Merge pull request #4 from sjinks/add-ci

ci: add workflows
sjinks · Jan 13, 2024 · 6806139 · 6806139
2 parents b223930 + 24c4fad
commit 6806139
Show file tree

Hide file tree

Showing 7 changed files with 297 additions and 0 deletions.
diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml
@@ -0,0 +1,47 @@
+name: Set up dependencies
+description: Set up dependencies for the project
+runs:
+  using: composite
+  steps:
+    - name: Install dependencies
+      shell: bash
+      run: |
+        sudo apt-get update
+        sudo apt-get install -y clang-tools ca-certificates python3-minimal python3-whichcraft nlohmann-json3-dev libsqlite3-dev libev-dev pkgconf
+
+    - name: Install newer Clang
+      shell: bash
+      run: |
+        wget https://apt.llvm.org/llvm.sh
+        chmod +x ./llvm.sh
+        sudo ./llvm.sh 17
+        sudo apt-get install -y clang-tools-17
+
+    - name: Install sarif-multitool
+      shell: bash
+      run: npm i -g @microsoft/sarif-multitool
+
+    - name: Install libada
+      shell: bash
+      run: |
+        git clone https://github.com/ada-url/ada.git --depth 1 -b v2.7.4
+        cd ada
+        cmake -B build -DCMAKE_BUILD_TYPE=MinSizeRel -DADA_TOOLS=off -DADA_TESTING=off
+        cmake --build build
+        sudo cmake --install build
+
+    - name: Install llhttp
+      shell: bash
+      run: |
+        wget -q -O - https://github.com/nodejs/llhttp/archive/refs/tags/release/v9.1.3.tar.gz | tar xzf -
+        cd llhttp-release-v*
+        cmake -B build -DCMAKE_BUILD_TYPE=MinSizeRel -DBUILD_SHARED_LIBS=OFF -DBUILD_STATIC_LIBS=ON
+        cmake --build build
+        sudo cmake --install build
+
+    - name: Install sqlite3pp
+      shell: bash
+      run: |
+        git clone https://github.com/iwongu/sqlite3pp.git --depth 1 -b v1.0.9 && \
+        cd sqlite3pp/headeronly_src && \
+        sudo cp ./* /usr/local/include
diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml
@@ -0,0 +1,50 @@
+name: CodeQL
+
+on:
+  push:
+    branches: 
+      - master
+  pull_request:
+    branches:
+      - master
+  schedule:
+    - cron: '26 7 * * 4'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    timeout-minutes: 360
+    permissions:
+      security-events: write
+      actions: read
+      contents: read
+    strategy:
+      fail-fast: false
+      matrix:
+        language:
+          - c-cpp
+    env:
+      CC: clang-17
+      CXX: clang++-17
+    steps:
+      - name: Check out code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Initialize CodeQL
+        uses: github/codeql-action/init@v3.23.0
+        with:
+          languages: ${{ matrix.language }}
+
+      - name: Install dependencies
+        uses: ./.github/actions/install-dependencies
+
+      - name: Build
+        run: |
+          cmake -B build -DCMAKE_BUILD_TYPE=MinSizeRel
+          cmake --build build
+
+      - name: Perform CodeQL Analysis
+        uses: github/codeql-action/analyze@v3.23.0
+        with:
+          category: "/language:${{ matrix.language }}"
diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml
@@ -0,0 +1,71 @@
+name: Build OCI Image
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+
+permissions:
+  contents: none
+
+jobs:
+  build:
+    name: Build ${{ matrix.variant.name }} image
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: write
+    strategy:
+      fail-fast: false
+      matrix:
+        variant:
+          - name: Alpine
+            tag: alpine
+            dockerfile: Dockerfile.alpine
+          - name: Ubuntu
+            tag: ubuntu
+            dockerfile: Dockerfile
+    steps:
+      - name: Check out code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Login to GHCR
+        uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d # v3.0.0
+        with:
+          registry: https://ghcr.io
+          username: ${{ github.actor }}
+          password: ${{ github.token }}
+        if: ${{ github.event_name != 'pull_request' }}
+
+      - name: Set up Docker Buildx
+        uses: docker/setup-buildx-action@f95db51fddba0c2d1ec667646a06c2ce06100226 # v3.0.0
+
+      - name: Set up Docker Metadata
+        id: meta
+        uses: docker/metadata-action@dbef88086f6cef02e264edb7dbf63250c17cef6c # v5.5.0
