chore(deps): pin dependencies #569
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: CI | |
| on: | |
| workflow_dispatch: | |
| push: | |
| branches: | |
| - master | |
| - beta | |
| - alpha | |
| - +([0-9])?(.{+([0-9]),x}).x | |
| pull_request: | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| pre-commit: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 | |
| with: | |
| python-version: 3.11 | |
| - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 | |
| with: | |
| extra_args: --hook-stage manual --all-files | |
| consistency: | |
| if: ${{ !cancelled() && ! failure() }} | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Set up Git | |
| run: | | |
| git config --global user.name "github-actions[bot]" | |
| git config --global user.email "41898282+github-actions[bot]@users.noreply.github.com" | |
| - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5 | |
| with: | |
| python-version: 3.11 | |
| - name: Install copier | |
| run: | | |
| pip install pyyaml-include==1.4.1 | |
| pip install copier==9.1.0 | |
| - name: Generate the project with the default value | |
| run: | | |
| find . -maxdepth 1 ! -name '.' \ | |
| ! -name 'template' \ | |
| ! -name 'includes' \ | |
| ! -name '.git' \ | |
| ! -name 'copier.yml' \ | |
| -exec rm -r {} + | |
| copier copy -r HEAD -f . . | |
| rm .copier-answers.yml | |
| - name: Test for consistency | |
| run: | | |
| echo "List inconsistent files:" | |
| git status --porcelain | |
| git diff --exit-code || ( \ | |
| echo "# :warning: Inconsistent files found" >> $GITHUB_STEP_SUMMARY && \ | |
| echo "The following files are inconsistent with the template:" >> $GITHUB_STEP_SUMMARY && \ | |
| git status --porcelain | while read file; do echo "- $file"; done >> $GITHUB_STEP_SUMMARY && \ | |
| echo "" >> $GITHUB_STEP_SUMMARY && \ | |
| echo "Please run 'copier copy -r HEAD -f . .' to fix them." >>$GITHUB_STEP_SUMMARY && \ | |
| exit 1 \ | |
| ) | |
| checks: | |
| runs-on: ${{ matrix.presets.os.name }} | |
| needs: [pre-commit, consistency] | |
| timeout-minutes: 15 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| presets: | |
| - {os: {name: ubuntu-22.04, type: linux}, compiler: {name: gcc-11, type: gcc}} | |
| - {os: {name: ubuntu-22.04, type: linux}, compiler: {name: llvm, type: llvm}} | |
| - {os: {name: ubuntu-22.04, type: mingw-dynamic-linux}, compiler: {name: mingw, type: mingw}} | |
| - {os: {name: macos-13, type: osx}, compiler: {name: applellvm, type: llvm}} | |
| - {os: {name: macos-13, type: osx}, compiler: {name: llvm, type: llvm}} | |
| # setup-cpp doesn't support mingw on macOS yet | |
| # - {os: {name: macos-13, type: mingw-dynamic-darwin}, compiler: {name: mingw, type: mingw}} | |
| - {os: {name: windows-2022, type: windows}, compiler: {name: msvc, type: msvc}} | |
| - {os: {name: windows-2022, type: windows}, compiler: {name: llvm, type: llvm}} | |
| - {os: {name: windows-2022, type: mingw-dynamic-windows}, compiler: {name: mingw, type: mingw}} | |
| arch: | |
| - {name: x64, type: x64} | |
| vcpkg: | |
| - true | |
| - false | |
| export_mode: | |
| - ON | |
| - OFF | |
| cppcheck: [true, false] | |
| include: | |
| - presets: {os: {name: windows-2022, type: windows}, compiler: {name: msvc, type: msvc}} | |
| arch: {name: x64, type: x64} | |
| vcpkg: true | |
| export_mode: ON | |
| cppcheck: false | |
| - presets: {os: {name: ubuntu-22.04, type: linux}, compiler: {name: gcc-11, type: gcc}} | |
| arch: {name: x64, type: x64} | |
| vcpkg: false | |
| export_mode: OFF | |
| cppcheck: false | |
| - presets: {os: {name: ubuntu-22.04, type: linux}, compiler: {name: gcc-11, type: gcc}} | |
| arch: {name: x64, type: x64} | |
| vcpkg: true | |
| export_mode: OFF | |
| cppcheck: true | |
| exclude: | |
