Skip to content

Bump step-security/harden-runner from 2.7.1 to 2.8.1 #941

Bump step-security/harden-runner from 2.7.1 to 2.8.1

Bump step-security/harden-runner from 2.7.1 to 2.8.1 #941

# run CMake build on Windows and Linux
name: CMake Build Multi-Platform
on:
push:
branches: [ "nam20485" ]
pull_request:
branches: [ "development", "main", "release", "nam20485" ]
permissions:
contents: read
env:
VCPKG_ROOT: ${{ github.workspace }}/vcpkg
VCPKG_BINARY_SOURCES: 'clear;x-gha,readwrite'
# support for GH dependency graph vcpkg integration
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
VCPKG_FEATURE_FLAGS: dependencygraph
ARTIFACTS_DIR: ${{ github.workspace }}/artifacts
ARTIFACTS_DIR_WIN: ${{ github.workspace }}\artifacts
jobs:
build:
name: CMake-Multi-Platform-Build
runs-on: ${{ matrix.os }}
permissions:
contents: write
checks: write
strategy:
# Set fail-fast to false to ensure that feedback is delivered for all matrix combinations. Consider changing this to true when your workflow is stable.
fail-fast: false
matrix:
include:
# Windows x64 Release
- os: windows-2022
preset: x64-release
# Linux x64 Release
- os: ubuntu-22.04
preset: linux-release
# MacOS x64 Release
- os: macos-12
preset: macos-release
# Linux mingw x64 Release
# - os: ubuntu-22.04
# preset: linux-mingw-w64-release
# # Linux Python Release
# - os: ubuntu-22.04
# preset: python-linux-release
steps:
- name: Harden Runner
uses: step-security/harden-runner@17d0e2bd7d51742c71671bd19fa12bdc9d40a3d6 # v2.8.1
with:
egress-policy: audit
- name: Checkout Repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
# add problem matchers by compiler
- name: Add Problem Matchers
uses: ammaraskar/msvc-problem-matcher@1ebcb382869bfdc2cc645e8a2a43b6d319ea1cc0 # master
if: matrix.os == 'windows-2022'
- name: Add Problem Matchers
uses: ammaraskar/gcc-problem-matcher@0f9c86f9e693db67dacf53986e1674de5f2e5f28 # master
if: matrix.os != 'windows-2022'
- name: Install vcpkg Dependencies
run: |
sudo apt update
sudo apt install -y -q --no-install-recommends build-essential tar curl zip unzip
if: matrix.os == 'ubuntu-22.04'
#
# os != windows-2022 (i.e. Linux, MacOS)
#
- name: Install vcpkg
run: |
git clone https://github.com/Microsoft/vcpkg.git ${{env.VCPKG_ROOT}}
"${{env.VCPKG_ROOT}}/bootstrap-vcpkg.sh"
# (Windows comes w/ vcpkg installed as part of VS)
if: matrix.os != 'windows-2022'
- name: Install Ninja
uses: seanmiddleditch/gha-setup-ninja@8b297075da4cd2a5f1fd21fe011b499edf06e9d2 # master
if: matrix.os != 'windows-2022'
# Export vcpkg Cache Variables
- name : Export vcpkg Cache Variables
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: |
core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
core.exportVariable('ACTIONS_RUNTIME_TOKEN', process.env.ACTIONS_RUNTIME_TOKEN || '');
# #
# # preset == linux-mingw-w64-release
# #
# - name: Install mingw-w64
# run: |
# sudo apt-get update
# sudo apt-get install -y --no-install-recommends mingw-w64
# if: matrix.preset == 'linux-mingw-w64-release'
#
# os == windows-2022
#
- name: Setup VC Tools
uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
if: matrix.os == 'windows-2022'
- name: Patch vcpkg
run: scripts/patch-vcpkg-install.ps1
if: matrix.os == 'windows-2022'
# #
# # preset == python-x64-release
# #
# - name: Generate SWIG Bindings
# run: |
# sudo apt-get update
# sudo apt-get install -y --no-install-recommends swig
# chmod +x ./scripts/generate-python-module.sh
# ./scripts/generate-python-module.sh
# if: matrix.preset == 'python-linux-release'
- name: Manual vcpkg Install (Non-Windows)
