BBS+: add some checks on disclosed indexes array #1281
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: zenroom | |
on: | |
push: | |
paths-ignore: | |
- 'docs/**' | |
- 'examples/**' | |
- '*.md' | |
branches: | |
- master | |
pull_request: | |
paths-ignore: | |
- 'docs/**' | |
- 'examples/**' | |
- '*.md' | |
branches: | |
- master | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref_name }} | |
cancel-in-progress: true | |
jobs: | |
reuse: | |
name: 🚨 REUSE Compliance | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: fsfe/reuse-action@v3 | |
c-lint: | |
name: 🚨 C lint | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: reviewdog/action-cpplint@master | |
env: | |
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
with: | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
reporter: github-pr-check | |
targets: --recursive src | |
level: warning | |
flags: --linelength=120 # Optional | |
filter: "-readability/braces\ | |
,-readability/casting\ | |
,-whitespace/comma\ | |
,-whitespace/braces\ | |
,-whitespace/comments\ | |
,-whitespace/indent\ | |
,-whitespace/newline\ | |
,-whitespace/operators\ | |
,-whitespace/parens\ | |
,-whitespace/tab\ | |
" # Optional | |
# - name: Fail fast?! | |
# if: steps.linter.outputs.checks-failed > 0 | |
# run: | | |
# echo "😤 Some files failed the C linting checks!" | |
lua-lint: | |
name: 🚨 Lua lint | |
runs-on: ubuntu-latest | |
steps: | |
# - uses: dorny/paths-filter@v2 | |
# with: | |
# filters: | | |
# src: | |
# - 'src/lua' | |
# - if: steps.changes.outputs.src == 'true' | |
- uses: actions/checkout@v4 | |
- name: Setup luacheck | |
run: | | |
if ! hash luacheck &>/dev/null; then | |
sudo apt-get install -yq luarocks 1>/dev/null || exit 1 | |
sudo luarocks install luacheck 1>/dev/null || exit 1 | |
sudo luarocks install lanes &>/dev/null || true | |
fi | |
luacheck --version | |
shell: bash | |
- name: 🚨 LUA lint | |
continue-on-error: true | |
working-directory: src/lua | |
run: | | |
luacheck --config .luacheckrc --std lua54 . | |
meson-test: | |
name: 🥷 meson/ninja test | |
needs: [reuse, c-lint, lua-lint] | |
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_MESON')" | |
strategy: | |
matrix: | |
command: [CCACHE=1, CLANG=1 CCACHE=1] | |
fail-fast: false | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- uses: hendrikmuhs/[email protected] | |
- name: install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install -y vim luajit lua-cjson | |
pip3 install meson ninja | |
- name: Build with command ${{ matrix.command }} | |
run: | | |
make -f build/meson.mk ${{ matrix.command }} | |
- name: Run tests in meson | |
run: | | |
cp meson/zencode-exec test/ | |
cp meson/zenroom test/ | |
cp meson/zencc test/ | |
ninja -C meson test | |
linux-build: | |
name: 🐧 Linux build tests (musl and linux) | |
needs: [reuse, c-lint, lua-lint] | |
if: "github.event_name == 'pull_request'" | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: hendrikmuhs/[email protected] | |
- name: install dependencies | |
run: | | |
sudo apt install -yq jq musl-tools musl-dev libreadline-dev | |
- name: Build x86_64 with musl-system | |
run: | | |
make -f build/musl-linux.mk CCACHE=1 | |
make clean | |
- name: Build x86_64 shlib with gcc | |
run: | | |
make -f build/linux.mk CCACHE=1 | |
- name: Build x86_64 shlib with clang | |
run: | | |
make -f build/linux.mk CCACHE=1 COMPILER=clang | |
windows-build: | |
name: 🪟 Windows build test | |
needs: [reuse, c-lint, lua-lint] | |
if: "github.event_name == 'pull_request'" | |
runs-on: "ubuntu-latest" | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: hendrikmuhs/[email protected] | |
- name: install dependencies | |
run : | | |
sudo apt install -y jq gcc-mingw-w64 g++-mingw-w64 | |
- name: Build x86_64 windows .exe | |
run: | | |
make -f build/win-exe.mk CCACHE=1 | |
make clean -C src | |
make -f build/win-dll.mk CCACHE=1 | |
apple-ios-build: | |
name: 🍎 Apple iOS build test | |
needs: [reuse, c-lint, lua-lint] | |
if: "github.event_name == 'pull_request'" | |
runs-on: macos-latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: hendrikmuhs/[email protected] | |
