diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index f0ccb00..0000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,99 +0,0 @@ -name: Build - -on: - pull_request: - paths: - - '.github/workflows/build.yml' - - 'cmd/**' - - 'pkg/**' - - 'test/**' - - 'go.mod' - - 'go.sum' - - 'makefile' - - '!**/*.md' - push: - branches: [ main ] - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -# Declare default permissions as read only. -permissions: read-all - -jobs: - - build: - name: Build - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Check out repository code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Install Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 - with: - go-version-file: go.mod - check-latest: true - - - name: Build executables - run: | - GOOS=windows GOARCH=amd64 go build -o build/win-amd64/cbuild2cmake.exe ./cmd/cbuild2cmake - GOOS=windows GOARCH=arm64 go build -o build/win-arm64/cbuild2cmake.exe ./cmd/cbuild2cmake - GOOS=darwin GOARCH=amd64 go build -o build/mac-amd64/cbuild2cmake ./cmd/cbuild2cmake - GOOS=darwin GOARCH=arm64 go build -o build/mac-arm64/cbuild2cmake ./cmd/cbuild2cmake - GOOS=linux GOARCH=amd64 go build -o build/lin-amd64/cbuild2cmake ./cmd/cbuild2cmake - GOOS=linux GOARCH=arm64 go build -o build/lin-arm64/cbuild2cmake ./cmd/cbuild2cmake - - - name: Archive windows amd64 binaries - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cbuild2cmake-windows-amd64 - path: ./build/win-amd64/cbuild2cmake.exe - retention-days: 1 - if-no-files-found: error - - - name: Archive windows arm64 binaries - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cbuild2cmake-windows-arm64 - path: ./build/win-arm64/cbuild2cmake.exe - retention-days: 1 - if-no-files-found: error - - - name: Archive macos amd64 binaries - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cbuild2cmake-mac-amd64 - path: ./build/mac-amd64/cbuild2cmake - retention-days: 1 - if-no-files-found: error - - - name: Archive macos arm64 binaries - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cbuild2cmake-mac-arm64 - path: ./build/mac-arm64/cbuild2cmake - retention-days: 1 - if-no-files-found: error - - - name: Archive linux amd64 binaries - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cbuild2cmake-lin-amd64 - path: ./build/lin-amd64/cbuild2cmake - retention-days: 1 - if-no-files-found: error - - - name: Archive linux arm64 binaries - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cbuild2cmake-lin-arm64 - path: ./build/lin-arm64/cbuild2cmake - retention-days: 1 - if-no-files-found: error diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml new file mode 100644 index 0000000..a56bbf9 --- /dev/null +++ b/.github/workflows/ci.yml @@ -0,0 +1,56 @@ +name: ci + +on: + push: + branches: [ main ] + pull_request: + paths: + - '.github/workflows/ci.yml' + - '**/*.go' + - 'makefile' + - 'go.mod' + - 'go.sum' + - '!**/*.md' + +concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true + +permissions: + contents: read + +jobs: + build-and-verify: + uses: Open-CMSIS-Pack/workflows-and-actions-collection/.github/workflows/build-and-verify.yml@v1.0.0 + secrets: + QLTY_COVERAGE_TOKEN: ${{ secrets.QLTY_COVERAGE_TOKEN }} + with: + program: cbuild2cmake + go-version-file: ./go.mod + enable-code-climate: true + artifact-retention-days: 7 + + publish-test-results: + name: "Publish Tests Results" + needs: [ build-and-verify ] + runs-on: ubuntu-latest + permissions: + checks: write + pull-requests: write + if: ${{ github.event.pull_request.user.login != 'dependabot[bot]' && github.workflow != 'Release' }} + steps: + - name: Harden Runner + uses: step-security/harden-runner@ec9f2d5744a09debf3a187a3f4f675c53b671911 # v2.13.0 + with: + egress-policy: audit + + - name: Download Artifacts + uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 + with: + path: artifacts + + - name: publish test results + uses: EnricoMi/publish-unit-test-result-action/linux@3a74b2957438d0b6e2e61d67b05318aa25c9e6c6 # v2.20.0 + with: + files: artifacts/**/cbuild2cmake-testreport-*.xml + report_individual_runs: true diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 459e160..de9ae80 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -15,6 +15,7 @@ permissions: jobs: dependency-review: runs-on: ubuntu-latest + if: github.repository_owner == 'Open-CMSIS-Pack' permissions: pull-requests: write steps: @@ -25,6 +26,7 @@ jobs: - name: 'Checkout Repository' uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + - name: 'Dependency Review' uses: actions/dependency-review-action@595b5aeba73380359d98a5e087f648dbb0edce1b # v4.7.3 with: diff --git a/.github/workflows/markdown.yml b/.github/workflows/markdown.yml index da36908..af44d8a 100644 --- a/.github/workflows/markdown.yml +++ b/.github/workflows/markdown.yml @@ -11,48 +11,9 @@ on: permissions: read-all jobs: - lint: - name: Lint markdown files - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Checkout devtools - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Register markdownlint warning matcher - run: | - echo "::add-matcher::.github/markdownlint.json" - - - name: Lint markdown files - uses: avto-dev/markdown-lint@04d43ee9191307b50935a753da3b775ab695eceb # v1.5.0 - with: - args: '**/*.md' - config: '.github/markdownlint.jsonc' - ignore: 'third_party_licenses.md' - - - name: Remove markdownlint warning matcher - if: always() - run: | - echo "::remove-matcher owner=markdownlint::" - - check-links: - name: Check markdown links - runs-on: ubuntu-latest - steps: - - name: Checkout devtools - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Check links - uses: gaurav-nelson/github-action-markdown-link-check@3c3b66f1f7d0900e37b71eca45b63ea9eedfce31 # master - # Checks all Markdown files, including those in subfolders, - # as the PR may involve removing referenced Markdown files. - with: - use-quiet-mode: 'yes' - use-verbose-mode: 'yes' - base-branch: ${{ github.base_ref }} - config-file: '.github/markdown-link-check.jsonc' - + markdown-check: + uses: Open-CMSIS-Pack/workflows-and-actions-collection/.github/workflows/markdown-lint.yml@v1.0.0 + with: + lint-config: '.github/markdownlint.jsonc' + link-check-config: '.github/markdown-link-check.jsonc' + ignore-files: 'third_party_licenses.md' diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index 07d6a02..6814e30 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -11,11 +11,15 @@ on: - "v*" jobs: - test: - uses: Open-CMSIS-Pack/cbuild2cmake/.github/workflows/test.yml@main + build-and-verify: + uses: Open-CMSIS-Pack/workflows-and-actions-collection/.github/workflows/build-and-verify.yml@v1.0.0 + with: + program: cbuild2cmake + go-version-file: ./go.mod + enable-code-climate: false goreleaser: - needs: test + needs: [ build-and-verify ] permissions: contents: write # for goreleaser/goreleaser-action to create a GitHub release runs-on: ubuntu-latest diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml deleted file mode 100644 index 99e18b8..0000000 --- a/.github/workflows/test.yml +++ /dev/null @@ -1,216 +0,0 @@ -name: Test - -on: - pull_request: - paths: - - '.github/workflows/test.yml' - - 'cmd/**' - - 'pkg/**' - - 'test/**' - - 'go.mod' - - 'go.sum' - - 'makefile' - - '!**/*.md' - push: - branches: [ main ] - workflow_call: - -concurrency: - group: ${{ github.workflow }}-${{ github.ref }} - cancel-in-progress: true - -# Declare default permissions as read only. -permissions: read-all - -jobs: - lint: - name: Lint - timeout-minutes: 10 - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - uses: golangci/golangci-lint-action@4afd733a84b1f43292c63897423277bb7f4313a9 # v8.0.0 - with: - version: latest - - format: - name: Format - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Check out repository code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Install Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 - with: - go-version-file: go.mod - check-latest: true - - - name: Check formatting - run: | - make format-check - - gosec: - runs-on: ubuntu-latest - env: - GO111MODULE: on - - steps: - - name: Checkout Source - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Run Gosec Security Scanner - uses: securego/gosec@c9453023c4e81ebdb6dde29e22d9cd5e2285fb16 # v2.22.8 - with: - args: '-severity high -exclude-dir=test ./...' - - vulnerability-check: - name: "Vulnerability check" - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Scan for Vulnerabilities - uses: golang/govulncheck-action@b625fbe08f3bccbe446d94fbf87fcc875a4f50ee # v1.0.4 - with: - go-version-file: go.mod - check-latest: true - go-package: ./... - - test: - strategy: - matrix: - platform: [ubuntu-24.04, windows-2022, macos-14] - include: - - platform: ubuntu-24.04 - target: linux - - platform: windows-2022 - target: windows - - platform: macos-14 - target: darwin - name: 'Test (${{ matrix.target }})' - runs-on: ${{ matrix.platform }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Check out repository code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Install Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 - with: - go-version-file: go.mod - check-latest: true - - - name: Install go-junit-report - run: go install github.com/jstemmer/go-junit-report/v2@latest - - - name: Unit testing - run: | - mkdir -p build - go test -v ./... > build/cbuild2cmaketests-${{ matrix.target }}-amd64.txt - - - name: Generate JUnit test report - if: always() - run: | - go-junit-report -set-exit-code -in build/cbuild2cmaketests-${{ matrix.target }}-amd64.txt -iocopy -out build/cbuild2cmake-testreport-${{ matrix.target }}-amd64.xml - - - name: Install qemu (for Linux-Arm64) - if: ${{ startsWith(runner.os, 'Linux') }} - run: | - sudo apt update - sudo apt-get install -y \ - gcc-aarch64-linux-gnu \ - g++-aarch64-linux-gnu \ - qemu-user-binfmt - - - name: Unit testing (for Linux-Arm64) - if: ${{ startsWith(runner.os, 'Linux') && always() }} - run: | - GOOS=linux GOARCH=arm64 go test -v ./... > build/cbuild2cmaketests-${{ matrix.target }}-arm64.txt - - - name: Generate JUnit test report (for Linux-Arm64) - if: ${{ startsWith(runner.os, 'Linux') && always() }} - run: | - go-junit-report -set-exit-code -in build/cbuild2cmaketests-${{ matrix.target }}-arm64.txt -iocopy -out build/cbuild2cmake-testreport-${{ matrix.target }}-arm64.xml - - - name: Archive unit test results - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: test-results-${{ matrix.target }} - path: ./build/cbuild2cmake-testreport-*.xml - if-no-files-found: error - - publish-test-results: - if: ${{ github.workflow != 'Release' }} - name: "Publish Tests Results" - needs: [ test ] - runs-on: ubuntu-latest - permissions: - checks: write - pull-requests: write - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Download Artifacts - uses: actions/download-artifact@634f93cb2916e3fdff6788551b99b062d0335ce0 # v5.0.0 - with: - path: artifacts - - - name: publish test results - uses: EnricoMi/publish-unit-test-result-action@3a74b2957438d0b6e2e61d67b05318aa25c9e6c6 # v2.20.0 - with: - files: "artifacts/**/cbuild2cmake-testreport-*.xml" - report_individual_runs: true - - coverage: - if: ${{ github.workflow != 'Release' && github.repository == 'Open-CMSIS-Pack/cbuild2cmake' }} - needs: [ test ] - name: 'Coverage check' - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1 - with: - egress-policy: audit - - - name: Check out repository code - uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 - - - name: Install Go - uses: actions/setup-go@44694675825211faa026b3c33043df3e48a5fa00 # v6.0.0 - with: - go-version-file: go.mod - check-latest: true - - - name: Check coverage - run: | - make coverage-check - - - name: Publish coverage report to QLTY - if: ${{ github.event.pull_request.head.repo.fork == false }} - uses: qltysh/qlty-action/coverage@a19242102d17e497f437d7466aa01b528537e899 # v1 - with: - token: ${{ secrets.QLTY_COVERAGE_TOKEN }} - files: ./build/cover.out - strip-prefix: github.com/Open-CMSIS-Pack/cbuild2cmake diff --git a/.github/workflows/update-workflows.yml b/.github/workflows/update-workflows.yml new file mode 100644 index 0000000..7ebfb9a --- /dev/null +++ b/.github/workflows/update-workflows.yml @@ -0,0 +1,16 @@ +name: Update go-workflows + +on: + workflow_dispatch: + schedule: + - cron: "30 3 * * *" + +permissions: + contents: write + pull-requests: write + +jobs: + update-workflows: + uses: Open-CMSIS-Pack/workflows-and-actions-collection/.github/workflows/update-workflow.yml@v1.0.0 + secrets: + TOKEN_ACCESS: ${{ secrets.GITHUB_TOKEN }} diff --git a/makefile b/makefile index f04c7ad..0cb07ee 100644 --- a/makefile +++ b/makefile @@ -55,6 +55,8 @@ $(PROG): $(SOURCES) @echo Building project GOOS=$(OS) GOARCH=$(ARCH) go build -ldflags "-X main.version=`git describe 2>/dev/null || echo unknown`" -o $(PROG) ./cmd/cbuild2cmake +build: $(PROG) + run: $(PROG) @./$(PROG) $(ARGS) || true @@ -70,7 +72,7 @@ format-check: .PHONY: test release config test: $(SOURCES) - mkdir -p build && GOOS=$(OS) GOARCH=$(ARCH) go test $(ARGS) ./... -coverprofile build/cover.out + mkdir -p build && GOOS=$(OS) GOARCH=$(ARCH) go test $(ARGS) -v ./... -coverprofile build/cover.out test-all: format-check coverage-check lint