Table des matières

SSH

Ajout d'une clé SSH

Pour pouvoir pousser sur un dépôt automatiquement.

Il faut commencer par créer la clé d'authentification (sans mot de passe, au format RSA PRIVATE KEY).

Puis ouvrir le fichier file.key.pub et créer une clé de déploiement à l'adresse https://github.com/USER/PROJET/settings/keys

Bien sûr, cocher Allow write access.

Ajouter le contenu du fichier key converti au format -----BEGIN RSA PRIVATE KEY----- (voir Création d'une clé) à l'adresse https://github.com/USER/PROJET/settings/secrets/actions

    - name: Install SSH key
      uses: shimataro/ssh-key-action@v2
      with:
        key: ${{ secrets.SSH_KEY_TRAVIS_CI }}
        known_hosts: # write here the content of `ssh-keyscan localhost` when executed on the CI machine of course.
    - name: Publish results
      run: |
        eval `ssh-agent`
        # ~/.ssh/id_rsa is when shimataro/ssh-key-action@v2 installed the key.
        ssh-add ~/.ssh/id_rsa
        git clone depot_a_modifier
        cd xxx
        # insert modification
        git add
        git commit -m "text"
        # Here you should success
        git push

Sous Windows, ssh-keyscan localhost ne fonctionne pas. On peut directement mettre le résultat de ssh-keyscan -t rsa github.com.

Serveurs

/proc/cpuinfo

2 processeurs :

processor	: 1 et 2
vendor_id	: GenuineIntel
cpu family	: 6
model		: 79
model name	: Intel(R) Xeon(R) CPU E5-2673 v4 @ 2.30GHz
stepping	: 1
microcode	: 0xffffffff
cpu MHz		: 2294.686
cache size	: 51200 KB
physical id	: 0
siblings	: 2
core id		: 0
cpu cores	: 2
apicid		: 0
initial apicid	: 0
fpu		: yes
fpu_exception	: yes
cpuid level	: 20
wp		: yes
flags		: fpu vme de pse tsc msr pae mce cx8 apic sep mtrr pge mca cmov pat pse36 clflush mmx fxsr sse sse2 ss ht syscall nx pdpe1gb rdtscp lm constant_tsc rep_good nopl xtopology cpuid pni pclmulqdq ssse3 fma cx16 pcid sse4_1 sse4_2 movbe popcnt aes xsave avx f16c rdrand hypervisor lahf_lm abm 3dnowprefetch invpcid_single pti fsgsbase bmi1 hle avx2 smep bmi2 erms invpcid rtm rdseed adx smap xsaveopt md_clear
bugs		: cpu_meltdown spectre_v1 spectre_v2 spec_store_bypass l1tf mds swapgs taa itlb_multihit
bogomips	: 4589.37
clflush size	: 64
cache_alignment	: 64
address sizes	: 46 bits physical, 48 bits virtual
power management:

/etc/apt/sources.list

## Note, this file is written by cloud-init on first boot of an instance
## modifications made here will not survive a re-bundle.
## if you wish to make changes you can:
## a.) add 'apt_preserve_sources_list: true' to /etc/cloud/cloud.cfg
##     or do the same in user-data
## b.) add sources in /etc/apt/sources.list.d
## c.) make changes to template file /etc/cloud/templates/sources.list.tmpl
 
# See http://help.ubuntu.com/community/UpgradeNotes for how to upgrade to
# newer versions of the distribution.
deb http://azure.archive.ubuntu.com/ubuntu/ focal main restricted
# deb-src http://azure.archive.ubuntu.com/ubuntu/ focal main restricted
 
## Major bug fix updates produced after the final release of the
## distribution.
deb http://azure.archive.ubuntu.com/ubuntu/ focal-updates main restricted
# deb-src http://azure.archive.ubuntu.com/ubuntu/ focal-updates main restricted
 
