ksmith/orbithub
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Milestone 5: deliver embedded RDP sessions and lifecycle hardening

Browse Source
This commit is contained in:
Keith Smith
2026-03-03 18:59:26 -07:00
parent 230a401386
commit 36006bd4aa
2941 changed files with 724359 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

57
third_party/FreeRDP/.github/workflows/abi-checker.yml vendored Normal file
View File

@@ -0,0 +1,57 @@
name: abi-checker
on:
workflow_dispatch:
branches: [ master, stable* ]
inputs:
API_BASE_REF:
description: 'Base revision for ABI compatibility check'
required: true
default: '3.6.0'
pull_request:
branches: [ master, stable* ]
schedule:
- cron: '30 4 * * SUN'
jobs:
build:
runs-on: ubuntu-latest
name: "Run ABI checker on ubuntu-latest"
steps:
- name: "Check out pull request"
if: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event_name == 'pull_request' }}
uses: suzuki-shunsuke/get-pr-action@v0.1.0
id: pr
- name: "Check out source"
uses: actions/checkout@v4
with:
fetch-depth: 0
ref: ${{steps.pr.outputs.merge_commit_sha}}
- name: "Prepare environment"
run: |
sudo apt-get update -q -y
sudo apt-get --fix-broken install -q -y
sudo apt-get install -q -y devscripts equivs abigail-tools \
clang \
pylint \
curl
./packaging/scripts/prepare_deb_freerdp-nightly.sh
sudo mk-build-deps -i
- name: "Prepare configuration"
run: |
mkdir -p abi-checker
cp scripts/abi-diff.sh abi-checker/
echo "GITHUB_BASE_REF=$GITHUB_BASE_REF"
echo "GITHUB_HEAD_REF=$GITHUB_HEAD_REF"
echo "API_BASE_REF=${{ inputs.API_BASE_REF || '3.6.0' }}"
echo "HEAD=$(git rev-parse HEAD)"
echo "remotes=$(git remote -v)"
- name: "Run ABI check..."
env:
BASE_REF: ${{ github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event_name == 'pull_request' && github.event.pull_request.base.sha || github.event_name == 'workflow_dispatch' && inputs.API_BASE_REF || '3.6.0' }}
run: |
echo "BASE_REF=$BASE_REF"
./abi-checker/abi-diff.sh $BASE_REF

56
third_party/FreeRDP/.github/workflows/alt-architectures.yml vendored Normal file
View File

@@ -0,0 +1,56 @@
name: '[arm,ppc,ricsv] architecture builds'
on:
workflow_dispatch:
branches: [ master, stable* ]
schedule:
- cron: '30 5 * * SUN'
jobs:
build_job:
runs-on: ubuntu-latest
name: "Test on ${{ matrix.distro }}/${{ matrix.arch }}"
strategy:
fail-fast: false
matrix:
include:
- arch: armv7
distro: bookworm
- arch: aarch64
distro: bookworm
- arch: s390x
distro: bookworm
- arch: ppc64le
distro: bookworm
- arch: riscv64
distro: ubuntu24.04
steps:
- uses: actions/checkout@v4
- uses: uraimo/run-on-arch-action@v3.0.1
name: "Run tests"
id: build
with:
arch: ${{ matrix.arch }}
distro: ${{ matrix.distro }}
githubToken: ${{ github.token }}
env: |
CTEST_OUTPUT_ON_FAILURE: 1
WLOG_LEVEL: 'trace'
install: |
echo "whoami: $(whoami)"
echo "working directory: $(pwd)"
apt-get update -q -y
apt-get install -q -y devscripts clang ninja-build ccache equivs
run: |
echo "whoami: $(whoami)"
echo "working directory: $(pwd)"
find . -name control -exec mk-build-deps -i -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y" {} \;
cmake -GNinja \
-C ci/cmake-preloads/config-linux-alt-arch.txt \
-B ci-build \
-S . \
-DCMAKE_INSTALL_PREFIX=/tmp/ci-test \
-DCMAKE_C_COMPILER=/usr/bin/clang \
-DCMAKE_CXX_COMPILER=/usr/bin/clang++
cmake --build ci-build --parallel $(nproc) --target install
cmake --build ci-build --parallel $(nproc) --target test

26
third_party/FreeRDP/.github/workflows/bash-format.yml vendored Normal file
View File

@@ -0,0 +1,26 @@
name: bash-format
on:
workflow_dispatch:
branches: [ master, stable* ]
pull_request:
branches: [ master, stable* ]
schedule:
- cron: '30 4 * * SUN'
jobs:
build:
runs-on: ubuntu-latest
name: "bash-format"
steps:
- name: "Check out source"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
sudo apt-get update -q -y
sudo apt-get install -q -y \
shfmt
- name: "Run shfmt..."
run: |
./scripts/bash-format.sh

