permissions:
jobs:
gather-metadata:
if: github.repository == 'systemd/systemd'
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
steps:
- name: Repository checkout
diff --git a/.github/workflows/issue_labeler.yml b/.github/workflows/issue_labeler.yml
index b30fc80fe5..4bedf0d3f2 100644
--- a/.github/workflows/issue_labeler.yml
+++ b/.github/workflows/issue_labeler.yml
@@ -10,7 +10,7 @@ permissions:
jobs:
label-component:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
permissions:
issues: write
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index dd0933d2f7..241b5819aa 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -24,7 +24,7 @@ permissions:
jobs:
triage:
if: github.repository == 'systemd/systemd'
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
permissions:
pull-requests: write
diff --git a/.github/workflows/linter.yml b/.github/workflows/linter.yml
index 8c3c622c0b..cf0bc09453 100644
--- a/.github/workflows/linter.yml
+++ b/.github/workflows/linter.yml
@@ -16,7 +16,7 @@ permissions:
jobs:
build:
name: Lint Code Base
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
@@ -29,7 +29,7 @@ jobs:
fetch-depth: 0
- name: Lint Code Base
- uses: super-linter/super-linter/slim@4e51915f4a812abf59fed160bb14595c0a38a9e7
+ uses: super-linter/super-linter/slim@88ea3923a7e1f89dd485d079f6eb5f5e8f937589
env:
DEFAULT_BRANCH: main
MULTI_STATUS: false
diff --git a/.github/workflows/make_release.yml b/.github/workflows/make_release.yml
index aed724b142..dc7de6999e 100644
--- a/.github/workflows/make_release.yml
+++ b/.github/workflows/make_release.yml
@@ -11,7 +11,7 @@ permissions:
jobs:
release:
if: github.repository == 'systemd/systemd' || github.repository == 'systemd/systemd-stable'
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
permissions:
contents: write
diff --git a/.github/workflows/mkosi.yml b/.github/workflows/mkosi.yml
index e732d12dd6..40fc167195 100644
--- a/.github/workflows/mkosi.yml
+++ b/.github/workflows/mkosi.yml
@@ -46,7 +46,7 @@ permissions:
jobs:
ci:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ matrix.distro }}-${{ matrix.release }}-${{ github.ref }}
cancel-in-progress: true
@@ -159,6 +159,7 @@ jobs:
meson \
gperf \
libfdisk-dev \
+ libmount-dev \
libtss2-dev \
libblkid-dev \
libmicrohttpd-dev \
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
index abb8bdac6b..44ee6f18b5 100644
--- a/.github/workflows/scorecards.yml
+++ b/.github/workflows/scorecards.yml
@@ -23,7 +23,7 @@ jobs:
analysis:
name: Scorecards analysis
if: github.repository == 'systemd/systemd'
- runs-on: ubuntu-latest
+ runs-on: ubuntu-24.04
permissions:
id-token: write # Used to receive a badge.
diff --git a/.github/workflows/unit_tests.sh b/.github/workflows/unit_tests.sh
index 9236d45186..4433d847ce 100755
--- a/.github/workflows/unit_tests.sh
+++ b/.github/workflows/unit_tests.sh
@@ -53,14 +53,15 @@ for phase in "${PHASES[@]}"; do
SETUP)
info "Setup phase"
# This is added by default, and it is often broken, but we don't need anything from it
- rm -f /etc/apt/sources.list.d/microsoft-prod.list
- # PPA with some newer build dependencies
- add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci
- add-apt-repository -y --no-update --enable-source
+ rm -f /etc/apt/sources.list.d/microsoft-prod.{list,sources}
+ # add-apt-repository --enable-source does not work on deb822 style sources.
+ for f in /etc/apt/sources.list.d/*.sources; do
+ sed -i "s/Types: deb/Types: deb deb-src/g" "$f"
+ done
apt-get -y update
apt-get -y build-dep systemd
apt-get -y install "${ADDITIONAL_DEPS[@]}"
- pip3 install -r .github/workflows/requirements.txt --require-hashes
+ pip3 install -r .github/workflows/requirements.txt --require-hashes --break-system-packages
# Make sure the build dir is accessible even when drop privileges, otherwise the unprivileged
# part of test-execute gets skipped, since it can't run systemd-executor
@@ -71,6 +72,8 @@ for phase in "${PHASES[@]}"; do
if [[ "$phase" =~ ^RUN_CLANG ]]; then
export CC=clang
export CXX=clang++
+ export CFLAGS="-fno-sanitize=function"
+ export CXXFLAGS="-fno-sanitize=function"
if [[ "$phase" == RUN_CLANG ]]; then
# The docs build is slow and is not affected by compiler/flags, so do it just once
MESON_ARGS+=(-Dman=enabled)
@@ -95,6 +98,8 @@ for phase in "${PHASES[@]}"; do
if [[ "$phase" =~ ^RUN_CLANG_ASAN_UBSAN ]]; then
export CC=clang
export CXX=clang++
+ export CFLAGS="-fno-sanitize=function"
+ export CXXFLAGS="-fno-sanitize=function"
# Build fuzzer regression tests only with clang (for now),
# see: https://github.com/systemd/systemd/pull/15886#issuecomment-632689604
# -Db_lundef=false: See https://github.com/mesonbuild/meson/issues/764
diff --git a/.github/workflows/unit_tests.yml b/.github/workflows/unit_tests.yml
index f2857f1d4d..895068c2a2 100644
--- a/.github/workflows/unit_tests.yml
+++ b/.github/workflows/unit_tests.yml
@@ -14,7 +14,7 @@ permissions:
jobs:
build:
- runs-on: ubuntu-22.04
+ runs-on: ubuntu-24.04
concurrency:
group: ${{ github.workflow }}-${{ matrix.run_phase }}-${{ matrix.cryptolib }}-${{ github.ref }}
cancel-in-progress: true
generated by cgit v1.2.3 (git 2.39.1) at 2025-01-18 20:23:45 +0100