Bump requests from 2.32.4 to 2.33.0 in /patch_assembler #31
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| release: | |
| types: | |
| - published | |
| pull_request: | |
| push: | |
| branches: | |
| - "main" | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| build-and-test-ghidra: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| - uses: extractions/setup-just@69d82fb0233557aec017ef13706851d0694e0f1d # v1.6.0 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: "temurin" | |
| java-version: "17" | |
| - name: "Setup Ghidra" | |
| run: | | |
| just install-ghidra | |
| echo "GHIDRA_INSTALL_DIR=$(pwd)/deps/ghidra" >> $GITHUB_ENV | |
| - name: "Lint IRENE Ghidra" | |
| run: | | |
| just lint-irene3-ghidra | |
| - name: "IRENE Ghidra tests" | |
| shell: bash | |
| env: | |
| TOB_AMP_PASSPHRASE: ${{secrets.TOB_AMP_PASSPHRASE}} | |
| run: | | |
| Xvfb :99 -nolisten tcp & | |
| export DISPLAY=:99 | |
| just test-irene3-ghidra | |
| - name: "Tar test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| tar -cvf test-report.tar.gz irene-ghidra/build/reports/tests/ | |
| - name: "Upload test logs" | |
| uses: actions/upload-artifact@v3 | |
| if: ${{ failure() }} | |
| with: | |
| name: Test Report | |
| path: test-report.tar.gz | |
| - name: "Build IRENE Ghidra" | |
| run: | | |
| just install-irene3-ghidra | |
| - name: "Upload IRENE Ghidra" | |
| if: github.event.release | |
| uses: actions/upload-artifact@v3 | |
| with: | |
| name: IRENE3 Ghidra Rel | |
| path: ./irene-ghidra/dist/ghidra*irene-ghidra.zip | |
| build-decompiler: | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| image: | |
| - { name: "ubuntu", tag: "22.04" } | |
| llvm: ["17"] | |
| cxxcommon_version: ["0.6.10"] | |
| runs-on: | |
| labels: gha-ubuntu-32 | |
| container: | |
| image: ghcr.io/lifting-bits/cxx-common/vcpkg-builder-${{ matrix.image.name }}:${{ matrix.image.tag }} | |
| credentials: | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| steps: | |
| - name: Setup the build paths | |
| shell: bash | |
| id: build_paths | |
| run: | | |
| rel_build_path="build" | |
| rel_source_path="src" | |
| rel_install_path="install" | |
| rel_downloads_path="downloads" | |
| rel_ccache_path="ccache" | |
| rel_workspace_path="workspace" | |
| mkdir -p ${rel_build_path} \ | |
| ${rel_install_path} \ | |
| ${rel_downloads_path} \ | |
| ${rel_ccache_path} \ | |
| ${rel_workspace_path} | |
| echo "SOURCE=$(pwd)/${rel_source_path}" >> ${GITHUB_OUTPUT} | |
| echo "REL_SOURCE=${rel_source_path}" >> ${GITHUB_OUTPUT} | |
| echo "BUILD=$(pwd)/${rel_build_path}" >> ${GITHUB_OUTPUT} | |
| echo "REL_BUILD=${rel_build_path}" >> ${GITHUB_OUTPUT} | |
| echo "INSTALL=$(pwd)/${rel_install_path}" >> ${GITHUB_OUTPUT} | |
| echo "DOWNLOADS=$(pwd)/${rel_downloads_path}" >> ${GITHUB_OUTPUT} | |
| echo "CCACHE=$(pwd)/${rel_ccache_path}" >> ${GITHUB_OUTPUT} | |
| echo "WORKSPACE=$(pwd)/${rel_workspace_path}" >> ${GITHUB_OUTPUT} | |
| - name: Update the cache (downloads) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.DOWNLOADS }} | |
| key: | | |
| gitmodules_${{ matrix.image.name }}_${{ matrix.image.tag }}_${{ matrix.llvm }}_${{ matrix.cxxcommon_version }}_${{ github.sha }} | |
| restore-keys: | | |