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team. Also, please note that software in universe WILL NOT receive any
## review or updates from the Ubuntu security team.
deb http://azure.archive.ubuntu.com/ubuntu/ focal universe
# deb-src http://azure.archive.ubuntu.com/ubuntu/ focal universe
deb http://azure.archive.ubuntu.com/ubuntu/ focal-updates universe
# deb-src http://azure.archive.ubuntu.com/ubuntu/ focal-updates universe
 
## N.B. software from this repository is ENTIRELY UNSUPPORTED by the Ubuntu
## team, and may not be under a free licence. Please satisfy yourself as to
## your rights to use the software. Also, please note that software in
## multiverse WILL NOT receive any review or updates from the Ubuntu
## security team.
deb http://azure.archive.ubuntu.com/ubuntu/ focal multiverse
# deb-src http://azure.archive.ubuntu.com/ubuntu/ focal multiverse
deb http://azure.archive.ubuntu.com/ubuntu/ focal-updates multiverse
# deb-src http://azure.archive.ubuntu.com/ubuntu/ focal-updates multiverse
 
## N.B. software from this repository may not have been tested as
## extensively as that contained in the main release, although it includes
## newer versions of some applications which may provide useful features.
## Also, please note that software in backports WILL NOT receive any review
## or updates from the Ubuntu security team.
deb http://azure.archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
# deb-src http://azure.archive.ubuntu.com/ubuntu/ focal-backports main restricted universe multiverse
 
## Uncomment the following two lines to add software from Canonical's
## 'partner' repository.
## This software is not part of Ubuntu, but is offered by Canonical and the
## respective vendors as a service to Ubuntu users.
# deb http://archive.canonical.com/ubuntu focal partner
# deb-src http://archive.canonical.com/ubuntu focal partner
 
deb http://security.ubuntu.com/ubuntu focal-security main restricted
# deb-src http://security.ubuntu.com/ubuntu focal-security main restricted
deb http://security.ubuntu.com/ubuntu focal-security universe
# deb-src http://security.ubuntu.com/ubuntu focal-security universe
deb http://security.ubuntu.com/ubuntu focal-security multiverse
# deb-src http://security.ubuntu.com/ubuntu focal-security multiverse

