system/systemd
system/systemd
1
0
Fork 0
mirror of https://github.com/systemd/systemd synced 2024-07-22 02:34:54 +00:00
Code Issues Actions 5 Packages Projects Releases Wiki Activity

ci: Do not run build test as root

Browse source 
Although, this is CI, we can still do better. It also ensures that any
env var changes make it into the script, as things like PATH would not
survive a `sudo -E`.
This commit is contained in:
Jan Janssen 2023-09-05 12:07:01 +02:00
parent ce2c01789c
commit 690db0c80f
2 changed files with 11 additions and 10 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

19
.github/workflows/build_test.sh vendored
View file

@ -80,9 +80,10 @@ if [[ "$COMPILER" == clang ]]; then
if ! apt-get -y install --dry-run "llvm-$COMPILER_VERSION" >/dev/null; then
# Latest LLVM stack deb packages provided by https://apt.llvm.org/
# Following snippet was partly borrowed from https://apt.llvm.org/llvm.sh
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
printf "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/%s/ llvm-toolchain-%s-%s main\n" \
"$RELEASE" "$RELEASE" "$COMPILER_VERSION" >/etc/apt/sources.list.d/llvm-toolchain.list
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | \
sudo gpg --yes --dearmor --output /usr/share/keyrings/apt-llvm-org.gpg
echo "deb [signed-by=/usr/share/keyrings/apt-llvm-org.gpg] http://apt.llvm.org/$RELEASE/ llvm-toolchain-$RELEASE-$COMPILER_VERSION main" | \
sudo tee /etc/apt/sources.list.d/llvm-toolchain.list
fi
PACKAGES+=("clang-$COMPILER_VERSION" "lldb-$COMPILER_VERSION" "python3-lldb-$COMPILER_VERSION" "lld-$COMPILER_VERSION" "clangd-$COMPILER_VERSION")
@ -94,7 +95,7 @@ elif [[ "$COMPILER" == gcc ]]; then
if ! apt-get -y install --dry-run "gcc-$COMPILER_VERSION" >/dev/null; then
# Latest gcc stack deb packages provided by
# https://launchpad.net/~ubuntu-toolchain-r/+archive/ubuntu/test
add-apt-repository -y --no-update ppa:ubuntu-toolchain-r/test
sudo add-apt-repository -y --no-update ppa:ubuntu-toolchain-r/test
fi
PACKAGES+=("gcc-$COMPILER_VERSION" "gcc-$COMPILER_VERSION-multilib")
@ -103,11 +104,11 @@ else
fi
# PPA with some newer build dependencies (like zstd)
add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci
add-apt-repository -y --no-update --enable-source
apt-get -y update
apt-get -y build-dep systemd
apt-get -y install "${PACKAGES[@]}"
sudo add-apt-repository -y --no-update ppa:upstream-systemd-ci/systemd-ci
sudo add-apt-repository -y --no-update --enable-source
sudo apt-get -y update
sudo apt-get -y build-dep systemd
sudo apt-get -y install "${PACKAGES[@]}"
# Install more or less recent meson and ninja with pip, since the distro versions don't
# always support all the features we need (like --optimization=). Since the build-dep
# command above installs the distro versions, let's install the pip ones just

2
.github/workflows/build_test.yml vendored
View file

@ -35,4 +35,4 @@ jobs:
- name: Repository checkout
uses: actions/checkout@f43a0e5ff2bd294095638e18286ca9a3d1956744
- name: Build check
run: sudo -E .github/workflows/build_test.sh
run: .github/workflows/build_test.sh