1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
229
230
231
232
233
234
235
236
237
238
239
240
241
242
243
244
245
246
247
248
249
250
251
252
253
254
255
256
257
258
259
260
261
262
263
264
265
266
267
268
269
270
271
272
273
274
275
276
277
278
279
280
281
282
283
284
285
286
|
name: Flatpak CI
on:
push:
branches:
- main
- flatpak-1.0.x
- flatpak-1.2.x
- flatpak-1.4.x
- flatpak-1.6.x
- flatpak-1.8.x
- flatpak-1.10.x
- flatpak-1.12.x
- flatpak-1.14.x
- flatpak-1.16.x
pull_request:
paths-ignore:
- README.md
- CONTRIBUTING.md
- NEWS
- COPYING
- CODE_OF_CONDUCT.md
- uncrustify.cfg
- uncrustify.sh
branches:
- main
- flatpak-1.0.x
- flatpak-1.2.x
- flatpak-1.4.x
- flatpak-1.6.x
- flatpak-1.8.x
- flatpak-1.10.x
- flatpak-1.12.x
- flatpak-1.14.x
- flatpak-1.16.x
merge_group:
types:
- checks_requested
permissions:
contents: read
jobs:
check:
name: Build with gcc and test
runs-on: ubuntu-24.04
steps:
- name: Install Dependencies
run: |
head -v -n-0 /etc/apt/sources.list || :
head -v -n-0 /etc/apt/sources.list.d/* || :
# Workaround for https://github.com/orgs/community/discussions/120966
sudo rm -f /etc/apt/sources.list.d/microsoft-prod.list
sudo apt-get update
sudo apt-get install -y libglib2.0-dev attr gettext bison dbus gtk-doc-tools \
libfuse3-dev ostree libostree-dev libarchive-dev libzstd-dev libcap-dev libattr1-dev libdw-dev libelf-dev python3-pyparsing \
libjson-glib-dev shared-mime-info desktop-file-utils libpolkit-agent-1-dev libpolkit-gobject-1-dev \
libseccomp-dev libsoup2.4-dev libcurl4-openssl-dev libsystemd-dev libxml2-utils libgpgme11-dev gobject-introspection \
libgirepository1.0-dev libappstream-dev libdconf-dev clang socat meson libdbus-1-dev e2fslibs-dev bubblewrap xdg-dbus-proxy \
meson ninja-build libyaml-dev libstemmer-dev gperf itstool libmalcontent-0-dev libxau-dev libgdk-pixbuf2.0-dev openssl
# One of the tests wants this
sudo mkdir /tmp/flatpak-com.example.App-OwnedByRoot
- name: Check out flatpak
uses: actions/checkout@v4
with:
submodules: true
- name: Create logs dir
run: mkdir test-logs
- name: configure
# We don't do gtk-doc or GObject-Introspection here, because they can
# clash with AddressSanitizer. Instead, the clang build enables those.
run: |
meson setup \
-Db_sanitize=address,undefined \
-Dgir=disabled \
-Dgtkdoc=disabled \
-Dhttp_backend=curl \
-Dinternal_checks=true \
-Dsystem_dbus_proxy=xdg-dbus-proxy \
_build
env:
CFLAGS: -O2 -Wp,-D_FORTIFY_SOURCE=2
- name: Build flatpak
run: meson compile -C _build
env:
ASAN_OPTIONS: detect_leaks=0 # Right now we're not fully clean, but this gets us use-after-free etc
- name: Run tests
run: meson test -C _build
env:
ASAN_OPTIONS: detect_leaks=0 # Right now we're not fully clean, but this gets us use-after-free etc
LC_ALL: en_US.UTF-8
- name: Collect logs on failure
if: failure() || cancelled()
run: mv _build/meson-logs/* test-logs/ || true
- name: Upload test logs
uses: actions/upload-artifact@v4
if: failure() || cancelled()
with:
name: test logs
path: test-logs
# This is similar to the above, but runs on an older OS with some different configuration:
# * Soup instead of curl
# * Use built in bubblewrap instead of external
# * Use built in xdg-dbus-proxy instead of external
# * Disable malcontent build-dependency
check-alt2:
name: Build with gcc and test (older)
runs-on: ubuntu-22.04
steps:
- name: Install Dependencies
run: |
sudo add-apt-repository ppa:flatpak/stable
sudo apt-get update
sudo apt-get install -y libglib2.0-dev attr gettext bison dbus gtk-doc-tools \
libfuse-dev ostree libostree-dev libarchive-dev libzstd-dev libcap-dev libattr1-dev libdw-dev libelf-dev python3-pyparsing \
libjson-glib-dev shared-mime-info desktop-file-utils libpolkit-agent-1-dev libpolkit-gobject-1-dev \
libseccomp-dev libsoup2.4-dev libcurl4-openssl-dev libsystemd-dev libxml2-utils libgpgme11-dev gobject-introspection \
libgirepository1.0-dev libappstream-dev libdconf-dev clang socat meson libdbus-1-dev e2fslibs-dev
# One of the tests wants this
sudo mkdir /tmp/flatpak-com.example.App-OwnedByRoot
- name: Check out flatpak
uses: actions/checkout@v4
with:
