Skip to content

Bump step-security/harden-runner from 2.10.1 to 2.10.2 #4118

Bump step-security/harden-runner from 2.10.1 to 2.10.2

Bump step-security/harden-runner from 2.10.1 to 2.10.2 #4118

Workflow file for this run

name: Build
on:
workflow_dispatch:
push:
branches:
- main
- release/*
pull_request:
branches:
- main
- release/*
concurrency:
# Cancel any workflow currently in progress for the same PR.
# Allow running concurrently with any other commits.
group: build-${{ github.event.pull_request.number || github.sha }}
cancel-in-progress: true
permissions: read-all
jobs:
build-windows:
name: WinUser
needs: []
strategy:
fail-fast: false
matrix:
config: ['Debug', 'Release']
plat: [windows, uwp] # TODO: Support gamecore_console
os: ['windows-2022']
arch: [x86, x64, arm64]
tls: [schannel, openssl, openssl3]
static: ['', '-Static']
exclude:
# OpenSSL doesn't support arm64
- tls: openssl
arch: arm64
# OpenSSL3 doesn't support arm64
- tls: openssl3
arch: arm64
# TODO: FIX: OpenSSL3 build fails with UWP
- plat: uwp
tls: openssl3
# TODO: FIX: Static builds fail with UWP
- plat: uwp
static: '-Static'
uses: ./.github/workflows/build-reuse-win.yml
with:
config: ${{ matrix.config }}
plat: ${{ matrix.plat }}
os: ${{ matrix.os }}
arch: ${{ matrix.arch }}
tls: ${{ matrix.tls }}
static: ${{ matrix.static }}
build-windows-kernel:
name: WinKernel
needs: []
strategy:
fail-fast: false
matrix:
config: ['Debug', 'Release']
plat: [winkernel]
os: ['windows-2022']
arch: [x64, arm64]
tls: [schannel]
uses: ./.github/workflows/build-reuse-winkernel.yml
with:
config: ${{ matrix.config }}
plat: ${{ matrix.plat }}
os: ${{ matrix.os }}
arch: ${{ matrix.arch }}
tls: ${{ matrix.tls }}
build-ubuntu-cross-compile:
name: UbuntuArm
needs: []
strategy:
fail-fast: false
matrix:
config: ['Debug', 'Release']
plat: [linux]
os: ['ubuntu-20.04', 'ubuntu-22.04', 'ubuntu-24.04']
arch: [arm, arm64]
tls: [openssl, openssl3]
static: ['', '-Static']
uses: ./.github/workflows/build-reuse-unix.yml
with:
config: ${{ matrix.config }}
plat: ${{ matrix.plat }}
os: ${{ matrix.os }}
arch: ${{ matrix.arch }}
tls: ${{ matrix.tls }}
static: ${{ matrix.static }}
build-ubuntu:
name: Ubuntu
needs: []
strategy:
fail-fast: false
matrix:
config: ['Debug', 'Release']
plat: [linux, android]
os: ['ubuntu-20.04', 'ubuntu-22.04', 'ubuntu-24.04']
arch: [x86, x64]
tls: [openssl, openssl3]
systemcrypto: ['', '-UseSystemOpenSSLCrypto']
static: ['', '-Static']
clang: ['', '-Clang']
codecheck: ['', '-CodeCheck']
xdp: ['', '-UseXdp']
exclude:
# Android doesn't support x86
- plat: android
arch: x86
# Android doesn't use system crypto
- plat: android
systemcrypto: '-UseSystemOpenSSLCrypto'
# TODO: android to support ubuntu-24.04
- plat: android
os: 'ubuntu-24.04'
# No openssl3 system crypto on ubuntu-20.04
- plat: linux
os: 'ubuntu-20.04'
tls: 'openssl3'
systemcrypto: '-UseSystemOpenSSLCrypto'
# No openssl system crypto on ubuntu-22.04
- plat: linux
os: 'ubuntu-22.04'
tls: 'openssl'
systemcrypto: '-UseSystemOpenSSLCrypto'
# No openssl system crypto on ubuntu-24.04
- plat: linux
os: 'ubuntu-24.04'
tls: 'openssl'
systemcrypto: '-UseSystemOpenSSLCrypto'
# linux xdp is for ubuntu24.04 only for now
- plat: android