env

Voir Environment variables Archive du 24/06/2021 le 27/06/2021

SELENIUM_JAR_PATH=/usr/share/java/selenium-server-standalone.jar
CONDA=/usr/share/miniconda
GITHUB_WORKSPACE=/home/runner/work/jessica/jessica
JAVA_HOME_11_X64=/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64
GITHUB_PATH=/home/runner/work/_temp/_runner_file_commands/add_path_199a78a9-6d56-44de-96e0-31e3d0ec5c8d
GITHUB_ACTION=run2
JAVA_HOME=/usr/lib/jvm/adoptopenjdk-11-hotspot-amd64
GITHUB_RUN_NUMBER=286
GRADLE_HOME=/usr/share/gradle-7.0.2
XDG_CONFIG_HOME=/home/runner/.config
DOTNET_SKIP_FIRST_TIME_EXPERIENCE=1
ANT_HOME=/usr/share/ant
JAVA_HOME_8_X64=/usr/lib/jvm/adoptopenjdk-8-hotspot-amd64
HOMEBREW_PREFIX="/home/linuxbrew/.linuxbrew"
HOMEBREW_CLEANUP_PERIODIC_FULL_DAYS=3650
BOOTSTRAP_HASKELL_NONINTERACTIVE=1
***
PIPX_BIN_DIR=/opt/pipx_bin
DEPLOYMENT_BASEPATH=/opt/runner
GITHUB_ACTIONS=true
ANDROID_NDK_LATEST_HOME=/usr/local/lib/android/sdk/ndk/22.1.7171670
GITHUB_SHA=5bcc406df60fcf617baec49cf66436cfac3f35d8
POWERSHELL_DISTRIBUTION_CHANNEL=GitHub-Actions-ubuntu20
DOTNET_MULTILEVEL_LOOKUP=0
GITHUB_REF=refs/heads/master
RUNNER_OS=Linux
HOME=/home/runner
GITHUB_API_URL=https://api.github.com
LANG=C.UTF-8
RUNNER_TRACKING_ID=github_0c419c59-170c-44ec-90e9-9b7328f5b6ba
RUNNER_TEMP=/home/runner/work/_temp
GITHUB_ENV=/home/runner/work/_temp/_runner_file_commands/set_env_199a78a9-6d56-44de-96e0-31e3d0ec5c8d
GITHUB_EVENT_PATH=/home/runner/work/_temp/_github_workflow/event.json
INVOCATION_ID=82c3e95da20a49b79e0f36288d8232d1
GITHUB_EVENT_NAME=workflow_run
GITHUB_RUN_ID=976282352
ANDROID_NDK_HOME=/usr/local/lib/android/sdk/ndk-bundle
HOMEBREW_NO_AUTO_UPDATE=1
GITHUB_ACTOR=bansan85
NVM_DIR=/home/runner/.nvm
ANDROID_HOME=/usr/local/lib/android/sdk
GOROOT_1_14_X64=/opt/hostedtoolcache/go/1.14.15/x64
GITHUB_GRAPHQL_URL=https://api.github.com/graphql
RUNNER_USER=runner
ACCEPT_EULA=Y
USER=runner
GITHUB_SERVER_URL=https://github.com
HOMEBREW_CELLAR="/home/linuxbrew/.linuxbrew/Cellar"
PIPX_HOME=/opt/pipx
GECKOWEBDRIVER=/usr/local/share/gecko_driver
CHROMEWEBDRIVER=/usr/local/share/chrome_driver
SHLVL=1
ANDROID_SDK_ROOT=/usr/local/lib/android/sdk
VCPKG_INSTALLATION_ROOT=/usr/local/share/vcpkg
HOMEBREW_REPOSITORY="/home/linuxbrew/.linuxbrew/Homebrew"
RUNNER_TOOL_CACHE=/opt/hostedtoolcache
ImageVersion=20210614.1
DOTNET_NOLOGO=1
GRAALVM_11_ROOT=/usr/local/graalvm/graalvm-ce-java11-21.1.0
GITHUB_JOB=build
AZURE_EXTENSION_DIR=/opt/az/azcliextensions
PERFLOG_LOCATION_SETTING=RUNNER_PERFLOG
GITHUB_REPOSITORY=bansan85/jessica
CHROME_BIN=/usr/bin/google-chrome
ANDROID_NDK_ROOT=/usr/local/lib/android/sdk/ndk-bundle
GITHUB_RETENTION_DAYS=90
JOURNAL_STREAM=8:22578
RUNNER_WORKSPACE=/home/runner/work/jessica
LEIN_HOME=/usr/local/lib/lein
LEIN_JAR=/usr/local/lib/lein/self-installs/leiningen-2.9.6-standalone.jar
GITHUB_ACTION_REPOSITORY=
PATH=/home/linuxbrew/.linuxbrew/bin:/home/linuxbrew/.linuxbrew/sbin:/home/runner/.local/bin:/opt/pipx_bin:/usr/share/rust/.cargo/bin:/home/runner/.config/composer/vendor/bin:/usr/local/.ghcup/bin:/home/runner/.dotnet/tools:/snap/bin:/usr/local/sbin:/usr/local/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:/usr/local/games:/snap/bin
RUNNER_PERFLOG=/home/runner/perflog
GITHUB_BASE_REF=
CI=true
SWIFT_PATH=/usr/share/swift/usr/bin
ImageOS=ubuntu20
GITHUB_REPOSITORY_OWNER=bansan85
GITHUB_HEAD_REF=
GITHUB_ACTION_REF=
GITHUB_WORKFLOW=Emscripten
DEBIAN_FRONTEND=noninteractive
GOROOT_1_15_X64=/opt/hostedtoolcache/go/1.15.13/x64
AGENT_TOOLSDIRECTORY=/opt/hostedtoolcache
GOROOT_1_16_X64=/opt/hostedtoolcache/go/1.16.5/x64
_=/usr/bin/env

Exemples

Projets en cmake

En plus de la configuration / compilation / test avec cmake, il y a une procédure pour initialiser et commiter vers un dépôt externe.

