Merge pull request #3711 from stgraber/master

.github/workflows/build.yml

+name: Test build
+on:
+  - push
+  - pull_request
+
+jobs:
+  test:
+    strategy:
+      fail-fast: false
+      matrix:
+        compiler:
+          - gcc
+          - clang
+        os:
+          - ubuntu-16.04
+          - ubuntu-18.04
+          - ubuntu-20.04
+        exclude:
+          - os: ubuntu-16.04
+            compiler: gcc
+    runs-on: ${{ matrix.os }}
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -qq gcc clang
+          sudo apt-get install -qq libapparmor-dev libcap-dev libseccomp-dev libselinux1-dev linux-libc-dev docbook2x
+
+      - name: Compiler version
+        env:
+          CC: ${{ matrix.compiler }}
+        run: |
+          ${CC} --version
+
+      - name: Build
+        env:
+          CC: ${{ matrix.compiler }}
+        run: |
+          # Configure
+          export CFLAGS="-Wall -Werror"
+          export LDFLAGS="-pthread -lpthread"
+          ./autogen.sh
+
+          BUILD="$(pwd)/build"
+          mkdir -p "${BUILD}"
+          cd "${BUILD}"
+          if [ "${{ matrix.compiler }}" = "gcc" ]; then
+            ../configure --enable-tests --enable-ubsan --with-distro=unknown
+          else
+            ../configure --enable-tests --with-distro=unknown
+          fi
+
+          # Build
+          make -j4
+          make DESTDIR="${BUILD}/install" install

.github/workflows/coverity.yml

+name: Coverity
+on:
+  - push:
+      branches:
+        - master
+
+jobs:
+  test:
+    runs-on: ubuntu-latest
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Download Coverity Build Tool
+        run: |
+          wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=lxc/lxc" -O cov-analysis-linux64.tar.gz
+          mkdir cov-analysis-linux64
+          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -qq gcc clang
+          sudo apt-get install -qq libapparmor-dev libcap-dev libseccomp-dev libselinux1-dev linux-libc-dev docbook2x
+
+      - name: Run coverity
+        run: |
+          # Configure
+          export PATH="$(pwd)/cov-analysis-linux64/bin:${PATH}"
+          export CFLAGS="-Wall -Werror"
+          export LDFLAGS="-pthread -lpthread"
+          ./autogen.sh
+
+          BUILD="$(pwd)/build"
+          mkdir -p "${BUILD}"
+          cd "${BUILD}"
+
+          ../configure --enable-coverity-build --enable-tests --with-distro=unknown --disable-rpath --enable-tests --enable-memfd-rexec --enable-seccomp --enable-static --enable-werror
+
+          # Build
+          cov-build --dir cov-int make -j4
+          tar czvf lxc.tgz cov-int
+
+          # Submit the results
+          curl \
+            --form project=lxc/lxc \
+            --form token=${TOKEN} \
+            --form email=lxc-devel@lists.linuxcontainers.org \
+            --form file=@lxc.tgz \
+            --form version=master \
+            --form description="${GITHUB_SHA}" \
+            https://scan.coverity.com/builds?project=lxc/lxc
+        env:
+          TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}

.github/workflows/static-analysis.yml

+name: Static analysis
+on:
+  - push
+  - pull_request
+
+jobs:
+  test:
+    runs-on: ubuntu-18.04
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v2
+
+      - name: Install dependencies
+        run: |
+          sudo apt-get update -qq
+          sudo apt-get install -qq coccinelle
+
+      - name: Confirm coccinelle output is clean
+        run: |
+          ./coccinelle/run-coccinelle.sh -i
+          git diff --exit-code
+
+      - name: Confirm apparmor profile is up to date
+        run: |
+          cd config/apparmor/
+          ./lxc-generate-aa-rules.py container-rules.base > container-rules
+          git diff --exit-code

.travis.yml

-dist: bionic
-sudo: required
-language: c
-
-compiler:
- - gcc
- - clang
-
-arch:
- - amd64
- - arm64
- - ppc64le
- - s390x
-
-before_install:
- - sudo add-apt-repository ppa:ubuntu-lxc/daily -y
- - sudo apt-get update -qq
- - sudo apt-get install -qq coccinelle parallel libapparmor-dev libcap-dev libseccomp-dev python3-dev python3-setuptools docbook2x libselinux1-dev linux-libc-dev
-script: src/tests/travis.sh
-notifications:
-  email:
-    recipients:
-      - lxc-devel@lists.linuxcontainers.org
-  webhooks: https://linuxcontainers.org/webhook-lxcbot/
-
-env:
- global:
-   - secure: "HlNoguS2Sjyj7Mbb644wrHZqdp/p7I7gX00XoUzLRcFosmVdYpHo6Ix8pt9ddC5tDfX05pl5x8OBwrccY+picb9NDNCt7C5TlNcuyyDROnMJW5q33j4EZRI91sBQdmn2uorMzi/CnHEtvUw20+sjBOqIqvpnUV2SMaZiWGC1Eec="
-
-addons:
-  coverity_scan:
-    build_script_url: https://dl.stgraber.org/coverity_travis.sh
-    project:
-      name: lxc/lxc
-      description: "LXC - Linux Containers https://linuxcontainers.org/lxc"
-
-    # Where email notification of build analysis results will be sent
-    notification_email: christian.brauner@ubuntu.com
-
-    build_command_prepend: "./autogen.sh && mkdir build && cd build && ../configure --enable-coverity-build --enable-tests --with-distro=unknown --disable-rpath --enable-tests --enable-memfd-rexec --enable-seccomp --enable-static --enable-werror"
-    build_command: "make -j4"
-    branch_pattern: master

src/tests/Makefile.am

@@ -788,8 +788,7 @@ EXTRA_DIST = basic.c \
 	     snapshot.c \
 	     startone.c \
 	     state_server.c \
-	     share_ns.c \
-	     travis.sh
+	     share_ns.c
 
 clean-local:
 	rm -f lxc-test-utils-*

src/tests/travis.sh

-#! /bin/bash
-
-set -e
-
-./coccinelle/run-coccinelle.sh -i
-git diff --exit-code
-export CFLAGS="-Wall -Werror"
-export LDFLAGS="-pthread -lpthread"
-./autogen.sh
-rm -Rf build
-mkdir build
-cd build
-if [ "$CC_FOR_BUILD" == "gcc" ]; then
-  ../configure --enable-tests --enable-ubsan --with-distro=unknown
-else
-  ../configure --enable-tests --with-distro=unknown
-fi
-make -j4
-make DESTDIR="$TRAVIS_BUILD_DIR"/install install
-cd ../config/apparmor
-./lxc-generate-aa-rules.py container-rules.base > /tmp/output
-diff /tmp/output container-rules