run: "\"${{env.VCPKG_ROOT}}/vcpkg\" install"
if: matrix.preset != 'linux-mingw-w64-release' && matrix.os != 'windows-2022'
- name: Manual vcpkg Install (Windows)
run: "& \"${{env.VCPKG_ROOT}}/vcpkg\" install --triplet x64-windows"
if: matrix.os == 'windows-2022'
# - name: Manual vcpkg Install (mingw-w64)
# run: "\"${{env.VCPKG_ROOT}}/vcpkg\" install --triplet x64-mingw-static"
# if: matrix.preset == 'linux-mingw-w64-release'
#
# CMake Build - All platforms
#
- name: CMake Configure
run: cmake --preset ${{matrix.preset}}
- name: CMake Build
run: cmake --build --preset ${{matrix.preset}}
- name: Checkout OdbDesign Test Data Repository
uses: actions/checkout@44c2b7a8a4ea60a981eaca3cf939b5f4305c123b # v4.1.5
with:
repository: 'nam20485/OdbDesignTestData'
path: 'OdbDesignTestData'
ref: 'main'
#token: ${{ secrets.ODBDESIGN_TESTDATA_ACCESS_TOKEN }}
- name : Export ODB_TEST_DATA_DIR
uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
with:
script: core.exportVariable('ODB_TEST_DATA_DIR', "${{github.workspace}}/OdbDesignTestData/TEST_DATA" || '');
- name: CMake Test
id: cmake-test
env:
ODB_TEST_DATA_DIR: ${{github.workspace}}/OdbDesignTestData/TEST_DATA
run: ctest --test-dir ./out/build/${{matrix.preset}}/OdbDesignTests --output-log ${{github.workspace}}/testlog.txt --output-junit ${{github.workspace}}/testlog.xml --output-on-failure
# let the report step fail the job if it finds failed tests...
continue-on-error: true
# report test results
- name: Report Test Results
uses: dorny/test-reporter@31a54ee7ebcacc03a09ea97a7e5465a47b84aea5 # v1.9.1
if: steps.cmake-test.outcome == 'success' || steps.cmake-test.outcome == 'failure'
with:
name: ${{ matrix.os }}_test-results
path: ${{github.workspace}}/testlog.xml
reporter: java-junit
path-replace-backslashes: true
# fail job based on report results
fail-on-error: true
#
# Artifacts
#
- name: Compress Artifacts (Linux)
if: matrix.os == 'ubuntu-22.04'
run: |
mkdir ${{env.ARTIFACTS_DIR}}
cp ./out/build/${{matrix.preset}}/OdbDesignLib/*.so ${{env.ARTIFACTS_DIR}}
cp ./out/build/${{matrix.preset}}/Utils/*.so ${{env.ARTIFACTS_DIR}}
cp ./out/build/${{matrix.preset}}/OdbDesignServer/OdbDesignServer ${{env.ARTIFACTS_DIR}}
cd ${{env.ARTIFACTS_DIR}}
zip -r ./artifacts-${{matrix.os}}.zip ./*.so ./OdbDesignServer
- name: Compress Artifacts (MacOS)
if: matrix.os == 'macos-12'
run: |
mkdir ${{env.ARTIFACTS_DIR}}
cp ./out/build/${{matrix.preset}}/OdbDesignLib/*.dylib ${{env.ARTIFACTS_DIR}}
cp ./out/build/${{matrix.preset}}/Utils/*.dylib ${{env.ARTIFACTS_DIR}}
cp ./out/build/${{matrix.preset}}/OdbDesignServer/OdbDesignServer ${{env.ARTIFACTS_DIR}}
cd ${{env.ARTIFACTS_DIR}}
zip -r ./artifacts-${{matrix.os}}.zip ./*.dylib ./OdbDesignServer
- name: Compress Artifacts (Windows)
if: matrix.os == 'windows-2022'
run: |
New-Item -ItemType Directory -Force -Path ${{env.ARTIFACTS_DIR_WIN}} -Verbose
Copy-Item -Path ".\out\build\${{matrix.preset}}\*.dll" -Destination ${{env.ARTIFACTS_DIR_WIN}} -Force -Verbose
Copy-Item -Path ".\out\build\${{matrix.preset}}\OdbDesignServer.exe" -Destination ${{env.ARTIFACTS_DIR_WIN}} -Force -Verbose
Compress-Archive -Path "${{env.ARTIFACTS_DIR_WIN}}\*.dll","${{env.ARTIFACTS_DIR_WIN}}\*.exe" -DestinationPath "${{env.ARTIFACTS_DIR_WIN}}\artifacts-${{matrix.os}}.zip" -Verbose -Force
- name: Upload Artifacts
uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3
with:
name: ${{ matrix.os }}-artifacts
path: ${{ env.ARTIFACTS_DIR }}/artifacts-${{matrix.os}}.zip
retention-days: 365 # 1 year