xdp: "-UseXdp"
- os: 'ubuntu-20.04'
xdp: "-UseXdp"
- os: 'ubuntu-22.04'
xdp: "-UseXdp"
- arch: x86
xdp: "-UseXdp"
# Android doesn't use Clang
- plat: android
clang: '-Clang'
# Android doesn't use CodeCheck
- plat: android
codecheck: '-CodeCheck'
# No need to combine SystemCrypto and CodeCheck
- systemcrypto: '-UseSystemOpenSSLCrypto'
codecheck: '-CodeCheck'
# No need to combine Static and CodeCheck
- static: '-Static'
codecheck: '-CodeCheck'
# No need to combine Clang and CodeCheck
- clang: '-Clang'
codecheck: '-CodeCheck'
# Release builds fail with CodeCheck
- config: 'Release'
codecheck: '-CodeCheck'
# Static build can't dynamically link to libcrypto
- systemcrypto: '-UseSystemOpenSSLCrypto'
static: '-Static'
uses: ./.github/workflows/build-reuse-unix.yml
with:
config: ${{ matrix.config }}
plat: ${{ matrix.plat }}
os: ${{ matrix.os }}
arch: ${{ matrix.arch }}
tls: ${{ matrix.tls }}
systemcrypto: ${{ matrix.systemcrypto }}
static: ${{ matrix.static }}
clang: ${{ matrix.clang }}
codecheck: ${{ matrix.codecheck }}
xdp: ${{ matrix.xdp }}
build-darwin:
name: MacOs
needs: []
strategy:
fail-fast: false
matrix:
config: ['Debug', 'Release']
plat: [macos, ios]
os: ['macos-13']
arch: [x64, arm64]
tls: [openssl, openssl3]
static: ['', '-Static']
uses: ./.github/workflows/build-reuse-unix.yml
with:
config: ${{ matrix.config }}
plat: ${{ matrix.plat }}
os: ${{ matrix.os }}
arch: ${{ matrix.arch }}
tls: ${{ matrix.tls }}
static: ${{ matrix.static }}
build-nuget:
name: Build Nuget Package
needs: [build-windows]
strategy:
fail-fast: false
matrix:
vec: [
{ plat: "uwp", tls: "openssl", arg: "-UWP" },
{ plat: "windows", tls: "openssl" },
{ plat: "windows", tls: "schannel" },
]
runs-on: windows-2022
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
- name: Download Build Artifacts
uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
with:
name: Release-${{ matrix.vec.plat }}-windows-2022-x86-${{ matrix.vec.tls }}
path: artifacts
if_no_artifact_found: ignore
- name: Download Build Artifacts
uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
with:
name: Release-${{ matrix.vec.plat }}-windows-2022-x64-${{ matrix.vec.tls }}
path: artifacts
if_no_artifact_found: ignore
- name: Download Build Artifacts
uses: dawidd6/action-download-artifact@bf251b5aa9c2f7eeb574a96ee720e24f801b7c11
with:
name: Release-${{ matrix.vec.plat }}-windows-2022-arm64-${{ matrix.vec.tls }}
path: artifacts
if_no_artifact_found: ignore
- name: Build Package
shell: pwsh
run: scripts/package-nuget.ps1 -Tls ${{ matrix.vec.tls }} ${{ matrix.vec.arg }} -GHA
- name: Upload build artifacts
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882
with:
name: Nuget-Release-${{ matrix.vec.plat }}-windows-2022-arm64-${{ matrix.vec.tls }}
path: artifacts/dist/*.nupkg
Complete:
name: Build Complete
if: always()
needs: [build-windows, build-windows-kernel, build-ubuntu-cross-compile, build-ubuntu, build-darwin, build-nuget]
runs-on: ubuntu-latest
permissions: {} # No need for any permissions.
steps:
- name: Decide whether the needed jobs succeeded or failed
uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
with:
jobs: ${{ toJSON(needs) }}