Skip to content

Commit 2af713b

Browse files
Easton97-JensEaston97-Jens
authored
Add files via upload
1 parent 0fb4aff commit 2af713b

2 files changed

Lines changed: 237 additions & 0 deletions

File tree

.github/workflows/codeql-security.yml

Lines changed: 85 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,85 @@
1+
name: CodeQL Security
2+
3+
on:
4+
push:
5+
pull_request:
6+
workflow_dispatch:
7+
schedule:
8+
- cron: "0 3 * * 1"
9+
10+
permissions:
11+
contents: read
12+
security-events: write
13+
actions: read
14+
15+
jobs:
16+
codeql:
17+
name: CodeQL C/C++
18+
runs-on: ubuntu-24.04
19+
20+
steps:
21+
- uses: actions/checkout@v6
22+
with:
23+
fetch-depth: 0
24+
submodules: recursive
25+
26+
- name: Detect latest Lua dev package
27+
id: detect_lua
28+
shell: bash
29+
run: |
30+
set -euo pipefail
31+
sudo apt-get update -y -qq
32+
CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
33+
34+
if [ -z "$CANDIDATES" ]; then
35+
echo "No libluaX.Y-dev package found"
36+
exit 1
37+
fi
38+
39+
BEST_PKG="$(
40+
printf '%s\n' "$CANDIDATES" \
41+
| sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
42+
| sort -V \
43+
| tail -n1 \
44+
| awk '{print $2}'
45+
)"
46+
47+
echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
48+
49+
- name: Install dependencies
50+
run: |
51+
sudo apt-get install -y \
52+
autoconf \
53+
automake \
54+
build-essential \
55+
libtool \
56+
pkg-config \
57+
libyajl-dev \
58+
libcurl4-openssl-dev \
59+
liblmdb-dev \
60+
${{ steps.detect_lua.outputs.lua_pkg }} \
61+
libmaxminddb-dev \
62+
libpcre2-dev \
63+
libxml2-dev \
64+
libfuzzy-dev \
65+
pcre2-utils \
66+
libpcre3-dev \
67+
bison \
68+
flex \
69+
python3 \
70+
python3-venv
71+
72+
- name: Initialize CodeQL
73+
uses: github/codeql-action/init@v4
74+
with:
75+
languages: c-cpp
76+
queries: security-extended,security-and-quality
77+
78+
- name: Build for CodeQL database
79+
run: |
80+
./build.sh
81+
./configure --enable-assertions=yes
82+
make -j"$(nproc)"
83+
84+
- name: Perform CodeQL analysis
85+
uses: github/codeql-action/analyze@v4

.github/workflows/runtime-sanitizers.yml

Lines changed: 152 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,152 @@
1+
name: Runtime Sanitizers
2+
3+
on:
4+
push:
5+
pull_request:
6+
workflow_dispatch:
7+
schedule:
8+
- cron: "0 4 * * 1"
9+
10+
jobs:
11+
asan-ubsan-linux:
12+
name: ASan/UBSan Linux
13+
runs-on: ubuntu-24.04
14+
15+
steps:
16+
- uses: actions/checkout@v5
17+
with:
18+
fetch-depth: 0
19+
submodules: recursive
20+
21+
- name: Detect latest Lua dev package
22+
id: detect_lua
23+
shell: bash
24+
run: |
25+
set -euo pipefail
26+
sudo apt-get update -y -qq
27+
CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
28+
29+
if [ -z "$CANDIDATES" ]; then
30+
echo "No libluaX.Y-dev package found"
31+
exit 1
32+
fi
33+
34+
BEST_PKG="$(
35+
printf '%s\n' "$CANDIDATES" \
36+
| sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
37+
| sort -V \
38+
| tail -n1 \
39+
| awk '{print $2}'
40+
)"
41+
42+
echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
43+
44+
- name: Install dependencies
45+
run: |
46+
sudo apt-get install -y \
47+
autoconf \
48+
automake \
49+
build-essential \
50+
clang \
51+
libtool \
52+
pkg-config \
53+
libyajl-dev \
54+
libcurl4-openssl-dev \
55+
liblmdb-dev \
56+
${{ steps.detect_lua.outputs.lua_pkg }} \
57+
libmaxminddb-dev \
58+
libpcre2-dev \
59+
libxml2-dev \
60+
libfuzzy-dev \
61+
pcre2-utils \
62+
libpcre3-dev \
63+
bison \
64+
flex \
65+
python3 \
66+
python3-venv
67+
68+
- name: Build with AddressSanitizer and UndefinedBehaviorSanitizer
69+
env:
70+
CC: clang
71+
CXX: clang++
72+
CFLAGS: "-fsanitize=address,undefined -fno-omit-frame-pointer -O1"
73+
CXXFLAGS: "-fsanitize=address,undefined -fno-omit-frame-pointer -O1"
74+
LDFLAGS: "-fsanitize=address,undefined"
75+
ASAN_OPTIONS: "detect_leaks=1:abort_on_error=1:strict_string_checks=1"
76+
UBSAN_OPTIONS: "halt_on_error=1:print_stacktrace=1"
77+
run: |
78+
./build.sh
79+
./configure --enable-assertions=yes
80+
make -j"$(nproc)"
81+
timeout 30m make check
82+
83+
valgrind-linux:
84+
name: Valgrind Linux
85+
runs-on: ubuntu-24.04
86+
87+
steps:
88+
- uses: actions/checkout@v5
89+
with:
90+
fetch-depth: 0
91+
submodules: recursive
92+
93+
- name: Detect latest Lua dev package
94+
id: detect_lua
95+
shell: bash
96+
run: |
97+
set -euo pipefail
98+
sudo apt-get update -y -qq
99+
CANDIDATES="$(apt-cache pkgnames | grep -E '^liblua[0-9]+\.[0-9]+-dev$' || true)"
100+
101+
if [ -z "$CANDIDATES" ]; then
102+
echo "No libluaX.Y-dev package found"
103+
exit 1
104+
fi
105+
106+
BEST_PKG="$(
107+
printf '%s\n' "$CANDIDATES" \
108+
| sed -E 's/^liblua([0-9]+\.[0-9]+)-dev$/\1 &/' \
109+
| sort -V \
110+
| tail -n1 \
111+
| awk '{print $2}'
112+
)"
113+
114+
echo "lua_pkg=$BEST_PKG" >> "$GITHUB_OUTPUT"
115+
116+
- name: Install dependencies
117+
run: |
118+
sudo apt-get install -y \
119+
autoconf \
120+
automake \
121+
build-essential \
122+
valgrind \
123+
libtool \
124+
pkg-config \
125+
libyajl-dev \
126+
libcurl4-openssl-dev \
127+
liblmdb-dev \
128+
${{ steps.detect_lua.outputs.lua_pkg }} \
129+
libmaxminddb-dev \
130+
libpcre2-dev \
131+
libxml2-dev \
132+
libfuzzy-dev \
133+
pcre2-utils \
134+
libpcre3-dev \
135+
bison \
136+
flex \
137+
python3 \
138+
python3-venv
139+
140+
- name: Build
141+
run: |
142+
./build.sh
143+
./configure --enable-assertions=yes
144+
make -j"$(nproc)"
145+
146+
- name: Run tests under Valgrind
147+
run: |
148+
timeout 45m valgrind \
149+
--error-exitcode=1 \
150+
--leak-check=full \
151+
--show-leak-kinds=definite,indirect \
152+
make check

0 commit comments

Comments
 (0)