Skip to content
This repository has been archived by the owner on Jul 8, 2024. It is now read-only.

Add CodeQL to CI

Add CodeQL to CI #398

Workflow file for this run

name: CI
on: [push, pull_request]
jobs:
compile:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os:
- 'ubuntu-20.04'
- 'ubuntu-latest'
steps:
- uses: actions/checkout@v3
- name: Install dependencies
run: |
sudo apt-get update -q
sudo apt-get install -y build-essential autoconf automake autoconf-archive libjson-c-dev libglib2.0-dev flex bison libtool cmake clang ca-certificates libunwind-dev clang-tools
sudo update-ca-certificates
- name: Setup ld
run: |
echo "$PWD/install/lib" | sudo tee -a /etc/ld.so.conf.d/kfx.conf
- name: Install capstone
run: |
export INSTALLDIR="$PWD/install"
git submodule update --init capstone
tar czvf capstone.tar.gz capstone
mkdir -p capstone/build
cd capstone/build
cmake -DCMAKE_INSTALL_PREFIX=$INSTALLDIR ..
make -j2
make install
cd ..
rm -rf build
mkdir build
cd build
cmake ..
make -j2
sudo make install
sudo ldconfig
cd ..
rm -rf build
- name: Get Xen hash
id: xen-hash
run: |
hash=$(git submodule | grep xen | awk '{print $1}')
echo hash=$hash >> $GITHUB_OUTPUT
- uses: actions/cache@v3
id: xen-cache
with:
path: ~/saved-xen
key: ${{matrix.os }}-${{ steps.xen-hash.outputs.hash }}
- name: Compile Xen
if: steps.xen-cache.outputs.cache-hit != 'true'
run: |
mkdir -p ~/saved-xen
git submodule update --init xen
sudo apt-get install -y libfdt-dev libpixman-1-dev libssl-dev tightvncserver x11vnc uuid-runtime uuid-dev python3-dev liblzma-dev
sudo apt-get install -y libc6-dev wget bcc bin86 gawk libpixman-1-dev libaio-dev libfdt-dev nasm
sudo apt-get install -y libfuse-dev liblzma-dev libsystemd-dev gettext libyajl-dev iasl libbz2-dev e2fslibs-dev ocaml gcc-multilib libpci-dev
sudo apt-get install -y texinfo texlive-latex-base texlive-latex-recommended texlive-fonts-extra texlive-fonts-recommended
sudo apt-get install -y markdown pandoc transfig tgif fig2dev ninja-build
sudo ln -s /usr/include/x86_64-linux-gnu/pci /usr/include/pci
cd xen
echo CONFIG_EXPERT=y > xen/.config
echo CONFIG_MEM_SHARING=y >> xen/.config
./configure --disable-pvshim --disable-stubdom --enable-systemd --enable-githttp
make -C xen olddefconfig
make -j2 dist-xen
make -j2 dist-tools
mkdir -p dist/install/etc/ld.so.conf.d
cp tools/misc/xen-vmtrace dist/install/usr/local/sbin
echo "/usr/local/lib" > dist/install/etc/ld.so.conf.d/xen.conf
make -j2 debball
mkdir -p ~/saved-xen
mv dist/*.deb ~/saved-xen
cd ..
- name: Install Xen
run: sudo dpkg -i ~/saved-xen/*.deb
- name: Compile and install LibVMI
run: |
export INSTALLDIR="$PWD/install"
git submodule update --init libvmi
tar czvf libvmi.tar.gz libvmi
cd libvmi
autoreconf -vif
./configure --disable-kvm --disable-file --disable-bareflank --disable-vmifs --prefix=$INSTALLDIR
make -j2
make install
rm $INSTALLDIR/lib/libvmi.la || :
sudo ldconfig
cd ..
- name: Checkout libxdc
run: |
git submodule update --init libxdc
tar czvf libxdc.tar.gz libxdc
- name: Compile kfx
run: |
export INSTALLDIR="$PWD/install"
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$INSTALLDIR/lib/
export PKG_CONFIG_PATH="$INSTALLDIR/lib/pkgconfig/"
export LDFLAGS="-L$INSTALLDIR/lib"
export CFLAGS="-I$INSTALLDIR/include"
autoreconf -vif
./configure --prefix=$INSTALLDIR
make -j2
make install
- name: Scan build
run: |
export INSTALLDIR="$PWD/install"
export LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$INSTALLDIR/lib/
export PKG_CONFIG_PATH="$INSTALLDIR/lib/pkgconfig/"
export LDFLAGS="-L$INSTALLDIR/lib"
export CFLAGS="-I$INSTALLDIR/include"
make clean
cd libxdc
make
sudo make install
cd ..
git submodule deinit -f libxdc
scan-build --status-bugs -analyze-headers ./configure
scan-build --status-bugs -analyze-headers make
- name: Install dwarf2json
if: github.ref == 'refs/heads/master'
run: |
export INSTALLDIR="$PWD/install"
git submodule update --init dwarf2json
tar czvf dwarf2json.tar.gz dwarf2json
cd dwarf2json
go build
cp dwarf2json $INSTALLDIR/bin
- name: Patch and install AFL
if: github.ref == 'refs/heads/master'
run: |
export DESTDIR="$PWD/install/afl"
git submodule update --init AFL
tar czvf afl.tar.gz AFL
cd AFL
patch -p1 < ../patches/0001-AFL-Xen-mode.patch
make
make PREFIX="" install
- name: Install AFLplusplus
if: github.ref == 'refs/heads/master'
run: |
export DESTDIR="$PWD/install/aflplusplus"
export CC=clang
git clone https://github.com/aflplusplus/aflplusplus
tar czvf aflplusplus.tar.gz aflplusplus
cd aflplusplus
make
make PREFIX="" install
- name: Create archives
id: archive
if: github.ref == 'refs/heads/master'
run: |
tag=$(git describe --always)
echo tag=$tag >> $GITHUB_OUTPUT
wget https://downloads.xenproject.org/release/xen/4.17.1/xen-4.17.1.tar.gz
tar czvf source.${{ matrix.os }}.tar.gz $PWD/*.tar.gz
SAVEDIR="$PWD/save"
mkdir -p $SAVEDIR
mv $PWD/install/* $SAVEDIR
cp ~/saved-xen/*.deb $SAVEDIR
cd $SAVEDIR
tar czvf kfx.tar.gz lib bin include afl aflplusplus *.deb
mv kfx.tar.gz ../kfx.${{ matrix.os }}.tar.gz
cd ..
ls -la
- uses: actions/upload-artifact@v3
with:
name: kfx-${{ matrix.os }}
path: |
kfx.*.tar.gz
source.*.tar.gz
- name: Perform CodeQL Analysis
if: ${{ matrix.os }} == 'ubuntu-latest'
uses: github/codeql-action/analyze@v3
with:
category: "/language:c"