- run: | | |
make -f build/apple-osx.mk CCACHE=1 | |
make clean | |
make -f build/apple-ios.mk ios-arm64 CCACHE=1 | |
make clean | |
make -f build/apple-ios.mk ios-sim CCACHE=1 | |
go-build-check: | |
name: 🐹 go build & checks | |
needs: [reuse, c-lint, lua-lint] | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_GO')" | |
strategy: | |
matrix: | |
go: ['1.23.1', '1.22.7'] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: hendrikmuhs/[email protected] | |
- uses: actions/setup-go@v5 | |
with: | |
go-version: ${{ matrix.go }} | |
cache: false | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: '3.10' | |
- run: | | |
pip3 install meson ninja | |
sudo apt-get install -qy libreadline-dev | |
- run: | | |
make -f build/linux.mk deps zencode-exec CCACHE=1 | |
cp zencode-exec /usr/local/bin/ | |
- name: 🧪 test bindings go-${{ matrix.go }} | |
working-directory: bindings/golang/zenroom | |
run: make test | |
# - name: 🔐 check crypto with go-${{ matrix.go }} | |
# run: make check-go | |
rust-build-check: | |
name: 🦀 rust build & checks | |
needs: [reuse, c-lint, lua-lint] | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_RUST')" | |
strategy: | |
matrix: | |
rust: ['stable', 'nightly'] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: hendrikmuhs/[email protected] | |
- uses: dtolnay/rust-toolchain@stable | |
with: | |
toolchain: ${{ matrix.rust }} | |
- run: | | |
pip3 install meson ninja | |
sudo apt-get install -qy libreadline-dev | |
- run: | | |
make -f build/linux.mk CCACHE=1 | |
cp zencode-exec /usr/local/bin/ | |
- name: 🧪 test bindings rust-${{ matrix.rust }} | |
working-directory: bindings/rust | |
run: cargo test | |
- name: 🔐 check crypto with rust-${{ matrix.rust }} | |
run: make check-rs | |
# cortex-m-build-check: | |
# name: 📟 cortex-m build & checks | |
# needs: [reuse, c-lint, lua-lint] | |
# runs-on: ubuntu-latest | |
# if: ${{ contains(github.event.pull_request.labels.*.name, 'run cortex') || contains(github.event.head_commit.message, 'run cortex') }} | |
# steps: | |
# - uses: actions/checkout@v4 | |
# with: | |
# fetch-depth: 0 | |
# - uses: numworks/setup-arm-toolchain@2021-10 | |
# - run: sudo apt install qemu-system-arm | |
# - name: Download cmsis | |
# run: | | |
# curl -LO https://github.com/ARM-software/CMSIS_5/archive/refs/tags/5.7.0.tar.gz | |
# tar xvf 5.7.0.tar.gz -C lib | |
# mv lib/CMSIS_5-5.7.0 lib/cmsis | |
# - run: make cortex-arm | |
# - name: 🔐 check crypto with cortex-m | |
# run: make check-cortex-m | |
js-build-check: | |
name: 🐯 js build & checks | |
needs: [reuse, c-lint, lua-lint] | |
runs-on: ubuntu-latest | |
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_JS')" | |
strategy: | |
matrix: | |
node-version: [20.x] | |
env: | |
EM_VERSION: latest | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: ${{ matrix.node-version }} | |
- uses: mymindstorm/setup-emsdk@v14 | |
with: | |
version: ${{ env.EM_VERSION }} | |
- name: Install dependencies | |
run: | | |
sudo apt-get -qy update | |
sudo apt-get install -qy meson ninja-build | |
- name: Install yarn dependencies | |
run: | | |
yarn --cwd bindings/javascript | |
- name: Build Zenroom Wasm | |
run: | | |
yarn --cwd bindings/javascript build | |
env: | |
EMSCRIPTEN: ${{ env.EMSDK }}/upstream/emscripten | |
- name: 🧪 test bindings node-${{ matrix.node-version }} | |
run: | | |
yarn --cwd bindings/javascript test | |
- name: 🔐 check crypto with node-${{ matrix.node-version }} | |
run: | | |
make check-js | |
python-check: | |
name: 🐍 Python checks | |
needs: [reuse, c-lint, lua-lint] | |
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_PY') && github.event_name == 'pull_request'" | |
runs-on: ${{ matrix.os }} | |
defaults: | |
run: | |
working-directory: bindings/python3 | |
strategy: | |
fail-fast: false | |
matrix: | |
os: [ubuntu-latest, macos-latest] | |
python-version: ["3.12"] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: ${{ matrix.python-version }} | |
- name: Install dependencies on Linux | |
run: | | |
sudo apt update | |
sudo apt install -yq cmake libreadline-dev | |
if: runner.os == 'Linux' | |
