Skip to content

LibGfx/TIFF: Reject images with a null value in tile's dimensions #1083

LibGfx/TIFF: Reject images with a null value in tile's dimensions

LibGfx/TIFF: Reject images with a null value in tile's dimensions #1083

Workflow file for this run

name: Build, lint, and test
on: [push, pull_request]
env:
# Don't mix these up!
# runner.workspace = /home/runner/work/serenity
# github.workspace = /home/runner/work/serenity/serenity
SERENITY_SOURCE_DIR: ${{ github.workspace }}
CCACHE_DIR: ${{ github.workspace }}/.ccache
concurrency:
group: ${{ github.head_ref || format('{0}-{1}', github.ref, github.run_number) }}
cancel-in-progress: true
jobs:
build_and_test_serenity:
runs-on: ${{ matrix.os }}
if: github.repository == 'SerenityOS/serenity'
strategy:
fail-fast: false
matrix:
debug-options: ['ALL_DEBUG', 'NORMAL_DEBUG']
os: [ubuntu-22.04]
arch: ['x86_64', 'aarch64']
# If ccache is broken and you would like to bust the ccache cache on Github Actions, increment this:
ccache-mark: [0]
exclude:
# We currently manually disable the ALL_DEBUG build on AArch64 for sake of saving CI time, as it's not our main target.
- debug-options: 'ALL_DEBUG'
arch: 'aarch64'
steps:
# Pull requests can trail behind `master` and can cause breakage if merging before running the CI checks on an updated branch.
# Luckily, GitHub creates and maintains a merge branch that is updated whenever the target or source branch is modified. By
# checking this branch out, we gain a stabler `master` at the cost of reproducibility.
- uses: actions/checkout@v4
if: ${{ github.event_name != 'pull_request' }}
- uses: actions/checkout@v4
if: ${{ github.event_name == 'pull_request' }}
with:
ref: refs/pull/${{ github.event.pull_request.number }}/merge
# Set default Python to python 3.x, and set Python path such that pip install works properly
- uses: actions/setup-python@v5
with:
python-version: '3.x'
# === OS SETUP ===
# Do we need to update the package cache first?
# sudo apt-get update -qq
- name: "Install Ubuntu dependencies"
# These packages are already part of the ubuntu-22.04 image:
# cmake libgmp-dev npm shellcheck
# Packages below aren't.
run: |
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
sudo add-apt-repository 'deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-16 main'
sudo apt-get update
sudo apt-get install -y clang-format-16 ccache e2fsprogs gcc-12 g++-12 libstdc++-12-dev libmpfr-dev libmpc-dev ninja-build optipng qemu-utils qemu-system-i386 unzip generate-ninja libegl1-mesa-dev
if ${{ matrix.arch == 'aarch64' }}; then
# FIXME: Remove this when we no longer build our own Qemu binary.
sudo apt-get install libgtk-3-dev libpixman-1-dev libsdl2-dev libslirp-dev
fi
- name: Install JS dependencies
run: sudo npm install -g prettier@2.7.1
- name: Install Python dependencies
# The setup-python action set default python to python3.x. Note that we are not using system python here.
run: |
python -m pip install --upgrade pip
pip install flake8 requests
- name: Check versions
run: set +e; g++ --version; g++-12 --version; clang-format --version; clang-format-16 --version; prettier --version; python --version; python3 --version; ninja --version; flake8 --version; ccache --version; qemu-system-i386 --version; gn --version
# === PREPARE FOR BUILDING ===
- name: Lint (Phase 1/2)
run: ${{ github.workspace }}/Meta/lint-ci.sh
- name: Prepare useful stamps
id: stamps
shell: cmake -P {0}
run: |
string(TIMESTAMP current_date "%Y_%m_%d_%H_%M_%S" UTC)
# Output everything twice to make it visible both in the logs
# *and* as actual output variable, in this order.
message(" set-output name=time::${current_date}")
message("::set-output name=time::${current_date}")
