Merge branch 'main' into steffen/make_ext_func_fail_unsupported

Author: steffenlarsen

.github/workflows/cmake.yml

@@ -115,51 +115,50 @@ jobs:
       working-directory: ${{github.workspace}}/build
       run: ctest -C ${{matrix.build_type}} --output-on-failure -L "umf|loader|validation|tracing|unit|urtrace"
 
-  # Disable short fuzz tests until the ubuntu-22.04 runner is fixed
-  # fuzztest-build:
-  #   name: Build and run quick fuzztest scenarios
-  #   strategy:
-  #     matrix:
-  #       build_type: [Debug, Release]
-  #       compiler: [{c: clang, cxx: clang++}]
-
-  #   runs-on: 'ubuntu-22.04'
-
-  #   steps:
-  #   - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
-
-  #   - name: Install pip packages
-  #     run: pip install -r third_party/requirements.txt
-
-  #   - name: Download DPC++
-  #     run: |
-  #       sudo apt install libncurses5
-  #       wget -O ${{github.workspace}}/dpcpp_compiler.tar.gz https://github.com/intel/llvm/releases/download/sycl-nightly%2F20230626/dpcpp-compiler.tar.gz
-  #       tar -xvf ${{github.workspace}}/dpcpp_compiler.tar.gz
-
-  #   - name: Setup DPC++
-  #     run: |
-  #       source ${{github.workspace}}/dpcpp_compiler/startup.sh
-
-  #   - name: Configure CMake
-  #     run: >
-  #       cmake
-  #       -B${{github.workspace}}/build
-  #       -DCMAKE_C_COMPILER=${{matrix.compiler.c}}
-  #       -DCMAKE_CXX_COMPILER=${{matrix.compiler.cxx}}
-  #       -DUR_ENABLE_TRACING=ON
-  #       -DCMAKE_BUILD_TYPE=${{matrix.build_type}}
-  #       -DUR_BUILD_TESTS=ON
-  #       -DUR_USE_ASAN=ON
-  #       -DUR_USE_UBSAN=ON
-  #       -DUR_DPCXX=${{github.workspace}}/dpcpp_compiler/bin/clang++
-
-  #   - name: Build
-  #     run: cmake --build ${{github.workspace}}/build -j $(nproc)
-
-  #   - name: Fuzz test
-  #     working-directory: ${{github.workspace}}/build
-  #     run: ctest -C ${{matrix.build_type}} --output-on-failure -L "fuzz-short"
+  fuzztest-build:
+    name: Build and run quick fuzztest scenarios
+    strategy:
+      matrix:
+        build_type: [Debug, Release]
+        compiler: [{c: clang, cxx: clang++}]
+
+    runs-on: 'ubuntu-22.04'
+
+    steps:
+    - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+    - name: Install pip packages
+      run: pip install -r third_party/requirements.txt
+
+    - name: Download DPC++
+      run: |
+        sudo apt install libncurses5
+        wget -O ${{github.workspace}}/dpcpp_compiler.tar.gz https://github.com/intel/llvm/releases/download/sycl-nightly%2F20230626/dpcpp-compiler.tar.gz
+        tar -xvf ${{github.workspace}}/dpcpp_compiler.tar.gz
+
+    - name: Setup DPC++
+      run: |
+        source ${{github.workspace}}/dpcpp_compiler/startup.sh
+
+    - name: Configure CMake
+      run: >
+        cmake
+        -B${{github.workspace}}/build
+        -DCMAKE_C_COMPILER=${{matrix.compiler.c}}
+        -DCMAKE_CXX_COMPILER=${{matrix.compiler.cxx}}
+        -DUR_ENABLE_TRACING=ON
+        -DCMAKE_BUILD_TYPE=${{matrix.build_type}}
+        -DUR_BUILD_TESTS=ON
+        -DUR_USE_ASAN=ON
+        -DUR_USE_UBSAN=ON
+        -DUR_DPCXX=${{github.workspace}}/dpcpp_compiler/bin/clang++
+
+    - name: Build
+      run: cmake --build ${{github.workspace}}/build -j $(nproc)
+
+    - name: Fuzz test
+      working-directory: ${{github.workspace}}/build
+      run: ctest -C ${{matrix.build_type}} --output-on-failure -L "fuzz-short"
 
   adapter-build-hw:
     name: Build - Adapters on HW

.github/workflows/coverage.yml

@@ -48,7 +48,6 @@ jobs:
         LD_LIBRARY_PATH=${{github.workspace}}/dpcpp_compiler/lib
         cmake --build ${{github.workspace}}/build -j $(nproc)
 
-    # Disable long fuzz tests until the ubuntu-22.04 runner is fixed
-    # - name: Fuzz long test
-    #   working-directory: ${{github.workspace}}/build
-    #   run: ctest -C ${{matrix.build_type}} --output-on-failure -L "fuzz-long"
+    - name: Fuzz long test
+      working-directory: ${{github.workspace}}/build
+      run: ctest -C ${{matrix.build_type}} --output-on-failure -L "fuzz-long"

.github/workflows/nightly.yml

@@ -1,16 +1,12 @@
-# This workflow uses actions that are not certified by GitHub. They are provided
-# by a third-party and are governed by separate terms of service, privacy
-# policy, and support documentation.
-
+# Scorecard analysis, looking for vulnerabilities and bad practices in the repo.
 name: Scorecard supply-chain security
 on:
   # For Branch-Protection check. Only the default branch is supported. See
   # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
   branch_protection_rule:
-  # To guarantee Maintained check is occasionally updated. See
-  # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
   workflow_dispatch:
   schedule:
+    # Runs at 22:45 UTC on Thursday.
     - cron: '45 22 * * 4'
   push:
     branches: [ "main" ]
@@ -27,9 +23,6 @@ jobs:
       security-events: write
       # Needed to publish results and get a badge (see publish_results below).
       id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
 
     steps:
       - name: "Checkout code"
@@ -38,36 +31,30 @@ jobs:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
-          results_file: results.sarif
+          results_file: scorecard_results.sarif
           results_format: sarif
           # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
           # - you want to enable the Branch-Protection check on a *public* repository, or
           # - you are installing Scorecard on a *private* repository
           # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
           # repo_token: ${{ secrets.SCORECARD_TOKEN }}
 
-          # Public repositories:
-          #   - Publish results to OpenSSF REST API for easy access by consumers
-          #   - Allows the repository to include the Scorecard badge.
-          #   - See https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories:
-          #   - `publish_results` will always be set to `false`, regardless
-          #     of the value entered here.
+          # Publish results to OpenSSF REST API for easy access by consumers
+          # Allows the repository to include the Scorecard badge.
+          # See https://github.com/ossf/scorecard-action#publishing-results.
           publish_results: true
 
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@26f96dfa697d77e81fd5907df203aa23a56210a8 # v4.3.0
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # 4.3.1
         with:
-          name: SARIF file
-          path: results.sarif
+          name: Scorecard results
+          path: scorecard_results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@b7bf0a3ed3ecfa44160715d7c442788f65f0f923 # v3.23.2
+        uses: github/codeql-action/upload-sarif@05963f47d870e2cb19a537396c1f668a348c7d8f # v3.24.8
         with:
-          sarif_file: results.sarif
+          sarif_file: scorecard_results.sarif