submodules: true
- name: Create logs dir
run: mkdir test-logs
- name: Configure
# Sometimes the older sanitizer toolchains will trigger issues that are either
# false positive or that have been already against in newer versions, so we don't
# enable them here.
run: |
meson setup \
-Dgir=disabled \
-Dgtkdoc=disabled \
-Dhttp_backend=soup \
-Dinternal_checks=true \
_build
env:
CFLAGS: -O2 -Wp,-D_FORTIFY_SOURCE=2
- name: Build flatpak
# Can't use `meson compile` here because Ubuntu 20.04 is too old
run: ninja -C _build
- name: Run tests
run: meson test -C _build
env:
LC_ALL: en_US.UTF-8
- name: Collect overall test logs on failure
if: failure()
run: mv _build/test-suite.log test-logs/ || true
- name: Collect individual test logs on cancel
if: failure() || cancelled()
run: mv _build/meson-logs/* test-logs/ || true
- name: Upload test logs
uses: actions/upload-artifact@v4
if: failure() || cancelled()
with:
name: test logs
path: test-logs
clang:
permissions:
security-events: write # for codeql
name: Build with clang and analyze
runs-on: ubuntu-24.04
strategy:
fail-fast: false
matrix:
language: [ 'cpp', 'python' ]
# CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python' ]
# Learn more:
# https://docs.github.com/en/free-pro-team@latest/github/finding-security-vulnerabilities-and-errors-in-your-code/configuring-code-scanning#changing-the-languages-that-are-analyzed
steps:
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main
- name: Install Dependencies
run: |
sudo add-apt-repository ppa:flatpak/stable
sudo apt-get update
sudo apt-get install -y libglib2.0-dev attr gettext bison dbus gtk-doc-tools \
libfuse-dev ostree libostree-dev libarchive-dev libzstd-dev libcap-dev libattr1-dev libdw-dev libelf-dev python3-pyparsing \
libjson-glib-dev shared-mime-info desktop-file-utils libpolkit-agent-1-dev libpolkit-gobject-1-dev \
libseccomp-dev libsoup2.4-dev libcurl4-openssl-dev libsystemd-dev libxml2-utils libgpgme11-dev gobject-introspection \
libgirepository1.0-dev libappstream-dev libdconf-dev clang e2fslibs-dev meson socat libxau-dev libgdk-pixbuf2.0-dev \
xmlto
- name: Check out flatpak
uses: actions/checkout@v4
with:
submodules: true
- name: Configure
run: |
meson setup \
-Dgir=enabled \
-Dgtkdoc=enabled \
_build
env:
CC: clang
CFLAGS: -Werror=unused-variable
- name: Build flatpak
# Can't use `meson compile` here because Ubuntu 20.04 is too old
run: ninja -C _build
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
- name: Upload docs
uses: actions/upload-artifact@v4
with:
if-no-files-found: error
overwrite: true
name: docs
path: |
_build/doc/
valgrind:
name: Run tests in valgrind
needs: check # Don't run expensive test if main check fails
runs-on: ubuntu-24.04 # Might as well test with a different one too
if: ${{ false }} # Currently Valgrind takes too long and always fails
steps:
- name: Install Dependencies
run: |
sudo add-apt-repository ppa:flatpak/stable
sudo apt-get update
sudo apt-get install -y libglib2.0-dev attr gettext bison dbus gtk-doc-tools \
libfuse-dev ostree libostree-dev libarchive-dev libzstd-dev libcap-dev libattr1-dev libdw-dev libelf-dev python3-pyparsing \
libjson-glib-dev shared-mime-info desktop-file-utils libpolkit-agent-1-dev libpolkit-gobject-1-dev \
libseccomp-dev libsoup2.4-dev libcurl4-openssl-dev libsystemd-dev libxml2-utils libgpgme11-dev gobject-introspection \
libgirepository1.0-dev libappstream-dev libdconf-dev clang socat meson libdbus-1-dev \
valgrind e2fslibs-dev meson libxau-dev libgdk-pixbuf2.0-dev
- name: Check out flatpak
uses: actions/checkout@v4
with:
submodules: true
- name: Create logs dir
run: mkdir test-logs
- name: Configure
run: |
meson setup \
-Dgir=enabled \
-Dgtkdoc=enabled \
_build
env:
CFLAGS: -O2
- name: Build flatpak
run: meson compile -C _build
- name: Run tests under valgrind
run: meson test -C _build
env:
FLATPAK_TESTS_VALGRIND: true
- name: Collect overall test logs on failure
if: failure()
run: mv _build/meson-logs/* test-logs/ || true
- name: Collect individual test logs on cancel
if: failure() || cancelled()
run: mv _build/tests/*.log test-logs/ || true
- name: Upload test logs
uses: actions/upload-artifact@v4
if: failure() || cancelled()
with:
name: test logs
path: test-logs
# This is a workaround to CodeQL not reporting status to the
# merge queue.
check_codeql_status:
name: Check CodeQL Status
needs: clang
permissions:
contents: read
checks: read
pull-requests: read
runs-on: ubuntu-latest
if: ${{ github.event_name == 'pull_request' }}
steps:
- name: Check CodeQL Status
uses: eldrick19/code-scanning-status-checker@v2
with:
token: ${{ secrets.GITHUB_TOKEN }}
pr_number: ${{ github.event.pull_request.number }}
repo: ${{ github.repository }}
|
