Skip to content

Commit

Permalink
Updates .github/workflows/CI.yml as per mbrossard#4
Browse files Browse the repository at this point in the history 
---
**Explanation of the Configuration**

  **Workflow Triggers**: The workflow is triggered on pushes and pull requests to the master branch.
  **Job Matrix**: The strategy.matrix allows us to define multiple operating systems and compilers, similar to the Travis CI matrix. This ensures that the code is tested across different environments.
  **Environment Setup**: The Set up environment step handles the installation of dependencies and sets environment variables based on the operating system and compiler being used.
  **Dependency Installation**: The Install dependencies step installs the necessary packages for Ubuntu. For macOS, it uses Homebrew to install the required packages.
  **Compiler Version Check**: The Check compiler version step verifies the compiler version being used.
  **Build and Test Steps**: The Build step runs the build commands, and the Run tests step executes the tests. The Clean up step ensures that any temporary files or states are cleaned up after the tests.

---
**Considerations for SOLID Principles and BCP**

**Single Responsibility Principle**: Each step in the workflow has a single responsibility (e.g., checking out code, setting up the environment, installing dependencies, building, testing, and cleaning up).
**Open/Closed Principle**: The matrix strategy allows for easy addition of new operating systems or compilers without modifying existing steps.

---
Other minor changes from personal template:

- yaml-linting GHA to lint the yaml files used for CI/CD
- optional circle-ci CI/CD config
- yamllint.conf for yaml-linting GHA
- xcode workspace with dynamic path includes
- gitignore for xcode workspace user settings
- added CodeQL GHA
  • Loading branch information
@reactive-firewall
reactive-firewall committed Dec 31, 2024
1 parent 2b58b76 commit 7bb1cbe
Show file tree
Hide file tree
Showing 7 changed files with 448 additions and 1 deletion.
2 changes: 1 addition & 1 deletion .circleci/config.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -11,7 +11,7 @@ jobs:
branches:
only:
- master
- Circle-CI-Support
- CI-CD-refactor-2024
steps:
- run:
name: "clean apt"
Expand Down
20 changes: 20 additions & 0 deletions .github/dependabot.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,20 @@
# To get started with Dependabot version updates, you'll need to specify which
# package ecosystems to update and where the package manifests are located.
# Please see the documentation for all configuration options:
# https://docs.github.com/code-security/dependabot/dependabot-version-updates/configuration-options-for-the-dependabot.yml-file
---
version: 2
updates:
- package-ecosystem: "github-actions" # See documentation for possible values
directory: ".github/workflows/" # Location of package manifests
target-branch: "master"
rebase-strategy: "disabled"
# Labels on pull requests for version updates only
labels:
- "CI"
commit-message:
prefix: "[UPDATE] "
include: "scope"
schedule:
interval: "weekly"
day: "tuesday"
83 changes: 83 additions & 0 deletions .github/workflows/CI.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,83 @@
# .github/workflows/CI.yml
---
name: CI

on: # yamllint disable-line rule:truthy
push:
branches: ["main", "master", "CI-CD-refactor-2024"]
pull_request:
branches: ["main", "master"]

jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-latest, macos-13, macos-14-arm64, macos-14, macos-latest]
compiler: [clang, gcc-10, gcc-11, gcc-12]
include:
- os: ubuntu-latest
compiler: clang
- os: ubuntu-latest
compiler: gcc-10
- os: ubuntu-latest
compiler: gcc-11
- os: ubuntu-latest
compiler: gcc-12
- os: macos-14
compiler: clang
- os: macos-14-arm64
compiler: clang
- os: macos-13
compiler: clang
- os: macos-latest
compiler: gcc-12
- os: macos-latest
compiler: clang

steps:
- name: Set up environment
run: |
if [[ "${{ matrix.os }}" == "macos-*" ]]; then
brew update
brew upgrade
brew install autoconf openssl
if [[ "${{ matrix.compiler }}" == "gcc-12" ]]; then
brew install gcc@12
echo "CC=gcc-12" >> $GITHUB_ENV
echo "CXX=g++-12" >> $GITHUB_ENV
else
brew install llvm-clang
fi
fi
- name: Install dependencies
run: |
if [[ "${{ matrix.os }}" == "ubuntu-latest" ]]; then
sudo apt-get update
sudo apt-get install -y ${{ matrix.compiler }} libnss3-dev libtool
fi
- name: Check compiler version
run: ${{ matrix.compiler }} --version

- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false

- name: Build
run: |
autoreconf --install --force --verbose -I m4
if [[ "${{ matrix.os }}" == "macos-latest" || "${{ matrix.os }}" == "macos-13" || "${{ matrix.os }}" == "macos-14" ]]; then
./configure --with-openssl=/usr/local/Cellar/openssl/*
else
./configure
fi
make V=1
- name: Run tests
run: make test