message(" set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*.patch', 'Toolchain/Patches/gcc/*.patch', 'Toolchain/BuildGNU.sh') }}")
message("::set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*.patch', 'Toolchain/Patches/gcc/*.patch', 'Toolchain/BuildGNU.sh') }}")
- name: Toolchain cache
uses: actions/cache/restore@v4
id: toolchain-cache
with:
path: ${{ github.workspace }}/Toolchain/Local/${{ matrix.arch }}
# This assumes that *ALL* LibC and LibPthread headers have an impact on the Toolchain.
# This is wrong, and causes more Toolchain rebuilds than necessary.
# However, we want to avoid false cache hits at all costs.
key: ${{ runner.os }}-toolchain-${{ matrix.arch }}-${{ steps.stamps.outputs.libc_headers }}
- name: Build toolchain
if: ${{ !steps.toolchain-cache.outputs.cache-hit }}
run: ARCH="${{ matrix.arch }}" ${{ github.workspace }}/Toolchain/BuildGNU.sh
- name: Update toolchain cache
uses: actions/cache/save@v4
# Do not waste time and storage space by updating the toolchain cache from a PR,
# as it would be discarded after being merged anyway.
if: ${{ github.event_name != 'pull_request' && !steps.toolchain-cache.outputs.cache-hit }}
with:
path: ${{ github.workspace }}/Toolchain/Local/${{ matrix.arch }}
key: ${{ steps.toolchain-cache.outputs.cache-primary-key }}
# FIXME: Qemu currently needs a local patch for AArch64 testing. It is included in Qemu 8.1; remove this when upgrading!
- name: AArch64 Qemu cache
id: qemu-cache
uses: actions/cache/restore@v4
if: ${{ matrix.arch == 'aarch64' }}
with:
path: ${{ github.workspace }}/Toolchain/Local/qemu
key: ${{ runner.os }}-qemu-${{ hashFiles('Ports/qemu/version.sh', 'Toolchain/BuildQemu.sh') }}
- name: Build AArch64 Qemu
if: ${{ matrix.arch == 'aarch64' && !steps.qemu-cache.outputs.cache-hit }}
run: ${{ github.workspace }}/Toolchain/BuildQemu.sh
- name: Update AArch64 Qemu cache
uses: actions/cache/save@v4
if: ${{ github.event_name != 'pull_request' && matrix.arch == 'aarch64' && !steps.qemu-cache.outputs.cache-hit }}
with:
path: ${{ github.workspace }}/Toolchain/Local/qemu
key: ${{ steps.qemu-cache.outputs.cache-primary-key }}
- name: ccache(1) cache
# Pull the ccache *after* building the toolchain, in case building the Toolchain somehow interferes.
uses: actions/cache/restore@v4
id: ccache
with:
path: ${{ github.workspace }}/.ccache
# If you're here because ccache broke (it never should), increment matrix.ccache-mark.
# We want to always reuse the last cache, but upload a new one.
# This is achieved by using the "prefix-timestamp" format,
# and permitting the restore-key "prefix-" without specifying a timestamp.
# For this trick to work, the timestamp *must* come last, and it *must* be missing in 'restore-keys'.
key: ${{ runner.os }}-ccache-${{ matrix.arch }}-v${{ matrix.ccache-mark }}-D${{ matrix.debug-options }}-toolchain_${{steps.stamps.outputs.libc_headers}}-time${{ steps.stamps.outputs.time }}
restore-keys: |
${{ runner.os }}-ccache-${{ matrix.arch }}-v${{ matrix.ccache-mark }}-D${{ matrix.debug-options }}-toolchain_${{steps.stamps.outputs.libc_headers}}-
- name: Show ccache stats before build and configure
run: |
# We only have 5 GiB of cache available *in total*. Beyond that, GitHub deletes caches.
# Currently, we use about 130 MB for the toolchains (x86_64), and 2 ccache caches:
# One with ALL_DEBUG (x86_64), and one with NORMAL_DEBUG (x86_64).
# Therefore, using 1.6 GB or more per cache causes disaster.
# Building from scratch fills the ccache cache from 0 to about 0.7 GB, and after compression it comes out to
# about 0.25 GB, so 3 GB (1GB after compression) should be plenty, all while comfortably fitting in the cache.
ccache -M 3000M
ccache -s
- name: Create build directory