| gitmodules_${{ matrix.image.name }}_${{ matrix.image.tag }}_${{ matrix.llvm }}_${{ matrix.cxxcommon_version }}_ | |
| - name: Update the cache (ccache) | |
| uses: actions/cache@v3 | |
| with: | |
| path: ${{ steps.build_paths.outputs.CCACHE }} | |
| key: | | |
| gitmodules_${{ matrix.image.name }}_${{ matrix.image.tag }}_${{ matrix.llvm }}_${{ matrix.cxxcommon_version }}_${{ github.sha }} | |
| restore-keys: | | |
| gitmodules_${{ matrix.image.name }}_${{ matrix.image.tag }}_${{ matrix.llvm }}_${{ matrix.cxxcommon_version }}_ | |
| - name: Clone the irene3 repository | |
| uses: actions/checkout@v4 | |
| with: | |
| path: ${{ steps.build_paths.outputs.REL_SOURCE }}/irene3 | |
| fetch-depth: 0 | |
| submodules: true | |
| - name: Setup Git User for Applying Patches | |
| # See this thread for more details https://github.community/t/github-actions-bot-email-address/17204/5 | |
| run: | | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| git config --global user.name "github-actions[bot]" | |
| - name: Download the cxx-common ${{ matrix.cxxcommon_version}} package | |
| shell: bash | |
| id: cxxcommon_installer | |
| working-directory: ${{ steps.build_paths.outputs.DOWNLOADS }} | |
| run: | | |
| folder_name="vcpkg_${{ matrix.image.name }}-${{ matrix.image.tag }}_llvm-${{ matrix.llvm }}-liftingbits-llvm_amd64" | |
| archive_name="${folder_name}.tar.xz" | |
| url="https://github.com/lifting-bits/cxx-common/releases/download/v${{ matrix.cxxcommon_version}}/${archive_name}" | |
| local_path="${{ steps.build_paths.outputs.DOWNLOADS }}/${archive_name}" | |
| if [[ ! -f "${local_path}" ]] ; then | |
| echo "Downloading: ${url}" | |
| curl "${url}" -L -o "${local_path}" | |
| ls -t ${{ steps.build_paths.outputs.DOWNLOADS }}/vcpkg_* | tail -n +2 | while read archive_file ; do | |
| rm "${archive_file}" | |
| done | |
| fi | |
| tar xf "${local_path}" \ | |
| -C "${{ steps.build_paths.outputs.INSTALL }}" | |
| destination_path="${{ steps.build_paths.outputs.INSTALL }}/vcpkg" | |
| mv "${{ steps.build_paths.outputs.INSTALL }}/${folder_name}" \ | |
| "${destination_path}" | |
| echo "${destination_path}/installed/x64-linux-rel/tools/llvm-${{matrix.llvm}}" >> $GITHUB_PATH | |
| echo "PATH=${destination_path}" >> ${GITHUB_OUTPUT} | |
| - name: Select the build job count | |
| shell: bash | |
| id: build_job_count | |
| run: | | |
| echo "VALUE=$(($(nproc) + 1))" >> ${GITHUB_OUTPUT} | |
| - name: Configure remill | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| mkdir remill_build && cd remill_build | |
| cmake \ | |
| -DCMAKE_VERBOSE_MAKEFILE=true \ | |
| -DCMAKE_TOOLCHAIN_FILE="${{ steps.cxxcommon_installer.outputs.PATH }}/scripts/buildsystems/vcpkg.cmake" \ | |
| -DVCPKG_TARGET_TRIPLET="x64-linux-rel" \ | |
| -G Ninja \ | |
| "${{ steps.build_paths.outputs.SOURCE }}/irene3/vendor/remill" | |
| - name: Build remill | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| cmake --build remill_build \ | |
| -j ${{ steps.build_job_count.outputs.VALUE }} | |
| - name: Install remill | |
| id: remill_installer | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| export DESTDIR=${{ steps.build_paths.outputs.INSTALL }}/remill | |
| cmake --build remill_build \ | |
| --target install | |
| echo "PATH=${DESTDIR}" >> ${GITHUB_OUTPUT} | |
