diff --git a/.flake8 b/.flake8 index 2ea7395..a8948ef 100644 --- a/.flake8 +++ b/.flake8 @@ -3,4 +3,5 @@ filename = *.py max-line-length = 120 extend-exclude = + .venv/ venv/ diff --git a/.github/label-actions.yml b/.github/label-actions.yml deleted file mode 100644 index 653cf86..0000000 --- a/.github/label-actions.yml +++ /dev/null @@ -1,49 +0,0 @@ ---- -# This file is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Configuration for Label Actions - https://github.com/dessant/label-actions - -added: - comment: > - This feature has been added and will be available in the next release. -fixed: - comment: > - This issue has been fixed and will be available in the next release. -invalid:duplicate: - comment: > - :wave: @{issue-author}, this appears to be a duplicate of a pre-existing issue. - close: true - lock: true - unlabel: 'status:awaiting-triage' - --invalid:duplicate: - reopen: true - unlock: true - -invalid:support: - comment: > - :wave: @{issue-author}, we use the issue tracker exclusively for bug reports. - However, this issue appears to be a support request. Please use our - [Support Center](https://app.lizardbyte.dev/support) for support issues. Thanks. - close: true - lock: true - lock-reason: 'off-topic' - unlabel: 'status:awaiting-triage' - --invalid:support: - reopen: true - unlock: true - -invalid:template-incomplete: - issues: - comment: > - :wave: @{issue-author}, please edit your issue to complete the template with - all the required info. Your issue will be automatically closed in 5 days if - the template is not completed. Thanks. - prs: - comment: > - :wave: @{issue-author}, please edit your PR to complete the template with - all the required info. Your PR will be automatically closed in 5 days if - the template is not completed. Thanks. diff --git a/.github/semantic.yml b/.github/semantic.yml index b5eb70d..92d97a7 100644 --- a/.github/semantic.yml +++ b/.github/semantic.yml @@ -12,3 +12,4 @@ titleAndCommits: false anyCommit: false allowMergeCommits: false allowRevertCommits: false +targetUrl: https://docs.lizardbyte.dev/latest/developers/contributing.html#creating-a-pull-request diff --git a/.github/workflows/_codeql.yml b/.github/workflows/_codeql.yml new file mode 100644 index 0000000..cfa961c --- /dev/null +++ b/.github/workflows/_codeql.yml @@ -0,0 +1,30 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +name: CodeQL +permissions: + actions: read + contents: read + security-events: write + +on: + push: + branches: + - master + pull_request: + branches: + - master + schedule: + - cron: '00 12 * * 0' # every Sunday at 12:00 UTC + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + call-codeql: + name: CodeQL + uses: LizardByte/.github/.github/workflows/__call-codeql.yml@master + if: ${{ github.repository != 'LizardByte/.github' }} diff --git a/.github/workflows/_common-lint.yml b/.github/workflows/_common-lint.yml new file mode 100644 index 0000000..7c31713 --- /dev/null +++ b/.github/workflows/_common-lint.yml @@ -0,0 +1,27 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +name: common lint +permissions: + contents: read + +on: + pull_request: + branches: + - master + types: + - opened + - synchronize + - reopened + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + lint: + name: Common Lint + uses: LizardByte/.github/.github/workflows/__call-common-lint.yml@master + if: ${{ github.repository != 'LizardByte/.github' }} diff --git a/.github/workflows/_docker.yml b/.github/workflows/_docker.yml new file mode 100644 index 0000000..82f0ab2 --- /dev/null +++ b/.github/workflows/_docker.yml @@ -0,0 +1,38 @@ +--- +# This workflow is centrally managed in https://github.com/LizardByte/.github/ +# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in +# the above-mentioned repo. + +name: Docker +permissions: + contents: write + packages: write + +on: + pull_request: + branches: + - master + types: + - opened + - synchronize + - reopened + push: + branches: + - master + workflow_dispatch: + +concurrency: + group: "${{ github.workflow }}-${{ github.ref }}" + cancel-in-progress: true + +jobs: + call-docker: + name: Docker + uses: LizardByte/.github/.github/workflows/__call-docker.yml@master + if: ${{ github.repository != 'LizardByte/.github' }} + secrets: + DOCKER_HUB_USERNAME: ${{ secrets.DOCKER_HUB_USERNAME }} + DOCKER_HUB_ACCESS_TOKEN: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} + GH_BOT_NAME: ${{ secrets.GH_BOT_NAME }} + GH_BOT_TOKEN: ${{ secrets.GH_BOT_TOKEN }} + GH_TOKEN: ${{ secrets.GITHUB_TOKEN }} diff --git a/.github/workflows/ci-docker.yml b/.github/workflows/ci-docker.yml deleted file mode 100644 index d307d36..0000000 --- a/.github/workflows/ci-docker.yml +++ /dev/null @@ -1,380 +0,0 @@ ---- -# This workflow is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# This workflow is intended to work with all our organization Docker projects. A readme named `DOCKER_README.md` -# will be used to update the description on Docker hub. - -# custom comments in dockerfiles: - -# `# platforms: ` -# Comma separated list of platforms, i.e. `# platforms: linux/386,linux/amd64`. Docker platforms can alternatively -# be listed in a file named `.docker_platforms`. -# `# platforms_pr: ` -# Comma separated list of platforms to run for PR events, i.e. `# platforms_pr: linux/amd64`. This will take -# precedence over the `# platforms: ` directive. -# `# artifacts: ` -# `true` to build in two steps, stopping at `artifacts` build stage and extracting the image from there to the -# GitHub runner. - -name: CI Docker -permissions: - contents: read - -on: - pull_request: - branches: - - master - types: - - opened - - synchronize - - reopened - push: - branches: - - master - workflow_dispatch: - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - check_dockerfiles: - name: Check Dockerfiles - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Find dockerfiles - id: find - run: | - dockerfiles=$(find . -type f -iname "Dockerfile" -o -iname "*.dockerfile") - - echo "found dockerfiles: ${dockerfiles}" - - # do not quote to keep this as a single line - echo dockerfiles=${dockerfiles} >> $GITHUB_OUTPUT - - MATRIX_COMBINATIONS="" - for FILE in ${dockerfiles}; do - # extract tag from file name - tag=$(echo $FILE | sed -r -z -e 's/(\.\/)*.*\/(Dockerfile)/None/gm') - if [[ $tag == "None" ]]; then - MATRIX_COMBINATIONS="$MATRIX_COMBINATIONS {\"dockerfile\": \"$FILE\"}," - else - tag=$(echo $FILE | sed -r -z -e 's/(\.\/)*.*\/(.+)(\.dockerfile)/-\2/gm') - MATRIX_COMBINATIONS="$MATRIX_COMBINATIONS {\"dockerfile\": \"$FILE\", \"tag\": \"$tag\"}," - fi - done - - # removes the last character (i.e. comma) - MATRIX_COMBINATIONS=${MATRIX_COMBINATIONS::-1} - - # setup matrix for later jobs - matrix=$(( - echo "{ \"include\": [$MATRIX_COMBINATIONS] }" - ) | jq -c .) - - echo $matrix - echo $matrix | jq . - echo "matrix=$matrix" >> $GITHUB_OUTPUT - - - name: Find dotnet solution file - id: find_dotnet - run: | - solution=$(find . -maxdepth 1 -type f -iname "*.sln") - - echo "found solution: ${solution}" - - # do not quote to keep this as a single line - echo solution=${solution} >> $GITHUB_OUTPUT - - if [[ $solution != "" ]]; then - echo "dotnet=true" >> $GITHUB_OUTPUT - else - echo "dotnet=false" >> $GITHUB_OUTPUT - fi - - outputs: - dockerfiles: ${{ steps.find.outputs.dockerfiles }} - matrix: ${{ steps.find.outputs.matrix }} - dotnet: ${{ steps.find_dotnet.outputs.dotnet }} - solution: ${{ steps.find_dotnet.outputs.solution }} - - setup_release: - name: Setup Release - if: needs.check_dockerfiles.outputs.dockerfiles - needs: check_dockerfiles - outputs: - publish_release: ${{ steps.setup_release.outputs.publish_release }} - release_body: ${{ steps.setup_release.outputs.release_body }} - release_commit: ${{ steps.setup_release.outputs.release_commit }} - release_generate_release_notes: ${{ steps.setup_release.outputs.release_generate_release_notes }} - release_tag: ${{ steps.setup_release.outputs.release_tag }} - release_version: ${{ steps.setup_release.outputs.release_version }} - permissions: - contents: write # read does not work to check squash and merge details - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Setup Release - id: setup_release - uses: LizardByte/setup-release-action@v2025.426.225 - with: - dotnet: ${{ needs.check_dockerfiles.outputs.dotnet }} - github_token: ${{ secrets.GITHUB_TOKEN }} - - docker: - name: Docker${{ matrix.tag }} - if: needs.check_dockerfiles.outputs.dockerfiles - needs: - - check_dockerfiles - - setup_release - permissions: - packages: write - contents: write - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.check_dockerfiles.outputs.matrix) }} - steps: - - name: Maximize build space - uses: easimon/maximize-build-space@v10 - with: - root-reserve-mb: 30720 # https://github.com/easimon/maximize-build-space#caveats - remove-dotnet: 'true' - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'true' - remove-docker-images: 'true' - - - name: Checkout - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Prepare - id: prepare - env: - NV: ${{ needs.setup_release.outputs.release_tag }} - run: | - # get branch name - BRANCH=${GITHUB_HEAD_REF} - - RELEASE=${{ needs.setup_release.outputs.publish_release }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} - - if [ -z "$BRANCH" ]; then - echo "This is a PUSH event" - BRANCH=${{ github.ref_name }} - CLONE_URL=${{ github.event.repository.clone_url }} - else - echo "This is a PULL REQUEST event" - CLONE_URL=${{ github.event.pull_request.head.repo.clone_url }} - fi - - # determine to push image to dockerhub and ghcr or not - if [[ $GITHUB_EVENT_NAME == "push" ]]; then - PUSH=true - else - PUSH=false - fi - - # setup the tags - REPOSITORY=${{ github.repository }} - BASE_TAG=$(echo $REPOSITORY | tr '[:upper:]' '[:lower:]') - - TAGS="${BASE_TAG}:${COMMIT:0:7}${{ matrix.tag }},ghcr.io/${BASE_TAG}:${COMMIT:0:7}${{ matrix.tag }}" - - if [[ $GITHUB_REF == refs/heads/master ]]; then - TAGS="${TAGS},${BASE_TAG}:latest${{ matrix.tag }},ghcr.io/${BASE_TAG}:latest${{ matrix.tag }}" - TAGS="${TAGS},${BASE_TAG}:master${{ matrix.tag }},ghcr.io/${BASE_TAG}:master${{ matrix.tag }}" - else - TAGS="${TAGS},${BASE_TAG}:test${{ matrix.tag }},ghcr.io/${BASE_TAG}:test${{ matrix.tag }}" - fi - - if [[ ${NV} != "" ]]; then - TAGS="${TAGS},${BASE_TAG}:${NV}${{ matrix.tag }},ghcr.io/${BASE_TAG}:${NV}${{ matrix.tag }}" - fi - - # parse custom directives out of dockerfile - # try to get the platforms from the dockerfile custom directive, i.e. `# platforms: xxx,yyy` - # directives for PR event, i.e. not push event - if [[ ${RELEASE} == "false" ]]; then - while read -r line; do - if [[ $line == "# platforms_pr: "* && $PLATFORMS == "" ]]; then - # echo the line and use `sed` to remove the custom directive - PLATFORMS=$(echo -e "$line" | sed 's/# platforms_pr: //') - elif [[ $PLATFORMS != "" ]]; then - # break while loop once all custom "PR" event directives are found - break - fi - done <"${{ matrix.dockerfile }}" - fi - # directives for all events... above directives will not be parsed if they were already found - while read -r line; do - if [[ $line == "# platforms: "* && $PLATFORMS == "" ]]; then - # echo the line and use `sed` to remove the custom directive - PLATFORMS=$(echo -e "$line" | sed 's/# platforms: //') - elif [[ $line == "# artifacts: "* && $ARTIFACTS == "" ]]; then - # echo the line and use `sed` to remove the custom directive - ARTIFACTS=$(echo -e "$line" | sed 's/# artifacts: //') - elif [[ $line == "# no-cache-filters: "* && $NO_CACHE_FILTERS == "" ]]; then - # echo the line and use `sed` to remove the custom directive - NO_CACHE_FILTERS=$(echo -e "$line" | sed 's/# no-cache-filters: //') - elif [[ $PLATFORMS != "" && $ARTIFACTS != "" && $NO_CACHE_FILTERS != "" ]]; then - # break while loop once all custom directives are found - break - fi - done <"${{ matrix.dockerfile }}" - # if PLATFORMS is blank, fall back to the legacy method of reading from the `.docker_platforms` file - if [[ $PLATFORMS == "" ]]; then - # read the platforms from `.docker_platforms` - PLATFORMS=$(<.docker_platforms) - fi - # if PLATFORMS is still blank, fall back to `linux/amd64` - if [[ $PLATFORMS == "" ]]; then - PLATFORMS="linux/amd64" - fi - - echo "branch=${BRANCH}" >> $GITHUB_OUTPUT - echo "build_date=$(date -u +'%Y-%m-%dT%H:%M:%SZ')" >> $GITHUB_OUTPUT - echo "clone_url=${CLONE_URL}" >> $GITHUB_OUTPUT - echo "artifacts=${ARTIFACTS}" >> $GITHUB_OUTPUT - echo "no_cache_filters=${NO_CACHE_FILTERS}" >> $GITHUB_OUTPUT - echo "platforms=${PLATFORMS}" >> $GITHUB_OUTPUT - echo "tags=${TAGS}" >> $GITHUB_OUTPUT - - - name: Set Up QEMU - uses: docker/setup-qemu-action@v3 - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@v3 - id: buildx - - - name: Cache Docker Layers - uses: actions/cache@v4 - with: - path: /tmp/.buildx-cache - key: Docker-buildx${{ matrix.tag }}-${{ github.sha }} - restore-keys: | - Docker-buildx${{ matrix.tag }}- - - - name: Log in to Docker Hub - if: needs.setup_release.outputs.publish_release == 'true' # PRs do not have access to secrets - uses: docker/login-action@v3 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_ACCESS_TOKEN }} - - - name: Log in to the Container registry - if: needs.setup_release.outputs.publish_release == 'true' # PRs do not have access to secrets - uses: docker/login-action@v3 - with: - registry: ghcr.io - username: ${{ secrets.GH_BOT_NAME }} - password: ${{ secrets.GH_BOT_TOKEN }} - - - name: Build artifacts - if: steps.prepare.outputs.artifacts == 'true' - id: build_artifacts - uses: docker/build-push-action@v6 - with: - context: ./ - file: ${{ matrix.dockerfile }} - target: artifacts - outputs: type=local,dest=artifacts - push: false - platforms: ${{ steps.prepare.outputs.platforms }} - build-args: | - BRANCH=${{ steps.prepare.outputs.branch }} - BUILD_DATE=${{ steps.prepare.outputs.build_date }} - BUILD_VERSION=${{ needs.setup_release.outputs.release_tag }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} - CLONE_URL=${{ steps.prepare.outputs.clone_url }} - RELEASE=${{ needs.setup_release.outputs.publish_release }} - tags: ${{ steps.prepare.outputs.tags }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - no-cache-filters: ${{ steps.prepare.outputs.no_cache_filters }} - - - name: Build and push - id: build - uses: docker/build-push-action@v6 - with: - context: ./ - file: ${{ matrix.dockerfile }} - push: ${{ needs.setup_release.outputs.publish_release }} - platforms: ${{ steps.prepare.outputs.platforms }} - build-args: | - BRANCH=${{ steps.prepare.outputs.branch }} - BUILD_DATE=${{ steps.prepare.outputs.build_date }} - BUILD_VERSION=${{ needs.setup_release.outputs.release_tag }} - COMMIT=${{ needs.setup_release.outputs.release_commit }} - CLONE_URL=${{ steps.prepare.outputs.clone_url }} - RELEASE=${{ needs.setup_release.outputs.publish_release }} - tags: ${{ steps.prepare.outputs.tags }} - cache-from: type=local,src=/tmp/.buildx-cache - cache-to: type=local,dest=/tmp/.buildx-cache - no-cache-filters: ${{ steps.prepare.outputs.no_cache_filters }} - - - name: Arrange Artifacts - if: steps.prepare.outputs.artifacts == 'true' - working-directory: artifacts - run: | - # debug directory - echo "Current directory: $(pwd)" - echo "Directory contents: $(ls -Ra)" - - # artifacts will be in sub directories named after the docker target platform, e.g. `linux_amd64` - # so move files