Sous Linux :

.github/workflows/build-linux.yml
---
name: Linux build
on:
  workflow_run:
    workflows: ['format']
    types:
      - completed
jobs:
  build:
    runs-on: ubuntu-22.04
    strategy:
      matrix:
        include:
          - name: ubuntu-gcc
            ar: /usr/bin/ar
            cc: /usr/bin/gcc-12
            cxx: /usr/bin/g++-12
            ranlib: /usr/bin/ranlib
          - name: ubuntu-clang
            ar: /usr/bin/llvm-ar-14
            cc: /usr/bin/clang-14
            cxx: /usr/bin/clang++-14
            ranlib: /usr/bin/llvm-ranlib-14
    steps:
      - name: Stop if format failed
        if: ${{ github.event.workflow_run.conclusion != 'success' }}
        run: |
          echo ${{ github.event.workflow_run.conclusion }}
          exit 1
      - uses: bansan85/action-workflow_run-status@main
        env:
          MATRIX_CONTEXT: ${{ toJSON(matrix) }}
      - uses: actions/checkout@v3
        with:
          submodules: recursive
          ref: ${{ github.event.workflow_run.head_commit.id }}
      - name: Install SSH key
        if: ${{ github.event.workflow_run.head_branch == 'master' }}
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.GITHUBCI_PRIVATE_KEY }}
          known_hosts: localhost ssh-rsa ${{ secrets.GITHUBCI_KNOW_HOSTS }}
      - name: Install gcc
        if: contains(matrix.cc, 'gcc')
        run: sudo apt-get install -yq g++-12 gcc-12
      - name: Install clang
        if: contains(matrix.cc, 'clang')
        run: sudo apt-get install -yq clang-14 llvm-14
      - name: Install 3rdparty
        run: xargs -a config/apt-get.txt sudo apt-get install -yq
      - name: cmake
        run: |
          ls /usr/bin
          mkdir build
          cmake -S . -B build -DCMAKE_C_COMPILER="${{ matrix.cc }}" -DCMAKE_CXX_COMPILER="${{ matrix.cxx }}" -DCMAKE_AR="${{ matrix.ar }}" -DCMAKE_RANLIB="${{ matrix.ranlib }}" -DCMAKE_CXX_FLAGS="-DSPDLOG_FMT_EXTERNAL -DFMT_HEADER_ONLY"
          cmake --build build/ --target all --config Release
      - name: ctest
        shell: bash
        run: |
          cd build || exit 1
          ctest -O test-result.xml --output-on-failure --verbose
          cd .. || exit 1
      - name: Publish test
        if: ${{ github.event.workflow_run.head_branch == 'master' }}
        env:
          COMMIT_MESSAGE: ${{ github.event.workflow_run.head_commit.message }}
        run: |
          eval `ssh-agent`
          git clone --depth 1 ssh://git@github.com/bansan85/jessica-ci.git -b ${{ matrix.name }}
          rm -Rf jessica-ci/*
          cp build/test-result.xml jessica-ci
          apt list --installed > jessica-ci/apt-installed.txt
          ssh-add ~/.ssh/id_rsa
          gpg --version
          gpg --quiet --batch --yes --decrypt --passphrase="${{ secrets.ENCRYPT_PASSWORD }}" --output .github/encrypted/github-ci-private.key .github/encrypted/github-ci-private.key.gpg
          gpg --import .github/encrypted/github-ci-private.key
          cd jessica-ci || exit 1
          git config --global user.name "Github CI"
          git config --global user.email "github-ci@le-garrec.fr"
          git add .
          if [ -n "$(git diff-index --name-only HEAD --)" ]; \
          then \
            git commit -S${{ secrets.GPG_KEY_ID }} -m "${COMMIT_MESSAGE//\"/\"\"}" -m "Update from bansan85/jessica@$GITHUB_SHA"; \
            git push || { echo "Failure git push" && exit 1; } \
          fi
          cd .. || exit 1

