apache/maven-mvnd
1
0
Fork 0
mirror of https://github.com/apache/maven-mvnd.git synced 2025-10-14 14:10:52 +00:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity
Files
99a5cfba7fc7b5b58e0991a8996e835b9a95b244
maven-mvnd/.github/workflows/release.yaml
James Z.M. Gao 99a5cfba7f native image: hardening csu for old glibc (#827) 
Workround of return-to-csu problem for old glibc, use non-initialized
static variables instead of the stack ones. See workround 2 of
https://i.blackhat.com/briefings/asia/2018/asia-18-Marco-return-to-csu-a-new-method-to-bypass-the-64-bit-Linux-ASLR-wp.pdf
2023-04-06 10:57:51 +02:00

325 lines
13 KiB
YAML
Raw Blame History

#
# Copyright (c) 2017 Angelo Zerr and other contributors as
# indicated by the @author tags.
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
#
name: Release
on:
# manual trigger
workflow_dispatch:
# build on new tags
push:
tags:
- '*'
env:
GRAALVM_VERSION: '22.3.1'
JAVA_VERSION: '17'
jobs:
build:
name: 'Build with Graal on ${{ matrix.os }}'
strategy:
fail-fast: true
matrix:
os: [ ubuntu-22.04, macOS-10.15, windows-2019 ]
runs-on: ${{ matrix.os }}
steps:
- name: 'Check out repository'
uses: actions/checkout@v3
- name: 'Set vars'
shell: bash
run: |
OS=$(echo '${{ runner.os }}' | awk '{print tolower($0)}')
[[ $OS == 'ubuntu' ]] && echo "OS=linux" >> $GITHUB_ENV || echo "OS=$OS" >> $GITHUB_ENV
[[ $OS == 'macos' ]] && echo "OS=darwin" >> $GITHUB_ENV || echo "OS=$OS" >> $GITHUB_ENV
echo "VERSION=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
- name: 'Set up Graal'
uses: graalvm/setup-graalvm@v1
with:
version: ${{ env.GRAALVM_VERSION }}
java-version: ${{ env.JAVA_VERSION }}
components: 'native-image'
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Maven clean'
run: ./mvnw clean -Dmrm=false -B -ntp -e
- name: 'Patch Graal libs for only requiring glibc 2.12'
if: ${{ env.OS == 'linux' }}
shell: bash
run: |
mkdir -p client/target/graalvm-libs-for-glibc-2.12
: patch common libraries
( find "$GRAALVM_HOME/lib/static/linux-amd64/glibc" -name '*.a'
ls -1 /lib/x86_64-linux-gnu/libz.a
ls -1 "$GRAALVM_HOME/lib/svm/clibraries/linux-amd64/libjvm.a"
ls -1 "$GRAALVM_HOME/lib/svm/clibraries/linux-amd64/liblibchelper.a"
) | while IFS= read -r input; do
output="client/target/graalvm-libs-for-glibc-2.12/$(basename -- "$input")"
objcopy --redefine-syms=client/src/main/resources/glibc/glibc.redef -- "$input" "$output" 2>/dev/null
done
: patch gcc startfile
gcc -O3 -Os -Wall -Wextra -Werror -Wconversion -Wsign-conversion -Wcast-qual -pedantic -c -o client/target/dynamic-libc-start.o client/src/main/resources/glibc/dynamic-libc-start.c
ld -r /lib/x86_64-linux-gnu/Scrt1.o client/target/dynamic-libc-start.o -o client/target/graalvm-libs-for-glibc-2.12/Scrt1.o
objcopy --redefine-syms=client/src/main/resources/glibc/glibc.redef client/target/graalvm-libs-for-glibc-2.12/Scrt1.o 2>/dev/null
- name: 'Build native distribution'
run: ./mvnw verify -Pnative -Dmrm=false -B -ntp -e -DskipTests -s .mvn/release-settings.xml
- name: 'Verify native binary for only requiring glibc 2.12'
if: ${{ env.OS == 'linux' }}
shell: bash
run: |
(( 4 == "$(ldd client/target/mvnd | awk '{print $1}' | sort -u | grep -c 'lib\(c\|dl\|rt\|pthread\)\.so\.[0-9]')" )) || ( ldd client/target/mvnd && false )
err=0
objdump -T client/target/mvnd | grep GLIBC_ | grep -v 'GLIBC_\([01]\|2\.[0-9]\|2\.1[012]\)[^0-9]' || err=$?
