romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-17 03:05:37 +03:00
Code Issues Projects Releases Packages Wiki Activity
curl/.github/workflows/curl-for-win.yml
Viktor Szakats 17a669426f
CI: fix zizmor 1.9.0 warnings, shellcheck verify CI shell code, fix fallouts 
zizmor 1.9.0 effectively bans using GHA macros within shell script
snippets. Rework them to pass GHA macro values via envs and use those
envs in shell snippets. `${{ env.* }}` macros could be converted
to native env references after making their names shell-compatible.

Envs and shell commands can no longer be used in GHA macro values. Most
cases could be fixed by using literals. Passing quoted values with
spaces combined with other args also doesn't work anymore. This was
replaced by passing them separately.

Despite the initial complications, avoiding GHA macros in scripts does
seems to make the CI code reasonable cleaner. It also makes it possible
to analyze the scripts with shellcheck, finding subtle issues that went
unnoticed till now.

Also:
- un-ignore and fix three existing zizmor `template-injection` issues.
- add script to extract and shellcheck all shell code stored within GHA
  and Circle CI YAML files.
- add CI job to run this script.
- fix shellcheck issues discovered.
- fix minor differences between cmake and autotools FreeBSD jobs.
- merge cmake/autotools FreeBSD jobs to avoid developing unwanted
  differences again.
- fix/sync quote use across shell code.
- replace `$HOME` with `~` or literal where it made sense.
- replace most `brew --prefix` with literals.
- move all curl install tests to the `curl-install*` prefix.
- add missing curl install tests to cygwin/msys/mingw/*bsd.
- pipe to `tar` instead of storing downloads on disk.
- drop unnecessary `PKG_CONFIG_PATH` when building nghttp3.

Ref: https://github.com/curl/curl/actions/runs/15461461371/job/43523546041
Ref: https://github.com/zizmorcore/zizmor/releases/tag/v1.9.0

Follow-up to e522f47986 #17278

Closes #17537
2025-06-06 21:30:43 +02:00

166 lines
5 KiB
YAML
Raw Blame History

# Copyright (C) Viktor Szakats
#
# SPDX-License-Identifier: curl
---
name: curl-for-win
'on':
push:
branches:
- master
- '*/ci'
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
pull_request:
branches:
- master
paths-ignore:
- '**/*.md'
- '.circleci/**'
- 'appveyor.*'
- 'packages/**'
- 'plan9/**'
- 'projects/**'
- 'winbuild/**'
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
permissions: {}
env:
CW_NOGET: 'curl trurl'
CW_MAP: '0'
CW_JOBS: '5'
CW_NOPKG: '1'
jobs:
linux-glibc-gcc:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
run: |
git clone --depth 1 https://github.com/curl/curl-for-win
mv curl-for-win/* .
export CW_CONFIG='-main-werror-linux-a64-x64-gcc'
export CW_REVISION="${GITHUB_SHA}"
DOCKER_IMAGE='debian:bookworm-slim'
export CW_CCSUFFIX='-15'
export CW_GCCSUFFIX='-12'
sudo podman image trust set --type reject default
sudo podman image trust set --type accept docker.io/library
time podman pull "${DOCKER_IMAGE}"
podman images --digests
time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
linux-musl-llvm:
runs-on: ubuntu-latest
timeout-minutes: 30
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
run: |
git clone --depth 1 https://github.com/curl/curl-for-win
mv curl-for-win/* .
export CW_CONFIG='-main-werror-linux-musl-r64-x64'
export CW_REVISION="${GITHUB_SHA}"
. ./_versions.sh
sudo podman image trust set --type reject default
sudo podman image trust set --type accept docker.io/library
time podman pull "${DOCKER_IMAGE}"
podman images --digests
time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
mac-clang:
runs-on: macos-latest
timeout-minutes: 30
env:
CW_JOBS: '4'
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
run: |
git clone --depth 1 https://github.com/curl/curl-for-win
mv curl-for-win/* .
export CW_CONFIG='-main-werror-mac-x64'
export CW_REVISION="${GITHUB_SHA}"
sh -c ./_ci-mac-homebrew.sh
win-llvm:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
run: |
git clone --depth 1 https://github.com/curl/curl-for-win
mv curl-for-win/* .
export CW_CONFIG='-main-werror-win-x64'
export CW_REVISION="${GITHUB_SHA}"
. ./_versions.sh
sudo podman image trust set --type reject default
sudo podman image trust set --type accept docker.io/library
time podman pull "${DOCKER_IMAGE}"
podman images --digests
time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
win-gcc-libssh-zlibold-x86:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4
with:
persist-credentials: false
path: 'curl'
fetch-depth: 8
- name: 'build'
run: |
git clone --depth 1 https://github.com/curl/curl-for-win
mv curl-for-win/* .
export CW_CONFIG='-main-werror-win-x86-gcc-libssh1-zlibng'
export CW_REVISION="${GITHUB_SHA}"
. ./_versions.sh
sudo podman image trust set --type reject default
sudo podman image trust set --type accept docker.io/library
time podman pull "${DOCKER_IMAGE}"
podman images --digests
time podman run --volume "$(pwd):$(pwd)" --workdir "$(pwd)" \
--env-file <(env | grep -a -E \
'^(CW_|GITHUB_)') \
"${DOCKER_IMAGE}" \
sh -c ./_ci-linux-debian.sh
Reference in a new issue View git blame Copy permalink