Sous Windows, inclus vcpkg :

.github/workflows/build-windows.yml
---
name: Windows build
on:
  workflow_run:
    workflows: ['format']
    types:
      - completed
jobs:
  build:
    runs-on: windows-latest
    strategy:
      matrix:
        include:
          - name: windows-msbuild
            cc: cl
            cxx: cl
    env:
      VCPKG_DEFAULT_TRIPLET: 'x64-windows'
      VCPKG_INSTALLED_DIR: '${{ github.workspace }}/vcpkg/installed'
    steps:
      - name: Stop if format failed
        if: ${{ github.event.workflow_run.conclusion != 'success' }}
        run: |
          echo ${{ github.event.workflow_run.conclusion }}
          exit 1
      - uses: bansan85/action-workflow_run-status@main
        env:
          MATRIX_CONTEXT: ${{ toJSON(matrix) }}
      - uses: actions/checkout@v3
        with:
          submodules: recursive
          ref: ${{ github.event.workflow_run.head_commit.id }}
      - name: Install SSH key
        if: ${{ github.event.workflow_run.head_branch == 'master' }}
        uses: shimataro/ssh-key-action@v2
        with:
          key: ${{ secrets.GITHUBCI_PRIVATE_KEY }}
          known_hosts: github.com ssh-rsa ${{ secrets.GITHUBCI_KNOW_HOSTS_WINDOWS }}
      - name: Install Windows Vcpkg
        uses: lukka/run-vcpkg@v10
        with:
          vcpkgJsonGlob: '**/config/windows/vcpkg.json'
          runVcpkgInstall: true
      - name: CMake
        run: |
          mkdir "${{ github.workspace }}/build"
          cmake -S "${{ github.workspace }}" -B "${{ github.workspace }}/build" -G "Visual Studio 17 2022" -A x64 -DCMAKE_TOOLCHAIN_FILE="${{ github.workspace }}/vcpkg/scripts/buildsystems/vcpkg.cmake"
          cmake --build "${{ github.workspace }}/build" --target ALL_BUILD --config Debug
      - name: ctest
        shell: bash
        run: |
          cd build || exit 1
          ctest -C Debug -O test-result.xml --output-on-failure --verbose
          cd .. || exit 1
      - name: Publish test
        shell: bash
        if: ${{ github.event.workflow_run.head_branch == 'master' }}
        env:
          COMMIT_MESSAGE: ${{ github.event.workflow_run.head_commit.message }}
        run: |
          eval `ssh-agent`
          git clone --depth 1 ssh://git@github.com/bansan85/jessica-ci.git -b ${{ matrix.name }}
          rm -Rf jessica-ci/*
          cp build/test-result.xml jessica-ci
          ssh-add ~/.ssh/id_rsa
          gpg --version
          gpg --quiet --batch --yes --decrypt --passphrase="${{ secrets.ENCRYPT_PASSWORD }}" --output .github/encrypted/github-ci-private.key .github/encrypted/github-ci-private.key.gpg
          gpg --import .github/encrypted/github-ci-private.key
          cd jessica-ci || exit 1
          git config --global user.name "Github CI"
          git config --global user.email "github-ci@le-garrec.fr"
          git add .
          if [ -n "$(git diff-index --name-only HEAD --)" ]; \
          then \
            git commit -S${{ secrets.GPG_KEY_ID }} -m "${COMMIT_MESSAGE//\"/\"\"}" -m "Update from bansan85/jessica@$GITHUB_SHA"; \
            git push || { echo "Failure git push" && exit 1; } \
          fi
          cd .. || exit 1

Variables

github.event.workflow_run.conclusion : success / failure en fonction du succès du précédent workflow.

github.event.workflow_run.head_branch : master ou le nom de la branche.

