diff options
| author | Mehmet Samet Duman <yongdohyun@projecttick.org> | 2026-04-02 20:38:37 +0300 |
|---|---|---|
| committer | Mehmet Samet Duman <yongdohyun@projecttick.org> | 2026-04-02 20:38:37 +0300 |
| commit | 25a9943d68a7dc31eeefeb17913dbe37d87e5302 (patch) | |
| tree | 540166d548cafc56726a07225f2dbe649c8e2444 /.github | |
| parent | a4b5ffbaadb591066e2a97f8d450fb1d93e56a6e (diff) | |
| download | Project-Tick-25a9943d68a7dc31eeefeb17913dbe37d87e5302.tar.gz Project-Tick-25a9943d68a7dc31eeefeb17913dbe37d87e5302.zip | |
NOISSUE Remove not needed CI workflows for GitHub Actions and reworked some workflows
Signed-off-by: Mehmet Samet Duman <yongdohyun@projecttick.org>
Diffstat (limited to '.github')
30 files changed, 1742 insertions, 0 deletions
diff --git a/.github/workflows/json4cpp-amalgam-comment.yml b/.github/workflows/json4cpp-amalgam-comment.yml new file mode 100644 index 0000000000..18592185d2 --- /dev/null +++ b/.github/workflows/json4cpp-amalgam-comment.yml @@ -0,0 +1,82 @@ +name: "json4cpp: Comment Check Amalgamation" + +on: + workflow_run: + workflows: ["json4cpp: Check amalgamation"] + types: + - completed + +permissions: + contents: read + +jobs: + comment: + if: ${{ github.event.workflow_run.conclusion == 'failure' }} + runs-on: ubuntu-latest + permissions: + contents: read + actions: read + issues: read + pull-requests: write + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - name: Download artifact + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + with: + script: | + var artifacts = await github.rest.actions.listWorkflowRunArtifacts({ + owner: context.repo.owner, + repo: context.repo.repo, + run_id: ${{github.event.workflow_run.id }}, + }); + var matchArtifact = artifacts.data.artifacts.filter((artifact) => { + return artifact.name == "pr" + })[0]; + var download = await github.rest.actions.downloadArtifact({ + owner: context.repo.owner, + repo: context.repo.repo, + artifact_id: matchArtifact.id, + archive_format: 'zip', + }); + var fs = require('fs'); + fs.writeFileSync('${{github.workspace}}/pr.zip', Buffer.from(download.data)); + - run: unzip pr.zip + + - name: Comment on PR + uses: actions/github-script@ed597411d8f924073f98dfc5c65a23a2325f34cd # v8.0.0 + with: + github-token: ${{ secrets.GITHUB_TOKEN }} + script: | + var fs = require('fs'); + const author = fs.readFileSync('./author') + const issue_number = Number(fs.readFileSync('./number')); + const opts = github.rest.issues.listForRepo.endpoint.merge({ + owner: context.repo.owner, + repo: context.repo.repo, + creator: author, + state: 'all' + }) + let first = true + const issues = await github.paginate(opts) + for (const issue of issues) { + if (issue.number === issue_number) { + continue + } + if (issue.pull_request) { + first = false + break + } + } + await github.rest.issues.createComment({ + issue_number: issue_number, + owner: context.repo.owner, + repo: context.repo.repo, + body: '## Amalgamation check failed!\nThe source code has not been amalgamated.' + + (first ? ' @' + author + ' Please read and follow the [Contribution Guidelines]' + + '(https://github.com/nlohmann/json/blob/develop/.github/CONTRIBUTING.md#files-to-change).' + : '') + }) diff --git a/.github/workflows/json4cpp-amalgam.yml b/.github/workflows/json4cpp-amalgam.yml new file mode 100644 index 0000000000..c25550487c --- /dev/null +++ b/.github/workflows/json4cpp-amalgam.yml @@ -0,0 +1,71 @@ +name: "json4cpp: Check amalgamation" + +on: + pull_request: + paths: + - 'json4cpp/**' + +permissions: + contents: read + +jobs: + save: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - name: Save PR number + run: | + mkdir -p ./pr + echo ${{ github.event.number }} > ./pr/number + echo ${{ github.event.pull_request.user.login }} > ./pr/author + - uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + with: + name: pr + path: pr/ + + check: + runs-on: ubuntu-latest + env: + MAIN_DIR: ${{ github.workspace }}/json4cpp + INCLUDE_DIR: ${{ github.workspace }}/json4cpp/single_include/nlohmann + TOOL_DIR: ${{ github.workspace }}/json4cpp/tools/tools/amalgamate + + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - name: Checkout pull request + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + ref: ${{ github.event.pull_request.head.sha }} + + - name: Install astyle + working-directory: json4cpp + run: | + python3 -mvenv venv + venv/bin/pip3 install -r tools/astyle/requirements.txt + + - name: Check amalgamation + working-directory: json4cpp + run: | + rm -fr $INCLUDE_DIR/json.hpp~ $INCLUDE_DIR/json_fwd.hpp~ + cp $INCLUDE_DIR/json.hpp $INCLUDE_DIR/json.hpp~ + cp $INCLUDE_DIR/json_fwd.hpp $INCLUDE_DIR/json_fwd.hpp~ + + python3 $TOOL_DIR/amalgamate.py -c $TOOL_DIR/config_json.json -s . + python3 $TOOL_DIR/amalgamate.py -c $TOOL_DIR/config_json_fwd.json -s . + echo "Format (1)" + ${{ github.workspace }}/json4cpp/venv/bin/astyle --project=tools/astyle/.astylerc --suffix=none --quiet $INCLUDE_DIR/json.hpp $INCLUDE_DIR/json_fwd.hpp + + diff $INCLUDE_DIR/json.hpp~ $INCLUDE_DIR/json.hpp + diff $INCLUDE_DIR/json_fwd.hpp~ $INCLUDE_DIR/json_fwd.hpp + + ${{ github.workspace }}/json4cpp/venv/bin/astyle --project=tools/astyle/.astylerc --suffix=orig $(find docs/examples include tests -type f \( -name '*.hpp' -o -name '*.cpp' -o -name '*.cu' \) -not -path 'tests/thirdparty/*' -not -path 'tests/abi/include/nlohmann/*' | sort) + echo Check + find . -name '*.orig' -exec false {} \+ diff --git a/.github/workflows/json4cpp-dependency-review.yml