24
third_party/FreeRDP/.github/workflows/clang-tidy-post.yml vendored Normal file
View File

@@ -0,0 +1,24 @@
name: Post clang-tidy review comments
on:
workflow_run:
workflows: ["clang-tidy-review"]
types:
- completed
permissions:
pull-requests: write
issues: write
checks: write
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: akallabeth/clang-tidy-review/post@master
# lgtm_comment_body, max_comments, and annotations need to be set on the posting workflow in a split setup
with:
token: ${{ secrets.GITHUB_TOKEN }}
annotations: false
max_comments: 10

28
third_party/FreeRDP/.github/workflows/clang-tidy.yml vendored Normal file
View File

@@ -0,0 +1,28 @@
name: clang-tidy-review
on:
pull_request:
branches: [ master, stable* ]
jobs:
build:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
# Run clang-tidy
- uses: akallabeth/clang-tidy-review@master
id: review
with:
split_workflow: true
clang_tidy_checks: ''
apt_packages: devscripts,equivs
install_commands: 'ln -s packaging/deb/freerdp-nightly debian; mk-build-deps -i -t "apt-get -o Debug::pkgProblemResolver=yes --no-install-recommends -y"'
# CMake command to run in order to generate compile_commands.json
build_dir: tidy
cmake_command: cmake -Btidy -S. -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -C ci/cmake-preloads/config-qa.cmake
# Uploads an artefact containing clang_fixes.json
- uses: akallabeth/clang-tidy-review/upload@master
id: upload-review

26
third_party/FreeRDP/.github/workflows/cmake-format.yml vendored Normal file
View File

@@ -0,0 +1,26 @@
name: cmake-format
on:
workflow_dispatch:
branches: [ master, stable* ]
pull_request:
branches: [ master, stable* ]
schedule:
- cron: '30 4 * * SUN'
jobs:
build:
runs-on: ubuntu-latest
name: "cmake-format"
steps:
- name: "Check out source"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
sudo apt-get update -q -y
sudo apt-get install -q -y \
cmake-format
- name: "Run cmake-format..."
run: |
./scripts/cmake-format.sh

93
third_party/FreeRDP/.github/workflows/codeql-analysis.yml vendored Normal file
View File

@@ -0,0 +1,93 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
name: "CodeQL"
on:
workflow_dispatch:
branches: [ master, stable* ]
schedule:
- cron: '41 2 * * 2'
jobs:
analyze:
name: Analyze (${{ matrix.language }})
# Runner size impacts CodeQL analysis time. To learn more, please see:
# - https://gh.io/recommended-hardware-resources-for-running-codeql
# - https://gh.io/supported-runners-and-hardware-resources
# - https://gh.io/using-larger-runners (GitHub.com only)
# Consider using larger runners or machines with greater resources for possible analysis time improvements.
runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }}
timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }}
permissions:
# required for all workflows
security-events: write
# only required for workflows in private repositories
actions: read
contents: read
strategy:
fail-fast: false
matrix:
include:
- language: c-cpp
build-mode: manual
# CodeQL supports the following values keywords for 'language': 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift'
# Use `c-cpp` to analyze code written in C, C++ or both
# Use 'java-kotlin' to analyze code written in Java, Kotlin or both
# Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both
# To learn more about changing the languages that are analyzed or customizing the build mode for your analysis,
# see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning.
# If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how
# your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages
steps:
- name: Checkout repository
uses: actions/checkout@v4
# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: ${{ matrix.language }}
build-mode: ${{ matrix.build-mode }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs
# queries: security-extended,security-and-quality
# If the analyze step fails for one of the languages you are analyzing with
# "We were unable to automatically build your code", modify the matrix above
# to set the build mode to "manual" for that language. Then modify this step
# to build your code.
# Command-line programs to run using the OS shell.
# 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
- if: matrix.build-mode == 'manual'
run: |
sudo apt-get update -q -y
sudo apt-get install -q -y devscripts clang ccache ninja-build equivs
./packaging/scripts/prepare_deb_freerdp-nightly.sh
sudo mk-build-deps -i
mkdir ci-build
cd ci-build
export CC=/usr/bin/clang
export CXX=/usr/bin/clang++
export CFLAGS="-Weverything"
export CXXFLAGS="-Weverything"
cmake -GNinja ../ci/cmake-preloads/config-linux-all.txt ..
cmake --build .
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:${{matrix.language}}"

26
third_party/FreeRDP/.github/workflows/codespell.yml vendored Normal file
View File