+        with:
+          images: ${{ github.repository }}
+          flavor: |
+            latest=auto
+            prefix=${{ matrix.variant.tag }}-,onlatest=true
+          tags: |
+            type=edge
+            type=ref,event=pr
+            type=semver,pattern={{version}}
+            type=semver,pattern={{major}}.{{minor}}
+            type=semver,pattern={{major}}
+
+      - name: Build and push
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56 # v5.1.0
+        with:
+          push: ${{ github.event_name != 'pull_request' }}
+          cache-from: type=gha,scope=${{ matrix.variant.tag }}
+          cache-to: type=gha,mode=max,scope=${{ matrix.variant.tag }}
+          context: .
+          file: ${{ matrix.variant.dockerfile }}
+          tags: ${{ steps.meta.outputs.tags }}
+          labels: ${{ steps.meta.outputs.labels }}
diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml
@@ -0,0 +1,29 @@
+name: Lint C++ code
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+
+permissions:
+  contents: none
+
+jobs:
+  lint:
+    name: clang-format
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+    steps:
+      - name: Check out code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: clang-format Check
+        uses: jidicula/clang-format-action@v4.11.0
+        with:
+          clang-format-version: 17
+          check-path: src
diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml
@@ -0,0 +1,41 @@
+name: SonarCloud
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+jobs:
+  build:
+    name: Build and analyze
+    runs-on: ubuntu-latest
+    env:
+      BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory
+      CC: clang-17
+      CXX: clang++-17
+    steps:
+      - name: Check out code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+        with:
+          fetch-depth: 0
+
+      - name: Install dependencies
+        uses: ./.github/actions/install-dependencies
+
+      - name: Install sonar-scanner and build-wrapper
+        uses: SonarSource/sonarcloud-github-c-cpp@v2.0.2
+
+      - name: Run build-wrapper
+        run: |
+          cmake -B build -DCMAKE_BUILD_TYPE=MinSizeRel
+          build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build build
+
+      - name: Run sonar-scanner
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+          SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
+        run: |
+          sonar-scanner --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}"
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -0,0 +1,55 @@
+name: Static Code Analysis
+
+on:
+  push:
+    branches:
+      - master
+  pull_request:
+    branches:
+      - master
+  workflow_dispatch:
+
+permissions:
+  contents: none
+
+jobs:
+  scan-build:
+    name: Run Clang Analyzer
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      security-events: write
+    env:
+      CC: clang-17
+      CXX: clang++-17
+      CCC_CC: clang-17
+      CCC_CXX: clang++-17
+      DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1
+      SCANBUILD_DIR: /tmp/scanbuild
+    steps:
+      - name: Check out code
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Install dependencies
+        uses: ./.github/actions/install-dependencies
+
+      - name: Run analysis
+        run: |
+          scan-build-17 cmake -B build
+          scan-build-17 --force-analyze-debug-code -sarif --status-bugs -no-failure-reports -o "${SCANBUILD_DIR}" --exclude build cmake --build build
+        continue-on-error: true
+        id: scanbuild
+
+      - name: Merge SARIF reports
+        run: sarif-multitool merge "${{ env.SCANBUILD_DIR }}/" --recurse --output-directory=/tmp --output-file=scan-build.sarif
+
+      - name: Upload scan results
+        uses: github/codeql-action/upload-sarif@v3.23.0
+        with:
+          sarif_file: /tmp/scan-build.sarif
+          category: scanbuild
+        continue-on-error: true
+
+      - name: Set exit code
+        run: exit 1
+        if: steps.scanbuild.outcome == 'failure'
diff --git a/sonar-project.properties b/sonar-project.properties
@@ -0,0 +1,4 @@
+sonar.projectKey=sjinks_tfhttp
+sonar.organization=wildwolf
+sonar.sources=src
+sonar.sourceEncoding=UTF-8