From f45e764f86df2dea4368313cd6a11d00e174e20f Mon Sep 17 00:00:00 2001 From: dpasukhi Date: Sun, 25 Aug 2024 11:35:38 +0100 Subject: [PATCH] 0033805: Configuration - Implement GitHub Actions build scripts Build Scripts: - Linux GCC x64 dynamic - Linux Clang x64 dynamic - Windows MSVC x64 dynamic - macOS Clang x64 dynamic Security scanning: - CodeQL security scanning - MSVC code scanning --- .../build-linux-clang-x64-dynamic.yml | 40 +++++++++++ .../workflows/build-linux-gcc-x64-dynamic.yml | 40 +++++++++++ .../build-macos-clang-x64-dynamic.yml | 43 ++++++++++++ .../build-windows-msvc-x64-dynamic.yml | 44 ++++++++++++ .github/workflows/codemsvc.yml | 69 +++++++++++++++++++ .github/workflows/codeql.yml | 60 ++++++++++++++++ 6 files changed, 296 insertions(+) create mode 100644 .github/workflows/build-linux-clang-x64-dynamic.yml create mode 100644 .github/workflows/build-linux-gcc-x64-dynamic.yml create mode 100644 .github/workflows/build-macos-clang-x64-dynamic.yml create mode 100644 .github/workflows/build-windows-msvc-x64-dynamic.yml create mode 100644 .github/workflows/codemsvc.yml create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/build-linux-clang-x64-dynamic.yml b/.github/workflows/build-linux-clang-x64-dynamic.yml new file mode 100644 index 0000000000..29786f04ca --- /dev/null +++ b/.github/workflows/build-linux-clang-x64-dynamic.yml @@ -0,0 +1,40 @@ +# This workflow will build OCCT on Ubuntu with Clang compiler +# using the provided Docker image with Clang tools. +# +# Notes: +# freetype is disabled +# samples are not built + +name: Build OCCT on Linux with Clang x64 dynamic + +on: + pull_request: + branches: + - '**' + +jobs: + build-linux-clang: + name: Build on Ubuntu with Clang + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.7 + + - name: Install dependencies + run: sudo apt-get update && sudo apt-get install -y tcl-dev tk-dev cmake clang make libbtbb-dev libx11-dev libglu1-mesa-dev + + - name: Configure OCCT + run: | + mkdir -p build + cd build + cmake -G "Unix Makefiles" \ + -D CMAKE_C_COMPILER=clang \ + -D CMAKE_CXX_COMPILER=clang++ \ + -D USE_FREETYPE=OFF \ + -D CMAKE_BUILD_TYPE=Release .. + + - name: Build OCCT + run: | + cd build + make -j$(nproc) diff --git a/.github/workflows/build-linux-gcc-x64-dynamic.yml b/.github/workflows/build-linux-gcc-x64-dynamic.yml new file mode 100644 index 0000000000..53bd82f65c --- /dev/null +++ b/.github/workflows/build-linux-gcc-x64-dynamic.yml @@ -0,0 +1,40 @@ +# This workflow will build OCCT on Linux with GCC x64 dynamic +# using the provided Docker image with GCC tools. +# +# Notes: +# freetype is disabled +# samples are not built + +name: Build OCCT on Linux with GCC x64 dynamic + +on: + pull_request: + branches: + - '**' + +jobs: + build-linux-gcc: + name: Build on Ubuntu with GCC + runs-on: ubuntu-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.7 + + - name: Install dependencies + run: sudo apt-get update && sudo apt-get install -y tcl-dev tk-dev cmake gcc g++ make libbtbb-dev libx11-dev libglu1-mesa-dev + + - name: Configure OCCT + run: | + mkdir -p build + cd build + cmake -G "Unix Makefiles" \ + -D CMAKE_C_COMPILER=gcc \ + -D CMAKE_CXX_COMPILER=g++ \ + -D USE_FREETYPE=OFF \ + -D CMAKE_BUILD_TYPE=Release .. + + - name: Build OCCT + run: | + cd build + make -j$(nproc) diff --git a/.github/workflows/build-macos-clang-x64-dynamic.yml b/.github/workflows/build-macos-clang-x64-dynamic.yml new file mode 100644 index 0000000000..07339979e1 --- /dev/null +++ b/.github/workflows/build-macos-clang-x64-dynamic.yml @@ -0,0 +1,43 @@ +# This workflow builds OCCT on macOS with Clang x64 dynamic. +# +# Notes: +# freetype is disabled +# samples are not built + +name: Build OCCT on macOS with Clang x64 dynamic + +on: + pull_request: + branches: + - '**' + +jobs: + build-macos-clang: + name: Build on macOS with Clang + runs-on: macos-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.7 + + - name: Install dependencies + run: | + brew update + brew install tcl-tk tbb gl2ps xerces-c \ + libxmu libxi libxft libxpm \ + glew + + - name: Configure OCCT + run: | + mkdir -p build + cd build + cmake -G "Unix Makefiles" \ + -D CMAKE_C_COMPILER=clang \ + -D CMAKE_CXX_COMPILER=clang++ \ + -D USE_FREETYPE=OFF \ + -D CMAKE_BUILD_TYPE=Release .. + + - name: Build OCCT + run: | + cd build + make -j$(sysctl -n hw.logicalcpu) diff --git a/.github/workflows/build-windows-msvc-x64-dynamic.yml b/.github/workflows/build-windows-msvc-x64-dynamic.yml new file mode 100644 index 0000000000..4e4e8a9922 --- /dev/null +++ b/.github/workflows/build-windows-msvc-x64-dynamic.yml @@ -0,0 +1,44 @@ +# This workflow will build OCCT on Windows with MSVC x64 in dynamic mode +# using the provided Docker image with MSVC tools. +# +# Notes: +# freetype is disabled +# Draw module is disabled +# samples are not built + +name: Build OCCT on Windows with MSVC x64 dynamic + +on: + pull_request: + branches: + - '**' + +jobs: + build-windows-msvc: + name: Build on Windows with MSVC + runs-on: windows-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.7 + + - name: Set up MSVC + uses: ilammy/msvc-dev-cmd@v1.13.0 + with: + arch: x64 + + - name: Install dependencies + run: | + choco install cmake --installargs 'ADD_CMAKE_TO_PATH=System' -y + choco install magicsplat-tcl-tk -y + + - name: Configure OCCT + run: | + mkdir build + cd build + cmake -T host=x64 -D USE_FREETYPE=OFF -D BUILD_MODULE_Draw=OFF -D CMAKE_BUILD_TYPE=Release .. + + - name: Build OCCT + run: | + cd build + cmake --build . --config Release -- /m diff --git a/.github/workflows/codemsvc.yml b/.github/workflows/codemsvc.yml new file mode 100644 index 0000000000..1972c754f6 --- /dev/null +++ b/.github/workflows/codemsvc.yml @@ -0,0 +1,69 @@ +# Security scanning with Microsoft C++ Code Analysis. +# Checks any master integration and publish warnings into security GitHub tab. +# +# Find more information at: +# https://github.com/microsoft/msvc-code-analysis-action + +name: Microsoft C++ Code Analysis + +on: + push: + branches: + - 'master' + +env: + # Path to the CMake build directory. + build: '${{ github.workspace }}/build' + config: 'Debug' + +permissions: + contents: read + +jobs: + analyze: + permissions: + contents: read # for actions/checkout to fetch code + security-events: write # for github/codeql-action/upload-sarif to upload SARIF results + actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status + name: Analyze + runs-on: windows-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.7 + + - name: Install dependencies + run: | + choco install cmake --installargs 'ADD_CMAKE_TO_PATH=System' -y + choco install magicsplat-tcl-tk -y + + - name: Configure CMake + run: | + mkdir build + cd build + cmake -D USE_FREETYPE=OFF -DCMAKE_BUILD_TYPE=${{ env.config }} .. + + - name: Run MSVC Code Analysis + uses: microsoft/msvc-code-analysis-action@v0.1.1 + # Provide a unique ID to access the sarif output path + id: run-analysis + with: + cmakeBuildDirectory: ${{ env.build }} + buildConfiguration: ${{ env.config }} + # Ruleset file that will determine what checks will be run + ruleset: NativeRecommendedRules.ruleset + # Paths to ignore analysis of CMake targets and includes + # ignoredPaths: ${{ github.workspace }}/dependencies;${{ github.workspace }}/test + + # Upload SARIF file to GitHub Code Scanning Alerts + #- name: Upload SARIF to GitHub + # uses: github/codeql-action/upload-sarif@v3.26.5 + # with: + # sarif_file: ${{ steps.run-analysis.outputs.sarif }} + + # Upload SARIF file as an Artifact to download and view + - name: Upload SARIF as an Artifact + uses: actions/upload-artifact@v4.3.6 + with: + name: sarif-file + path: ${{ steps.run-analysis.outputs.sarif }} diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000000..e89acd5ce6 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,60 @@ +# Security scanning with CodeQL. +# Checks any master integration and publish warnings into security GitHub tab. +# +# Find more information at: +# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning + +name: CodeQL Code Analysis + +on: + push: + branches: + - 'master' + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + runs-on: ${{ 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + strategy: + fail-fast: false + matrix: + include: + - language: c-cpp + build-mode: manual + steps: + - name: Checkout repository + uses: actions/checkout@v4.1.7 + + - name: Install dependencies + run: sudo apt-get update && sudo apt-get install -y tcl-dev tk-dev cmake gcc g++ make libbtbb-dev libx11-dev libglu1-mesa-dev + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v3.26.5 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + + - if: matrix.build-mode == 'manual' + shell: bash + run: | + mkdir -p build + cd build + cmake -G "Unix Makefiles" \ + -D CMAKE_C_COMPILER=gcc \ + -D CMAKE_CXX_COMPILER=g++ \ + -D USE_FREETYPE=OFF \ + -D CMAKE_BUILD_TYPE=Release .. + make -j$(nproc) + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3.26.5 + with: + category: "/language:${{matrix.language}}"