* initial flatten deps scan
* move 3rd party scan to separate action
* allow fork to run
* install requests
* use packages
* pip install
* rename
* conditional vuln report
* trailing whitespace
* trailing whitespace
* detailed print
* add testing file
* add upload test sarif
* results sarif
* move sarif
* upload modified sarif
* test flow
* test with results.sarif
* formatting
* test naming convention
* description with text in artifactLocation
* don't use locations
* use template sarif
* just use template
* add one field mod
* add another field mod
* use actual osvReport
* add field
* add field
* test
* no information uri
* no information uri
* add name
* template NA data for results
* back to minimal template
* dynamic rules
* template update
* no results
* only use template
* test
* new test
* new test
* add back locations
* descriptive fields
* test
* use package name
* variable commit hash
* add chromium accessibility readme support
* use batch query test
* clean up
* use variables for sarif template
* initial automating ancestor commit
* allow for workflow on testing
* install gitpython in workflow
* wrap in try
* expand try
* check commit is not none
* quiet clone
* fix commit newline
* proper print for failed deps
* remove gitpython
* remove import
* fix origin source
* remove .dart from dep names
* update dep
* typo
* update
* clone into controlled name repo now
* fix github upstream clone url
* test CVE finding
* use templated rule and result
* typo
* remove test CVE
* add link straight to OSV DB
* comments
* use os mkdir
* check time of pinned commit
* quiet git
* print osv api query results if vulns found
* move upstream mapping into DEPS file
* add testing for DEPS file
* add khronos exception
* add basic ancestor commit test
* no vulns message
* do not produce empty sarif
* add yaml
* remove unused python dep
* no change?
* no more print, causing recipe issues
* string test
* string test
* no more fstrings
* convert to .format
* syntax
* remove unused dep
* test
* switch test script
* no encoding
* add back test
* typo
* remove scan flat deps tests again
* update
* fix tests
* typo
* newline
* use checkout dir
* prefix
* update to use prefix
* lint
* runhook attempt
* lint
* lint
* lint
* lint
* no license blurb
* cleanup
* enable for main
* do not raise error
* run on branch
* data indentation
* check file existence
create_macos_gen_snapshots.py uses `xcrun bitcode_strip` to copy
gen_snapshot from its build directory to a suffixed gen_snapshot_arm64
or gen_snapshot_armv7, while stripping the bitcode segment, if any.
This simplifies the python invocation to use subprocess.check_call, and
also guarantees the process exits with failure in such a situation --
we weren't checking the return value of generate_gen_snapshot.
This is cleanup for issues encountered while working on merging
macOS/iOS gen_snapshot tooling.
Issue: https://github.com/flutter/flutter/issues/103386
Issue: https://github.com/flutter/flutter/issues/101138
Cleans up the logic for building gen_snapshot for macOS hosts. Also adds
a bit more documentation to the snapshot-related build targets.
Previously:
* gen_snapshot targeting macOS (on both x64, and arm64) were generated
via the `create_macos_gen_snapshots` target.
* gen_snapshot arm/arm64 builds (on a macOS host) were generated via the
`create_arm_gen_snapshot` target. The reason why this covers only
arm/arm64 is simply that those are the only platforms we generate
iOS/Android AOT builds for. x64 iOS implies a simulator build, but we
only support debug builds for the iOS simulator, which aren't AOT
builds, and thus don't require gen_snapshot.
These two conditions overlap in the case of arm64 (but not x64) target
builds. This separates the two cases cleanly. A later patch will merge
the two cases to use a single tool.
Note that NEITHER of these two scenarios mentions builds for macOS hosts
targeting Fuchsia. That's because this target is never invoked during
Fuchsia target builds. See:
75d2baf5fe/BUILD.gn (L93-L95)
Issue: https://github.com/flutter/flutter/issues/103386
Issue: https://github.com/flutter/flutter/issues/101138
Currently, the hit-region is size FLT_MAX which is susceptible to
numerical overflow when rotating or translating (or any other
modification to the value).