| - export_mode: ON | |
| - vcpkg: false | |
| - cppcheck: true | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Cache | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
| with: | |
| path: | | |
| ~/vcpkg | |
| ~/.cache/pip | |
| ~/.cache/vcpkg | |
| ~/AppData/Local/vcpkg | |
| key: | | |
| ${{ matrix.arch.name }}-${{ matrix.presets.os.type }}-${{ matrix.presets.compiler.name }}-${{ hashFiles('vcpkg.json') }}-${{ matrix.vcpkg }} | |
| restore-keys: | | |
| ${{ matrix.arch.name }}-${{ matrix.presets.os.type }}-${{ matrix.presets.compiler.name }}-${{ hashFiles('vcpkg.json') }}- | |
| - uses: aminya/setup-cpp@v1 | |
| with: | |
| compiler: ${{ matrix.presets.compiler.name }} | |
| vcvarsall: ${{ contains(matrix.presets.os.type, 'windows' )}} | |
| cmake: true | |
| ninja: true | |
| vcpkg: ${{ matrix.vcpkg }} | |
| ccache: true | |
| cppcheck: ${{ matrix.cppcheck == true }} | |
| python: true | |
| opencppcoverage: ${{ contains(matrix.presets.os.type, 'windows' )}} | |
| - name: Disable pre-installedd vcpkg for testing automaical vcpkg installation | |
| if: ${{ matrix.vcpkg == false }} | |
| run: | | |
| echo "VCPKG_INSTALLATION_ROOT=" >> $GITHUB_ENV | |
| - name: Lcov for coverage | |
| if: contains(matrix.presets.compiler.type, 'gcc') && contains(matrix.presets.os.type, 'linux') | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install lcov | |
| - name: Gcovr for coverage | |
| if: contains(matrix.presets.compiler.type, 'mingw') && contains(matrix.presets.os.type, 'mingw') | |
| run: | | |
| pip install gcovr | |
| - name: Target Windows on Linux (Mingw-w64) | |
| if: contains(matrix.presets.compiler.type, 'mingw') && contains(matrix.presets.os.type, 'linux') | |
| run: | | |
| sudo apt-get update && sudo apt-get install mingw-w64 wine wine64 powershell | |
| sudo update-alternatives --set x86_64-w64-mingw32-g++ /usr/bin/x86_64-w64-mingw32-g++-posix | |
| sudo update-alternatives --set x86_64-w64-mingw32-gcc /usr/bin/x86_64-w64-mingw32-gcc-posix | |
| wine64 true || true | |
| echo "timeout 10s to execute a loop to check wine registry to be created" | |
| timeout 10s bash -c "while [ ! -f ~/.wine/system.reg ] ; do echo 'waiting for wine registry to be created' ; sleep 1 ; done" && echo "wine registry created" | |
| sed -i '/"PATH"/ s|"$|;Z:/usr/lib/gcc/x86_64-w64-mingw32/10-posix;Z:/usr/x86_64-w64-mingw32/lib"|g' ~/.wine/system.reg && echo "wine registry updated" | |
| # see https://github.com/actions/runner-images/issues/9524 | |
| - name: Fix kernel mmap rnd bits | |
| # Asan in llvm 14 provided in ubuntu 22.04 is incompatible with | |
| # high-entropy ASLR in much newer kernels that GitHub runners are | |
| # using leading to random crashes: https://reviews.llvm.org/D148280 | |
| if: contains(matrix.presets.compiler.type, 'gcc') && contains(matrix.presets.os.type, 'linux') | |
| run: sudo sysctl vm.mmap_rnd_bits=28 | |
| - name: Configure CMake | |
| run: | | |
| cmake -S . --preset=${{ matrix.arch.type }}-${{ matrix.presets.os.type }}-${{ matrix.presets.compiler.type }} -DCMAKE_BUILD_TYPE=Debug -DCODE_COVERAGE=ON -DBUILD_TESTING=ON ${{ matrix.export_mode == 'ON' && '-DVCPKG_EXPORT_MODE=ON' || '' }} | |
| - name: Build | |
| run: | | |
| cmake --build out/build/${{ matrix.arch.type }}-${{ matrix.presets.os.type }}-${{ matrix.presets.compiler.type }} --target all | |
| - name: Coverage | |
| run: | | |
| cmake --build out/build/${{ matrix.arch.type }}-${{ matrix.presets.os.type }}-${{ matrix.presets.compiler.type }} --target ccov-all | |
| - name: Upload coverage report | |
| uses: codecov/codecov-action@54bcd8715eee62d40e33596ef5e8f0f48dbbccab # v4.1.0 | |
| with: | |
| token: ${{ secrets.CODECOV_TOKEN }} | |
| directory: out/build/${{ matrix.arch.type }}-${{ matrix.presets.os.type }}-${{ matrix.presets.compiler.type }}/code_coverage | |
