|
25 | 25 | run: git config --global --add safe.directory "$GITHUB_WORKSPACE" |
26 | 26 | - name: build |
27 | 27 | run: | |
| 28 | + if [ "${{ matrix.compiler }}" = "gcc" ]; then |
| 29 | + if [ "${{ matrix.buildtype }}" = "release" ]; then |
| 30 | + if [ "${{ matrix.distro }}" = "tumbleweed" ]; then |
| 31 | + export CFLAGS="-O2 -Wall -U_FORTIFY_SOURCE -D_FORTIFY_SOURCE=3 \ |
| 32 | + -fstack-protector-strong -funwind-tables -fasynchronous-unwind-tables \ |
| 33 | + -fstack-clash-protection -Werror=return-type -flto=auto -g" |
| 34 | + export CXXFLAGS="$CFLAGS" |
| 35 | + export LDFLAGS="-flto=auto" |
| 36 | + elif [ "${{ matrix.distro }}" = "fedora" ]; then |
| 37 | + export CFLAGS="-O2 -flto=auto -ffat-lto-objects -fexceptions -g \ |
| 38 | + -grecord-gcc-switches -pipe -Wall -Werror=format-security \ |
| 39 | + -Wp,-U_FORTIFY_SOURCE,-D_FORTIFY_SOURCE=3 -Wp,-D_GLIBCXX_ASSERTIONS \ |
| 40 | + -specs=/usr/lib/rpm/redhat/redhat-hardened-cc1 -fstack-protector-strong \ |
| 41 | + -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 -m32 -march=i686 -mtune=generic \ |
| 42 | + -msse2 -mfpmath=sse -mstackrealign -fasynchronous-unwind-tables \ |
| 43 | + -fstack-clash-protection" |
| 44 | + export CXXFLAGS="$CFLAGS" |
| 45 | + export LDFLAGS='-Wl,-z,relro -Wl,--as-needed -Wl,-z,pack-relative-relocs \ |
| 46 | + -Wl,-z,now -specs=/usr/lib/rpm/redhat/redhat-hardened-ld \ |
| 47 | + -specs=/usr/lib/rpm/redhat/redhat-hardened-ld-errors \ |
| 48 | + -specs=/usr/lib/rpm/redhat/redhat-annobin-cc1 \ |
| 49 | + -Wl,--build-id=sha1 -specs=/usr/lib/rpm/redhat/redhat-package-notes' |
| 50 | + fi |
| 51 | + fi |
| 52 | + fi |
| 53 | +
|
28 | 54 | scripts/build.sh -b ${{ matrix.buildtype }} -c ${{ matrix.compiler }} -x |
29 | 55 | - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 |
30 | 56 | name: upload logs |
|
0 commit comments