- name: Build zencode-exec on Linux | |
run: | | |
cd ../.. | |
make -f build/linux.mk deps zencode-exec | |
cp zencode-exec /usr/local/bin/ | |
if: runner.os == 'Linux' | |
- name: Build zencode-exec on Apple/OSX | |
run: | | |
cd ../.. | |
make -f build/apple-osx.mk deps zencode-exec.command | |
cp zencode-exec.command /usr/local/bin/zencode-exec | |
if: runner.os == 'macOS' | |
- run: | | |
./prepare.sh | |
pipx install meson | |
pipx install ninja | |
pip3 install .[test] | |
- run: pytest -s tests | |
semantic-release: | |
name: 🤖 Semantic release | |
needs: [rust-build-check, go-build-check, meson-test, js-build-check] | |
runs-on: ubuntu-latest | |
if: ${{ github.ref_name == 'master' && github.event_name == 'push' }} | |
outputs: | |
release: ${{ steps.tag_release.outputs.release }} | |
version: ${{ steps.tag_release.outputs.version }} | |
steps: | |
- uses: actions/checkout@v4 | |
- name: Setup Node.js | |
uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
- run: yarn | |
- name: Tag release | |
id: tag_release | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
npx semantic-release | tee semantic-release.log | |
if [[ `git tag --points-at HEAD` == "" ]]; then | |
echo "release=False" >> $GITHUB_OUTPUT | |
else | |
echo "release=True" >> $GITHUB_OUTPUT | |
awk '/Published release/ { printf("version=v%s\n",$8) }' semantic-release.log >> $GITHUB_OUTPUT | |
fi | |
js-build-release: | |
name: 🐯 js build release | |
needs: [semantic-release] | |
if: ${{ needs.semantic-release.outputs.release == 'True' }} | |
runs-on: ubuntu-latest | |
env: | |
EM_VERSION: 3.1.59 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
- uses: mymindstorm/setup-emsdk@v14 | |
with: | |
version: ${{ env.EM_VERSION }} | |
- name: Install dependencies | |
run: | | |
sudo apt-get -qy update | |
sudo apt-get install -qy meson ninja-build | |
- name: Install yarn dependencies | |
run: | | |
yarn --cwd bindings/javascript | |
- name: Build Zenroom Wasm | |
run: | | |
yarn --cwd bindings/javascript build | |
env: | |
EMSCRIPTEN: ${{ env.EMSDK }}/upstream/emscripten | |
- uses: actions/upload-artifact@v4 | |
with: | |
name: javascript-artifact | |
path: | | |
./bindings/javascript/CHANGELOG.md | |
./bindings/javascript/LICENSE | |
./bindings/javascript/package.json | |
./bindings/javascript/README.md | |
./bindings/javascript/dist/ | |
build-release-on-ubuntu: | |
name: 🐧 Binary builds on Ubuntu | |
runs-on: ubuntu-latest | |
needs: [semantic-release] | |
if: ${{ needs.semantic-release.outputs.release == 'True' }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Upload release docs artifacts | |
uses: actions/upload-artifact@v4 | |
with: | |
name: documentation | |
path: | | |
build/release-intro.md | |
- name: Install build deps | |
run: | | |
sudo apt install -qy tree jq cmake make gcc g++ musl-tools musl-dev meson clang gcc-mingw-w64 g++-mingw-w64 libreadline-dev ccache | |
- name: Build x86_64 with musl-system | |
run: | | |
make -f build/musl-linux.mk CCACHE=1 | |
- name: Upload artifact linux-amd64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-bin-linux-amd64 | |
path: | | |
zenroom | |
zencode-exec | |
- name: Clean for next build | |
run: make clean | |
- name: Build x86_64 shlib | |
run: | | |
make -f build/meson.mk | |
- name: Upload artifact linux-lib-amd64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-lib-linux-amd64 | |
path: | | |
meson/libzenroom.a | |
meson/libzenroom.so | |
- name: Clean for next build | |
run: make clean | |
- name: Build x86_64 windows .exe | |
run: | | |
make -f build/win-exe.mk CCACHE=1 RELEASE=1 | |
make clean -C src | |
make -f build/win-dll.mk CCACHE=1 RELEASE=1 | |
- name: Upload artifact win x86_64 | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-exe-win-w64 | |
path: | | |
zenroom.exe | |
zencode-exec.exe | |
libzenroom_dll.lib | |
zenroom.dll | |
file-changes: | |
name: "🗃️ Check file changes" | |
runs-on: ubuntu-latest | |
needs: [semantic-release] | |
if: "needs.semantic-release.outputs.release == 'True'" | |
outputs: | |
python3: ${{ steps.filter.outputs.python3 }} | |
steps: | |
