Skip to content
CI

Add GitHub Actions CI with clang-format, clang-tidy, multi-compiler builds, and CodeQL #35

Sign in to view logs

Add GitHub Actions CI with clang-format, clang-tidy, multi-compiler builds, and CodeQL

Add GitHub Actions CI with clang-format, clang-tidy, multi-compiler builds, and CodeQL #35

Workflow file for this run

.github/workflows/ci.yml at 64aae62
---
name: CI
on:
push:
branches: [main, master]
pull_request:
branches: [main, master]
workflow_dispatch:
permissions:
contents: read
jobs:
codeql:
name: CodeQL Security Analysis
runs-on: ubuntu-latest
permissions:
security-events: write
contents: read
actions: read
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
- name: Initialize CodeQL
uses: github/codeql-action/init@v3
with:
languages: cpp
queries: security-and-quality
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
cmake \
ninja-build \
libudev-dev \
libsystemd-dev \
pkg-config \
gcc-14 \
g++-14
- name: Build for CodeQL
run: |
mkdir -p build
cd build
cmake .. -GNinja \
-DCMAKE_BUILD_TYPE=Release
ninja
env:
CC: gcc-14
CXX: g++-14
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v3
with:
category: "/language:cpp"
clang-format:
name: Code Formatting Check
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
- name: Install clang-format
run: |
sudo apt-get update
sudo apt-get install -y clang-format
- name: Run clang-format check
run: |
# Find all C++ source files and check formatting
find src -type f \( -name "*.cpp" -o -name "*.cc" \
-o -name "*.h" -o -name "*.hpp" \) -print0 | \
xargs -0 clang-format --dry-run --Werror
shell: bash
clang-tidy:
name: Static Analysis (clang-tidy)
runs-on: ubuntu-latest
permissions:
contents: read
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
clang-tidy \
gcc-14 \
g++-14 \
cmake \
ninja-build \
libudev-dev \
libsystemd-dev \
pkg-config
- name: Cache clang-tidy results
uses: actions/cache@v4
with:
path: .clang-tidy-cache
key: >-
clang-tidy-${{ runner.os }}-${{
hashFiles('**/*.cpp', '**/*.cc', '**/*.h', '**/*.hpp',
'.clang-tidy') }}
restore-keys: |
clang-tidy-${{ runner.os }}-
- name: Configure CMake for clang-tidy
run: |
mkdir -p build
cd build
cmake .. -GNinja \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_EXPORT_COMPILE_COMMANDS=ON
env:
CC: gcc-14
CXX: g++-14
- name: Run clang-tidy
run: |
# Create cache directory if it doesn't exist
mkdir -p .clang-tidy-cache
# Find all C++ source files and run clang-tidy
# Exclude third_party directory from analysis
find src -type f \( -name "*.cpp" -o -name "*.cc" \) | \
while read file; do
echo "Analyzing $file..."
clang-tidy "$file" \
-p build \
--warnings-as-errors='*' \
--header-filter='^(?!.*third_party).*$' \
--system-headers=false || exit 1
done
shell: bash
build:
name: Build and Publish Artifacts
runs-on: ubuntu-latest
permissions:
contents: read
strategy:
matrix:
compiler:
- {cc: gcc-14, cxx: g++-14, name: gcc-14, stdlib: libstdc++}
- {cc: clang-19, cxx: clang++-19, name: llvm-19, stdlib: libc++}
steps:
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: recursive
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y \
cmake \
ninja-build \
libudev-dev \
libsystemd-dev \
pkg-config
- name: Install compiler toolchain
run: |
if [ "${{ matrix.compiler.name }}" = "gcc-14" ]; then
sudo apt-get install -y gcc-14 g++-14
elif [ "${{ matrix.compiler.name }}" = "llvm-19" ]; then
# Install LLVM 19 with libc++
wget -qO- https://apt.llvm.org/llvm-snapshot.gpg.key | \
sudo tee /etc/apt/trusted.gpg.d/llvm.asc
sudo add-apt-repository -y \
'deb http://apt.llvm.org/noble/ llvm-toolchain-noble-19 main'
sudo apt-get update
sudo apt-get install -y \
clang-19 \
llvm-19 \
llvm-19-dev \
lld-19 \
libc++-19-dev \
libc++abi-19-dev
fi
- name: Configure CMake
run: |
mkdir -p build
cd build
# Configure with C++23 support
if [ "${{ matrix.compiler.stdlib }}" = "libc++" ]; then
# For LLVM with libc++
cmake .. -GNinja \
-DCMAKE_BUILD_TYPE=Release \
-DENABLE_LTO=ON \
-DCMAKE_CXX_FLAGS="-stdlib=libc++" \
-DCMAKE_EXE_LINKER_FLAGS="-stdlib=libc++ -lc++abi" \
-DLLVM_CONFIG=/usr/bin/llvm-config-19
else
# For GCC with libstdc++
cmake .. -GNinja \
-DCMAKE_BUILD_TYPE=Release \
-DENABLE_LTO=ON
fi
env:
CC: ${{ matrix.compiler.cc }}
CXX: ${{ matrix.compiler.cxx }}
- name: Build
run: |
cd build
ninja -v
- name: Collect executables
run: |
mkdir -p artifacts
# Find all executables in src directories
# (exclude CMake test artifacts and temporary files)
find build/src -type f -executable \
-not -path "*/CMakeFiles/*" \
-not -name "*.so*" \
-not -name "*.a" \
-exec cp {} artifacts/ \;
# List what we collected
echo "Collected artifacts:"
ls -lh artifacts/
- name: Upload build artifacts
uses: actions/upload-artifact@v4
with:
name: binaries-${{ matrix.compiler.name }}
path: artifacts/*
if-no-files-found: error
retention-days: 30