@@ -0,0 +1,26 @@
name: codespell
on:
workflow_dispatch:
branches: [ master, stable* ]
pull_request:
branches: [ master, stable* ]
schedule:
- cron: '30 4 * * SUN'
jobs:
build:
runs-on: ubuntu-latest
name: "codespell"
steps:
- name: "Check out source"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
sudo apt-get update -q -y
sudo apt-get install -q -y \
codespell
- name: "Run codespell..."
run: |
./scripts/codespell.sh

59
third_party/FreeRDP/.github/workflows/coverity.yml vendored Normal file
View File

@@ -0,0 +1,59 @@
name: Coverity
on:
schedule:
- cron: "0 0 * * *"
workflow_dispatch:
branches: [ master, stable* ]
permissions:
contents: read
jobs:
scan:
runs-on: ubuntu-latest
if: ${{ github.repository_owner == 'FreeRDP' }}
steps:
- uses: actions/checkout@v4
- name: Install apt dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
devscripts \
ninja-build \
equivs \
ccache \
clang
sudo mk-build-deps --install packaging/deb/freerdp-nightly/control
- name: Download Coverity build tool
run: |
wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=FreeRDP" -O coverity_tool.tar.gz
mkdir coverity_tool
tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
- name: Build with Coverity build tool
run: |
export PATH=`pwd`/coverity_tool/bin:$PATH
export CC=/usr/bin/clang
export CXX=/usr/bin/clang++
cov-configure --template --compiler clang --comptype clangcc
# in source build is used to help coverity to determine relative file path
cmake \
-GNinja \
-C ci/cmake-preloads/config-coverity.txt \
-DCOVERITY_BUILD=ON \
-Bcov-build \
-S.
cov-build --dir cov-int cmake --build cov-build
- name: Submit build result to Coverity Scan
run: |
tar czvf cov.tar.gz cov-int
curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
--form email=team+coverity@freerdp.com \
--form file=@cov.tar.gz \
--form version="Commit $GITHUB_SHA" \
--form description="Build submitted via CI" \
https://scan.coverity.com/builds?project=FreeRDP

71
third_party/FreeRDP/.github/workflows/freebsd.yml vendored Normal file
View File

@@ -0,0 +1,71 @@
name: '[freebsd] architecture builds'
on:
workflow_dispatch:
branches: [ master, stable* ]
schedule:
- cron: '30 5 * * SAT'
jobs:
freebsd_job:
runs-on: ubuntu-latest
name: Build on FreeBSD
steps:
- uses: actions/checkout@v4
- name: Test in FreeBSD
id: test
uses: vmactions/freebsd-vm@v1
with:
usesh: true
copyback: false
prepare: |
pkg install -y \
cmake \
ninja \
krb5-devel \
json-c \
libcjson \
fdk-aac \
libsoxr \
sdl2 \
sdl3 \
sdl2_ttf \
sdl2_image \
opus \
png \
webp \
openjpeg \
libjpeg-turbo \
opensc \
v4l_compat \
libv4l \
uriparser \
ffmpeg \
pulseaudio \
pcsc-lite \
cups \
opencl \
openssl34 \
gsm \
influxpkg-config \
icu \
fusefs-libs3 \
ccache \
opencl-clang-llvm15 \
faac \
faad2 \
opus-tools \
openh264 \
alsa-lib \
cairo \
ocl-icd
run: |
export LD_LIBRARY_PATH=/usr/lib/clang/18/lib/freebsd
export CTEST_OUTPUT_ON_FAILURE=1
cmake -GNinja \
-C ci/cmake-preloads/config-freebsd.txt \
-B ci-build \
-S . \
-DCMAKE_INSTALL_PREFIX=/tmp/ci-test
cmake --build ci-build --parallel $(nproc) --target install
cmake --build ci-build --parallel $(nproc) --target test

43
third_party/FreeRDP/.github/workflows/fuzzing.yml vendored Normal file
View File

@@ -0,0 +1,43 @@
name: Fuzzing testing
on:
workflow_dispatch:
branches: [ master, stable* ]
schedule:
- cron: "0 3 21 * *"
jobs:
fuzzing:
if: github.repository == 'FreeRDP/FreeRDP'
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
sanitizer: [address, undefined]
steps:
- uses: actions/checkout@v4
- name: Build fuzzers (${{ matrix.sanitizer }})
id: build
uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master
with:
oss-fuzz-project-name: 'freerdp'
dry-run: false
sanitizer: ${{ matrix.sanitizer }}
- name: Run fuzzers (${{ matrix.sanitizer }})
uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master
with:
oss-fuzz-project-name: 'freerdp'
fuzz-seconds: 600
dry-run: false
sanitizer: ${{ matrix.sanitizer }}
- name: Upload crash
uses: actions/upload-artifact@v4.3.6
if: failure() && steps.build.outcome == 'success'
with:
name: ${{ matrix.sanitizer }}-artifacts
retention-days: 21
path: ./out/artifacts

