Skip to content

BBS+: add some checks on disclosed indexes array #1281

BBS+: add some checks on disclosed indexes array

BBS+: add some checks on disclosed indexes array #1281

Workflow file for this run

name: zenroom
on:
push:
paths-ignore:
- 'docs/**'
- 'examples/**'
- '*.md'
branches:
- master
pull_request:
paths-ignore:
- 'docs/**'
- 'examples/**'
- '*.md'
branches:
- master
concurrency:
group: ${{ github.workflow }}-${{ github.ref_name }}
cancel-in-progress: true
jobs:
reuse:
name: 🚨 REUSE Compliance
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: fsfe/reuse-action@v3
c-lint:
name: 🚨 C lint
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- uses: reviewdog/action-cpplint@master
env:
REVIEWDOG_GITHUB_API_TOKEN: ${{ secrets.GITHUB_TOKEN }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
reporter: github-pr-check
targets: --recursive src
level: warning
flags: --linelength=120 # Optional
filter: "-readability/braces\
,-readability/casting\
,-whitespace/comma\
,-whitespace/braces\
,-whitespace/comments\
,-whitespace/indent\
,-whitespace/newline\
,-whitespace/operators\
,-whitespace/parens\
,-whitespace/tab\
" # Optional
# - name: Fail fast?!
# if: steps.linter.outputs.checks-failed > 0
# run: |
# echo "😤 Some files failed the C linting checks!"
lua-lint:
name: 🚨 Lua lint
runs-on: ubuntu-latest
steps:
# - uses: dorny/paths-filter@v2
# with:
# filters: |
# src:
# - 'src/lua'
# - if: steps.changes.outputs.src == 'true'
- uses: actions/checkout@v4
- name: Setup luacheck
run: |
if ! hash luacheck &>/dev/null; then
sudo apt-get install -yq luarocks 1>/dev/null || exit 1
sudo luarocks install luacheck 1>/dev/null || exit 1
sudo luarocks install lanes &>/dev/null || true
fi
luacheck --version
shell: bash
- name: 🚨 LUA lint
continue-on-error: true
working-directory: src/lua
run: |
luacheck --config .luacheckrc --std lua54 .
meson-test:
name: 🥷 meson/ninja test
needs: [reuse, c-lint, lua-lint]
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_MESON')"
strategy:
matrix:
command: [CCACHE=1, CLANG=1 CCACHE=1]
fail-fast: false
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: '3.10'
- uses: hendrikmuhs/[email protected]
- name: install dependencies
run: |
sudo apt-get update
sudo apt-get install -y vim luajit lua-cjson
pip3 install meson ninja
- name: Build with command ${{ matrix.command }}
run: |
make -f build/meson.mk ${{ matrix.command }}
- name: Run tests in meson
run: |
cp meson/zencode-exec test/
cp meson/zenroom test/
cp meson/zencc test/
ninja -C meson test
linux-build:
name: 🐧 Linux build tests (musl and linux)
needs: [reuse, c-lint, lua-lint]
if: "github.event_name == 'pull_request'"
runs-on: "ubuntu-latest"
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: hendrikmuhs/[email protected]
- name: install dependencies
run: |
sudo apt install -yq jq musl-tools musl-dev libreadline-dev
- name: Build x86_64 with musl-system
run: |
make -f build/musl-linux.mk CCACHE=1
make clean
- name: Build x86_64 shlib with gcc
run: |
make -f build/linux.mk CCACHE=1
- name: Build x86_64 shlib with clang
run: |
make -f build/linux.mk CCACHE=1 COMPILER=clang
windows-build:
name: 🪟 Windows build test
needs: [reuse, c-lint, lua-lint]
if: "github.event_name == 'pull_request'"
runs-on: "ubuntu-latest"
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: hendrikmuhs/[email protected]
- name: install dependencies
run : |
sudo apt install -y jq gcc-mingw-w64 g++-mingw-w64
- name: Build x86_64 windows .exe
run: |
make -f build/win-exe.mk CCACHE=1
make clean -C src
make -f build/win-dll.mk CCACHE=1
apple-ios-build:
name: 🍎 Apple iOS build test
needs: [reuse, c-lint, lua-lint]
if: "github.event_name == 'pull_request'"
runs-on: macos-latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: hendrikmuhs/[email protected]
- run: |
make -f build/apple-osx.mk CCACHE=1
make clean
make -f build/apple-ios.mk ios-arm64 CCACHE=1
make clean
make -f build/apple-ios.mk ios-sim CCACHE=1
go-build-check:
name: 🐹 go build & checks
needs: [reuse, c-lint, lua-lint]
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_GO')"
strategy:
matrix:
go: ['1.23.1', '1.22.7']
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: hendrikmuhs/[email protected]
- uses: actions/setup-go@v5
with:
go-version: ${{ matrix.go }}
cache: false
- uses: actions/setup-python@v5
with:
