This is the last compiler setup we have, that was missing a warning
counter. Initial limit we use is different than number reported by MSVC
internally, because MSVC simply sums warnings from all projects (without
removing duplicates, the way our script does).
Things aren't perfect, but they're the best we can do given what we're
left to work with. For example:
- We cannot update the virus signatures, because that command simply
fails, despite being copy-and-paste'd from Microsoft's documentation.
- When queried, Windows reports its virus signature age is
4,294,967,295 days old, which, on geological time scales, pre-dates
even the Pleistocene era by 9.7 million years.
Despite these issues, my hunch is that the signatures are current as of
the date when the VM's base-image was generated; and because we're in
the Holocene era of zero-day network threats, my guess is GitHub is
re-generating images at least weekly if not more frequently (and sure
enough, Defender catches the EICAR dummy virus.
Note that we're not using Start-MpScan because it does not provide any
useful output on status of scans (indeed!), so I've moved that here into
the commit message.
v2 will:
- Checkout over SSH
- use Git's REST API, when git is version 2.18 or newer
- No longer detaches HEAD when checking out a branch
- Fetches one-commit deep by default
When building releases where we expect full history plus tags,
we explicitly get them with `git fetch --prune --unshallow`.
Ubuntu 16.04 would provide better distro compatibility, but we need SDL
in version 2.0.5 or newer to enable resizable window support on Linux.
Pretty soon Ubuntu 20.04 LTS will be released, so targetting previous
LTS release should be enough.
Adds LTO to the CI build for Linux, which bring it as close as possible
to the planned formal release, which will additionally use FDO.
Adds some helper scripts to work with FDO files.
Improves the build notes for how to create and use FDO files.
This will trigger CI jobs automatically when pull-request is
created/updated. Until now we used only push event, as it was enough to
handle all automatic jobs from repository maintainers, but this does not
work for pull requests triggered by external collaborators.
We can't simply turn on new event, as it results in duplicate jobs when
PR is created by maintainer, so additional "if" filter is needed to
prevent duplicates from running. GitHub still shows "empty jobs" in some
parts of UI, but at least they don't run and fight for resources.
Unfortunately, GitHub Actions "if" functionality is fairly limited at
the moment:
- it does not work on workflows, only specific jobs
- it does not support array literals (that's why maintainer list is
passed as a string)
- it can't access workflow env variables (that's why maintainer list is
duplicated)
- it does not support regular expressions
- seems to have problem with using unary "!" operator and nested boolean
expressions…
- … and official documentation is pretty misleading by suggesting it
can do many of those things :(
that's why this "if" line looks like it does and is duplicated in every
workflow.
Clang memory sanitizer needs all linked libraries (including STL) to be
compiled with msan option, otherwise analysis results are practically
unusable.
GCC undefined behaviour sanitizer analysis is already covered by build
running UASAN (undefined behaviour and address sanitizers).
Our macOS release builds are limited to Catalina only, and this OS
officially works only on Ivy Bridge (2012) or newer microarchitecture.
Point GCC to target Nehalen (2008) instead - this should cover also all
possible Hackintoshes or virtual machines.