b/.github/workflows/json4cpp-dependency-review.yml new file mode 100644 index 0000000000..42b6cc2b8c --- /dev/null +++ b/.github/workflows/json4cpp-dependency-review.yml @@ -0,0 +1,23 @@ +name: "json4cpp: Dependency Review" + +on: + pull_request: + paths: + - 'json4cpp/**' + +permissions: + contents: read + +jobs: + dependency-review: + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - name: Checkout Repository + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + - name: Dependency Review + uses: actions/dependency-review-action@2031cfc080254a8a887f58cffee85186f0e49e48 # v4.9.0 diff --git a/.github/workflows/json4cpp-flawfinder.yml b/.github/workflows/json4cpp-flawfinder.yml new file mode 100644 index 0000000000..c496ab8d27 --- /dev/null +++ b/.github/workflows/json4cpp-flawfinder.yml @@ -0,0 +1,44 @@ +name: "json4cpp: Flawfinder" + +permissions: + contents: read + +on: + push: + branches: ["develop"] + paths: + - 'json4cpp/**' + pull_request: + branches: ["develop"] + paths: + - 'json4cpp/**' + schedule: + - cron: '41 14 * * 3' + +jobs: + flawfinder: + name: Flawfinder + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: flawfinder_scan + uses: david-a-wheeler/flawfinder@c57197cd6061453f10a496f30a732bc1905918d1 # v2.0.19 + with: + arguments: '--sarif ./json4cpp/' + output: 'flawfinder_results.sarif' + + - name: Upload analysis results to GitHub Security tab + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4 + with: + sarif_file: ${{ github.workspace }}/flawfinder_results.sarif diff --git a/.github/workflows/json4cpp-fuzz.yml b/.github/workflows/json4cpp-fuzz.yml new file mode 100644 index 0000000000..78805aa597 --- /dev/null +++ b/.github/workflows/json4cpp-fuzz.yml @@ -0,0 +1,39 @@ +name: "json4cpp: CIFuzz" + +on: + pull_request: + paths: + - 'json4cpp/**' + +permissions: + contents: read + +jobs: + Fuzzing: + runs-on: ubuntu-22.04 + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'json' + dry-run: false + language: c++ + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'json' + fuzz-seconds: 300 + dry-run: false + language: c++ + - name: Upload Crash + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts diff --git a/.github/workflows/json4cpp-labeler.yml b/.github/workflows/json4cpp-labeler.yml new file mode 100644 index 0000000000..2448a6a1ae --- /dev/null +++ b/.github/workflows/json4cpp-labeler.yml @@ -0,0 +1,26 @@ +name: "json4cpp: Pull Request Labeler" + +on: + pull_request_target: + types: [opened, synchronize] + +permissions: + contents: read + +jobs: + label: + permissions: + contents: read + pull-requests: write + + runs-on: ubuntu-latest + + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - uses: srvaroa/labeler@e8fbb2561481ef6e711a770f0234e9379dc76892 # master + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/json4cpp-publish-docs.yml b/.github/workflows/json4cpp-publish-docs.yml new file mode 100644 index 0000000000..c68dcccbd1 --- /dev/null +++ b/.github/workflows/json4cpp-publish-docs.yml @@ -0,0 +1,45 @@ +name: "json4cpp: Publish documentation" + +on: + push: + branches: + - develop + paths: + - 'json4cpp/docs/mkdocs/**' + - 'json4cpp/docs/examples/**' + workflow_dispatch: + +concurrency: + group: json4cpp-documentation + cancel-in-progress: false + +permissions: + contents: read + +jobs: + publish_documentation: + permissions: + contents: write + + runs-on: ubuntu-22.04 + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - name: Install virtual environment + working-directory: json4cpp + run: make install_venv -C docs/mkdocs + + - name: Build documentation + working-directory: json4cpp + run: make build -C docs/mkdocs + + - name: Deploy documentation + uses: peaceiris/actions-gh-pages@4f9cc6602d3f66b9c108549d475ec49e8ef4d45e # v4.0.0 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./json4cpp/docs/mkdocs/site diff --git a/.github/workflows/json4cpp-scorecards.yml b/.github/workflows/json4cpp-scorecards.yml new file mode 100644 index 0000000000..f8a6a10f46 --- /dev/null +++ b/.github/workflows/json4cpp-scorecards.yml @@ -0,0 +1,56 @@ +name: "json4cpp: Scorecard supply-chain security" + +on: + branch_protection_rule: + schedule: + - cron: '20 7 * * 2' + push: + branches: ["develop"] + paths: + - 'json4cpp/**' + +permissions: + contents: read + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + security-events: write + id-token: write + contents: read + actions: read + issues: read + pull-requests: read + checks: read + + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - name: Checkout code + uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + with: + persist-credentials: false + + - name: Run analysis + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 + with: + results_file: results.sarif + results_format: sarif + publish_results: true + + - name: Upload artifact + uses: actions/upload-artifact@bbbca2ddaa5d8feaa63e36b76fdaad77386f024f # v7.0.