Use sealded memfd for icon validator #2728
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Portal CI | |
on: [push, pull_request] | |
env: | |
DEBIAN_FRONTEND: noninteractive | |
TESTS_TIMEOUT: 10 # in minutes | |
jobs: | |
check: | |
name: Ubuntu 22.04 build | |
runs-on: ubuntu-22.04 | |
strategy: | |
matrix: | |
compiler: ['gcc', 'clang'] | |
sanitizer: ['address'] | |
env: | |
UBUNTU_VERSION: '22.04' | |
CC: ${{ matrix.compiler }} | |
BASE_CFLAGS: -Wp,-D_FORTIFY_SOURCE=2 | |
BUILD_CONTAINER: ${{ matrix.compiler }}-build-container | |
RUN_CMD: docker exec -t -w /src -e TEST_IN_CI -e ASAN_OPTIONS -e G_MESSAGES_DEBUG -e XDG_DATA_DIRS ${{ matrix.compiler }}-build-container | |
AS_USER: runuser -u tester -- | |
BUILDDIR: builddir | |
steps: | |
- name: Prepare environment | |
id: env-setup | |
run: | | |
echo "cflags=$BASE_CFLAGS" >> $GITHUB_OUTPUT; | |
- name: Prepare container | |
run: | | |
docker run --name $BUILD_CONTAINER \ | |
--tty --device /dev/fuse --cap-add SYS_ADMIN \ | |
--security-opt apparmor:unconfined \ | |
--privileged \ | |
-v $(pwd):/src \ | |
-e DEBIAN_FRONTEND \ | |
-e DEBCONF_NONINTERACTIVE_SEEN=true \ | |
-e TERM=dumb \ | |
-e MAKEFLAGS="-j $(getconf _NPROCESSORS_ONLN)" \ | |
-e CC -e CFLAGS="${{ steps.env-setup.outputs.cflags }}" \ | |
-e LD_LIBRARY_PATH=$LD_LIBRARY_PATH:/usr/local/lib64 \ | |
-e PKG_CONFIG_PATH=/usr/local/lib64/pkgconfig \ | |
-d ubuntu:$UBUNTU_VERSION sleep infinity | |
- name: Install dependencies | |
run: | | |
$RUN_CMD apt-get update --quiet | |
$RUN_CMD apt-get upgrade --quiet -y | |
$RUN_CMD apt-get install --quiet -y --no-install-recommends \ | |
${{ matrix.compiler }} \ | |
desktop-file-utils \ | |
fuse3 \ | |
gettext \ | |
git \ | |
gnome-desktop-testing \ | |
gtk-doc-tools \ | |
libcap2-bin \ | |
libflatpak-dev \ | |
libfontconfig1-dev \ | |
libfuse3-dev \ | |
libgdk-pixbuf-2.0-dev \ | |
librsvg2-2 \ | |
librsvg2-common \ | |
libgeoclue-2-dev \ | |
libglib2.0-dev \ | |
libjson-glib-dev \ | |
libpipewire-0.3-dev \ | |
libsystemd-dev \ | |
libtool \ | |
llvm \ | |
python3-gi \ | |
shared-mime-info | |
- name: Install dependencies for meson | |
run: | | |
$RUN_CMD apt-get install --quiet -y --no-install-recommends \ | |
meson | |
- name: Install dependencies for the pytest test suite | |
run: | | |
$RUN_CMD apt-get install --quiet -y --no-install-recommends \ | |
python3-pytest python3-pytest-xdist python3-dbusmock python3-dbus | |
- name: Check out xdg-desktop-portal | |
uses: actions/checkout@v4 | |
- name: Check out libportal fork with a similarly named branch | |
id: libportal-branched | |
uses: actions/checkout@v4 | |
continue-on-error: true | |
with: | |
repository: ${{ github.actor }}/libportal | |
ref: ${{ github.head_ref || github.ref_name }} | |
path: libportal | |
- name: Check out libportal default branch | |
if: steps.libportal-branched.outcome == 'failure' | |
uses: actions/checkout@v4 | |
with: | |
repository: flatpak/libportal | |
path: libportal | |
- name: Setup test user | |
run: | | |
$RUN_CMD adduser --disabled-password --gecos "" tester | |
$RUN_CMD chown tester:tester . -R | |
- name: Build libportal | |
run: | | |
$RUN_CMD $AS_USER meson setup libportal ${LIBPORTAL_BUILDDIR} $MESON_OPTIONS | |
$RUN_CMD $AS_USER meson compile -C ${LIBPORTAL_BUILDDIR} | |
$RUN_CMD meson install -C ${LIBPORTAL_BUILDDIR} | |
env: | |
MESON_OPTIONS: -Ddocs=false -Dintrospection=false -Dtests=false | |
LIBPORTAL_BUILDDIR: libportal_builddir | |
- name: Build xdg-desktop-portal | |
run: | | |
$RUN_CMD $AS_USER meson setup ${BUILDDIR} $MESON_OPTIONS | |
$RUN_CMD $AS_USER meson compile -C ${BUILDDIR} | |
env: | |
MESON_OPTIONS: -Dinstalled-tests=true -Dpytest=enabled -Db_sanitize=${{ matrix.sanitizer }} | |
- name: Run xdg-desktop-portal tests | |
run: $RUN_CMD $AS_USER timeout --signal=KILL -v ${TESTS_TIMEOUT}m meson test -C ${BUILDDIR} | |
env: | |
TEST_IN_CI: 1 | |
G_MESSAGES_DEBUG: all | |
- name: Install xdg-desktop-portal | |
run: $RUN_CMD meson install -C ${BUILDDIR} | |
- name: Run xdg-desktop-portal installed-tests | |
run: | | |
test -n "$($RUN_CMD $AS_USER gnome-desktop-testing-runner -l xdg-desktop-portal)" | |
$RUN_CMD $AS_USER \ | |
env TEST_INSTALLED_IN_CI=1 XDG_DATA_DIRS=/src/tests/share/:$XDG_DATA_DIRS \ | |
gnome-desktop-testing-runner --report-directory installed-test-logs/ \ | |
-t $((TESTS_TIMEOUT * 60)) xdg-desktop-portal | |
env: | |
G_MESSAGES_DEBUG: all | |
TEST_IN_CI: 1 | |
XDG_DATA_DIRS: /usr/local/share:/usr/share | |
- name: Create dist tarball | |
run: | | |
$RUN_CMD $AS_USER ls -la | |
$RUN_CMD $AS_USER timeout --signal=KILL -v ${TESTS_TIMEOUT}m meson dist -C ${BUILDDIR} | |
env: | |
TEST_IN_CI: 1 | |
G_MESSAGES_DEBUG: all | |
- name: Upload test logs | |
uses: actions/upload-artifact@v3 | |
if: success() || failure() | |
with: | |
name: test logs | |
path: | | |
tests/*.log | |
test-*.log | |
installed-test-logs/ | |
builddir/meson-logs/testlog.txt |