(( err == 1 ))
- name: 'Upload artifact'
uses: actions/upload-artifact@v3
with:
name: artifacts
path: |
dist-m39/target/maven-mvnd-*.zip
dist-m39/target/maven-mvnd-*.tar.gz
dist-m40/target/maven-mvnd-*.zip
dist-m40/target/maven-mvnd-*.tar.gz
source:
name: 'Build source distributions'
runs-on: ubuntu-22.04
steps:
- name: 'Check out repository'
uses: actions/checkout@v3
- name: 'Set vars'
shell: bash
run: |
OS=$(echo '${{ runner.os }}' | awk '{print tolower($0)}')
[[ $OS == 'ubuntu' ]] && echo "OS=linux" >> $GITHUB_ENV || echo "OS=$OS" >> $GITHUB_ENV
[[ $OS == 'macos' ]] && echo "OS=darwin" >> $GITHUB_ENV || echo "OS=$OS" >> $GITHUB_ENV
echo "VERSION=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
- name: 'Set up Graal'
uses: graalvm/setup-graalvm@v1
with:
version: ${{ env.GRAALVM_VERSION }}
java-version: ${{ env.JAVA_VERSION }}
components: 'native-image'
github-token: ${{ secrets.GITHUB_TOKEN }}
- name: 'Build source distribution'
run: ./mvnw clean verify -Psource-distribution -N -B -ntp -e
- name: 'Upload artifact'
uses: actions/upload-artifact@v3
with:
name: artifacts
path: |
target/maven-mvnd-*.zip
target/maven-mvnd-*.tar.gz
release:
runs-on: ubuntu-22.04
needs: [build, source]
steps:
- name: 'Check out repository'
uses: actions/checkout@v3
with:
fetch-depth: 0
- name: 'Download all build artifacts'
uses: actions/download-artifact@v3
- name: 'Set up Java'
uses: actions/setup-java@v3
with:
java-version: ${{ env.JAVA_VERSION }}
distribution: 'zulu'
- name: 'Cache Maven packages'
uses: actions/cache@v3
with:
path: ~/.m2
key: ${{ runner.os }}-m2-${{ hashFiles('**/pom.xml') }}
restore-keys: ${{ runner.os }}-m2
- name: ls -R
run: ls -R
- name: Set environment
run: |
echo "VERSION=$(./mvnw help:evaluate -Dexpression=project.version -q -DforceStdout)" >> $GITHUB_ENV
- name: Create Release
id: create_release
uses: actions/create-release@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
tag_name: ${{ env.VERSION }}
release_name: ${{ env.VERSION }}
draft: true
prerelease: false
- name: Deploy maven-mvnd-src.zip
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/maven-mvnd-${{ env.VERSION }}-src.zip
asset_name: maven-mvnd-${{ env.VERSION }}-src.zip
asset_content_type: application/zip
- name: Deploy maven-mvnd-src.tar.gz
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/maven-mvnd-${{ env.VERSION }}-src.tar.gz
asset_name: maven-mvnd-${{ env.VERSION }}-src.tar.gz
asset_content_type: application/tar.gz
- name: Deploy maven-mvnd-m39-linux-amd64.zip
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m39/target/maven-mvnd-${{ env.VERSION }}-m39-linux-amd64.zip
asset_name: maven-mvnd-${{ env.VERSION }}-m39-linux-amd64.zip
asset_content_type: application/zip
- name: Deploy maven-mvnd-m39-linux-amd64.tar.gz
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m39/target/maven-mvnd-${{ env.VERSION }}-m39-linux-amd64.tar.gz
asset_name: maven-mvnd-${{ env.VERSION }}-m39-linux-amd64.tar.gz
asset_content_type: application/x-gzip
- name: Deploy maven-mvnd-m39-darwin-amd64.zip
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m39/target/maven-mvnd-${{ env.VERSION }}-m39-darwin-amd64.zip
asset_name: maven-mvnd-${{ env.VERSION }}-m39-darwin-amd64.zip
asset_content_type: application/zip
- name: Deploy maven-mvnd-m39-darwin-amd64.tar.gz
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m39/target/maven-mvnd-${{ env.VERSION }}-m39-darwin-amd64.tar.gz
asset_name: maven-mvnd-${{ env.VERSION }}-m39-darwin-amd64.tar.gz
asset_content_type: application/x-gzip
- name: Deploy maven-mvnd-m39-windows-amd64.zip
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m39/target/maven-mvnd-${{ env.VERSION }}-m39-windows-amd64.zip
asset_name: maven-mvnd-${{ env.VERSION }}-m39-windows-amd64.zip
asset_content_type: application/zip
- name: Deploy maven-mvnd-m39-windows-amd64.tar.gz
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m39/target/maven-mvnd-${{ env.VERSION }}-m39-windows-amd64.tar.gz
asset_name: maven-mvnd-${{ env.VERSION }}-m39-windows-amd64.tar.gz
asset_content_type: application/x-gzip
- name: Deploy maven-mvnd-m40-linux-amd64.zip
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m40/target/maven-mvnd-${{ env.VERSION }}-m40-linux-amd64.zip
asset_name: maven-mvnd-${{ env.VERSION }}-m40-linux-amd64.zip
asset_content_type: application/zip
- name: Deploy maven-mvnd-m40-linux-amd64.tar.gz
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m40/target/maven-mvnd-${{ env.VERSION }}-m40-linux-amd64.tar.gz
asset_name: maven-mvnd-${{ env.VERSION }}-m40-linux-amd64.tar.gz
asset_content_type: application/x-gzip
- name: Deploy maven-mvnd-m40-darwin-amd64.zip
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m40/target/maven-mvnd-${{ env.VERSION }}-m40-darwin-amd64.zip
asset_name: maven-mvnd-${{ env.VERSION }}-m40-darwin-amd64.zip
asset_content_type: application/zip
- name: Deploy maven-mvnd-m40-darwin-amd64.tar.gz
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m40/target/maven-mvnd-${{ env.VERSION }}-m40-darwin-amd64.tar.gz
asset_name: maven-mvnd-${{ env.VERSION }}-m40-darwin-amd64.tar.gz
asset_content_type: application/x-gzip
- name: Deploy maven-mvnd-m40-windows-amd64.zip
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m40/target/maven-mvnd-${{ env.VERSION }}-m40-windows-amd64.zip
asset_name: maven-mvnd-${{ env.VERSION }}-m40-windows-amd64.zip
asset_content_type: application/zip
- name: Deploy maven-mvnd-m40-windows-amd64.tar.gz
uses: actions/upload-release-asset@v1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
upload_url: ${{ steps.create_release.outputs.upload_url }}
asset_path: artifacts/dist-m40/target/maven-mvnd-${{ env.VERSION }}-m40-windows-amd64.tar.gz
asset_name: maven-mvnd-${{ env.VERSION }}-m40-windows-amd64.tar.gz
asset_content_type: application/x-gzip
Reference in New Issue View Git Blame Copy Permalink