Commit Graph

21 Commits

Author SHA1 Message Date
Max Kellermann
3cc770a00b remove obsolete Boost dependency
Boost makes building a piece of software much more difficult than
necessary.  It's a huge library, and just uncompressing it takes a
considerable amount of time. MPD only used a tiny fraction of it, yet
its header bloat made the MPD build very slow.  Locating Boost was
difficult due to its arcane build system and its resistance to use
pkg-config; it's always a special case.  MPD could never use features
of newer Boost versions because Linux distributions always shipped old
Boost versions.  Boost made everything complicated and slow.

So, finally, after getting rid of GLib (commit ccdb94b06c), switching
to C++ and using Boost (commit 0801b3f495), we've finally get rid of
it 8 years later.

Unfortunately, I had to reimplement parts of it along the way
(e.g. IntrusiveList).  Kind of NIH, but on the other hand, compiling
MPD has become much easier for users.
2023-01-23 15:06:58 +01:00
Alex
8b1ff3f005
build: harden build.yml permissions
This PR adds explicit [permissions section](https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions) to workflows. This is a security best practice because by default workflows run with [extended set of permissions](https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token) (except from `on: pull_request` [from external forks](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/)). By specifying any permission explicitly all others are set to none. By using the principle of least privilege the damage a compromised workflow can do (because of an [injection](https://securitylab.github.com/research/github-actions-untrusted-input/) or compromised third party tool or action) is restricted.
It is recommended to have [most strict permissions on the top level](https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions) and grant write permissions on [job level](https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs) case by case.

Signed-off-by: Alex <aleksandrosansan@gmail.com>
2022-12-09 11:28:26 +01:00
Max Kellermann
20310437d0 .github/workflows/build.yml: build with Ubuntu 22.04 as well 2022-07-13 12:41:04 +02:00
Max Kellermann
d29e1544bf .github/workflows/build.yml: explicitly select ubuntu-20.04
According to https://github.com/actions/virtual-environments
"ubuntu-latest" maps to "ubuntu-20.04", even though "ubuntu-22.04" is
also available.  Since our job description is very specific to
"ubuntu-20.04", let's select this explicitly.
2022-07-13 12:37:02 +02:00
Max Kellermann
dcf39ee44e .github/workflows/build.yml: add "python-version: 3.x"
This appears to be necessary as of actions/setup-python@v4 (commit
45d908e25f).
2022-06-13 21:37:04 +02:00
dependabot[bot]
45d908e25f
build(deps): bump actions/setup-python from 3 to 4
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 3 to 4.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v3...v4)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-13 15:23:52 +00:00
Max Kellermann
b4f454a553
Merge pull request #1548 from MusicPlayerDaemon/dependabot/github_actions/actions/setup-python-3
build(deps): bump actions/setup-python from 1 to 3
2022-06-08 12:56:55 +02:00
dependabot[bot]
e2d6bb7444
build(deps): bump actions/checkout from 2 to 3
Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-05 08:28:29 +00:00
dependabot[bot]
f89916e6fb
build(deps): bump actions/setup-python from 1 to 3
Bumps [actions/setup-python](https://github.com/actions/setup-python) from 1 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v1...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-06-05 08:28:27 +00:00
Max Kellermann
2730f91872 .github/workflows/build.yml: build everything, not just unit tests (Linux) 2022-05-23 21:32:42 +02:00
Max Kellermann
97ca85e155 .github/workflows/build.yml: verbose build (Linux) 2022-05-23 21:32:02 +02:00
Max Kellermann
39bb4c5871 .github/workflows/build.yml: build everything, not just unit tests 2022-05-23 21:28:28 +02:00
Max Kellermann
bdceb90c59 .github/workflows/build.yml: verbose build 2022-05-23 21:25:28 +02:00
Max Kellermann
aa7b872a14 .github/workflows/build.yml: run "apt-get update"
The build has been failing for a week or two because the package lists
in the image are outdated.
2022-05-19 09:23:08 +02:00
Max Kellermann
b9cc036703 .github/workflows/build.yml: rebuild branch v0.23.x 2021-12-03 23:00:42 +01:00
Max Kellermann
f01388559f .github/workflows/build.yml: fix the ccache.key 2021-11-26 13:32:48 +01:00
Max Kellermann
27edd4a610 .github/workflows: merge build-{linux,macos}.yml into one 2021-11-26 13:32:08 +01:00
Max Kellermann
fd5b195879 .github/workflows/build-macos.yml: use actions/setup-python@v1
Without it, BSFishy/meson-build defaults to /usr/local/bin/python,
which is Python 2.
2021-11-23 12:17:32 +01:00
Max Kellermann
bb5df9839d .github/workflows/build-macos.yml: install Meson, ninja and Boost 2021-11-23 12:17:32 +01:00
Max Kellermann
be34d55291 .github/workflows: add macOS build 2021-11-23 11:41:40 +01:00
Max Kellermann
c13911b171 .github/workflows: auto-build with GitHub Actions 2021-11-23 10:45:14 +01:00