do not persist checkout credentials in GitHub workflows (#7044) #14314
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions | |
# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners | |
name: CI-unixish-docker | |
on: | |
push: | |
branches: | |
- 'main' | |
- 'releases/**' | |
- '2.*' | |
tags: | |
- '2.*' | |
pull_request: | |
permissions: | |
contents: read | |
jobs: | |
build_cmake: | |
strategy: | |
matrix: | |
image: ["ubuntu:24.04", "ubuntu:24.10"] | |
include: | |
- build_gui: false | |
- image: "ubuntu:24.04" | |
build_gui: true | |
- image: "ubuntu:24.10" | |
build_gui: true | |
fail-fast: false # Prefer quick result | |
runs-on: ubuntu-22.04 | |
# TODO: is this actually applied to the guest? | |
env: | |
# TODO: figure out why there are cache misses with PCH enabled | |
CCACHE_SLOPPINESS: pch_defines,time_macros | |
container: | |
image: ${{ matrix.image }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install missing software on ubuntu | |
if: contains(matrix.image, 'ubuntu') | |
run: | | |
apt-get update | |
apt-get install -y cmake g++ make libxml2-utils libpcre3-dev | |
- name: Install missing software (gui) on latest ubuntu | |
if: matrix.build_gui | |
run: | | |
apt-get install -y qt6-base-dev qt6-charts-dev qt6-tools-dev | |
# needs to be called after the package installation since | |
# - it doesn't call "apt-get update" | |
- name: ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: ${{ github.workflow }}-${{ matrix.image }} | |
- name: CMake build | |
if: ${{ !matrix.build_gui }} | |
run: | | |
mkdir cmake.output | |
cd cmake.output | |
cmake -G "Unix Makefiles" -DHAVE_RULES=On -DBUILD_TESTS=On -DCMAKE_DISABLE_PRECOMPILE_HEADERS=On -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache .. | |
cmake --build . -- -j$(nproc) | |
- name: CMake build (with GUI) | |
if: matrix.build_gui | |
run: | | |
cmake -S . -B cmake.output -G "Unix Makefiles" -DHAVE_RULES=On -DBUILD_TESTS=On -DBUILD_GUI=On -DUSE_QT6=On -DWITH_QCHART=On -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache | |
cmake --build cmake.output -- -j$(nproc) | |
- name: Run CMake test | |
run: | | |
cmake --build cmake.output --target check -- -j$(nproc) | |
build_make: | |
strategy: | |
matrix: | |
image: ["ubuntu:24.04", "ubuntu:24.10"] | |
fail-fast: false # Prefer quick result | |
runs-on: ubuntu-22.04 | |
container: | |
image: ${{ matrix.image }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
persist-credentials: false | |
- name: Install missing software on ubuntu | |
if: contains(matrix.image, 'ubuntu') | |
run: | | |
apt-get update | |
apt-get install -y g++ make python3 libxml2-utils libpcre3-dev | |
# needs to be called after the package installation since | |
# - it doesn't call "apt-get update" | |
- name: ccache | |
uses: hendrikmuhs/[email protected] | |
with: | |
key: ${{ github.workflow }}-${{ matrix.image }} | |
- name: Build cppcheck | |
run: | | |
export PATH="/usr/lib/ccache:/usr/local/opt/ccache/libexec:$PATH" | |
make -j$(nproc) HAVE_RULES=yes CXXFLAGS="-w" | |
- name: Build test | |
run: | | |
export PATH="/usr/lib/ccache:/usr/local/opt/ccache/libexec:$PATH" | |
make -j$(nproc) testrunner HAVE_RULES=yes CXXFLAGS="-w" | |
- name: Run test | |
run: | | |
make -j$(nproc) check HAVE_RULES=yes | |
# requires python3 | |
- name: Run extra tests | |
run: | | |
tools/generate_and_run_more_tests.sh | |
# requires which | |
- name: Validate | |
run: | | |
make -j$(nproc) checkCWEEntries validateXML | |
- name: Test addons | |
run: | | |
./cppcheck --addon=threadsafety addons/test/threadsafety | |
./cppcheck --addon=threadsafety --std=c++03 addons/test/threadsafety |