Pour avoir la liste de tous les paramètres et leurs valeurs, on peut simplement ajouter dans un workflow :

      - name: Show github variable
        env:
          GITHUB_VAR: ${{ toJSON(github) }}
        run: exit 0

workflow Archive du 05/05/2021 le 09/05/2021

Certaines variables à l'intérieur de la variable globale github peuvent contenir des doubles quotes. Par exemple, github.event.head_commit.message contient le log du commit.

Cela pose un problème si on veut utiliser utiliser cette variable dans un script bash car il est impossible de faire une substitution des double quotes.

La solution est de passer par une variable d'environnement pour enfin utiliser la substitution bash ${variable//\"/\"\"}:

      - env:
          COMMIT_MESSAGE: ${{ github.event.head_commit.message }}
        run: |
          echo "${COMMIT_MESSAGE//\"/\"\"}"

Fonctions

Quand on utilise une fonction, les variables n'ont pas à être ${{ xxx }}:

if: contains(matrix.cc, 'clang')

Dans ce cas, il n'est plus possible d'utiliser le formatage : Compilateur : ${{ matrix.cc }}. Il faut utiliser la fonction format :

if: contains( format('Compilateur : {0}', matrix.cc), 'clang')

Context and expression syntax for GitHub Actions Archive du 25/05/2021 le 12/06/2021

Marketplace

codecov

Envoyer les données à codecov :

git clone --depth 1 https://github.com/henry2cox/lcov.git -b diffcov_initial
./lcov/bin/lcov --capture --directory build --gcov-tool /usr/bin/gcov-10 --rc lcov_branch_coverage=1 --output-file build/coverage.info
./lcov/bin/lcov --remove build/coverage.info "/usr/include/*" --rc lcov_branch_coverage=1 -o build/coverage2.info
bash <(curl -s https://codecov.io/bash) -f build/coverage2.info

Le badge par défaut : https://codecov.io/gh/bansan85/jessica/branch/master/graph/badge.svg

Les flags peuvent se définir de deux façons différentes. Soit les flags pour la validation des build Github, soit les flags pour le badge.

Pour la validation des build Github, un simple fichier de configuration est possible. Il va s'occuper de séparer les pourcentages de couverture en fonction des chemins des fichiers.

.codecov.yml
---
coverage:
    status:
        project:
            backend:
                target: auto
                paths:
                    - src/backend
                    - include/jessica

Cela va bien ajouter une ligne. Exemple ci-dessous avec demo et index.

Il est possible de désactiver la validation d'une build en fonction des indicateurs de couverture.

.codecov.yml
---
coverage:
    status:
        patch: false
        project: false

Par contre, les flags ne fonctionnent pas avec les badges. Pour les faire fonctionner, il faut pousser une couverture de code spécifique au flag dédié avec l'option -F.

git clone --depth 1 https://github.com/henry2cox/lcov.git -b diffcov_initial
./lcov/bin/lcov --capture --directory build --gcov-tool /usr/bin/gcov-10 --rc lcov_branch_coverage=1 --output-file build/coverage.info
./lcov/bin/lcov --remove build/coverage.info "/usr/include/*" --rc lcov_branch_coverage=1 -o build/coverage2.info
bash <(curl -s https://codecov.io/bash) -f build/coverage2.info
./lcov/bin/lcov --extract build/coverage.info "*/include/jessica/*" "*/src/backend/*" --rc lcov_branch_coverage=1 -o build/coverage_backend.info
bash <(curl -s https://codecov.io/bash) -f build/coverage_backend.info -F backend

Là, le badge https://codecov.io/gh/bansan85/jessica/branch/master/graph/badge.svg?flag=backend fonctionne.