to the artifacts directory - # https://unix.stackexchange.com/a/52816 - find \ - ./ \ - -maxdepth 2 \ - -mindepth 2 \ - -type f \ - -not -name 'provenance.json' \ - -exec mv -t ./ -n '{}' + - - # remove provenance file - rm -f ./provenance.json - - - name: Upload Artifacts - if: steps.prepare.outputs.artifacts == 'true' - uses: actions/upload-artifact@v4 - with: - name: Docker${{ matrix.tag }} - path: artifacts/ - if-no-files-found: error - - - name: Create/Update GitHub Release - if: > - needs.setup_release.outputs.publish_release == 'true' && - steps.prepare.outputs.artifacts == 'true' - uses: LizardByte/create-release-action@v2025.426.1549 - with: - allowUpdates: true - artifacts: "*artifacts/*" - body: ${{ needs.setup_release.outputs.release_body }} - generateReleaseNotes: ${{ needs.setup_release.outputs.release_generate_release_notes }} - name: ${{ needs.setup_release.outputs.release_tag }} - prerelease: true - tag: ${{ needs.setup_release.outputs.release_tag }} - token: ${{ secrets.GH_BOT_TOKEN }} - - - name: Update Docker Hub Description - if: > - github.event_name == 'push' && - github.ref == 'refs/heads/master' - uses: peter-evans/dockerhub-description@v4 - with: - username: ${{ secrets.DOCKER_HUB_USERNAME }} - password: ${{ secrets.DOCKER_HUB_PASSWORD }} # token is not currently supported - repository: ${{ env.BASE_TAG }} - short-description: ${{ github.event.repository.description }} - readme-filepath: ./DOCKER_README.md diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index c9949dd..0000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,250 +0,0 @@ ---- -# This workflow is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# This workflow will analyze all supported languages in the repository using CodeQL Analysis. - -name: "CodeQL" -permissions: - contents: read - -on: - push: - branches: - - master - pull_request: - branches: - - master - schedule: - - cron: '00 12 * * 0' # every Sunday at 12:00 UTC - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - languages: - name: Get language matrix - outputs: - matrix: ${{ steps.lang.outputs.result }} - continue: ${{ steps.continue.outputs.result }} - runs-on: ubuntu-latest - steps: - - name: Checkout repository - uses: actions/checkout@v4 - - - name: Get repo languages - id: lang - uses: actions/github-script@v7 - with: - script: | - // CodeQL supports ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'] - // Use only 'java' to analyze code written in Java, Kotlin or both - // Use only 'javascript' to analyze code written in JavaScript, TypeScript or both - // Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - const supported_languages = ['cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby', 'swift'] - - const remap_languages = { - 'c++': 'cpp', - 'c#': 'csharp', - 'kotlin': 'java', - 'typescript': 'javascript', - } - - const repo = context.repo - const response = await github.rest.repos.listLanguages(repo) - let matrix = { - "include": [] - } - - // Track languages we've already added to avoid duplicates - const addedLanguages = new Set() - - // Check if workflow files exist to determine if we should add actions language - const fs = require('fs'); - const hasYmlFiles = fs.existsSync('.github/workflows') && - fs.readdirSync('.github/workflows').some(file => file.endsWith('.yml') || file.endsWith('.yaml')); - - // Add actions language if workflow files exist - if (hasYmlFiles) { - console.log('Found GitHub Actions workflow files. Adding actions to the matrix.'); - matrix['include'].push({ - "category": "/language:actions", - "language": "actions", - "name": "actions", - "os": "ubuntu-latest" - }); - } - - for (let [key, value] of Object.entries(response.data)) { - // remap language - if (remap_languages[key.toLowerCase()]) { - console.log(`Remapping language: ${key} to ${remap_languages[key.toLowerCase()]}`) - key = remap_languages[key.toLowerCase()] - } - - const normalizedKey = key.toLowerCase() - - if (supported_languages.includes(normalizedKey) && !addedLanguages.has(normalizedKey)) { - // Mark this language as added - addedLanguages.add(normalizedKey) - - console.log(`Found supported language: ${normalizedKey}`) - let osList = ['ubuntu-latest']; - if (normalizedKey === 'swift') { - osList = ['macos-latest']; - } else if (normalizedKey === 'cpp') { - osList = ['macos-latest', 'ubuntu-latest', 'windows-latest']; - } - for (let os of osList) { - // set name for matrix - let name = osList.length === 1 ? normalizedKey : `${normalizedKey}, ${os}` - - // set category for matrix - let category = `/language:${normalizedKey}` - if (normalizedKey === 'cpp') { - category = `/language:cpp-${os.split('-')[0]}` - } - - // add to matrix - matrix['include'].push({ - "category": category, - "language": normalizedKey, - "name": name, - "os": os - }) - } - } - } - - // print languages - console.log(`matrix: ${JSON.stringify(matrix)}`) - - return matrix - - - name: Continue - id: continue - uses: actions/github-script@v7 - with: - script: | - // if matrix['include'] is an empty list return false, otherwise true - const matrix = ${{ steps.lang.outputs.result }} // this is already json encoded - - if (matrix['include'].length == 0) { - return false - } else { - return true - } - - analyze: - name: Analyze (${{ matrix.name }}) - if: needs.languages.outputs.continue == 'true' - defaults: - run: - shell: ${{ matrix.os == 'windows-latest' && 'msys2 {0}' || 'bash' }} - env: - GITHUB_CODEQL_BUILD: true - needs: languages - permissions: - actions: read - contents: read - security-events: write - runs-on: ${{ matrix.os || 'ubuntu-latest' }} - strategy: - fail-fast: false - matrix: ${{ fromJson(needs.languages.outputs.matrix) }} - timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} - steps: - - name: Maximize build space - if: >- - runner.os == 'Linux' && - matrix.language == 'cpp' - uses: easimon/maximize-build-space@v10 - with: - root-reserve-mb: 30720 - remove-dotnet: ${{ (matrix.language == 'csharp' && 'false') || 'true' }} - remove-android: 'true' - remove-haskell: 'true' - remove-codeql: 'false' - remove-docker-images: 'true' - - - name: Checkout repository - uses: actions/checkout@v4 - with: - submodules: recursive - - - name: Setup msys2 - if: >- - runner.os == 'Windows' && - matrix.language == 'cpp' - uses: msys2/setup-msys2@v2 - with: - msystem: ucrt64 - update: true - - # Initializes the CodeQL tools for scanning. - - name: Initialize CodeQL - uses: github/codeql-action/init@v3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # yamllint disable-line rule:line-length - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - config: | - paths-ignore: - - build - - node_modules - - third-party - - # Pre autobuild - # create a file named .codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh in the root of your repository - - name: Prebuild - id: prebuild - run: | - # check if prebuild script exists - filename=".codeql-prebuild-${{ matrix.language }}-${{ runner.os }}.sh" - if [ -f "./${filename}" ]; then - echo "Running prebuild script: ${filename}" - ./${filename} - fi - - # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift). - - name: Autobuild - if: steps.prebuild.outputs.skip_autobuild != 'true' - uses: github/codeql-action/autobuild@v3 - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v3 - with: - category: "${{ matrix.category }}" - output: sarif-results - upload: failure-only - - - name: filter-sarif - uses: advanced-security/filter-sarif@v1 - with: - input: sarif-results/${{ matrix.language }}.sarif - output: sarif-results/${{ matrix.language }}.sarif - patterns: | - -build/** - -node_modules/** - -third\-party/** - - - name: Upload SARIF - uses: github/codeql-action/upload-sarif@v3 - with: - category: "${{ matrix.category }}" - sarif_file: sarif-results/${{ matrix.language }}.sarif - - - name: Upload loc as a Build Artifact - uses: actions/upload-artifact@v4 - with: - name: sarif-results-${{ matrix.language }}-${{ runner.os }} - path: sarif-results - if-no-files-found: error - retention-days: 1 diff --git a/.github/workflows/common-lint.yml b/.github/workflows/common-lint.yml deleted file mode 100644 index 7d72a16..0000000 --- a/.github/workflows/common-lint.yml +++ /dev/null @@ -1,312 +0,0 @@ ---- -# This workflow is centrally managed in https://github.com//.github/ -# Don't make changes to this file in this repo as they will be overwritten with changes made to the same file in -# the above-mentioned repo. - -# Common linting. - -name: common lint -permissions: - contents: read - -on: - pull_request: - branches: - - master - types: - - opened - - synchronize - - reopened - -concurrency: - group: "${{ github.workflow }}-${{ github.ref }}" - cancel-in-progress: true - -jobs: - lint: - name: Common Lint - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@v4 - - - name: Set up Python - uses: actions/setup-python@v5 - with: - python-version: '3.12' - - - name: Install dependencies - run: | - python -m pip install --upgrade \ - pip \ - setuptools \ - wheel \ - cmakelang \ - flake8 \ - nb-clean \ - nbqa[toolchain] - - - name: C++ - find files - id: cpp_files - run: | - # find files - found_files=$(find . -type f \ - -iname "*.c" -o \ - -iname "*.cpp" -o \ - -iname "*.h" -o \ - -iname "*.hpp" -o \ - -iname "*.m" -o \ - -iname "*.mm" \ - ) - ignore_files=$(find . -type f -iname ".clang-format-ignore") - - # Loop through each C++ file - for file in $found_files; do - for ignore_file in $ignore_files; do - ignore_directory=$(dirname "$ignore_file") - # if directory of ignore_file is beginning of file - if [[ "$file" == "$ignore_directory"* ]]; then - echo "ignoring file: ${file}" - found_files="${found_files//${file}/}" - break 1 - fi - done - done - - # remove empty lines - found_files=$(echo "$found_files" | sed '/^\s*$/d') - - echo "found cpp files: ${found_files}" - - # do not quote to keep this as a single line - echo found_files=${found_files} >> $GITHUB_OUTPUT - - - name: C++ - Clang format lint - if: always() && steps.cpp_files.outputs.found_files - uses: DoozyX/clang-format-lint-action@v0.20 - with: - source: ${{ steps.cpp_files.outputs.found_files }} - clangFormatVersion: '20' - extensions: 'c,cpp,h,hpp,m,mm' - style: file - inplace: false - - - name: CMake - find files - id: cmake_files - if: always() - run: | - # find files - found_files=$(find . -type f -iname "CMakeLists.txt" -o -iname "*.cmake") - ignore_files=$(find . -type f -iname ".cmake-lint-ignore") - - # Loop through each C++ file - for file in $found_files; do - for ignore_file in $ignore_files; do - ignore_directory=$(dirname "$ignore_file") - # if directory of ignore_file is beginning of file - if [[ "$file" == "$ignore_directory"* ]]; then - echo "ignoring file: ${file}" - found_files="${found_files//${file}/}" - break 1 - fi - done - done - - # remove empty lines - found_files=$(echo "$found_files" | sed '/^\s*$/d') - - echo "found cmake files: ${found_files}" - - # do not quote to keep this as a single line - echo found_files=${found_files} >> $GITHUB_OUTPUT - - - name: CMake - cmake-lint - if: always() && steps.cmake_files.outputs.found_files - run: | - cmake-lint --line-width 120 --tab-size 4 ${{ steps.cmake_files.outputs.found_files }} - - - name: Docker - find files - id: docker_files - if: always() - run: | - found_files=$(find . -type f -iname "Dockerfile" -o -iname "*.dockerfile") - - echo "found_files: ${found_files}" - - # do not quote to keep this as a single line - echo found_files=${found_files} >> $GITHUB_OUTPUT - - - name: Docker - hadolint - if: always() && steps.docker_files.outputs.found_files - run: | - docker pull hadolint/hadolint - - # create hadolint config file - cat < .hadolint.yaml - --- - ignored: - - DL3008 - - DL3013 - - DL3016 - - DL3018 - - DL3028 - - DL3059 - EOF - - failed=0 - failed_files="" - - for file in ${{ steps.docker_files.outputs.found_files }}; do - echo "::group::${file}" - docker run --rm -i \ - -e "NO_COLOR=0" \ - -e "HADOLINT_VERBOSE=1" \ - -v $(pwd)/.hadolint.yaml:/.config/hadolint.yaml \ - hadolint/hadolint < $file || { - failed=1 - failed_files="$failed_files $file" - } - echo "::endgroup::" - done - - if [ $failed -ne 0 ]; then - echo "::error:: hadolint failed for the following files: $failed_files" - exit 1 - fi - - - name: PowerShell - PSScriptAnalyzer - if: always() - shell: pwsh - run: | - # PSScriptAnalyzer is already installed on GitHub runners - - # To see a list of available rules, run the following command: - # Get-ScriptAnalyzerRule | Format-List - - # Create PSScriptAnalyzer config file only if it doesn't exist - if (-not (Test-Path ./PSScriptAnalyzerSettings.psd1)) { - @' - @{ - Severity=@( - 'Error', - 'Information', - 'Warning' - ) - ExcludeRules=@( - 'PSAlignAssignmentStatement' - ) - } - '@ | Out-File -FilePath ./PSScriptAnalyzerSettings.psd1 - } - - # Run PSScriptAnalyzer recursively on the whole repository - Write-Host "::group::Analyzing PowerShell files" - $results = Invoke-ScriptAnalyzer -Path "." -Recurse - - if ($results) { - $results | Format-Table -AutoSize - Write-Host "::error::PSScriptAnalyzer found issues in PowerShell files" - Write-Host "::endgroup::" - exit 1 - } else { - Write-Host "No issues found in PowerShell files" - Write-Host "::endgroup::" - } - - - name: Python - flake8 - if: always() - run: | - python -m flake8 \ - --color=always \ - --verbose - - - name: Python - nbqa flake8 - if: always() - run: | - python -m nbqa flake8 \ - --color=always \ - --verbose \ - . - - - name: Python - nb-clean - if: always() - run: | - output=$(find . -name '*.ipynb' -exec nb-clean check {} \;) - - # fail if there are any issues - if [ -n "$output" ]; then - echo "$output" - exit 1 - fi - - - name: Rust - find Cargo.toml - id: run_cargo - if: always() - run: | - # check if Cargo.toml exists - if [ -f "Cargo.toml" ]; then - echo "found_cargo=true" >> $GITHUB_OUTPUT - else - echo "found_cargo=false" >> $GITHUB_OUTPUT - fi - - - name: Rust - setup toolchain - if: always() && steps.run_cargo.outputs.found_cargo == 'true' - uses: dtolnay/rust-toolchain@stable - with: - components: rustfmt - - - name: Rust - cargo fmt - if: always() && steps.run_cargo.outputs.found_cargo == 'true' - run: | - cargo fmt -- --check - - - name: YAML - find files - id: yaml_files - if: always() - run: | - # space separated list of files - FILES=.clang-format - - # empty placeholder - found_files="" - - for FILE in ${FILES}; do - if [ -f "$FILE" ] - then - found_files="$found_files $FILE" - fi - done - - echo "found_files=${found_files}" >> $GITHUB_OUTPUT - - - name: YAML - yamllint - id: yamllint - if: always() - uses: ibiqlik/action-yamllint@v3 - with: - # https://yamllint.readthedocs.io/en/stable/configuration.html#default-configuration - config_data: | - extends: default - rules: - comments: - level: error - document-start: - level: error - line-length: - max: 120 - new-line-at-end-of-file: - level: error - new-lines: - type: unix - truthy: - # GitHub uses "on" for workflow event triggers - # .clang-format file has options of "Yes" "No" that will be caught by this, so changed to "warning" - allowed-values: ['true', 'false', 'on'] - check-keys: true - level: warning - file_or_dir: . ${{ steps.yaml_files.outputs.found_files }} - - - name: YAML - log - if: always() && steps.yamllint.outcome == 'failure' - run: cat "${{ steps.yamllint.outputs.logfile }}" >> $GITHUB_STEP_SUMMARY