Skip to content

Bump ossf/scorecard-action from 2.1.2 to 2.3.1 #138

Bump ossf/scorecard-action from 2.1.2 to 2.3.1

Bump ossf/scorecard-action from 2.1.2 to 2.3.1 #138

Workflow file for this run

# Some of the these steps are probably unnecessary on the GitHub runners.
# However, I'd like to be able to use the 'act' <https://github.com/nektos/act>
# tool to run the action locally.
#
# Instructions for using the Kitware APT repository were found at
# <https://apt.kitware.com>
name: KLEE Test
on:
push:
branches: [ "main" ]
pull_request:
# The branches below must be a subset of the branches above
branches: [ "main" ]
workflow_dispatch:
permissions:
contents: read
jobs:
klee:
runs-on: ubuntu-latest
container:
image: klee/klee:2.3
options: -u 0 --ulimit="stack=-1:-1"
steps:
- name: Harden Runner
uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0
with:
egress-policy: audit
- name: Get the Kitware APT repository signing key
run: |
wget -O - https://apt.kitware.com/keys/kitware-archive-latest.asc 2>/dev/null | gpg --dearmor - | sudo tee /usr/share/keyrings/kitware-archive-keyring.gpg >/dev/null
- name: Add Kitware repository
run: |
CODENAME=$(lsb_release -c | sed -n -e 's/Codename:[[:space:]]*//gp')
echo "deb [signed-by=/usr/share/keyrings/kitware-archive-keyring.gpg] https://apt.kitware.com/ubuntu/ $CODENAME main" | sudo tee /etc/apt/sources.list.d/kitware.list >/dev/null
sudo apt-get update
- name: Install the kitware-archive-keyring package
run: |
sudo rm /usr/share/keyrings/kitware-archive-keyring.gpg
sudo apt-get install kitware-archive-keyring
- name: Install cmake, Ninja, & libc++
run: |
sudo apt-get install -y cmake ninja-build
sudo apt-get install -y libc++-11-dev libc++abi-11-dev
- name: Upgrade git
run: |
sudo add-apt-repository -y ppa:git-core/ppa
sudo apt-get install -y git
- name: Checkout repository
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744 # v3.6.0
with:
submodules: 'True'
- name: Create the Build Environment
run: cmake -E make_directory "${{ github.workspace }}/build"
- name: Configure
run: |
cmake -G Ninja \
-B "${{ github.workspace }}/build" \
-S "$GITHUB_WORKSPACE" \
-D CMAKE_BUILD_TYPE=Release \
-D CMAKE_CXX_COMPILER=clang++-11 \
-D CMAKE_C_COMPILER=clang-11 \
-D PEEJAY_CXX17=Yes \
-D LIBCXX=Yes \
-D WERROR=Yes
- name: Build and Test
run: |
cmake --build "${{ github.workspace }}/build" --target klee-all
- name: Compress Test Outputs
run: |
tar czf ./kout.tgz "${{ github.workspace }}/build/klee/kout"
- name: Upload Test Outputs
uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
with:
name: kout.tgz
path: ./kout.tgz