From f61703cc98be43039b699d5ffc317bbefdf1aee2 Mon Sep 17 00:00:00 2001 From: Viktor Szakats Date: Wed, 5 Nov 2025 03:13:09 +0100 Subject: [PATCH] GHA: add actionlint job, fix reported issues Closes #1740 --- .github/workflows/ci.yml | 18 ++++++++++++------ .github/workflows/codeql.yml | 4 ++-- 2 files changed, 14 insertions(+), 8 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 486c0015..03ed8e31 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -44,7 +44,7 @@ jobs: - name: 'install prereqs' run: | - /home/linuxbrew/.linuxbrew/bin/brew install shellcheck zizmor + /home/linuxbrew/.linuxbrew/bin/brew install actionlint shellcheck zizmor python3 -m venv ~/venv ~/venv/bin/pip --disable-pip-version-check --no-input --no-cache-dir install --progress-bar off --prefer-binary -r .github/workflows/requirements.txt @@ -60,6 +60,13 @@ jobs: eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" zizmor --pedantic .github/workflows/*.yml .github/dependabot.yml + - name: 'actionlint' + run: | + eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" + actionlint --version + export SHELLCHECK_OPTS='--exclude=1090,1091,2086,2153 --enable=avoid-nullary-conditions,deprecate-which' + actionlint .github/workflows/*.yml + - name: 'shellcheck GHA' run: | eval "$(/home/linuxbrew/.linuxbrew/bin/brew shellenv)" @@ -279,7 +286,6 @@ jobs: MATRIX_ARCH: '${{ matrix.arch }}' MATRIX_BUILD: '${{ matrix.build }}' MATRIX_CRYPTO: '${{ matrix.crypto }}' - MATRIX_OPTIONS: '${{ matrix.options }}' MATRIX_ZLIB: '${{ matrix.zlib }}' FIXTURE_TRACE_ALL_CONNECT: 0 MBEDTLS_VERSION: 3.6.5 @@ -502,7 +508,7 @@ jobs: options+=' --with-libz' fi ../configure --enable-option-checking=fatal --enable-werror --enable-debug \ - ${options} ${MATRIX_OPTIONS} \ + ${options} \ --disable-dependency-tracking \ || { tail -n 1000 config.log; false; } fi @@ -539,7 +545,7 @@ jobs: run: | export SOURCE_DATE_EPOCH=1711526400 ./configure --enable-werror --disable-debug \ - ${MATRIX_OPTIONS} --disable-dependency-tracking + --disable-dependency-tracking ./maketgz 99.98.97 # Test reproducibility mkdir run1; mv ./libssh2-99.98.97.* run1/ @@ -551,7 +557,7 @@ jobs: tar -xvf libssh2-99.98.97.tar.gz cd libssh2-99.98.97 ./configure --enable-option-checking=fatal --enable-werror --enable-debug --prefix="$HOME"/temp \ - ${MATRIX_OPTIONS} --disable-dependency-tracking + --disable-dependency-tracking make install cd .. # Verify install @@ -863,7 +869,7 @@ jobs: fi [ "${MATRIX_CRYPTO}" = 'WinCNG' ] && options+=" -DENABLE_ECDSA_WINCNG=${MATRIX_WINCND_ECDSA}" cmake -B bld ${options} \ - -DCMAKE_SYSTEM_NAME=${system} \ + -DCMAKE_SYSTEM_NAME="${system}" \ -DCMAKE_TOOLCHAIN_FILE=C:/vcpkg/scripts/buildsystems/vcpkg.cmake \ -DCMAKE_GENERATOR_PLATFORM=${archgen} \ -DVCPKG_TARGET_TRIPLET="${MATRIX_ARCH}-${MATRIX_PLAT}" \ diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 6a52d9df..3ca00502 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -83,8 +83,8 @@ jobs: cmake --build . --verbose else for crypto in OpenSSL Libgcrypt mbedTLS wolfSSL; do - cmake -B _bld-${crypto} -G Ninja -DCRYPTO_BACKEND=${crypto} -DENABLE_ZLIB_COMPRESSION=ON - cmake --build _bld-${crypto} --verbose + cmake -B _bld-"${crypto}" -G Ninja -DCRYPTO_BACKEND="${crypto}" -DENABLE_ZLIB_COMPRESSION=ON + cmake --build _bld-"${crypto}" --verbose done fi