diff --git a/.github/label-actions.yml b/.github/label-actions.yml deleted file mode 100644 index 653cf86..0000000 --- a/.github/label-actions.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# This file is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Configuration for Label Actions - https://github.com/dessant/label-actions - -added: - comment: > - This feature has been added and will be available in the next release. -fixed: - comment: > - This issue has been fixed and will be available in the next release. -invalid:duplicate: - comment: > - :wave: @{issue-author}, this appears to be a duplicate of a pre-existing issue. - close: true - lock: true - unlabel: 'status:awaiting-triage' - --invalid:duplicate: - reopen: true - unlock: true - -invalid:support: - comment: > - :wave: @{issue-author}, we use the issue tracker exclusively for bug reports. - However, this issue appears to be a support request. Please use our - [Support Center](https://app.lizardbyte.dev/support) for support issues. Thanks. - close: true - lock: true - lock-reason: 'off-topic' - unlabel: 'status:awaiting-triage' - --invalid:support: - reopen: true - unlock: true - -invalid:template-incomplete: - issues: - comment: > - :wave: @{issue-author}, please edit your issue to complete the template with - all the required info. Your issue will be automatically closed in 5 days if - the template is not completed. Thanks. - prs: - comment: > - :wave: @{issue-author}, please edit your PR to complete the template with - all the required info. Your PR will be automatically closed in 5 days if - the template is not completed. Thanks. diff --git a/.github/semantic.yml b/.github/semantic.yml index b5eb70d..92d97a7 100644 --- a/.github/semantic.yml +++ b/.github/semantic.yml @@ -12,3 +12,4 @@ titleAndCommits: false anyCommit: false allowMergeCommits: false allowRevertCommits: false +targetUrl: https://docs.lizardbyte.dev/latest/developers/contributing.html#creating-a-pull-request diff --git a/.github/workflows/_codeql.yml b/.github/workflows/_codeql.yml new file mode 100644 index 0000000..cfa961c --- /dev/null +++ b/.github/workflows/_codeql.yml @@ -0,0 +1,30 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +name: CodeQL +permissions: + actions: read + contents: read + security-events: write + +on: + push: + branches: + - master + pull_request: + branches: + - master + schedule: + - cron: '00 12 * * 0' # every Sunday at 12:00 UTC + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + call-codeql: + name: CodeQL + uses: LizardByte/.github/.github/workflows/__call-codeql.yml@master + if: ${{ github.repository != 'LizardByte/.github' }} diff --git a/.github/workflows/_common-lint.yml b/.github/workflows/_common-lint.yml new file mode 100644 index 0000000..7c31713 --- /dev/null +++ b/.github/workflows/_common-lint.yml @@ -0,0 +1,27 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +name: common lint +permissions: + contents: read + +on: + pull_request: + branches: + - master + types: + - opened + - synchronize + - reopened + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + lint: + name: Common Lint + uses: LizardByte/.github/.github/workflows/__call-common-lint.yml@master + if: ${{ github.repository != 'LizardByte/.github' }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index c9949dd..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,250 +0,0 @@ ---- -# This workflow is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# This workflow will analyze all supported languages in the repository using CodeQL Analysis. - -name: "CodeQL" -permissions: - contents: read - -on: - push: - branches: - - master - pull_request: - branches: - - master - schedule: - - cron: '00 12 * * 0' # every Sunday at 12:00 UTC - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - languages: - name: Get language matrix - outputs: - matrix: ${{ steps.lang.outputs.result }} - continue: ${{ steps.continue.outputs.result }} - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Get repo languages - id: lang - uses: actions/github-script@v7 - with: - script: | - // CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'] - // Use only 'java' to analyze code written in Java, Kotlin or both - // Use only 'javascript' to analyze code written in JavaScript, TypeScript or both - // Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'] - - const remap_languages = { - 'c++': 'cpp', - 'c#': 'csharp', - 'kotlin': 'java', - 'typescript': 'javascript', - } - - const repo = context.repo - const response = await github.rest.repos.listLanguages(repo) - let matrix = { - "include": [] - } - - // Track languages we've already added to avoid duplicates - const addedLanguages = new Set() - - // Check if workflow files exist to determine if we should add actions language - const fs = require('fs'); - const hasYmlFiles = fs.existsSync('.github/workflows') && - fs.readdirSync('.github/workflows').some(file => file.endsWith('.yml') || file.endsWith('.yaml')); - - // Add actions language if workflow files exist - if (hasYmlFiles) { - console.log('Found GitHub Actions workflow files. Adding actions to the matrix.'); - matrix['include'].push({ - "category": "/language:actions", - "language": "actions", - "name": "actions", - "os": "ubuntu-latest" - }); - } - - for (let [key, value] of Object.entries(response.data)) { - // remap language - if (remap_languages[key.toLowerCase()]) { - console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`) - key = remap_languages[key.toLowerCase()] - } - - const normalizedKey = key.toLowerCase() - - if (supported_languages.includes(normalizedKey) && !addedLanguages.has(normalizedKey)) { - // Mark this language as added - addedLanguages.add(normalizedKey) - - console.log(`Found supported language: ${normalizedKey}`) - let osList = ['ubuntu-latest']; - if (normalizedKey === 'swift') { - osList = ['macos-latest']; - } else if (normalizedKey === 'cpp') { - osList = ['macos-latest', 'ubuntu-latest', 'windows-latest']; - } - for (let os of osList) { - // set name for matrix - let name = osList.length === 1 ? normalizedKey : `${normalizedKey}, ${os}` - - // set category for matrix - let category = `/language:${normalizedKey}` - if (normalizedKey === 'cpp') { - category = `/language:cpp-${os.split('-')[0]}` - } - - // add to matrix - matrix['include'].push({ - "category": category, - "language": normalizedKey, - "name": name, - "os": os - }) - } - } - } - - // print languages - console.log(`matrix: ${JSON.stringify(matrix)}`) - - return matrix - - - name: Continue - id: continue - uses: actions/github-script@v7 - with: - script: | - // if matrix['include'] is an empty list return false, otherwise true - const matrix = ${{ steps.lang.outputs.result }} // this is already json encoded - - if (matrix['include'].length == 0) { - return false - } else { - return true - } - - analyze: - name: Analyze (${{ matrix.name }}) - if: needs.languages.outputs.continue == 'true' - defaults: - run: - shell: ${{ matrix.os == 'windows-latest' && 'msys2 {0}' || 'bash' }} - env: - GITHUB_CODEQL_BUILD: true - needs: languages - permissions: - actions: read - contents: read - security-events: write - runs-on: ${{ matrix.os || 'ubuntu-latest' }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.languages.outputs.matrix) }} - timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} - steps: - - name: Maximize build space - if: >- - runner.os == 'Linux' && - matrix.language == 'cpp' - uses: easimon/maximize-build-space@v10 - with: - root-reserve-mb: 30720 - remove-dotnet: ${{ (matrix.language == 'csharp' && 'false') || 'true' }} - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'false' - remove-docker-images: 'true' - - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Setup msys2 - if: >- - runner.os == 'Windows' && - matrix.language == 'cpp' - uses: msys2/setup-msys2@v2 - with: - msystem: ucrt64 - update: true - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # yamllint disable-line rule:line-length - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - config: | - paths-ignore: - - build - - node_modules - - third-party - - # Pre autobuild - # create a file named .codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh in the root of your repository - - name: Prebuild - id: prebuild - run: | - # check if prebuild script exists - filename=".codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh" - if [ -f "./${filename}" ]; then - echo "Running prebuild script: ${filename}" - ./${filename} - fi - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - - name: Autobuild - if: steps.prebuild.outputs.skip_autobuild != 'true' - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "${{ matrix.category }}" - output: sarif-results - upload: failure-only - - - name: filter-sarif - uses: advanced-security/filter-sarif@v1 - with: - input: sarif-results/${{ matrix.language }}.sarif - output: sarif-results/${{ matrix.language }}.sarif - patterns: | - -build/** - -node_modules/** - -third\-party/** - - - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v3 - with: - category: "${{ matrix.category }}" - sarif_file: sarif-results/${{ matrix.language }}.sarif - - - name: Upload loc as a Build Artifact - uses: actions/upload-artifact@v4 - with: - name: sarif-results-${{ matrix.language }}-${{ runner.os }} - path: sarif-results - if-no-files-found: error - retention-days: 1 diff --git a/.github/workflows/common-lint.yml b/.github/workflows/common-lint.yml deleted file mode 100644 index 7d72a16..0000000 --- a/.github/workflows/common-lint.yml +++ /dev/null @@ -1,312 +0,0 @@ ---- -# This workflow is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Common linting. - -name: common lint -permissions: - contents: read - -on: - pull_request: - branches: - - master - types: - - opened - - synchronize - - reopened - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - lint: - name: Common Lint - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.12' - - - name: Install dependencies - run: | - python -m pip install --upgrade \ - pip \ - setuptools \ - wheel \ - cmakelang \ - flake8 \ - nb-clean \ - nbqa[toolchain] - - - name: C++ - find files - id: cpp_files - run: | - # find files - found_files=$(find . -type f \ - -iname "*.c" -o \ - -iname "*.cpp" -o \ - -iname "*.h" -o \ - -iname "*.hpp" -o \ - -iname "*.m" -o \ - -iname "*.mm" \ - ) - ignore_files=$(find . -type f -iname ".clang-format-ignore") - - # Loop through each C++ file - for file in $found_files; do - for ignore_file in $ignore_files; do - ignore_directory=$(dirname "$ignore_file") - # if directory of ignore_file is beginning of file - if [[ "$file" == "$ignore_directory"* ]]; then - echo "ignoring file: ${file}" - found_files="${found_files//${file}/}" - break 1 - fi - done - done - - # remove empty lines - found_files=$(echo "$found_files" | sed '/^\s*$/d') - - echo "found cpp files: ${found_files}" - - # do not quote to keep this as a single line - echo found_files=${found_files} >> $GITHUB_OUTPUT - - - name: C++ - Clang format lint - if: always() && steps.cpp_files.outputs.found_files - uses: DoozyX/clang-format-lint-action@v0.20 - with: - source: ${{ steps.cpp_files.outputs.found_files }} - clangFormatVersion: '20' - extensions: 'c,cpp,h,hpp,m,mm' - style: file - inplace: false - - - name: CMake - find files - id: cmake_files - if: always() - run: | - # find files - found_files=$(find . -type f -iname "CMakeLists.txt" -o -iname "*.cmake") - ignore_files=$(find . -type f -iname ".cmake-lint-ignore") - - # Loop through each C++ file - for file in $found_files; do - for ignore_file in $ignore_files; do - ignore_directory=$(dirname "$ignore_file") - # if directory of ignore_file is beginning of file - if [[ "$file" == "$ignore_directory"* ]]; then - echo "ignoring file: ${file}" - found_files="${found_files//${file}/}" - break 1 - fi - done - done - - # remove empty lines - found_files=$(echo "$found_files" | sed '/^\s*$/d') - - echo "found cmake files: ${found_files}" - - # do not quote to keep this as a single line - echo found_files=${found_files} >> $GITHUB_OUTPUT - - - name: CMake - cmake-lint - if: always() && steps.cmake_files.outputs.found_files - run: | - cmake-lint --line-width 120 --tab-size 4 ${{ steps.cmake_files.outputs.found_files }} - - - name: Docker - find files - id: docker_files - if: always() - run: | - found_files=$(find . -type f -iname "Dockerfile" -o -iname "*.dockerfile") - - echo "found_files: ${found_files}" - - # do not quote to keep this as a single line - echo found_files=${found_files} >> $GITHUB_OUTPUT - - - name: Docker - hadolint - if: always() && steps.docker_files.outputs.found_files - run: | - docker pull hadolint/hadolint - - # create hadolint config file - cat < .hadolint.yaml - --- - ignored: - - DL3008 - - DL3013 - - DL3016 - - DL3018 - - DL3028 - - DL3059 - EOF - - failed=0 - failed_files="" - - for file in ${{ steps.docker_files.outputs.found_files }}; do - echo "::group::${file}" - docker run --rm -i \ - -e "NO_COLOR=0" \ - -e "HADOLINT_VERBOSE=1" \ - -v $(pwd)/.hadolint.yaml:/.config/hadolint.yaml \ - hadolint/hadolint < $file || { - failed=1 - failed_files="$failed_files $file" - } - echo "::endgroup::" - done - - if [ $failed -ne 0 ]; then - echo "::error:: hadolint failed for the following files: $failed_files" - exit 1 - fi - - - name: PowerShell - PSScriptAnalyzer - if: always() - shell: pwsh - run: | - # PSScriptAnalyzer is already installed on GitHub runners - - # To see a list of available rules, run the following command: - # Get-ScriptAnalyzerRule | Format-List - - # Create PSScriptAnalyzer config file only if it doesn't exist - if (-not (Test-Path ./PSScriptAnalyzerSettings.psd1)) { - @' - @{ - Severity=@( - 'Error', - 'Information', - 'Warning' - ) - ExcludeRules=@( - 'PSAlignAssignmentStatement' - ) - } - '@ | Out-File -FilePath ./PSScriptAnalyzerSettings.psd1 - } - - # Run PSScriptAnalyzer recursively on the whole repository - Write-Host "::group::Analyzing PowerShell files" - $results = Invoke-ScriptAnalyzer -Path "." -Recurse - - if ($results) { - $results | Format-Table -AutoSize - Write-Host "::error::PSScriptAnalyzer found issues in PowerShell files" - Write-Host "::endgroup::" - exit 1 - } else { - Write-Host "No issues found in PowerShell files" - Write-Host "::endgroup::" - } - - - name: Python - flake8 - if: always() - run: | - python -m flake8 \ - --color=always \ - --verbose - - - name: Python - nbqa flake8 - if: always() - run: | - python -m nbqa flake8 \ - --color=always \ - --verbose \ - . - - - name: Python - nb-clean - if: always() - run: | - output=$(find . -name '*.ipynb' -exec nb-clean check {} \;) - - # fail if there are any issues - if [ -n "$output" ]; then - echo "$output" - exit 1 - fi - - - name: Rust - find Cargo.toml - id: run_cargo - if: always() - run: | - # check if Cargo.toml exists - if [ -f "Cargo.toml" ]; then - echo "found_cargo=true" >> $GITHUB_OUTPUT - else - echo "found_cargo=false" >> $GITHUB_OUTPUT - fi - - - name: Rust - setup toolchain - if: always() && steps.run_cargo.outputs.found_cargo == 'true' - uses: dtolnay/rust-toolchain@stable - with: - components: rustfmt - - - name: Rust - cargo fmt - if: always() && steps.run_cargo.outputs.found_cargo == 'true' - run: | - cargo fmt -- --check - - - name: YAML - find files - id: yaml_files - if: always() - run: | - # space separated list of files - FILES=.clang-format - - # empty placeholder - found_files="" - - for FILE in ${FILES}; do - if [ -f "$FILE" ] - then - found_files="$found_files $FILE" - fi - done - - echo "found_files=${found_files}" >> $GITHUB_OUTPUT - - - name: YAML - yamllint - id: yamllint - if: always() - uses: ibiqlik/action-yamllint@v3 - with: - # https://yamllint.readthedocs.io/en/stable/configuration.html#default-configuration - config_data: | - extends: default - rules: - comments: - level: error - document-start: - level: error - line-length: - max: 120 - new-line-at-end-of-file: - level: error - new-lines: - type: unix - truthy: - # GitHub uses "on" for workflow event triggers - # .clang-format file has options of "Yes" "No" that will be caught by this, so changed to "warning" - allowed-values: ['true', 'false', 'on'] - check-keys: true - level: warning - file_or_dir: . ${{ steps.yaml_files.outputs.found_files }} - - - name: YAML - log - if: always() && steps.yamllint.outcome == 'failure' - run: cat "${{ steps.yamllint.outputs.logfile }}" >> $GITHUB_STEP_SUMMARY