run: |
mkdir -p ${{ github.workspace }}/Build/${{ matrix.arch }}
mkdir -p ${{ github.workspace }}/Build/caches/TZDB
mkdir -p ${{ github.workspace }}/Build/caches/UCD
mkdir -p ${{ github.workspace }}/Build/caches/CLDR
- name: TimeZoneData cache
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/Build/caches/TZDB
key: TimeZoneData-${{ hashFiles('Meta/CMake/time_zone_data.cmake') }}
- name: UnicodeData cache
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/Build/caches/UCD
key: UnicodeData-${{ hashFiles('Meta/CMake/unicode_data.cmake') }}
- name: UnicodeLocale Cache
uses: actions/cache@v4
with:
path: ${{ github.workspace }}/Build/caches/CLDR
key: UnicodeLocale-${{ hashFiles('Meta/CMake/locale_data.cmake') }}
- name: Create build environment with extra debug options
# Build the entire project with all available debug options turned on, to prevent code rot.
# However, it is unwieldy and slow to run tests with them enabled, so we will build twice.
run: |
cmake -S Meta/CMake/Superbuild -B Build/superbuild -GNinja \
-DSERENITY_ARCH=${{ matrix.arch }} \
-DSERENITY_TOOLCHAIN=GNU \
-DBUILD_LAGOM=ON \
-DCMAKE_C_COMPILER=gcc-12 \
-DCMAKE_CXX_COMPILER=g++-12 \
-DENABLE_ALL_DEBUG_FACILITIES=ON \
-DENABLE_PCI_IDS_DOWNLOAD=OFF \
-DENABLE_USB_IDS_DOWNLOAD=OFF
if: ${{ matrix.debug-options == 'ALL_DEBUG' }}
- name: Create build environment
working-directory: ${{ github.workspace }}
# Note that we do not set BUILD_LAGOM for the normal debug build
# We build and run the Lagom tests in a separate job, and sanitizer builds take a good while longer than non-sanitized.
run: |
cmake -S Meta/CMake/Superbuild -B Build/superbuild -GNinja \
-DSERENITY_ARCH=${{ matrix.arch }} \
-DSERENITY_TOOLCHAIN=GNU \
-DCMAKE_C_COMPILER=gcc-12 \
-DCMAKE_CXX_COMPILER=g++-12 \
-DENABLE_UNDEFINED_SANITIZER=ON \
-DUNDEFINED_BEHAVIOR_IS_FATAL=ON \
-DDUMP_REGIONS_ON_CRASH=ON \
-DENABLE_PCI_IDS_DOWNLOAD=OFF \
-DENABLE_USB_IDS_DOWNLOAD=OFF
if: ${{ matrix.debug-options == 'NORMAL_DEBUG' }}
# === ACTUALLY BUILD ===
- name: Build Serenity and Tests
working-directory: ${{ github.workspace }}/Build/superbuild
run: cmake --build .
- name: Show ccache stats after build
run: ccache -s
- name: Update ccache(1) cache
uses: actions/cache/save@v4
if: ${{ github.event_name != 'pull_request' }}
with:
path: ${{ github.workspace }}/.ccache
key: ${{ steps.ccache.outputs.cache-primary-key }}
- name: Lint (Phase 2/2)
working-directory: ${{ github.workspace }}/Meta
env:
SERENITY_ARCH: ${{ matrix.arch }}
run: ./check-symbols.sh
- name: Create Serenity Rootfs
if: ${{ matrix.debug-options == 'NORMAL_DEBUG' }}
working-directory: ${{ github.workspace }}/Build/${{ matrix.arch }}
run: ninja install && ninja qemu-image
- name: Run On-Target Tests
if: ${{ matrix.debug-options == 'NORMAL_DEBUG' && matrix.arch != 'aarch64' }}
working-directory: ${{ github.workspace }}/Build/${{ matrix.arch }}
env:
SERENITY_QEMU_CPU: "max,vmx=off"
SERENITY_KERNEL_CMDLINE: "graphics_subsystem_mode=off panic=shutdown system_mode=self-test"
SERENITY_RUN: "ci"
run: |
echo "::group::ninja run # Qemu output"
ninja run
echo "::endgroup::"
echo "::group::Verify Output File"
mkdir fsmount
sudo mount -t ext2 -o loop,rw _disk_image fsmount
echo "Results: "
sudo cat fsmount/home/anon/test-results.log
if ! sudo grep -q "Failed: 0" fsmount/home/anon/test-results.log
then
echo "::error:: :^( Tests failed, failing job"
exit 1
fi
echo "::endgroup::"
timeout-minutes: 60
- name: Print Target Logs
# Extremely useful if Serenity hangs trying to run one of the tests
if: ${{ !cancelled() && matrix.debug-options == 'NORMAL_DEBUG'}}
working-directory: ${{ github.workspace }}/Build/${{ matrix.arch }}
run: '[ ! -e debug.log ] || cat debug.log'