- name: Clean up
run: make test-clean
77 changes: 77 additions & 0 deletions .github/workflows/codeql-analysis.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,77 @@
# For most projects, this workflow file will not need changing; you simply need
# to commit it to your repository.
#
# You may wish to alter this file to override the set of languages analyzed,
# or to provide custom queries or build logic.
#
# ******** NOTE ********
# We have attempted to detect the languages in your repository. Please check
# the `language` matrix defined below to confirm you have the correct set of
# supported CodeQL languages.
#
---
name: "CodeQL"
on: # yamllint disable-line rule:truthy
push:
branches: ["main", "master", "CI-CD-refactor-2024"]
pull_request:
# The branches below must be a subset of the branches above
branches: ["main", "master", "stable"]
schedule:
# Every monday at 8:30 am - GH server time.
- cron: '30 8 * * 1'


# drop default read for more secure none defaults
permissions: {}

jobs:
analyze:
name: Analyze
runs-on: ubuntu-latest
permissions:
actions: read # optional (huristic for schedule issue in 2019)
contents: read # needed to clone code to scan
security-events: write # needed to upload results to GitHub security dashboard

strategy:
fail-fast: false
matrix:
language: ['c', 'javascript']
# CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby']
# Learn more about CodeQL language support at https://git.io/codeql-language-support

steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false

# Initializes the CodeQL tools for scanning.
- name: Initialize CodeQL
uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
with:
languages: ${{ matrix.language }}
# If you wish to specify custom queries, you can do so here or in a config file.
# By default, queries listed here will override any specified in a config file.
# Prefix the list here with "+" to use these queries and those in the config file.
# queries: ./path/to/local/query, your-org/your-repo/queries@main

# Autobuild attempts to build any compiled languages (C/C++, C#, or Java).
# If this step fails, then you should remove it and run the build manually (see below)
- name: Autobuild
uses: github/codeql-action/autobuild@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0

# ℹ️ Command-line programs to run using the OS shell.
# 📚 https://git.io/JvXDl

# ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
# and modify them (or add more) to build your code if your project
# uses a compiled language

# - run: |
# make bootstrap
# make release

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169 # v3.28.0
63 changes: 63 additions & 0 deletions .github/workflows/yaml-lint.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,63 @@
# .github/workflows/yaml-lint.yml
---
name: YAML Lint
on: # yamllint disable-line rule:truthy
push:
branches: ["main", "master", "CI-CD-refactor-2024"]
pull_request:
branches: ["main", "master"]

permissions: {} # Setting default permissions to none for enhanced security

# This action checks on the yaml config files for linting errors.

jobs:
yaml-lint:
permissions:
contents: read
pull-requests: read
statuses: write
runs-on: ubuntu-latest
env:
YAML_ARGS: "-f github --config-file .yamllint.conf --no-warnings"
# or set in repository action variables https://github.com/mbrossard/pkcs11/settings/variables/actions
# and use like so:
# YAML_ARGS: ${{ vars.YAML_ARGS }}
GIT_MATCH_PATTERN: "*.yaml *.yml **/*.yml ./.circleci/*.yml ./.github/**/*.yml"
steps:
- name: Checkout repository
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
persist-credentials: false
- name: Lint Workflow YAML
uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
with:
file_or_dir: .github/workflows/yaml-lint.yml
config_file: .yamllint.conf
format: github
no_warnings: true
if: ${{ !cancelled() }}
- name: Get YAML Files
id: yamlfiles
shell: bash
run: |
FILES=$(git ls-files --exclude-standard -- ${{ env.GIT_MATCH_PATTERN }} )
if [ -z "$FILES" ]; then
printf "%s\n" "No YAML files found."
printf "%s\n" "files=" >> "$GITHUB_OUTPUT"
else
printf "%s\n" "YAML files found:"
printf "%s\n" "$FILES"
# Replace line breaks with spaces for GitHub Action Output
FILES="${FILES//$'\n'/ }"
printf "%s\n" "files=$FILES" >> "$GITHUB_OUTPUT"
fi
if: ${{ success() }}
- name: Lint YAML Files
uses: ibiqlik/action-yamllint@2576378a8e339169678f9939646ee3ee325e845c # v3.1.1
with:
file_or_dir: ${{ steps.yamlfiles.outputs.files }}
config_file: .yamllint.conf
format: github
no_warnings: true
if: ${{ !cancelled() && steps.yamlfiles.outputs.files != '' }}
Loading

0 comments on commit 7bb1cbe

Please sign in to comment.