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + - name: Upload to code-scanning + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4.32.6 + with: + sarif_file: results.sarif diff --git a/.github/workflows/json4cpp-semgrep.yml b/.github/workflows/json4cpp-semgrep.yml new file mode 100644 index 0000000000..6b594e6bab --- /dev/null +++ b/.github/workflows/json4cpp-semgrep.yml @@ -0,0 +1,44 @@ +name: "json4cpp: Semgrep" + +on: + push: + branches: ["develop"] + paths: + - 'json4cpp/**' + pull_request: + branches: ["develop"] + paths: + - 'json4cpp/**' + schedule: + - cron: '23 2 * * 4' + +permissions: + contents: read + +jobs: + semgrep: + permissions: + contents: read + security-events: write + actions: read + name: Scan + runs-on: ubuntu-latest + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd # v6.0.2 + + - uses: returntocorp/semgrep-action@713efdd345f3035192eaa63f56867b88e63e4e5d + with: + publishToken: ${{ secrets.SEMGREP_APP_TOKEN }} + publishDeployment: ${{ secrets.SEMGREP_DEPLOYMENT_ID }} + generateSarif: "1" + + - name: Upload SARIF file + uses: github/codeql-action/upload-sarif@0d579ffd059c29b07949a3cce3983f0780820c98 # v4 + with: + sarif_file: semgrep.sarif + if: always() diff --git a/.github/workflows/json4cpp-stale.yml b/.github/workflows/json4cpp-stale.yml new file mode 100644 index 0000000000..6a061eed3c --- /dev/null +++ b/.github/workflows/json4cpp-stale.yml @@ -0,0 +1,35 @@ +name: "json4cpp: Comment and close stale issues and PR" + +on: + schedule: + - cron: '0 0 * * *' + +permissions: + contents: read + +jobs: + stale: + runs-on: ubuntu-latest + + permissions: + issues: write + pull-requests: write + + steps: + - name: Harden Runner + uses: step-security/harden-runner@fa2e9d605c4eeb9fcad4c99c224cee0c6c7f3594 # v2.16.0 + with: + egress-policy: audit + + - uses: actions/stale@b5d41d4e1d5dceea10e7104786b73624c18a190f # v10.2.0 + with: + stale-issue-label: 'state: stale' + stale-pr-label: 'state: stale' + exempt-issue-labels: 'pinned,security' + stale-issue-message: 'This issue has been marked as stale because it has been open for 90 days without activity. If this issue is still relevant, please add a comment or remove the "stale" label. Otherwise, it will be closed in 10 days. Thank you for helping us prioritize our work!' + stale-pr-message: 'This pull request has been marked as stale because it has had no activity for 30 days. While we won''t close it automatically, we encourage you to update or comment if it is still relevant. Keeping pull requests active and up-to-date helps us review and merge changes more efficiently. Thank you for your contributions!' + close-issue-message: 'This issue has been closed after being marked as stale for 10 days without any further activity. If this was done in error or the issue is still relevant, please feel free to reopen it or create a new issue. We appreciate your understanding and contributions.' + days-before-stale: 90 + days-before-pr-stale: 30 + days-before-close: 10 + days-before-pr-close: -1 diff --git a/.github/workflows/libnbtplusplus-ci.yml b/.github/workflows/libnbtplusplus-ci.yml new file mode 100644 index 0000000000..ed255a5802 --- /dev/null +++ b/.github/workflows/libnbtplusplus-ci.yml @@ -0,0 +1,61 @@ +name: "libnbtplusplus: CI" + +on: + push: + paths: + - 'libnbtplusplus/**' + - '.github/workflows/libnbtplusplus-ci.yml' + pull_request: + paths: + - 'libnbtplusplus/**' + - '.github/workflows/libnbtplusplus-ci.yml' + workflow_dispatch: + +permissions: + contents: read + +jobs: + build: + name: Build (${{ matrix.os }}) + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + os: [ubuntu-latest, macos-latest, windows-latest] + shared: [ON, OFF] + + steps: + - name: Checkout + uses: actions/checkout@v6 + + - name: Install zlib (Linux) + if: runner.os == 'Linux' + run: sudo apt-get update && sudo apt-get install -y zlib1g-dev + + - name: Install zlib (macOS) + if: runner.os == 'macOS' + run: brew install zlib + + - uses: ilammy/msvc-dev-cmd@v1 + if: runner.os == 'Windows' + + - name: Configure + run: | + cmake -S libnbtplusplus -B build \ + -DCMAKE_BUILD_TYPE=Release \ + -DNBT_BUILD_SHARED=${{ matrix.shared }} \ + -DNBT_USE_ZLIB=ON \ + -DNBT_BUILD_TESTS=ON + + - name: Build + run: cmake --build build --config Release -j2 + + - name: Test + run: ctest --test-dir build -C Release --output-on-failure + + lint-reuse: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: REUSE Compliance Check + uses: fsfe/reuse-action@v6 diff --git a/.github/workflows/neozip-analyze.yml b/.github/workflows/neozip-analyze.yml new file mode 100644 index 0000000000..b167f423e8 --- /dev/null +++ b/.github/workflows/neozip-analyze.yml @@ -0,0 +1,79 @@ +name: "neozip: Static Analysis" + +on: + workflow_call: + workflow_dispatch: + +jobs: + gcc-analyzer: + name: GCC-14 + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Install packages + run: sudo apt-get install -y gcc-14 + + - name: Generate project files + run: | + cmake -S neozip -B build \ + -DCMAKE_BUILD_TYPE=Release \ + -DBUILD_SHARED_LIBS=OFF \ + -DWITH_FUZZERS=OFF \ + -DWITH_CODE_COVERAGE=OFF \ + -DWITH_MAINTAINER_WARNINGS=OFF + env: + CC: gcc-14 + CFLAGS: >- + -fanalyzer + -Werror + -Wanalyzer-double-fclose + -Wanalyzer-double-free + -Wanalyzer-exposure-through-output-file + -Wanalyzer-file-leak + -Wanalyzer-free-of-non-heap + -Wanalyzer-malloc-leak + -Wanalyzer-null-argument + -Wanalyzer-null-dereference + -Wanalyzer-possible-null-argument + -Wanalyzer-possible-null-dereference + -Wanalyzer-stale-setjmp-buffer + -Wanalyzer-tainted-array-index + -Wanalyzer-unsafe-call-within-signal-handler + -Wanalyzer-use-after-free + -Wanalyzer-use-of-pointer-in-stale-stack-frame + CI: true + + - name: Compile source code + run: cmake --build build -j5 --config Release > /dev/null + + clang-analyzer: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Install packages + run: sudo apt-get install -y clang-tools + + - name: Generate project files + run: | + scan-build --status-bugs \ + cmake -S neozip -B build \ + -DCMAKE_BUILD_TYPE=Release \ + -DBUILD_SHARED_LIBS=OFF \ + -DWITH_FUZZERS=OFF \ + -DWITH_CODE_COVERAGE=OFF \ + -DWITH_MAINTAINER_WARNINGS=OFF + env: + CI: true + + - name: Compile source code + run: | + scan-build --status-bugs \ + cmake --build build -j5 --config Release > /dev/null diff --git a/.github/workflows/neozip-ci.yml b/.github/workflows/neozip-ci.yml new file mode 100644 index 0000000000..32c12a2c8d --- /dev/null +++ b/.github/workflows/neozip-ci.yml @@ -0,0 +1,71 @@ +name: "neozip: CI" + +on: + push: + paths: + - 'neozip/**' + - '.github/workflows/neozip-*.yml' + pull_request: + paths: + - 'neozip/**' + - '.github/workflows/neozip-*.yml' + workflow_dispatch: + +concurrency: + group: neozip-${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: ${{ github.ref != 'refs/heads/master' }} + +jobs: + # OSB runs first — guards against wasting time on uncompilable code + osb: + name: OSB + uses: ./.github/workflows/neozip-osb.yml + secrets: inherit + + analyze: + name: Static Analysis + needs: osb + uses: ./.github/workflows/neozip-analyze.yml + secrets: inherit + + cmake: + name: CMake + needs: osb + uses: ./.github/workflows/neozip-cmake.yml + secrets: inherit + + codeql: + name: CodeQL + needs: osb + uses: ./.github/workflows/neozip-codeql.yml + secrets: inherit + + configure: + name: Configure + needs: osb + uses: ./.github/workflows/neozip-configure.yml + secrets: inherit + + libpng: + name: Libpng + needs: osb + uses: ./.github/workflows/neozip-libpng.yml + secrets: inherit + + link: + name: Link + needs: osb + uses: ./.github/workflows/neozip-link.yml + secrets: inherit + + pigz: + name: Pigz + needs: osb + uses: ./.github/workflows/neozip-pigz.yml + secrets: inherit + + pkgcheck: + name: Package Check + needs: osb + uses: ./.github/workflows/neozip-pkgcheck.yml + secrets: inherit diff --git a/.github/workflows/neozip-cmake.yml b/.github/workflows/neozip-cmake.yml new file mode 100644 index 0000000000..6cf5bd1b16 --- /dev/null +++ b/.github/workflows/neozip-cmake.yml @@ -0,0 +1,115 @@ +name: "neozip: CMake" + +on: + workflow_call: + workflow_dispatch: + +env: + TERM: xterm-256color + GTEST_COLOR: 1 + +jobs: + cmake: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + timeout-minutes: 80 + strategy: + fail-fast: false + matrix: + include: + - name: Ubuntu GCC ASAN + os: ubuntu-latest + compiler: gcc + cxx-compiler: g++ + cxxflags: -Wno-maybe-uninitialized + cmake-args: -DWITH_SANITIZER=Address -DWITH_BENCHMARKS=ON + + - name: Ubuntu GCC Native Instructions + os: ubuntu-latest + compiler: gcc + cxx-compiler: g++ + cmake-args: -DWITH_NATIVE_INSTRUCTIONS=ON + + - name: Ubuntu Clang + os: ubuntu-latest + compiler: clang + cxx-compiler: clang++ + packages: llvm-15 llvm-15-tools + + - name: Ubuntu Clang No Optim + os: ubuntu-latest + compiler: clang + cxx-compiler: clang++ + cmake-args: -DWITH_OPTIM=OFF + + - name: Ubuntu Clang Compat + os: ubuntu-latest + compiler: clang + cxx-compiler: clang++ + cmake-args: -DZLIB_COMPAT=ON + + - name: macOS Clang + os: macos-latest + compiler: clang + cxx-compiler: clang++ + + - name: macOS Clang Compat + os: macos-latest + compiler: clang + cxx-compiler: clang++ + cmake-args: -DZLIB_COMPAT=ON + + - name: Windows MSVC Win64 + os: windows-latest + compiler: cl + cmake-args: -A x64 + + - name: Windows MSVC Win64 Compat + os: windows-latest + compiler: cl + cmake-args: -A x64 -DZLIB_COMPAT=ON + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Install packages (Ubuntu) + if: runner.os == 'Linux' && matrix.packages + run: | + sudo apt-get update + sudo apt-get install -y ${{ matrix.packages }} + + - name: Generate project files + shell: bash + run: | + cmake -S neozip -B build \ + ${{ matrix.cmake-args }} \ + -DCMAKE_BUILD_TYPE=Release \ + -DWITH_MAINTAINER_WARNINGS=ON + env: + CC: ${{ matrix.compiler }} + CXX: ${{ matrix.cxx-compiler }} + CFLAGS: ${{ matrix.cflags }} + CXXFLAGS: ${{ matrix.cxxflags }} + LDFLAGS: ${{ matrix.ldflags }} + CI: true + + - name: Compile source code + run: cmake --build build -j5 --config Release + + - name: Run test cases + run: ctest --verbose -C Release --output-on-failure --max-width 120 -j 5 + working-directory: build + + - name: Upload build errors + uses: actions/upload-artifact@v7 + if: failure() + with: + name: ${{ matrix.name }} (cmake) + path: | + **/CMakeFiles/CMakeOutput.log + **/CMakeFiles/CMakeError.log + **/Testing/Temporary/* + retention-days: 30 diff --git a/.github/workflows/neozip-codeql.yml b/.github/workflows/neozip-codeql.yml new file mode 100644 index 0000000000..2bc5f489bd --- /dev/null +++ b/.github/workflows/neozip-codeql.yml @@ -0,0 +1,53 @@ +name: "neozip: CodeQL" + +on: + workflow_call: + workflow_dispatch: + schedule: + - cron: "27 17 * * 0" + +jobs: + analyze: + name: CodeQL (${{ matrix.os }}) + runs-on: ${{ matrix.os }} + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + os: + - ubuntu-latest + - macos-latest + - windows-latest + + steps: + - name: Checkout + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: cpp + queries: +security-and-quality + + - name: Build default config + shell: bash + run: | + cmake -B build-default -S neozip ${{ runner.os == 'Windows' && '-A x64' || '' }} + cmake --build build-default -j4 + + - name: Build compat config + shell: bash + run: | + cmake -B build-compat -S neozip -DZLIB_COMPAT=ON -DWITH_NEW_STRATEGIES=OFF -DWITH_OPTIM=OFF -DWITH_REDUCED_MEM=ON ${{ runner.os == 'Windows' && '-A x64' || '' }} + cmake --build build-compat -j4 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 + with: + category: "/oss:${{ matrix.os }}" diff --git a/.github/workflows/neozip-configure.yml b/.github/workflows/neozip-configure.yml new file mode 100644 index 0000000000..263587160b --- /dev/null +++ b/.github/workflows/neozip-configure.yml @@ -0,0 +1,77 @@ +name: "neozip: Configure" + +on: + workflow_call: + workflow_dispatch: + +jobs: + configure: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - name: Ubuntu GCC + os: ubuntu-latest + compiler: gcc + configure-args: --warn + + - name: Ubuntu Clang + os: ubuntu-latest + compiler: clang + configure-args: --warn + + - name: Ubuntu GCC Compat + os: ubuntu-latest + compiler: gcc + configure-args: --warn --zlib-compat + + - name: macOS Clang + os: macos-latest + compiler: clang + configure-args: --warn + + - name: macOS Clang Compat + os: macos-latest + compiler: clang + configure-args: --warn --zlib-compat + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Install packages (macOS) + if: runner.os == 'macOS' + run: brew install ninja + env: + HOMEBREW_NO_INSTALL_CLEANUP: 1 + + - name: Generate project files + working-directory: neozip + run: ./configure ${{ matrix.configure-args }} + env: + CC: ${{ matrix.compiler }} + CFLAGS: ${{ matrix.cflags }} + LDFLAGS: ${{ matrix.ldflags }} + CI: true + + - name: Compile source code + run: make -j5 + working-directory: neozip + + - name: Run test cases + run: make test + working-directory: neozip + + - name: Upload build errors + uses: actions/upload-artifact@v7 + if: failure() + with: + name: ${{ matrix.name }} (configure) + path: | + neozip/Makefile + neozip/configure.log + retention-days: 30 diff --git a/.github/workflows/neozip-fuzz.yml b/.github/workflows/neozip-fuzz.yml new file mode 100644 index 0000000000..3e63443cea --- /dev/null +++ b/.github/workflows/neozip-fuzz.yml @@ -0,0 +1,43 @@ +name: "neozip: Fuzz" + +on: + pull_request: + paths: + - 'neozip/**' + - '.github/workflows/neozip-fuzz.yml' + workflow_dispatch: + push: + branches: + - master + - develop + paths: + - 'neozip/**' + +concurrency: + group: neozip-fuzz-${{ github.ref }} + cancel-in-progress: true + +jobs: + fuzzing: + name: Fuzzing + runs-on: ubuntu-latest + steps: + - name: Build Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'zlib-ng' + dry-run: false + + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'zlib-ng' + fuzz-seconds: 600 + dry-run: false + + - name: Upload Crash + uses: actions/upload-artifact@v7 + if: failure() + with: + name: artifacts + path: ./out/artifacts diff --git a/.github/workflows/neozip-libpng.yml b/.github/workflows/neozip-libpng.yml new file mode 100644 index 0000000000..436fd6bf3d --- /dev/null +++ b/.github/workflows/neozip-libpng.yml @@ -0,0 +1,56 @@ +name: "neozip: Libpng" + +on: + workflow_call: + workflow_dispatch: + +jobs: + libpng: + name: Ubuntu Clang + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Generate project files (neozip) + run: | + cmake -S neozip -B build-neozip \ + -DCMAKE_BUILD_TYPE=Release \ + -DBUILD_SHARED_LIBS=OFF \ + -DZLIB_COMPAT=ON \ + -DZLIB_ENABLE_TESTS=OFF + env: + CC: clang + CFLAGS: -fPIC + CI: true + + - name: Compile source code (neozip) + run: cmake --build build-neozip -j5 --config Release + + - name: Checkout repository (libpng) + uses: actions/checkout@v6 + with: + repository: glennrp/libpng + path: libpng + show-progress: 'false' + + - name: Generate project files (libpng) + run: | + cmake -S libpng -B build-libpng \ + -DCMAKE_BUILD_TYPE=Release \ + -DPNG_TESTS=ON \ + -DPNG_STATIC=OFF \ + -DZLIB_INCLUDE_DIR=${{ github.workspace }}/neozip \ + -DZLIB_LIBRARY=${{ github.workspace }}/build-neozip/libz.a + env: + CC: clang + CI: true + + - name: Compile source code (libpng) + run: cmake --build build-libpng -j5 --config Release + + - name: Run test cases (libpng) + run: ctest -j5 -C Release --output-on-failure --max-width 120 + working-directory: build-libpng diff --git a/.github/workflows/neozip-link.yml b/.github/workflows/neozip-link.yml new file mode 100644 index 0000000000..e4b5b41ecd --- /dev/null +++ b/.github/workflows/neozip-link.yml @@ -0,0 +1,75 @@ +name: "neozip: Link" + +on: + workflow_call: + workflow_dispatch: + +jobs: + zlib: + name: Link zlib + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Checkout zlib repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + repository: madler/zlib + path: zlib + + - name: Generate project files (zlib) + run: cmake -S zlib -B zlib/build -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF + + - name: Compile source code (zlib) + run: cmake --build zlib/build -j5 --config Release + + - name: Generate project files (native) + run: cmake -S neozip -B build-native -DZLIB_COMPAT=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DZLIB_LIBRARIES=../zlib/build/libz.a -DZLIB_INCLUDE_DIR="../zlib/build;../zlib" + + - name: Compile source code (native) + run: cmake --build build-native -j5 --config Release + + - name: Upload build errors + uses: actions/upload-artifact@v7 + if: failure() + with: + name: Link zlib (CMake Logs) + path: | + **/CMakeFiles/CMakeOutput.log + **/CMakeFiles/CMakeError.log + retention-days: 30 + + zlib-ng-compat: + name: Link zlib-ng compat + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Generate project files (compat) + run: cmake -S neozip -B build-compat -DZLIB_COMPAT=ON -DZLIB_ENABLE_TESTS=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DWITH_MAINTAINER_WARNINGS=ON + + - name: Compile source code (compat) + run: cmake --build build-compat -j5 --config Release + + - name: Generate project files (native) + run: cmake -S neozip -B build-native -DZLIB_COMPAT=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=OFF -DZLIB_LIBRARIES=../build-compat/libz.a -DZLIB_INCLUDE_DIR=../build-compat + + - name: Compile source code (native) + run: cmake --build build-native -j5 --config Release + + - name: Upload build errors + uses: actions/upload-artifact@v7 + if: failure() + with: + name: Link zlib-ng compat (CMake Logs) + path: | + **/CMakeFiles/CMakeOutput.log + **/CMakeFiles/CMakeError.log + retention-days: 30 diff --git a/.github/workflows/neozip-lint.yml b/.github/workflows/neozip-lint.yml new file mode 100644 index 0000000000..775856874c --- /dev/null +++ b/.github/workflows/neozip-lint.yml @@ -0,0 +1,24 @@ +name: "neozip: Lint" + +on: + pull_request: + paths: + - 'neozip/**' + workflow_dispatch: + +jobs: + lint: + name: Lint + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + fetch-depth: 0 + + - name: Whitespace errors + run: | + BASE_SHA="${{ github.event.pull_request.base.sha }}" + BASE_SHA="${BASE_SHA:-4b825dc642cb6eb9a060e54bf8d69288fbee4904}" + git config core.whitespace blank-at-eol + git diff --color --check "$BASE_SHA" -- 'neozip/*' ':!*.patch' ':!*.pdf' ':!neozip/test/data/' diff --git a/.github/workflows/neozip-osb.yml b/.github/workflows/neozip-osb.yml new file mode 100644 index 0000000000..94184241d6 --- /dev/null +++ b/.github/workflows/neozip-osb.yml @@ -0,0 +1,73 @@ +name: "neozip: OSB" + +on: + workflow_call: + workflow_dispatch: + +jobs: + cmake: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + timeout-minutes: 80 + strategy: + fail-fast: false + matrix: + include: + - name: Ubuntu GCC OSB + os: ubuntu-latest + compiler: gcc + cxx-compiler: g++ + build-dir: ../build + build-src-dir: ../neozip + cmake-args: -DWITH_BENCHMARKS=ON + + - name: Ubuntu GCC OSB add_subdirectory + os: ubuntu-latest + compiler: gcc + cxx-compiler: g++ + build-dir: ../build + build-src-dir: ../neozip/test/add-subdirectory-project + cmake-args: -DWITH_BENCHMARKS=ON + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: false + + - name: Make source tree read-only + shell: bash + run: chmod -R a-w neozip + + - name: Generate project files + shell: bash + run: | + cmake -S ${{ matrix.build-src-dir || 'neozip' }} -B ${{ matrix.build-dir || 'build' }} \ + ${{ matrix.cmake-args }} \ + -DWITH_MAINTAINER_WARNINGS=ON + env: + CC: ${{ matrix.compiler }} + CXX: ${{ matrix.cxx-compiler }} + CI: true + + - name: Compile source code + run: cmake --build ${{ matrix.build-dir || 'build' }} --verbose -j5 + + - name: Run test cases + run: ctest --verbose -C Release --output-on-failure --max-width 120 -j 5 + working-directory: ${{ matrix.build-dir || 'build' }} + + - name: Make source tree writable + shell: bash + run: chmod -R +w neozip + + - name: Upload build errors + uses: actions/upload-artifact@v7 + if: failure() + with: + name: ${{ matrix.name }} + path: | + **/CMakeFiles/CMakeOutput.log + **/CMakeFiles/CMakeError.log + **/Testing/Temporary/* + retention-days: 30 diff --git a/.github/workflows/neozip-pigz.yml b/.github/workflows/neozip-pigz.yml new file mode 100644 index 0000000000..2b5c6077cd --- /dev/null +++ b/.github/workflows/neozip-pigz.yml @@ -0,0 +1,69 @@ +name: "neozip: Pigz" + +on: + workflow_call: + workflow_dispatch: + +jobs: + pigz: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - name: Ubuntu GCC + os: ubuntu-latest + compiler: gcc + + - name: Ubuntu Clang + os: ubuntu-latest + compiler: clang + packages: llvm-15 llvm-15-tools + + - name: Ubuntu GCC AARCH64 + os: ubuntu-24.04-arm + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Install packages (Ubuntu) + if: runner.os == 'Linux' && matrix.packages + run: | + sudo apt-get update + sudo apt-get install -y ${{ matrix.packages }} + + - name: Generate project files + run: | + cmake ${{ matrix.cmake-args }} \ + -DCMAKE_BUILD_TYPE=Release \ + -DBUILD_SHARED_LIBS=OFF \ + -DZLIB_ROOT=../../neozip \ + -DWITH_CODE_COVERAGE=OFF \ + -DWITH_MAINTAINER_WARNINGS=ON + working-directory: neozip/test/pigz + env: + CC: ${{ matrix.compiler }} + CI: true + + - name: Compile source code + run: cmake --build . -j5 --config Release + working-directory: neozip/test/pigz + + - name: Run test cases + run: ctest --verbose -C Release --output-on-failure --max-width 120 -j 5 + working-directory: neozip/test/pigz + + - name: Upload build errors + uses: actions/upload-artifact@v7 + if: failure() + with: + name: ${{ matrix.name }} (pigz) + path: | + **/CMakeFiles/CMakeOutput.log + **/CMakeFiles/CMakeError.log + **/Testing/Temporary/* + retention-days: 30 diff --git a/.github/workflows/neozip-pkgcheck.yml b/.github/workflows/neozip-pkgcheck.yml new file mode 100644 index 0000000000..8325f3da4b --- /dev/null +++ b/.github/workflows/neozip-pkgcheck.yml @@ -0,0 +1,89 @@ +name: "neozip: Package Check" + +on: + workflow_call: + workflow_dispatch: + +jobs: + pkgcheck: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - name: Ubuntu GCC + os: ubuntu-latest + compiler: gcc + cxx-compiler: g++ + + - name: Ubuntu GCC AARCH64 + os: ubuntu-24.04-arm + compiler: gcc + cxx-compiler: g++ + + - name: macOS Clang + os: macOS-latest + compiler: clang + cxx-compiler: clang++ + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Install packages (Ubuntu) + if: runner.os == 'Linux' + run: | + sudo apt-get update + sudo apt-get