Commit Graph

28 Commits

Author SHA1 Message Date
Max Kellermann
3cc770a00b remove obsolete Boost dependency
Boost makes building a piece of software much more difficult than
necessary.  It's a huge library, and just uncompressing it takes a
considerable amount of time. MPD only used a tiny fraction of it, yet
its header bloat made the MPD build very slow.  Locating Boost was
difficult due to its arcane build system and its resistance to use
pkg-config; it's always a special case.  MPD could never use features
of newer Boost versions because Linux distributions always shipped old
Boost versions.  Boost made everything complicated and slow.

So, finally, after getting rid of GLib (commit ccdb94b06c), switching
to C++ and using Boost (commit 0801b3f495), we've finally get rid of
it 8 years later.

Unfortunately, I had to reimplement parts of it along the way
(e.g. IntrusiveList).  Kind of NIH, but on the other hand, compiling
MPD has become much easier for users.
2023-01-23 15:06:58 +01:00
Alex
8b1ff3f005
build: harden build.yml permissions
This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external forks](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an [injection](https://securitylab.github.com/research/github-actions-untrusted-input/) or compromised third party tool or action) is restricted.
It is recommended to have [most strict permissions on the top level](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) and grant write permissions on [job level](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) case by case.

Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-12-09 11:28:26 +01:00
Max Kellermann
20310437d0 .github/workflows/build.yml: build with Ubuntu 22.04 as well 2022-07-13 12:41:04 +02:00
Max Kellermann
d29e1544bf .github/workflows/build.yml: explicitly select ubuntu-20.04
According to https://github.com/actions/virtual-environments
"ubuntu-latest" maps to "ubuntu-20.04", even though "ubuntu-22.04" is
also available.  Since our job description is very specific to
"ubuntu-20.04", let's select this explicitly.
2022-07-13 12:37:02 +02:00
Marceline Cramer
18ebd42c52
.github: Add reminder to include backtrace in issue template 2022-07-04 10:32:58 -06:00
Max Kellermann
dcf39ee44e .github/workflows/build.yml: add "python-version: 3.x"
This appears to be necessary as of actions/setup-python@v4 (commit
45d908e25f).
2022-06-13 21:37:04 +02:00
dependabot[bot]
45d908e25f
build(deps): bump actions/setup-python from 3 to 4
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-13 15:23:52 +00:00
Max Kellermann
b4f454a553
Merge pull request #1548 from MusicPlayerDaemon/dependabot/github_actions/actions/setup-python-3
build(deps): bump actions/setup-python from 1 to 3
2022-06-08 12:56:55 +02:00
dependabot[bot]
e2d6bb7444
build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-05 08:28:29 +00:00
dependabot[bot]
f89916e6fb
build(deps): bump actions/setup-python from 1 to 3
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 1 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-05 08:28:27 +00:00
naveen
7d95b15cbc chore: Included githubactions in the dependabot config
This should help with keeping the GitHub actions updated on new releases. This will also help with keeping it secure.

Dependabot helps in keeping the supply chain secure https://docs.github.com/en/code-security/dependabot

GitHub actions up to date https://docs.github.com/en/code-security/dependabot/working-with-dependabot/keeping-your-actions-up-to-date-with-dependabot

https://github.com/ossf/scorecard/blob/main/docs/checks.md#dependency-update-tool
Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
2022-06-05 01:30:13 +00:00
Max Kellermann
2730f91872 .github/workflows/build.yml: build everything, not just unit tests (Linux) 2022-05-23 21:32:42 +02:00
Max Kellermann
97ca85e155 .github/workflows/build.yml: verbose build (Linux) 2022-05-23 21:32:02 +02:00
Max Kellermann
39bb4c5871 .github/workflows/build.yml: build everything, not just unit tests 2022-05-23 21:28:28 +02:00
Max Kellermann
bdceb90c59 .github/workflows/build.yml: verbose build 2022-05-23 21:25:28 +02:00
Max Kellermann
a009e95afd .github/ISSUE_TEMPLATE/bug_report.md: add "Configuration" section 2022-05-19 09:26:21 +02:00
Max Kellermann
32aafb3572 .github/ISSUE_TEMPLATE/question.md: remove, we have GitHub discussions now 2022-05-19 09:25:00 +02:00
Max Kellermann
b577783cf0 .github/FUNDING.yml: remove, no funding
This was an experiment, but I decided I don't need that.
2022-05-19 09:24:22 +02:00
Max Kellermann
aa7b872a14 .github/workflows/build.yml: run "apt-get update"
The build has been failing for a week or two because the package lists
in the image are outdated.
2022-05-19 09:23:08 +02:00
Max Kellermann
b9cc036703 .github/workflows/build.yml: rebuild branch v0.23.x 2021-12-03 23:00:42 +01:00
Max Kellermann
f01388559f .github/workflows/build.yml: fix the ccache.key 2021-11-26 13:32:48 +01:00
Max Kellermann
27edd4a610 .github/workflows: merge build-{linux,macos}.yml into one 2021-11-26 13:32:08 +01:00
Max Kellermann
fd5b195879 .github/workflows/build-macos.yml: use actions/setup-python@v1
Without it, BSFishy/meson-build defaults to /usr/local/bin/python,
which is Python 2.
2021-11-23 12:17:32 +01:00
Max Kellermann
bb5df9839d .github/workflows/build-macos.yml: install Meson, ninja and Boost 2021-11-23 12:17:32 +01:00
Max Kellermann
be34d55291 .github/workflows: add macOS build 2021-11-23 11:41:40 +01:00
Max Kellermann
c13911b171 .github/workflows: auto-build with GitHub Actions 2021-11-23 10:45:14 +01:00
Max Kellermann
ff2e584bde
Create FUNDING.yml 2020-01-20 14:30:52 +01:00
Max Kellermann
45a091c00c .github: add issue templates 2019-05-20 16:44:02 +02:00