Add SECURITY.md #39
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# brian's standard GitHub Actions Ubuntu config for Perl 5 modules | |
# version 20230718.001 | |
# https://github.com/briandfoy/github_workflows | |
# https://github.com/features/actions | |
# This file is licensed under the Artistic License 2.0 | |
name: ubuntu | |
on: | |
push: | |
branches: | |
- '**' | |
- '!**appveyor**' | |
- '!**circleci**' | |
- '!**macos**' | |
- '!**notest**' | |
- '!**release**' | |
- '!**windows**' | |
tags-ignore: | |
# I tag release pushes but those should have already been tested | |
- 'release-*' | |
paths-ignore: | |
# list all the files which are irrelevant to the tests | |
# non-code, support files, docs, etc | |
- '.appveyor.yml' | |
- '.circleci' | |
- '.gitattributes' | |
- '.github/workflows/macos.yml' | |
- '.github/workflows/release.yml' | |
- '.github/workflows/windows.yml' | |
- '.gitignore' | |
- '.releaserc' | |
- 'Changes' | |
- 'LICENSE' | |
- 'README.pod' | |
pull_request: | |
jobs: | |
perl: | |
runs-on: ${{ matrix.os }} | |
strategy: | |
matrix: | |
os: | |
- ubuntu-22.04 | |
perl-version: | |
- '5.22' | |
- '5.24' | |
- '5.26' | |
- '5.28' | |
- '5.30' | |
- '5.32' | |
- '5.34' | |
- '5.36' | |
- 'latest' | |
container: | |
image: perl:${{ matrix.perl-version }} | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Platform check | |
run: uname -a | |
- name: Perl version check | |
run: | | |
perl -V | |
perl -v | perl -0777 -ne 'm/(v5\.\d+)/ && print "PERL_VERSION=$1"' >> $GITHUB_ENV | |
# Some older versions of Perl have trouble with hostnames in certs. I | |
# haven't figured out why. | |
- name: Setup environment | |
run: | | |
echo "PERL_LWP_SSL_VERIFY_HOSTNAME=0" >> $GITHUB_ENV | |
# I had some problems with openssl on Ubuntu, so I punted by installing | |
# cpanm first, which is easy. I can install IO::Socket::SSL with that, | |
# then switch back to cpan. I didn't explore this further, but what you | |
# see here hasn't caused problems for me. | |
# Need HTTP::Tiny 0.055 or later. | |
- name: Install cpanm and multiple modules | |
run: | | |
curl -L https://cpanmin.us | perl - App::cpanminus | |
cpanm --notest IO::Socket::SSL App::Cpan HTTP::Tiny ExtUtils::MakeMaker Test::Manifest Test::More | |
# Install the dependencies, again not testing them. This installs the | |
# module in the current directory, so we end up installing the module, | |
# but that's not a big deal. | |
- name: Install dependencies | |
run: | | |
cpanm --notest --installdeps --with-suggests --with-recommends . | |
- name: Show cpanm failures | |
if: ${{ failure() }} | |
run: | | |
cat /home/runner/.cpanm/work/*/build.log | |
- name: Run tests | |
run: | | |
perl Makefile.PL | |
make test | |
# Run author tests, but only if there's an xt/ directory | |
- name: Author tests | |
if: hashFiles('xt') != '' | |
run: | | |
cpanm --notest Test::CPAN::Changes | |
prove -r -b xt | |
# Running tests in parallel should be faster, but it's also more | |
# tricky in cases where different tests share a feature, such as a | |
# file they want to write to. Parallel tests can stomp on each other. | |
# Test in parallel to catch that, because other people will test your | |
# stuff in parallel. | |
- name: Run tests in parallel | |
run: | | |
perl Makefile.PL | |
HARNESS_OPTIONS=j10 make test | |
# The disttest target creates the distribution, unwraps it, changes | |
# into the dist dir, then runs the tests there. That checks that | |
# everything that should be in the dist is in the dist. If you forget | |
# to update MANIFEST with new modules, data files, and so on, you | |
# should notice the error. | |
- name: Run distribution tests | |
run: | | |
perl Makefile.PL | |
make disttest | |
make clean | |
# And, coverage reports, but only under 5.12 and later since modern | |
# Devel::Cover instances don't work with earlier versions as of | |
# Devel::Cover 1.39 | |
- name: Run coverage tests | |
if: env.PERL_VERSION != 'v5.8' && env.PERL_VERSION != 'v5.10' | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
cpanm --notest Devel::Cover Devel::Cover::Report::Coveralls | |
perl Makefile.PL | |
cover -test -report coveralls |