install -y --no-install-recommends \ + abigail-tools \ + diffoscope \ + ninja-build + + - name: Install packages (macOS) + if: runner.os == 'macOS' + run: brew install ninja diffoscope + env: + HOMEBREW_NO_INSTALL_CLEANUP: 1 + + - name: Compare builds + working-directory: neozip + run: sh test/pkgcheck.sh + env: + CC: ${{ matrix.compiler }} + CXX: ${{ matrix.cxx-compiler }} + + - name: Compare builds (compat) + working-directory: neozip + run: sh test/pkgcheck.sh --zlib-compat + env: + CC: ${{ matrix.compiler }} + + - name: Check ABI + if: runner.os != 'macOS' + working-directory: neozip + run: sh test/abicheck.sh --refresh-if + env: + CC: ${{ matrix.compiler }} + CXX: ${{ matrix.cxx-compiler }} + + - name: Check ABI (compat) + if: runner.os != 'macOS' + working-directory: neozip + run: sh test/abicheck.sh --zlib-compat --refresh-if + env: + CC: ${{ matrix.compiler }} + CXX: ${{ matrix.cxx-compiler }} + + - name: Upload build errors + uses: actions/upload-artifact@v7 + if: failure() + with: + name: ${{ matrix.name }} + path: | + neozip/**/*.abi + neozip/btmp1/configure.log + neozip/btmp2/configure.log + retention-days: 30 diff --git a/.github/workflows/neozip-release.yml b/.github/workflows/neozip-release.yml new file mode 100644 index 0000000000..6f9610eaf3 --- /dev/null +++ b/.github/workflows/neozip-release.yml @@ -0,0 +1,129 @@ +name: "neozip: Release" + +on: + push: + tags: + - 'neozip-*' + +defaults: + run: + working-directory: neozip + +jobs: + release: + name: ${{ matrix.name }} + runs-on: ${{ matrix.os }} + strategy: + fail-fast: false + matrix: + include: + - name: Windows MSVC Win32 + os: windows-latest + compiler: cl + cmake-args: -A Win32 + deploy-name: win-x86 + + - name: Windows MSVC Win32 Compat + os: windows-latest + compiler: cl + cmake-args: -A Win32 -DZLIB_COMPAT=ON + deploy-name: win-x86-compat + + - name: Windows MSVC Win64 + os: windows-latest + compiler: cl + cmake-args: -A x64 + deploy-name: win-x86-64 + + - name: Windows MSVC Win64 Compat + os: windows-latest + compiler: cl + cmake-args: -A x64 -DZLIB_COMPAT=ON + deploy-name: win-x86-64-compat + + - name: Windows MSVC ARM + os: windows-latest + compiler: cl + cmake-args: -A ARM,version=10.0.22621.0 + deploy-name: win-arm + + - name: Windows MSVC ARM Compat + os: windows-latest + compiler: cl + cmake-args: -A ARM,version=10.0.22621.0 -DZLIB_COMPAT=ON + deploy-name: win-arm-compat + + - name: Windows MSVC ARM64 + os: windows-latest + compiler: cl + cmake-args: -A ARM64 + deploy-name: win-arm64 + + - name: Windows MSVC ARM64 Compat + os: windows-latest + compiler: cl + cmake-args: -A ARM64 -DZLIB_COMPAT=ON + deploy-name: win-arm64-compat + + - name: Windows MSVC ARM64EC + os: windows-latest + compiler: cl + cmake-args: -A ARM64EC + deploy-name: win-arm64ec + + - name: Windows MSVC ARM64EC Compat + os: windows-latest + compiler: cl + cmake-args: -A ARM64EC -DZLIB_COMPAT=ON + deploy-name: win-arm64ec-compat + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + with: + show-progress: 'false' + + - name: Set environment variables + shell: bash + run: echo "tag=${GITHUB_REF/refs\/tags\//}" >> $GITHUB_ENV + + - name: Install Windows 11 SDK (ARM) + if: matrix.name == 'Windows MSVC ARM' || matrix.name == 'Windows MSVC ARM Compat' + run: | + # Windows 11 SDK (10.0.22621.2428) + # https://developer.microsoft.com/en-us/windows/downloads/sdk-archive/index-legacy + Invoke-WebRequest -Method Get -Uri https://go.microsoft.com/fwlink/p/?LinkId=2250105 -OutFile sdksetup.exe -UseBasicParsing + Unblock-File sdksetup.exe + Start-Process -Wait sdksetup.exe -ArgumentList "/q", "/norestart", "/ceip off" + + - name: Generate project files + shell: bash + run: | + cmake . ${{ matrix.cmake-args }} \ + -DCMAKE_BUILD_TYPE=Release \ + -DZLIB_ENABLE_TESTS=ON \ + -DCMAKE_INSTALL_PREFIX=out \ + -DINSTALL_UTILS=ON + env: + CC: ${{ matrix.compiler }} + CI: true + + - name: Compile source code + run: cmake --build . -j5 --config Release --target install + + - name: Package release (Windows) + if: runner.os == 'Windows' + working-directory: neozip/out + run: 7z a -tzip ../zlib-ng-${{ matrix.deploy-name }}.zip bin include lib ../LICENSE.md ../PORTING.md ../README.md + + - name: Upload release (Windows) + uses: svenstaro/upload-release-action@v2 + if: runner.os == 'Windows' + with: + asset_name: zlib-ng-${{ matrix.deploy-name }}.zip + file: neozip/zlib-ng-${{ matrix.deploy-name }}.zip + tag: ${{ env.tag }} + repo_token: ${{ secrets.GITHUB_TOKEN }} + overwrite: true + env: + GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/tomlplusplus-fuzz.yml b/.github/workflows/tomlplusplus-fuzz.yml new file mode 100644 index 0000000000..0ead0d2974 --- /dev/null +++ b/.github/workflows/tomlplusplus-fuzz.yml @@ -0,0 +1,45 @@ +name: "tomlplusplus: CIFuzz" + +on: + push: + branches: + - master + paths: + - 'tomlplusplus/**' + pull_request: + paths: + - 'tomlplusplus/**' + +permissions: {} + +jobs: + Fuzzing: + runs-on: ubuntu-latest + permissions: + security-events: write + steps: + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master + with: + oss-fuzz-project-name: 'tomlplusplus' + language: c++ + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master + with: + oss-fuzz-project-name: 'tomlplusplus' + language: c++ + fuzz-seconds: 800 + output-sarif: true + - name: Upload Crash + uses: actions/upload-artifact@v4 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts + - name: Upload Sarif + if: always() && steps.build.outcome == 