| - name: Configure anvill | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| mkdir anvill_build && cd anvill_build | |
| cmake \ | |
| -DCMAKE_TOOLCHAIN_FILE="${{ steps.cxxcommon_installer.outputs.PATH }}/scripts/buildsystems/vcpkg.cmake" \ | |
| -DVCPKG_TARGET_TRIPLET="x64-linux-rel" \ | |
| -DCMAKE_VERBOSE_MAKEFILE=true \ | |
| -Dremill_DIR:PATH=${{ steps.remill_installer.outputs.PATH }}/usr/local/lib/cmake/remill \ | |
| -Dsleigh_DIR:PATH=${{ steps.remill_installer.outputs.PATH }}/usr/local/lib/cmake/sleigh \ | |
| -DANVILL_ENABLE_TESTS=true \ | |
| -DANVILL_ENABLE_INSTALL=true \ | |
| -G Ninja \ | |
| "${{ steps.build_paths.outputs.SOURCE }}/irene3/vendor/anvill" | |
| - name: Build anvill | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| cmake \ | |
| --build anvill_build \ | |
| -j ${{ steps.build_job_count.outputs.VALUE }} | |
| - name: Install anvill | |
| id: anvill_installer | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| export DESTDIR=${{ steps.build_paths.outputs.INSTALL }}/anvill | |
| cmake --build anvill_build \ | |
| --target install | |
| echo "PATH=${DESTDIR}" >> ${GITHUB_OUTPUT} | |
| - name: Configure gap | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| mkdir gap_build && cd gap_build | |
| cmake \ | |
| -DCMAKE_TOOLCHAIN_FILE="${{ steps.cxxcommon_installer.outputs.PATH }}/scripts/buildsystems/vcpkg.cmake" \ | |
| -DVCPKG_TARGET_TRIPLET="x64-linux-rel" \ | |
| -DVCPKG_MANIFEST_INSTALL=OFF \ | |
| -DGAP_ENABLE_TESTING=OFF \ | |
| -DGAP_ENABLE_EXAMPLES=OFF \ | |
| -DGAP_ENABLE_WARNINGS=OFF \ | |
| -G Ninja \ | |
| "${{ steps.build_paths.outputs.SOURCE }}/irene3/vendor/gap" | |
| - name: Build gap | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| cmake \ | |
| --build gap_build \ | |
| -j ${{ steps.build_job_count.outputs.VALUE }} | |
| - name: Install gap | |
| id: gap_installer | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| export DESTDIR=${{ steps.build_paths.outputs.INSTALL }}/gap | |
| cmake --build gap_build \ | |
| --target install | |
| echo "PATH=${DESTDIR}" >> ${GITHUB_OUTPUT} | |
| - name: Configure irene3 | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| mkdir irene3_build && cd irene3_build | |
| cmake \ | |
| -DCMAKE_TOOLCHAIN_FILE="${{ steps.cxxcommon_installer.outputs.PATH }}/scripts/buildsystems/vcpkg.cmake" \ | |
| -DVCPKG_TARGET_TRIPLET="x64-linux-rel" \ | |
| -Dremill_DIR="${{ steps.build_paths.outputs.INSTALL }}/remill/usr/local/lib/cmake/remill/"\ | |
| -Dsleigh_DIR="${{ steps.build_paths.outputs.INSTALL }}/remill/usr/local/lib/cmake/sleigh/"\ | |
| -Danvill_DIR="${{ steps.build_paths.outputs.INSTALL }}/anvill/usr/local/lib/cmake/anvill/"\ | |
| -Dgap_DIR="${{ steps.build_paths.outputs.INSTALL }}/gap/usr/local/lib/cmake/gap/"\ | |
| -DIRENE3_ENABLE_INSTALL=true \ | |
| -G Ninja \ | |
| ${{ steps.build_paths.outputs.SOURCE }}/irene3 | |
| - name: Build irene3 | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| cmake --build irene3_build \ | |
| -j ${{ steps.build_job_count.outputs.VALUE }} | |
| - name: Install irene3 | |
| id: irene3_installer | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| env: | |
| CCACHE_DIR: ${{ steps.build_paths.outputs.CCACHE }} | |
| run: | | |