- uses: actions/checkout@v4 | |
- uses: dorny/paths-filter@v3 | |
id: filter | |
with: | |
filters: | | |
python3: | |
- 'bindings/python3/**' | |
python-sdist: | |
name: 🐍 Python create source distribution | |
runs-on: ubuntu-latest | |
needs: [semantic-release, file-changes] | |
if: "needs.semantic-release.outputs.release == 'True' && needs.file-changes.outputs.python3 == 'true'" | |
defaults: | |
run: | |
working-directory: bindings/python3 | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: master | |
fetch-depth: 0 | |
- run: | | |
pip install ninja twine | |
./prepare.sh | |
- run: pipx run build --sdist | |
- run: twine check dist/*.tar.gz | |
- uses: actions/upload-artifact@v4 | |
with: | |
path: ./bindings/python3/dist/*.tar.gz | |
build-release-on-osx: | |
name: 🍎 mac osx release build | |
needs: [semantic-release] | |
runs-on: macos-latest | |
if: ${{ needs.semantic-release.outputs.release == 'True' }} | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- uses: hendrikmuhs/[email protected] | |
- run: | | |
make -f build/apple-osx.mk CCACHE=1 | |
make clean | |
make -f build/apple-ios.mk ios-arm64 CCACHE=1 | |
make clean | |
make -f build/apple-ios.mk ios-sim CCACHE=1 | |
- name: Upload artifacts for Apple OSX | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-apple-osx | |
path: | | |
zenroom.command | |
zencode-exec.command | |
- name: Upload artifacts for Apple iOS | |
uses: actions/upload-artifact@v4 | |
with: | |
name: release-apple-ios | |
path: | | |
zenroom-ios-arm64.a | |
zenroom-ios-x86_64.a | |
npm-release: | |
name: 📦 npm release | |
runs-on: ubuntu-latest | |
needs: [js-build-release, build-release-on-osx, build-release-on-ubuntu] | |
steps: | |
- uses: actions/checkout@v4 | |
with: | |
ref: master | |
fetch-depth: 0 | |
- uses: actions/setup-node@v4 | |
with: | |
node-version: 20.x | |
registry-url: 'https://registry.npmjs.org' | |
- uses: actions/download-artifact@v4 | |
with: | |
name: javascript-artifact | |
path: . | |
- run: | | |
version=$(git describe --tags --abbrev=0) | |
yarn version --new-version ${version:1} --no-git-tag-version | |
- run: npm publish . --tag latest | |
env: | |
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }} | |
pypi-release: | |
name: 📦 PyPI release | |
needs: [js-build-release, python-sdist, build-release-on-osx, build-release-on-ubuntu] | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/download-artifact@v4 | |
with: | |
name: artifact | |
path: dist | |
- uses: pypa/gh-action-pypi-publish@release/v1 | |
with: | |
user: __token__ | |
password: ${{ secrets.PYPI_API_TOKEN }} | |
draft-binary-release: | |
name: 📦 Pack release | |
needs: [semantic-release, js-build-release, build-release-on-osx, build-release-on-ubuntu] | |
runs-on: ubuntu-latest | |
steps: | |
- name: download binary artifacts | |
uses: actions/download-artifact@v4 | |
with: | |
path: | | |
zenroom-bin | |
- name: show directory structure | |
run: tree -dL 3 | |
- name: relase all binary artifacts | |
uses: softprops/action-gh-release@v2 | |
with: | |
files: | | |
zenroom-bin/release*/* | |
tag_name: ${{ needs.semantic-release.outputs.version }} | |
body_path: zenroom-bin/documentation/release-intro.md | |
append_body: true | |
draft: false | |
prerelease: false | |
fail_on_unmatched_files: true | |
generate_release_notes: true | |
publish_docker_image: | |
name: 🐳 Publish Docker image | |
needs: [semantic-release, js-build-release, build-release-on-osx, build-release-on-ubuntu] | |
uses: ForkbombEu/workflows/.github/workflows/publish-ghcr.yml@main | |
secrets: inherit | |
remove-tag-on-fail: | |
name: 🧻 Remove tag on fail | |
needs: [semantic-release, js-build-release, build-release-on-osx, build-release-on-ubuntu] | |
runs-on: ubuntu-latest | |
if: ${{ (failure() || cancelled()) && needs.semantic-release.outputs.release == 'True' }} | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 0 | |
- name: Remove tag | |
uses: dev-drprasad/[email protected] | |
with: | |
tag_name: ${{ needs.semantic-release.outputs.version }} | |
github_token: ${{ secrets.GITHUB_TOKEN }} | |
delete_release: false | |
repo: dyne/zenroom |