2929 python-ruby-version : {python: 3.9, ruby: 2.7, other: linker-bfd}
3030 - compiler : clang
3131 python-ruby-version : {python: 3.9, ruby: 2.7, other: linker-gold}
32+ include :
33+ - compiler : gcc
34+ python-ruby-version : {python: 3.9, ruby: 2.7, other: sanitizers}
3235
3336 steps :
3437 - uses : actions/checkout@v2
8891 elif [ "${{ matrix.python-ruby-version.other }}" = "test-debug" ] ; then
8992 # Test hat debug build works fine
9093 EXPLICIT_MAKE_VARS="DEBUG=1"
94+ elif [ "${{ matrix.python-ruby-version.other }}" = "sanitizers" ] ; then
95+ sanitizers='-fsanitize=address,undefined'
96+ EXPLICIT_MAKE_VARS="CFLAGS='-g -I$DESTDIR/usr/include $sanitizers' LDFLAGS='-L$DESTDIR/usr/lib $sanitizers' LDLIBS= CPPFLAGS= OPT_SUBDIRS="
97+ echo "ASAN_OPTIONS=strict_string_checks=1:detect_stack_use_after_return=1:check_initialization_order=1:strict_init_order=1" >> $GITHUB_ENV
98+ echo "UBSAN_OPTIONS=print_stacktrace=1:print_summary=1:halt_on_error=1" >> $GITHUB_ENV
9199 else
92100 EXPLICIT_MAKE_VARS=
93101 fi
@@ -139,18 +147,18 @@ jobs:
139147name : Run tests
140148 run : |
141149 echo "::group::make install"
142- make -j$(nproc) install $EXPLICIT_MAKE_VARS -k
150+ eval make -j$(nproc) install $EXPLICIT_MAKE_VARS -k
143151 echo "::endgroup::"
144152 echo "::group::make install-pywrap"
145- make -j$(nproc) install-pywrap $EXPLICIT_MAKE_VARS -k
153+ eval make -j$(nproc) install-pywrap $EXPLICIT_MAKE_VARS -k
146154 echo "::endgroup::"
147155 echo "::group::make install-rubywrap"
148- make -j$(nproc) install-rubywrap $EXPLICIT_MAKE_VARS -k
156+ eval make -j$(nproc) install-rubywrap $EXPLICIT_MAKE_VARS -k
149157 echo "::endgroup::"
150158
151159 # Now that everything is installed, run "make all" to build everything which may have not been built
152160 echo "::group::make all"
153- make -j$(nproc) all $EXPLICIT_MAKE_VARS -k
161+ eval make -j$(nproc) all $EXPLICIT_MAKE_VARS -k
154162 echo "::endgroup::"
155163
156164 # Set up environment variables for the tests and show variables (to help debugging issues)
@@ -164,26 +172,28 @@ jobs:
164172
165173 # Run tests
166174 echo "::group::make test"
167- make test $EXPLICIT_MAKE_VARS
175+ eval make test $EXPLICIT_MAKE_VARS
168176 echo "::endgroup::"
169177
170- # Test Python and Ruby wrappers
171- echo "::group::Test Python and Ruby wrappers"
172- $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())'
173- $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()'
174- echo "::endgroup::"
175-
176- # Run Python linter, but not on the downloaded refpolicy
177- echo "::group::scripts/run-flake8"
178- ./scripts/run-flake8
179- echo "::endgroup::"
178+ if [ "${{ matrix.python-ruby-version.other }}" != "sanitizers" ] ; then
179+ # Test Python and Ruby wrappers
180+ echo "::group::Test Python and Ruby wrappers"
181+ $PYTHON -c 'import selinux;import selinux.audit2why;import semanage;print(selinux.is_selinux_enabled())'
182+ $RUBY -e 'require "selinux";require "semanage";puts Selinux::is_selinux_enabled()'
183+ echo "::endgroup::"
184+
185+ # Run Python linter, but not on the downloaded refpolicy
186+ echo "::group::scripts/run-flake8"
187+ ./scripts/run-flake8
188+ echo "::endgroup::"
189+ fi
180190
181191 echo "::group::Test .gitignore and make clean distclean"
182192 # Remove every installed files
183193 rm -rf "$DESTDIR"
184194 # Test that "git status" looks clean, or print a clear error message
185195 git status --short | sed -n 's/^??/error: missing .gitignore entry for/p' | (! grep '^')
186196 # Clean up everything and show which file needs to be added to "make clean"
187- make clean distclean $EXPLICIT_MAKE_VARS
197+ eval make clean distclean $EXPLICIT_MAKE_VARS
188198 git ls-files --ignored --others --exclude-standard | sed 's/^/error: "make clean distclean" did not remove /' | (! grep '^')
189199 echo "::endgroup::"
0 commit comments