Add Sarif reporter #208
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: RHEL 9.6 (arm64) CI | |
| env: | |
| CLOUDSMITH_API_KEY: ${{ secrets.CLOUDSMITH_API_KEY }} | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| on: | |
| push: | |
| branches: ["main"] | |
| tags: ["**"] | |
| pull_request: | |
| branches: ["main"] | |
| jobs: | |
| build-and-test: | |
| runs-on: ubuntu-24.04-arm | |
| strategy: | |
| matrix: | |
| LLVM_VERSION: [20] | |
| name: RHEL 9.6 - LLVM ${{ matrix.LLVM_VERSION }} | |
| steps: | |
| - uses: actions/checkout@v5 | |
| - uses: ./.github/actions/detect-package-metadata | |
| - uses: ./.github/actions/setup-bazel-cache | |
| with: | |
| BUILDBUDDY_API_KEY: ${{ secrets.BUILDBUDDY_API_KEY }} | |
| PLATFORM: rhel-9.6-arm64 | |
| - uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.repository_owner }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| - name: Build, test, package | |
| uses: devcontainers/ci@v0.3 | |
| with: | |
| imageName: ghcr.io/mull-project/internal-rhel-arm64_9.6-llvm-${{ matrix.LLVM_VERSION }}-ci | |
| configFile: ./.devcontainer/rhel_9.6-llvm-${{ matrix.LLVM_VERSION }}/devcontainer.json | |
| runCmd: | | |
| set -e | |
| mkdir -p packages | |
| bazel test //... | |
| bazel build //:mull_packages --stamp | |
| mv -v bazel-bin/Mull-*.rpm packages/ | |
| - name: Publish package | |
| uses: devcontainers/ci@v0.3 | |
| if: env.CLOUDSMITH_API_KEY != null | |
| with: | |
| imageName: ghcr.io/mull-project/internal-rhel-arm64_9.6-llvm-${{ matrix.LLVM_VERSION }}-ci | |
| configFile: ./.devcontainer/rhel_9.6-llvm-${{ matrix.LLVM_VERSION }}/devcontainer.json | |
| push: never | |
| env: CLOUDSMITH_API_KEY | |
| runCmd: | | |
| bazel run publish --stamp && exit 0 | |
| max_attempts=3 | |
| attempt=1 | |
| until [ "$attempt" -ge "$max_attempts" ] | |
| do | |
| echo "Attempt $attempt failed. Retrying..." | |
| attempt=$((attempt+1)) | |
| bazel run publish --stamp && exit 0 | |
| done | |
| echo "All $max_attempts attempts failed." | |
| exit 1 | |
| - name: Move package | |
| run: | | |
| mkdir -p /tmp/packages | |
| sudo mv -v packages/Mull-*.rpm /tmp/packages/ | |
| - uses: ./.github/actions/attach-package | |
| with: | |
| GH_API_KEY: ${{ secrets.GITHUB_TOKEN }} | |
| smoke-test: | |
| needs: [build-and-test] | |
| if: ${{ !cancelled() && needs.build-and-test.result == 'success' }} | |
| runs-on: ubuntu-24.04-arm | |
| name: Smoke test | |
| container: | |
| image: redhat/ubi9:9.6 | |
| steps: | |
| - name: Determine Cloudsmith repo | |
| id: metadata | |
| run: | | |
| if [ "${{ github.event_name }}" = "pull_request" ]; then | |
| echo "cs_repo=testing" >> $GITHUB_OUTPUT | |
| elif echo "${{ github.ref }}" | grep -q "^refs/tags/"; then | |
| echo "cs_repo=stable" >> $GITHUB_OUTPUT | |
| else | |
| echo "cs_repo=nightly" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Install prerequisites | |
| run: true | |
| - name: Setup Cloudsmith repo | |
| run: | | |
| curl -1sLf 'https://dl.cloudsmith.io/public/mull-project/mull-${{ steps.metadata.outputs.cs_repo }}/setup.rpm.sh' | bash | |
| - name: Install and test all mull packages | |
| run: | | |
| for version in 20; do | |
| echo "=== Testing LLVM $version ===" | |
| dnf install -y mull-$version | |
| runner_version=$(mull-runner-$version --version) | |
| echo "$runner_version" | |
| if echo "$runner_version" | grep -q '{STABLE_'; then | |
| echo "ERROR: mull-runner-$version contains unexpanded stamp variable" | |
| exit 1 | |
| fi | |
| reporter_version=$(mull-reporter-$version --version) | |
| echo "$reporter_version" | |
| if echo "$reporter_version" | grep -q '{STABLE_'; then | |
| echo "ERROR: mull-reporter-$version contains unexpanded stamp variable" | |
| exit 1 | |
| fi | |
| done |