29
third_party/FreeRDP/.github/workflows/issue-autoclose.yml vendored Normal file
View File

@@ -0,0 +1,29 @@
name: Close inactive issues
on:
workflow_dispatch:
schedule:
- cron: "33 3 * * *"
jobs:
close-issues:
runs-on: ubuntu-latest
permissions:
issues: write
pull-requests: write
steps:
- uses: actions/stale@v5
with:
days-before-stale: 30
days-before-close: 30
operations-per-run: 90
exempt-all-milestones: true
exempt-assignees: true
exempt-issue-labels: "wip,pinned,help-wanted,blocker,feature"
exempt-pr-labels: "wip,pinned,help-wanted,blocker,feature"
stale-issue-label: "stale"
stale-issue-message: "This issue is stale because it has been open for 30 days with no activity."
close-issue-message: "This issue was closed because it has been inactive for 14 days since being marked as stale."
days-before-pr-stale: -1
days-before-pr-close: -1
repo-token: ${{ secrets.GITHUB_TOKEN }}

22
third_party/FreeRDP/.github/workflows/macos.yml vendored Normal file
View File

@@ -0,0 +1,22 @@
name: macos-builder
on:
workflow_dispatch:
branches: [ master, stable* ]
schedule:
- cron: '30 5 * * SUN'
jobs:
build:
runs-on: macos-latest
name: "Run macos build on mac-latest"
steps:
- name: "Check out source"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
brew install autoconf automake git libtool meson
- name: "Run mac os build..."
run: |
./scripts/bundle-mac-os.sh

35
third_party/FreeRDP/.github/workflows/mingw.yml vendored Normal file
View File

@@ -0,0 +1,35 @@
name: mingw-builder
on:
workflow_dispatch:
branches: [ master, stable* ]
schedule:
- cron: '30 5 * * SUN'
jobs:
build:
runs-on: ubuntu-latest
name: "Run mingw build on ubuntu-latest"
steps:
- name: "Check out source"
uses: actions/checkout@v4
- name: "Prepare environment"
run: |
sudo apt-get update -q -y
sudo apt-get install -q -y \
git \
nasm \
meson \
cmake \
ninja-build \
mingw-w64 \
mingw-w64-tools \
binutils-mingw-w64
- name: "Run mingw [shared] build..."
run: |
./scripts/mingw.sh
- name: "Run mingw [static] build..."
run: |
./scripts/mingw.sh -c -s --clean-first

61
third_party/FreeRDP/.github/workflows/timezone-update.yml vendored Normal file
View File

@@ -0,0 +1,61 @@
# This workflow will build a .NET project
# For more information see: https://docs.github.com/en/actions/automating-builds-and-tests/building-and-testing-net
name: timezone-update
on:
workflow_dispatch:
branches: [ master, stable* ]
schedule:
- cron: "0 5 11 * *"
jobs:
build:
runs-on: windows-latest
permissions:
contents: write
pull-requests: write
steps:
- uses: actions/checkout@v4
- name: Setup .NET
uses: actions/setup-dotnet@v4
with:
dotnet-version: 8.0.x
- name: Configure CMake
run: cmake -G"Visual Studio 17 2022" -Bbuild -Swinpr\libwinpr\timezone\utils
- name: Restore dependencies
run: dotnet restore build\tzextract.sln
- name: Build & Install CMake
run: cmake --build build --config Release
- name: Update timezones
run: build\Release\tzextract.exe winpr\libwinpr\timezone
- name: Format code
run: |
clang-format -i --style=file:.clang-format winpr/libwinpr/timezone/WindowsZones.c
clang-format -i --style=file:.clang-format winpr/libwinpr/timezone/TimeZoneNameMap.c
clang-format -i --style=file:.clang-format winpr/libwinpr/timezone/TimeZoneNameMap_static.h
clang-format -i --style=file:.clang-format winpr/libwinpr/timezone/TimeZoneNameMap.json
- name: Create Pull Request
id: cpr
uses: peter-evans/create-pull-request@v6
with:
commit-message: Update timezone definitions
committer: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>
author: ${{ github.actor }} <${{ github.actor_id }}+${{ github.actor }}@users.noreply.github.com>
signoff: false
branch: timezone-patches
branch-suffix: timestamp
delete-branch: true
title: '[timezones] Update definitions'
body: |
Timezone update
- Auto-generated by [create-pull-request][1]
[1]: https://github.com/peter-evans/create-pull-request
labels: |
automated pr
assignees: akallabeth
reviewers: akallabeth
draft: false