'success' + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: cifuzz-sarif/results.sarif + checkout_path: cifuzz-sarif diff --git a/.github/workflows/tomlplusplus-gh-pages.yml b/.github/workflows/tomlplusplus-gh-pages.yml new file mode 100644 index 0000000000..f25064b6bb --- /dev/null +++ b/.github/workflows/tomlplusplus-gh-pages.yml @@ -0,0 +1,49 @@ +name: "tomlplusplus: gh-pages" + +on: + push: + branches: + - master + paths: + - 'tomlplusplus/**.h' + - 'tomlplusplus/**.hpp' + - 'tomlplusplus/**.dox' + - 'tomlplusplus/**.md' + - 'tomlplusplus/docs/**' + - '.github/workflows/tomlplusplus-gh-pages.yml' + workflow_dispatch: + +jobs: + gh-pages: + runs-on: ubuntu-latest + + defaults: + run: + shell: bash + working-directory: tomlplusplus + + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install dependencies + run: | + sudo apt -y update + sudo apt -y install --no-install-recommends git doxygen + pip3 install --user --upgrade poxy + + - name: Generate docs + run: | + git fetch origin master:refs/remotes/origin/master --tags --force + git remote set-head origin -a + git checkout master + git pull --force + cd docs + poxy --verbose --git-tags + + - name: Deploy + uses: peaceiris/actions-gh-pages@v3 + with: + github_token: ${{ secrets.GITHUB_TOKEN }} + publish_dir: ./tomlplusplus/docs/html diff --git a/.github/workflows/uvim-codeql.yml b/.github/workflows/uvim-codeql.yml new file mode 100644 index 0000000000..a2ebb3835f --- /dev/null +++ b/.github/workflows/uvim-codeql.yml @@ -0,0 +1,49 @@ +name: "uvim: CodeQL" + +on: + push: + branches: [master] + paths: + - 'uvim/**' + pull_request: + branches: [master] + paths: + - 'uvim/**' + schedule: + - cron: '0 18 * * 1' + +concurrency: + group: ${{ github.workflow }}-${{ github.event_name == 'pull_request' && github.head_ref || github.sha }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + analyze: + permissions: + contents: read + security-events: write + + name: Analyze + runs-on: ubuntu-latest + + strategy: + fail-fast: false + matrix: + language: ['cpp', 'python'] + + steps: + - name: Checkout repository + uses: actions/checkout@v6 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v4 + with: + languages: ${{ matrix.language }} + + - name: Autobuild + uses: github/codeql-action/autobuild@v4 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 diff --git a/.github/workflows/uvim-coverity.yml b/.github/workflows/uvim-coverity.yml new file mode 100644 index 0000000000..fb486778f4 --- /dev/null +++ b/.github/workflows/uvim-coverity.yml @@ -0,0 +1,89 @@ +name: "uvim: Coverity" + +on: + schedule: + - cron: '42 0 * * *' + workflow_dispatch: + +permissions: + contents: read + +defaults: + run: + working-directory: uvim + +jobs: + scan: + runs-on: ubuntu-24.04 + + env: + CC: gcc + DEBIAN_FRONTEND: noninteractive + TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + + steps: + - name: Checkout repository + if: env.TOKEN + uses: actions/checkout@v6 + + - name: Download Coverity + if: env.TOKEN + working-directory: ${{ github.workspace }} + run: | + wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz + mkdir cov-scan + tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan + + - name: Install packages + if: env.TOKEN + run: | + sudo apt-get update && sudo apt-get install -y \ + autoconf \ + gettext \ + libcanberra-dev \ + libperl-dev \ + python3-dev \ + liblua5.4-dev \ + lua5.4 \ + ruby-dev \ + tcl-dev \ + libgtk2.0-dev \ + desktop-file-utils \ + libtool-bin \ + libsodium-dev + + - name: Set up environment + if: env.TOKEN + working-directory: ${{ github.workspace }} + run: | + echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH + ( + echo "NPROC=$(getconf _NPROCESSORS_ONLN)" + echo "CONFOPT=--enable-perlinterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp" + ) >> $GITHUB_ENV + + - name: Configure + if: env.TOKEN + run: | + ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing + sed -i -f ci/config.mk.sed src/auto/config.mk + sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk + sed -i 's/-O2 \?//' src/auto/config.mk + + - name: Build/scan vim + if: env.TOKEN + run: | + cov-build --dir cov-int make -j${NPROC} + + - name: Submit results + if: env.TOKEN + run: | + tar zcf cov-scan.tgz cov-int + curl --form token=$TOKEN \ + --form email=$EMAIL \ + --form file=@cov-scan.tgz \ + --form version="$(git rev-parse HEAD)" \ + --form description="Automatic GHA scan" \ + 'https://scan.coverity.com/builds?project=vim' + env: + EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} diff --git a/.github/workflows/uvim-label.yml b/.github/workflows/uvim-label.yml new file mode 100644 index 0000000000..30dbfe5c2e --- /dev/null +++ b/.github/workflows/uvim-label.yml @@ -0,0 +1,15 @@ +name: "uvim: Labeler" + +on: [pull_request_target] + +jobs: + label: + runs-on: ubuntu-latest + permissions: + contents: read + pull-requests: write + + steps: + - uses: actions/labeler@v6 + with: + repo-token: "${{ secrets.GITHUB_TOKEN }}" diff --git a/.github/workflows/uvim-link-check.yml b/.github/workflows/uvim-link-check.yml new file mode 100644 index 0000000000..bf0190946a --- /dev/null +++ b/.github/workflows/uvim-link-check.yml @@ -0,0 +1,16 @@ +name: "uvim: Check Links" + +on: + workflow_dispatch: + schedule: + - cron: '0 3 * * 0' + +jobs: + lychee: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v6 + - name: Run Lychee + uses: lycheeverse/lychee-action@v2 + with: + args: --verbose --config uvim/ci/lychee.toml uvim/ |