name: tests on: push: branches: [main] pull_request: jobs: build-and-test: runs-on: ubuntu-latest container: image: ubuntu:24.04 steps: # actions/checkout@v4 is a Node-based action; the bare ubuntu:24.04 # runner image has no node, so checkout fails with # `exitcode '127': command not found`. Install node + git BEFORE # checkout, then install the rest of the toolchain after. - name: Bootstrap (node + git for actions/checkout) run: | export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y --no-install-recommends \ git \ ca-certificates \ nodejs - uses: actions/checkout@v4 - name: Install C++ toolchain run: | export DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ build-essential \ cmake \ ninja-build \ libasio-dev \ libyaml-cpp-dev \ python3 \ python3-yaml - name: Configure (Release) run: cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release - name: Build (Release) run: cmake --build build - name: Unit tests (Release) run: build/secsgem_tests thread-sanitizer: runs-on: ubuntu-latest container: image: ubuntu:24.04 steps: - name: Bootstrap (node + git for actions/checkout) run: | export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y --no-install-recommends \ git ca-certificates nodejs - uses: actions/checkout@v4 - name: Install C++ toolchain run: | export DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ build-essential cmake ninja-build \ libasio-dev libyaml-cpp-dev \ python3 python3-yaml # Debug + -fsanitize=thread. Catches data races in the # io_context strand contract documented in INTEGRATION.md §3. # halt_on_error=1 makes TSan-flagged races fail the job, not # just print a warning. - name: Configure (TSan) run: cmake -S . -B build-tsan -G Ninja -DCMAKE_BUILD_TYPE=Debug -DSECSGEM_TSAN=ON - name: Build (TSan) run: cmake --build build-tsan - name: Unit tests (TSan) env: TSAN_OPTIONS: halt_on_error=1 run: build-tsan/secsgem_tests tshark-dissector: runs-on: ubuntu-latest container: image: ubuntu:24.04 steps: - name: Bootstrap (node + git for actions/checkout) run: | export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y --no-install-recommends \ git ca-certificates nodejs - uses: actions/checkout@v4 - name: Install C++ toolchain + tshark run: | export DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ build-essential cmake ninja-build \ libasio-dev libyaml-cpp-dev \ python3 python3-yaml \ tshark tcpdump - name: Build run: | cmake -S . -B build -G Ninja -DCMAKE_BUILD_TYPE=Release cmake --build build # Capture pcap of the demo flow, dissect with Wireshark's HSMS # dissector (independent third codec), assert no malformed # packets and that every expected control + data frame parses. - name: tshark HSMS dissector validation run: bash interop/tshark_validate.sh env: PORT: "5099" secs4j-interop: runs-on: ubuntu-latest # secs4j-interop builds its own docker image (with JDK) and starts # secs_server via docker compose; needs the docker socket. steps: - name: Bootstrap (node + git) run: | export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y --no-install-recommends \ git ca-certificates nodejs docker.io docker-compose-plugin - uses: actions/checkout@v4 # Cross-validate against secs4java8 (Apache 2.0, kenta-shimizu) — # an independent SECS implementation in Java. 20 checks # covering S1/S2/S3/S5/S14/S16 with full-body GEM 300 shapes # that secsgem-py couldn't easily drive. - name: secs4j cross-validation run: bash interop/secs4j_validate.sh libfuzzer: runs-on: ubuntu-latest container: image: ubuntu:24.04 steps: - name: Bootstrap (node + git) run: | export DEBIAN_FRONTEND=noninteractive apt-get update apt-get install -y --no-install-recommends \ git ca-certificates nodejs - uses: actions/checkout@v4 - name: Install clang + libFuzzer runtime run: | export DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends \ cmake ninja-build \ libasio-dev libyaml-cpp-dev \ python3 python3-yaml \ clang libclang-rt-18-dev - name: Configure (fuzz) env: CC: clang CXX: clang++ run: cmake -S . -B build-fuzz -G Ninja -DCMAKE_BUILD_TYPE=Debug -DSECSGEM_FUZZ=ON - name: Build fuzz targets run: cmake --build build-fuzz --target fuzz_secs2_decode fuzz_sml_parse # 60 seconds each — long enough for libFuzzer to explore the # decoder/parser without ballooning CI time. Any crash, ASan # report, or UBSan flag fails the job. - name: Fuzz secs2::decode run: build-fuzz/fuzz_secs2_decode -max_total_time=60 -max_len=4096 - name: Fuzz secs2::try_parse_sml run: build-fuzz/fuzz_sml_parse -max_total_time=60 -max_len=4096