| export DESTDIR=${{ steps.build_paths.outputs.INSTALL }}/irene3 | |
| cmake --build irene3_build \ | |
| --target install | |
| echo "PATH=${DESTDIR}" >> ${GITHUB_OUTPUT} | |
| - name: Test irene3 | |
| shell: bash | |
| working-directory: ${{ steps.build_paths.outputs.BUILD }} | |
| run: | | |
| env CTEST_OUTPUT_ON_FAILURE=1 cmake --build irene3_build --target test | |
| build_docker: | |
| runs-on: | |
| labels: gha-ubuntu-32 | |
| strategy: | |
| matrix: | |
| ubuntu: ["22.04"] | |
| permissions: | |
| contents: read | |
| packages: write | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| submodules: true | |
| fetch-depth: 2 | |
| - name: Docker meta | |
| id: meta | |
| uses: docker/metadata-action@v4 | |
| with: | |
| images: | | |
| ghcr.io/trailofbits/irene3/irene3-ubuntu${{ matrix.ubuntu }}-amd64 | |
| tags: | | |
| type=ref,event=branch | |
| type=ref,event=pr | |
| type=semver,pattern={{version}} | |
| type=semver,pattern={{major}}.{{minor}} | |
| # Used to get commit message since PRs are on a merge commit | |
| - name: Get commit message | |
| run: | | |
| echo 'COMMIT_MESSAGE<<EOF' >> "$GITHUB_ENV" | |
| if [[ '${{ github.event_name }}' == 'push' ]]; then | |
| echo "$(git log --format=%B -n 1 HEAD)" >> "$GITHUB_ENV" | |
| elif [[ '${{ github.event_name }}' == 'pull_request' ]]; then | |
| echo "$(git log --format=%B -n 1 HEAD^2)" >> "$GITHUB_ENV" | |
| fi | |
| echo "EOF" >> "$GITHUB_ENV" | |
| - name: Set up Docker Buildx | |
| uses: docker/setup-buildx-action@v2 | |
| id: buildx | |
| with: | |
| install: true | |
| - name: Login to GitHub Container Registry | |
| uses: docker/login-action@v2 | |
| with: | |
| registry: ghcr.io | |
| username: ${{ github.actor }} | |
| password: ${{ secrets.GITHUB_TOKEN }} | |
| # Build and load image for testing first | |
| - name: Build and load | |
| uses: docker/build-push-action@v3 | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| load: true | |
| tags: build-test | |
| build-args: | | |
| UBUNTU_VERSION=${{ matrix.ubuntu }} | |
| # Test build-test tag | |
| - name: Test Docker image | |
| env: | |
| TOB_AMP_PASSPHRASE: ${{secrets.TOB_AMP_PASSPHRASE}} | |
| run: | | |
| echo ::group::irene3-public | |
| docker run --rm -v $(pwd):/workspace -w /workspace build-test /workspace/scripts/test-ci.py ./tests ./tests/test_spec.json --skip-decompile --check --outputfile out1.log | |
| echo ::endgroup | |
| ./scripts/download_and_unpack_demo.sh | |
| echo ::group::irene3-private | |
| docker run --rm -v $(pwd):/workspace -w /workspace build-test /workspace/scripts/test-ci.py ./tests/demo ./tests/demo/test_spec.json --skip-decompile --check --outputfile out2.log | |
| echo ::endgroup | |
| - name: "Tar test logs" | |
| if: ${{ failure() }} | |
| run: | | |
| tar -cvf test-out.tar.gz out*.log | |
| - name: "Upload test logs" | |
| uses: actions/upload-artifact@v4 | |
| if: ${{ failure() }} | |
| with: | |
| name: Test Report | |
| path: test-out.tar.gz | |
| # Push with proper tag once test ran | |
| - name: Build and push | |
| uses: docker/build-push-action@v3 | |
| if: github.event.release | |
| with: | |
| context: . | |
| platforms: linux/amd64 | |
| tags: ${{ steps.meta.outputs.tags }} | |
| build-args: | | |
| UBUNTU_VERSION=${{ matrix.ubuntu }} | |
| push: true |