| files: ./coverage.xml, ./coverage.info, ./coverage.json | |
| flags: ${{ matrix.arch.type }}-${{ matrix.presets.os.type }}-${{ matrix.presets.compiler.name }}${{ matrix.vcpkg == true && '-vcpkg' || '' }}${{ matrix.export_mode == 'ON' && '-export' || '' }}${{ matrix.cppcheck == true && '-cppcheck' || '' }} | |
| name: ${{ matrix.arch.type }}-${{ matrix.presets.os.type }}-${{ matrix.presets.compiler.name }}${{ matrix.vcpkg == true && '-vcpkg' || '' }}${{ matrix.export_mode == 'ON' && '-export' || '' }}${{ matrix.cppcheck == true && '-cppcheck' || '' }}-coverage | |
| docs: | |
| name: Docs build and checks | |
| runs-on: ubuntu-22.04 | |
| needs: [pre-commit, consistency] | |
| timeout-minutes: 15 | |
| steps: | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| - name: Cache | |
| uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4 | |
| with: | |
| path: ~/.cache/vcpkg | |
| key: x64-linux-gcc-${{ hashFiles('vcpkg.json') }} | |
| restore-keys: x64-linux-gcc-${{ hashFiles('vcpkg.json') }} | |
| - uses: aminya/setup-cpp@v1 | |
| with: | |
| compiler: gcc | |
| cmake: true | |
| ninja: true | |
| ccache: true | |
| doxygen: true | |
| graphviz: true | |
| python: true | |
| - name: Install docs dependencies | |
| run: | | |
| pip install -r docs/requirements.txt | |
| - name: Configure | |
| run: cmake -S . --preset=x64-linux-gcc -DBUILD_TESTING=OFF -DCODE_COVERAGE=OFF | |
| - name: Checks the docs with warnings as errors | |
| run: cmake --build out/build/x64-linux-gcc --target ss-cpp-docs-check | |
| - name: Checks the docs for broken links | |
| run: cmake --build out/build/x64-linux-gcc --target ss-cpp-docs-linkcheck | |
| pass: | |
| if: always() | |
| needs: [checks, docs] | |
| runs-on: ubuntu-22.04 | |
| timeout-minutes: 2 | |
| steps: | |
| - name: Decide whether the needed jobs succeeded or failed | |
| uses: re-actors/alls-green@release/v1 | |
| with: | |
| jobs: ${{ toJSON(needs) }} | |
| release: | |
| name: release | |
| runs-on: ubuntu-22.04 | |
| if: github.event_name != 'pull_request' | |
| permissions: | |
| contents: write | |
| id-token: write | |
| issues: write | |
| pull-requests: write | |
| needs: [pass] | |
| steps: | |
| - name: Generate a bot token with BOT_APP_ID | |
| id: bot_token | |
| if: vars.BOT_APP_ID && env.BOT_PRIVATE_KEY != null | |
| uses: actions/create-github-app-token@78e5f2ddc08efcb88fbbee6cfa3fed770ba550c3 # v1 | |
| env: | |
| BOT_PRIVATE_KEY: ${{ secrets.BOT_PRIVATE_KEY }} | |
| with: | |
| app-id: ${{ vars.BOT_APP_ID }} | |
| private-key: ${{ secrets.BOT_PRIVATE_KEY }} | |
| - name: Warn if use GITHUB_TOKEN | |
| if: env._GITHUB_TOKEN == env._TO_BE_VERIFIED_TOKEN | |
| env: | |
| _GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| _TO_BE_VERIFIED_TOKEN: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }} | |
| run: | | |
| echo "# :warning: GITHUB_TOKEN is used" >> $GITHUB_STEP_SUMMARY | |
| echo "The GITHUB_TOKEN is used instead of a bot token or PAT that will not emit the released publish event for triggering a released workflow." >> $GITHUB_STEP_SUMMARY | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4 | |
| with: | |
| fetch-depth: 0 | |
| token: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }} | |
| - uses: actions/setup-node@60edb5dd545a775178f52524783378180af0d1f8 # v4 | |
| with: | |
| node-version: 20 | |
| - uses: cycjimmy/semantic-release-action@v4 | |
| id: semantic | |
| with: | |
| semantic_version: 22 | |
| extra_plugins: | | |
| @semantic-release/exec | |
| @semantic-release/github | |
| conventional-changelog-conventionalcommits | |
| env: | |
| GITHUB_TOKEN: ${{ steps.bot_token.outputs.token || secrets.PAT || secrets.GITHUB_TOKEN }} |