forked from semgrep/semgrep
-
Notifications
You must be signed in to change notification settings - Fork 0
118 lines (118 loc) · 4.1 KB
/
build-test-osx-arm64.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
# AUTOGENERATED FROM build-test-osx-arm64.jsonnet DO NOT MODIFY
name: build-test-osx-arm64
"on":
workflow_dispatch:
inputs:
use-cache:
description: Use Opam Cache - uncheck the box to disable use of the opam cache,
meaning a long-running but completely from-scratch build.
required: true
type: boolean
default: true
workflow_call:
inputs:
use-cache:
description: Use Opam Cache - uncheck the box to disable use of the opam cache,
meaning a long-running but completely from-scratch build.
required: false
type: boolean
default: true
jobs:
build-core:
runs-on:
- self-hosted
- macOS
- ARM64
- ghcr.io/cirruslabs/macos-monterey-xcode:latest
env:
OPAM_SWITCH_NAME: 4.14.0
steps:
- name: Setup runner directory
run: "\n sudo mkdir /Users/runner\n sudo chown admin:staff /Users/runner\n
\ sudo chmod 750 /Users/runner\n "
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- uses: actions/checkout@v3
with:
submodules: true
- name: Cache Opam
uses: actions/cache@v3
if: ${{ inputs.use-cache }}
env:
SEGMENT_DOWNLOAD_TIMEOUT_MINS: 2
with:
path: ~/.opam
key: ${{ runner.os }}-${{ runner.arch }}-${{ env.OPAM_SWITCH_NAME }}-opam-deps-${{
github.run_id }}
restore-keys: ${{ runner.os }}-${{ runner.arch }}-${{ env.OPAM_SWITCH_NAME
}}-opam-deps\n
- name: Install dependencies
run: ./scripts/osx-setup-for-release.sh "${{ env.OPAM_SWITCH_NAME }}"
- name: Compile semgrep
run: "\n opam exec -- make core\n mkdir -p artifacts\n cp
./bin/semgrep-core artifacts\n zip -r artifacts.zip artifacts\n "
- uses: actions/upload-artifact@v3
with:
path: artifacts.zip
name: semgrep-osx-arm64-${{ github.sha }}
build-wheels:
runs-on:
- self-hosted
- macOS
- ARM64
- ghcr.io/cirruslabs/macos-monterey-xcode:latest
needs:
- build-core
steps:
- name: Setup runner directory
run: "\n sudo mkdir /Users/runner\n sudo chown admin:staff /Users/runner\n
\ sudo chmod 750 /Users/runner\n "
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- uses: actions/checkout@v3
with:
submodules: true
- uses: actions/download-artifact@v3
with:
name: semgrep-osx-arm64-${{ github.sha }}
- run: "\n unzip artifacts.zip\n cp artifacts/semgrep-core cli/src/semgrep/bin\n
\ ./scripts/build-wheels.sh --plat-name macosx_11_0_arm64\n "
- uses: actions/upload-artifact@v3
with:
path: cli/dist.zip
name: osx-arm64-wheel
test-wheels:
runs-on:
- self-hosted
- macOS
- ARM64
- ghcr.io/cirruslabs/macos-monterey-xcode:latest
needs:
- build-wheels
steps:
- name: Setup runner directory
run: "\n sudo mkdir /Users/runner\n sudo chown admin:staff /Users/runner\n
\ sudo chmod 750 /Users/runner\n "
- uses: actions/setup-python@v4
with:
python-version: "3.11"
- uses: actions/download-artifact@v1
with:
name: osx-arm64-wheel
- run: unzip ./osx-arm64-wheel/dist.zip
- name: install package
run: pip3 install dist/*.whl
- run: semgrep --version
- name: e2e semgrep-core test
run: echo '1 == 1' | semgrep -l python -e '$X == $X' -
- name: test dynamically linked libraries are in /usr/lib/
shell: bash {0}
run: "\n otool -L $(semgrep --dump-engine-path) | tee otool.txt\n if
[ $? -ne 0 ]; then\n echo \"Failed to list dynamically linked libraries.\";\n
\ exit 1;\n fi\n NON_USR_LIB_DYNAMIC_LIBRARIES=$(tail -n
+2 otool.txt | grep -v \"^\\\\s*/usr/lib/\")\n if [ $? -eq 0 ]; then\n
\ echo \"Error: semgrep-core has been dynamically linked against libraries
outside /usr/lib:\"\n echo $NON_USR_LIB_DYNAMIC_LIBRARIES\n exit
1;\n fi;\n "