From e6ec2df58d839d9b0e146ad169feeeda152e393d Mon Sep 17 00:00:00 2001 From: Owen Avery Date: Thu, 26 Jun 2025 14:22:07 -0400 Subject: [PATCH] ci: Update to ubuntu-24.04 This updates us from ubuntu-22.04 to ubuntu-24.04, removes some dead code, and ensures we compile without network access in more places. Note that the binary we're using for GCC 5.4 appears to require ubuntu-22.04 and that this leaves updating the bootstrap CI for another time. ChangeLog: * .github/log_expected_warnings: Adjust expected warnings. * .github/workflows/ccpp32alpine.yml: Update from ubuntu-22.04 to ubuntu-24.04, remove ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION, and use case-insensitive grep to filter warnings. * .github/workflows/ccpp.yml: Likewise, compile without network access in more places, and remove commented-out warnings check in asan builder. Signed-off-by: Owen Avery --- .github/log_expected_warnings | 4 +++ .github/workflows/ccpp.yml | 52 ++++++++++++++---------------- .github/workflows/ccpp32alpine.yml | 7 ++-- 3 files changed, 31 insertions(+), 32 deletions(-) diff --git a/.github/log_expected_warnings b/.github/log_expected_warnings index e69de29bb2d1..b5d4565de382 100644 --- a/.github/log_expected_warnings +++ b/.github/log_expected_warnings @@ -0,0 +1,4 @@ +/usr/include/c++/13/bits/new_allocator.h:172:33: warning: ‘*(std::_Vector_base >*)((char*)&saved + offsetof(Rust::BIR::PatternBindingBuilder::SavedState, Rust::BIR::PatternBindingBuilder::SavedState::regions.tl::optional::.tl::detail::optional_move_assign_base::.tl::detail::optional_copy_assign_base::.tl::detail::optional_move_base::.tl::detail::optional_copy_base::.tl::detail::optional_operations_base::.tl::detail::optional_storage_base::)).std::_Vector_base >::_M_impl.std::_Vector_base >::_Vector_impl::.std::_Vector_base >::_Vector_impl_data::_M_start’ may be used uninitialized [-Wmaybe-uninitialized] +/usr/include/c++/13/bits/stl_vector.h:370:49: warning: ‘*(std::_Vector_base >*)((char*)&saved + offsetof(Rust::BIR::PatternBindingBuilder::SavedState, Rust::BIR::PatternBindingBuilder::SavedState::regions.tl::optional::.tl::detail::optional_move_assign_base::.tl::detail::optional_copy_assign_base::.tl::detail::optional_move_base::.tl::detail::optional_copy_base::.tl::detail::optional_operations_base::.tl::detail::optional_storage_base::)).std::_Vector_base >::_M_impl.std::_Vector_base >::_Vector_impl::.std::_Vector_base >::_Vector_impl_data::_M_end_of_storage’ may be used uninitialized [-Wmaybe-uninitialized] +/usr/include/c++/13/bits/stl_vector.h:370:49: warning: ‘*(std::_Vector_base >*)((char*)&saved + offsetof(Rust::BIR::PatternBindingBuilder::SavedState, Rust::BIR::PatternBindingBuilder::SavedState::regions.tl::optional::.tl::detail::optional_move_assign_base::.tl::detail::optional_copy_assign_base::.tl::detail::optional_move_base::.tl::detail::optional_copy_base::.tl::detail::optional_operations_base::.tl::detail::optional_storage_base::)).std::_Vector_base >::_M_impl.std::_Vector_base >::_Vector_impl::.std::_Vector_base >::_Vector_impl_data::_M_end_of_storage’ may be used uninitialized [-Wmaybe-uninitialized] +/usr/include/c++/13/bits/stl_vector.h:370:49: warning: ‘*(std::_Vector_base >*)((char*)&saved + offsetof(Rust::BIR::PatternBindingBuilder::SavedState, Rust::BIR::PatternBindingBuilder::SavedState::regions.tl::optional::.tl::detail::optional_move_assign_base::.tl::detail::optional_copy_assign_base::.tl::detail::optional_move_base::.tl::detail::optional_copy_base::.tl::detail::optional_operations_base::.tl::detail::optional_storage_base::)).std::_Vector_base >::_M_impl.std::_Vector_base >::_Vector_impl::.std::_Vector_base >::_Vector_impl_data::_M_start’ may be used uninitialized [-Wmaybe-uninitialized] diff --git a/.github/workflows/ccpp.yml b/.github/workflows/ccpp.yml index 6d110a7a5cec..c5cbc92bcbba 100644 --- a/.github/workflows/ccpp.yml +++ b/.github/workflows/ccpp.yml @@ -9,9 +9,6 @@ on: branches: [ master ] merge_group: -env: - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - jobs: build-and-check-ubuntu-64bit: @@ -19,7 +16,7 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -41,6 +38,8 @@ jobs: gcc-multilib \ g++-multilib \ dejagnu; + # enable unshare + sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -68,7 +67,7 @@ jobs: - name: Check for new warnings run: | cd gccrs-build - < log grep 'warning: ' | grep rust | sort > log_warnings + < log grep 'warning: ' | grep -i rust | sort > log_warnings if diff -U0 ../.github/log_expected_warnings log_warnings; then : else @@ -104,7 +103,7 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -126,6 +125,8 @@ jobs: gcc-multilib \ g++-multilib \ dejagnu; + # enable unshare + sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -148,12 +149,13 @@ jobs: cd gccrs-build; \ # Add cargo to our path quickly . "$HOME/.cargo/env"; - make -Otarget -j $(nproc) 2>&1 | tee log + # Build without network access + unshare --net --ipc -r /bin/bash -c "make -Otarget -j $(nproc) 2>&1 | tee log ; exit \${PIPESTATUS[0]}" - name: Check for new warnings run: | cd gccrs-build - < log grep 'warning: ' | grep rust | sort > log_warnings + < log grep 'warning: ' | grep -i rust | sort > log_warnings if diff -U0 ../.github/glibcxx_ubuntu64b_log_expected_warnings log_warnings; then : else @@ -189,7 +191,7 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -211,6 +213,8 @@ jobs: gcc-multilib \ g++-multilib \ dejagnu; + # enable unshare + sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -232,12 +236,13 @@ jobs: cd gccrs-build; \ # Add cargo to our path quickly . "$HOME/.cargo/env"; - make -Otarget -j $(nproc) 2>&1 | tee log + # Build without network access + unshare --net --ipc -r /bin/bash -c "make -Otarget -j $(nproc) 2>&1 | tee log ; exit \${PIPESTATUS[0]}" - name: Check for new warnings run: | cd gccrs-build - < log grep 'warning: ' | grep rust | sort > log_warnings + < log grep 'warning: ' | grep -i rust | sort > log_warnings if diff -U0 ../.github/log_expected_warnings log_warnings; then : else @@ -294,6 +299,8 @@ jobs: libmpc-dev \ build-essential \ dejagnu; + # enable unshare + sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -341,8 +348,8 @@ jobs: run: | # Add cargo to our path quickly . "$HOME/.cargo/env"; - PATH=$HOME/gcc-5.4.0/bin:$PATH \ - make -C gccrs-build -j $(nproc) + # Build without network access + PATH="$HOME/gcc-5.4.0/bin:$PATH" unshare --net --ipc -r /bin/bash -c "make -C gccrs-build -j $(nproc) ; exit \${PIPESTATUS[0]}" - name: Run Tests run: | @@ -435,7 +442,7 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -457,6 +464,8 @@ jobs: gcc-multilib \ g++-multilib \ dejagnu; + # enable unshare + sudo sysctl -w kernel.apparmor_restrict_unprivileged_userns=0 # install Rust directly using rustup curl --proto '=https' --tlsv1.2 -sSf https://sh.rustup.rs | sh -s -- -y --default-toolchain=1.72.0; @@ -479,19 +488,8 @@ jobs: cd gccrs-build; \ # Add cargo to our path quickly . "$HOME/.cargo/env"; - make -Otarget -j $(nproc) 2>&1 | tee log - -# Skip warnings check -# - name: Check for new warnings -# run: | -# cd gccrs-build -# < log grep 'warning: ' | sort > log_warnings -# if diff -U0 ../.github/log_expected_warnings log_warnings; then -# : -# else -# echo 'See .' -# exit 1 -# fi >&2 + # Build without network access + unshare --net --ipc -r /bin/bash -c "make -Otarget -j $(nproc) 2>&1 | tee log ; exit \${PIPESTATUS[0]}" - name: Run Tests run: | diff --git a/.github/workflows/ccpp32alpine.yml b/.github/workflows/ccpp32alpine.yml index 5eb0c230df23..ad0751c9ed32 100644 --- a/.github/workflows/ccpp32alpine.yml +++ b/.github/workflows/ccpp32alpine.yml @@ -9,9 +9,6 @@ on: branches: [ master ] merge_group: -env: - ACTIONS_ALLOW_USE_UNSECURE_NODE_VERSION: true - jobs: build-alpine-32bit-and-check-alpine-32bit: @@ -19,7 +16,7 @@ jobs: # Force locale, in particular for reproducible results re '.github/log_expected_warnings' (see below). LC_ALL: C.UTF-8 - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@v4 @@ -81,7 +78,7 @@ jobs: run: | cd gccrs-build # grep exits with 1 if it doesn't find at least one match - < log grep 'warning: ' | ../.github/safe-grep rust | sort > log_warnings + < log grep 'warning: ' | ../.github/safe-grep -i rust | sort > log_warnings cat log_warnings shell: alpine.sh {0} - name: Archive warnings logs