From 31d81ba6453ae84a134a0e9834b3bbff242a8b65 Mon Sep 17 00:00:00 2001 From: Volker Enderlein Date: Sat, 23 Dec 2023 00:22:45 +0100 Subject: [PATCH] Add code analysis and CI --- .github/workflows/codeql.yml | 75 ++++++++++++ .../continuous-integration-workflow.yml | 112 ++++++++++++++++++ 2 files changed, 187 insertions(+) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/continuous-integration-workflow.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..96ef4e8 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,75 @@ +name: "CodeQL" + +on: + workflow_dispatch: # Allow manual triggers + push: + branches: [ "master" ] + pull_request: + branches: [ "master" ] + schedule: + - cron: '30 1 * * 0' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + #strategy: + # fail-fast: false + # matrix: + # language: [ 'c-cpp', 'python' ] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: c-cpp + config: | + #disable-default-queries: true + #queries: + # - uses: security-and-quality + query-filters: + # Specifically hide the results of these queries. + - exclude: + id: cpp/assignment-does-not-return-this + - exclude: + id: cpp/fixme-comment + - exclude: + id: cpp/rule-of-two + - exclude: + id: cpp/use-of-goto + #config-file: ./lgtm.yml + + #- name: Autobuild + # uses: github/codeonfigureql-action/autobuild@v2 + + - name: Create build with CMake + run: | + sudo apt-get -y update + sudo apt-get -y install freeglut3-dev libgtk2.0-dev libgtkgl2.0-dev libboost-dev + mkdir cmake_download_dir + DOWNLOAD_FILE_COIN=coin-latest-Ubuntu2204-gcc11-x64.tar.gz + RELEASE_ID=`curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coin3d/coin/releases | jq -r --arg COIN_REPO_TAG_NAME "CI-builds" '.[] | select(.tag_name==$COIN_REPO_TAG_NAME) | .id'` + ASSET_ID=`curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coin3d/coin/releases/$RELEASE_ID | jq -r --arg DOWNLOAD_FILE_COIN "$DOWNLOAD_FILE_COIN" '.assets[] | select(.name==$DOWNLOAD_FILE_COIN) | .id'` + export DOWNLOAD_ADDRESS_COIN=https://api.github.com/repos/coin3d/coin/releases/assets/$ASSET_ID + echo download file $DOWNLOAD_FILE_COIN from address $DOWNLOAD_ADDRESS_COIN + curl -s -S -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/octet-stream" -o $DOWNLOAD_FILE_COIN $DOWNLOAD_ADDRESS_COIN + tar xzf $DOWNLOAD_FILE_COIN -C cmake_download_dir + cmake -S . -B cmake_build_dir -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=cmake_install_dir -DCMAKE_PREFIX_PATH=cmake_download_dir/Coin3D + + - name: Build project with CMake + run: cmake --build cmake_build_dir --target all --config Release -- -j4 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:c-cpp" diff --git a/.github/workflows/continuous-integration-workflow.yml b/.github/workflows/continuous-integration-workflow.yml new file mode 100644 index 0000000..a37c50b --- /dev/null +++ b/.github/workflows/continuous-integration-workflow.yml @@ -0,0 +1,112 @@ +name: Continuous Integration Build + +on: + workflow_dispatch: # Allow manual triggers + pull_request: + branches: [ master ] +# push: +# branches: [ master ] + +jobs: + ubuntu-build: + name: Ubuntu Build + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v4 + with: + submodules: recursive + - name: Create build directory and run CMake + run: | + sudo apt-get -y update + sudo apt-get -y install freeglut3-dev libgtk2.0-dev libgtkgl2.0-dev libboost-dev + mkdir cmake_download_dir + DOWNLOAD_FILE_COIN=coin-latest-Ubuntu2204-gcc11-x64.tar.gz + RELEASE_ID=`curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coin3d/coin/releases | jq -r --arg COIN_REPO_TAG_NAME "CI-builds" '.[] | select(.tag_name==$COIN_REPO_TAG_NAME) | .id'` + ASSET_ID=`curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coin3d/coin/releases/$RELEASE_ID | jq -r --arg DOWNLOAD_FILE_COIN "$DOWNLOAD_FILE_COIN" '.assets[] | select(.name==$DOWNLOAD_FILE_COIN) | .id'` + export DOWNLOAD_ADDRESS_COIN=https://api.github.com/repos/coin3d/coin/releases/assets/$ASSET_ID + echo download file $DOWNLOAD_FILE_COIN from address $DOWNLOAD_ADDRESS_COIN + curl -s -S -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/octet-stream" -o $DOWNLOAD_FILE_COIN $DOWNLOAD_ADDRESS_COIN + tar xzf $DOWNLOAD_FILE_COIN -C cmake_download_dir + cmake -S . -B cmake_build_dir -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=cmake_install_dir -DCMAKE_PREFIX_PATH=cmake_download_dir/Coin3D + - name: Build project + run: cmake --build cmake_build_dir --target install --config Release -- -j4 + #- name: Run tests + # run: ctest -C Release -VV + # working-directory: cmake_build_dir + - name: Create Artifacts + uses: actions/upload-artifact@v3 + with: + name: Ubuntu-Artifacts + path: cmake_install_dir/ + if: always() + +# windows-build: +# name: Windows Build +# runs-on: windows-latest +# steps: +# - name: Checkout repository +# uses: actions/checkout@v4 +# with: +# submodules: recursive +# - name: Create build directory and run CMake +# shell: cmd +# run: | +# mkdir ../cmake_download_dir +# set DOWNLOAD_FILE_COIN=coin-latest-msvc17-x64.zip +# for /f %%i in ('curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coin3d/coin/releases ^| jq -r --arg COIN_REPO_TAG_NAME "CI-builds" ".[] | select(.tag_name==$COIN_REPO_TAG_NAME) | .id"') do set RELEASE_ID=%%i +# for /f %%i in ('curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coin3d/coin/releases/%RELEASE_ID% ^| jq -r --arg DOWNLOAD_FILE_COIN "%DOWNLOAD_FILE_COIN%" ".assets[] | select(.name==$DOWNLOAD_FILE_COIN) | .id"') do set ASSET_ID=%%i +# set DOWNLOAD_ADDRESS_COIN=https://api.github.com/repos/coin3d/coin/releases/assets/%ASSET_ID% +# echo download file %DOWNLOAD_FILE_COIN% from address %DOWNLOAD_ADDRESS_COIN% +# curl -s -S -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/octet-stream" -o %DOWNLOAD_FILE_COIN% %DOWNLOAD_ADDRESS_COIN% +# 7z x %DOWNLOAD_FILE_COIN% -o../cmake_download_dir +# curl -s -S -L -H "Accept: application/octet-stream" -o wxdev.7z https://github.com/wxWidgets/wxWidgets/releases/download/v3.2.2.1/wxMSW-3.2.2_vc14x_x64_Dev.7z +# 7z x wxdev.7z -o../cmake_download_dir +# curl -s -S -L -H "Accept: application/octet-stream" -o wxinclude.7z https://github.com/wxWidgets/wxWidgets/releases/download/v3.2.2.1/wxWidgets-3.2.2.1-headers.7z +# 7z x wxinclude.7z -o../cmake_download_dir +# cmake -S . -B cmake_build_dir -G "Visual Studio 17 2022" -A x64 -DwxWidgets_ROOT_DIR=../cmake_download_dir -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=cmake_install_dir -DCMAKE_PREFIX_PATH=../cmake_download_dir/Coin3D +# - name: Build project +# run: cmake --build cmake_build_dir --target INSTALL --config Release -- /nologo /verbosity:minimal /maxcpucount:2 /property:MultiProcessorCompilation=true +# #- name: Run tests +# # run: ctest -C Release -VV +# # working-directory: cmake_build_dir +# - name: Create Artifacts +# uses: actions/upload-artifact@v3 +# with: +# name: Windows-Artifacts +# path: cmake_install_dir/ +# if: always() + +# macos-build: +# name: MacOS Build +# runs-on: macos-latest +# steps: +# - name: Checkout repository +# uses: actions/checkout@v4 +# with: +# submodules: recursive +# - name: Create build directory and run CMake +# run: | +# brew install wxwidgets +# export PATH=$PATH:$(brew --prefix wxwidgets)/bin +# export CMAKE_PREFIX_PATH=/usr/local/opt/wxwidgets +# mkdir cmake_download_dir +# DOWNLOAD_FILE_COIN=coin-latest-macos-monterey-clang14-x64.tar.gz +# RELEASE_ID=`curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coin3d/coin/releases | jq -r --arg COIN_REPO_TAG_NAME "CI-builds" '.[] | select(.tag_name==$COIN_REPO_TAG_NAME) | .id'` +# ASSET_ID=`curl -s -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" https://api.github.com/repos/coin3d/coin/releases/$RELEASE_ID | jq -r --arg DOWNLOAD_FILE_COIN "$DOWNLOAD_FILE_COIN" '.assets[] | select(.name==$DOWNLOAD_FILE_COIN) | .id'` +# export DOWNLOAD_ADDRESS_COIN=https://api.github.com/repos/coin3d/coin/releases/assets/$ASSET_ID +# echo download file $DOWNLOAD_FILE_COIN from address $DOWNLOAD_ADDRESS_COIN +# curl -s -S -L -H "Authorization: token ${{ secrets.GITHUB_TOKEN }}" -H "Accept: application/octet-stream" -o $DOWNLOAD_FILE_COIN $DOWNLOAD_ADDRESS_COIN +# tar xzf $DOWNLOAD_FILE_COIN -C cmake_download_dir +# cmake -S . -B cmake_build_dir -G "Unix Makefiles" -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=cmake_install_dir -DCMAKE_PREFIX_PATH="cmake_download_dir/Coin3D" +# - name: Build project +# run: cmake --build cmake_build_dir --target install --config Release -- -j4 +# #- name: Run tests +# # run: ctest -C Release -VV +# # working-directory: cmake_build_dir +# - name: Create Artifacts +# uses: actions/upload-artifact@v3 +# with: +# name: MacOS-Artifacts +# path: cmake_install_dir/ +# if: always()