python-version: '3.10'
- run: |
pip3 install meson ninja
sudo apt-get install -qy libreadline-dev
- run: |
make -f build/linux.mk deps zencode-exec CCACHE=1
cp zencode-exec /usr/local/bin/
- name: 🧪 test bindings go-${{ matrix.go }}
working-directory: bindings/golang/zenroom
run: make test
# - name: 🔐 check crypto with go-${{ matrix.go }}
# run: make check-go
rust-build-check:
name: 🦀 rust build & checks
needs: [reuse, c-lint, lua-lint]
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_RUST')"
strategy:
matrix:
rust: ['stable', 'nightly']
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: hendrikmuhs/[email protected]
- uses: dtolnay/rust-toolchain@stable
with:
toolchain: ${{ matrix.rust }}
- run: |
pip3 install meson ninja
sudo apt-get install -qy libreadline-dev
- run: |
make -f build/linux.mk CCACHE=1
cp zencode-exec /usr/local/bin/
- name: 🧪 test bindings rust-${{ matrix.rust }}
working-directory: bindings/rust
run: cargo test
- name: 🔐 check crypto with rust-${{ matrix.rust }}
run: make check-rs
# cortex-m-build-check:
# name: 📟 cortex-m build & checks
# needs: [reuse, c-lint, lua-lint]
# runs-on: ubuntu-latest
# if: ${{ contains(github.event.pull_request.labels.*.name, 'run cortex') || contains(github.event.head_commit.message, 'run cortex') }}
# steps:
# - uses: actions/checkout@v4
# with:
# fetch-depth: 0
# - uses: numworks/setup-arm-toolchain@2021-10
# - run: sudo apt install qemu-system-arm
# - name: Download cmsis
# run: |
# curl -LO https://github.com/ARM-software/CMSIS_5/archive/refs/tags/5.7.0.tar.gz
# tar xvf 5.7.0.tar.gz -C lib
# mv lib/CMSIS_5-5.7.0 lib/cmsis
# - run: make cortex-arm
# - name: 🔐 check crypto with cortex-m
# run: make check-cortex-m
js-build-check:
name: 🐯 js build & checks
needs: [reuse, c-lint, lua-lint]
runs-on: ubuntu-latest
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_JS')"
strategy:
matrix:
node-version: [20.x]
env:
EM_VERSION: latest
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: ${{ matrix.node-version }}
- uses: mymindstorm/setup-emsdk@v14
with:
version: ${{ env.EM_VERSION }}
- name: Install dependencies
run: |
sudo apt-get -qy update
sudo apt-get install -qy meson ninja-build
- name: Install yarn dependencies
run: |
yarn --cwd bindings/javascript
- name: Build Zenroom Wasm
run: |
yarn --cwd bindings/javascript build
env:
EMSCRIPTEN: ${{ env.EMSDK }}/upstream/emscripten
- name: 🧪 test bindings node-${{ matrix.node-version }}
run: |
yarn --cwd bindings/javascript test
- name: 🔐 check crypto with node-${{ matrix.node-version }}
run: |
make check-js
python-check:
name: 🐍 Python checks
needs: [reuse, c-lint, lua-lint]
if: "!contains(github.event.pull_request.labels.*.name, 'SKIP_PY') && github.event_name == 'pull_request'"
runs-on: ${{ matrix.os }}
defaults:
run:
working-directory: bindings/python3
strategy:
fail-fast: false
matrix:
os: [ubuntu-latest, macos-latest]
python-version: ["3.12"]
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
- name: Install dependencies on Linux
run: |
sudo apt update
sudo apt install -yq cmake libreadline-dev
if: runner.os == 'Linux'
- name: Build zencode-exec on Linux
run: |
cd ../..
make -f build/linux.mk deps zencode-exec
cp zencode-exec /usr/local/bin/
if: runner.os == 'Linux'
- name: Build zencode-exec on Apple/OSX
run: |
cd ../..
make -f build/apple-osx.mk deps zencode-exec.command
cp zencode-exec.command /usr/local/bin/zencode-exec
if: runner.os == 'macOS'
- run: |
./prepare.sh
pipx install meson
pipx install ninja
pip3 install .[test]
- run: pytest -s tests
semantic-release:
name: 🤖 Semantic release
needs: [rust-build-check, go-build-check, meson-test, js-build-check]
runs-on: ubuntu-latest
if: ${{ github.ref_name == 'master' && github.event_name == 'push' }}
outputs:
release: ${{ steps.tag_release.outputs.release }}
version: ${{ steps.tag_release.outputs.version }}
steps:
- uses: actions/checkout@v4
- name: Setup Node.js
uses: actions/setup-node@v4
with:
node-version: 20.x
- run: yarn
- name: Tag release
id: tag_release
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
npx semantic-release | tee semantic-release.log
if [[ `git tag --points-at HEAD` == "" ]]; then
echo "release=False" >> $GITHUB_OUTPUT
else
echo "release=True" >> $GITHUB_OUTPUT
awk '/Published release/ { printf("version=v%s\n",$8) }' semantic-release.log >> $GITHUB_OUTPUT
fi
js-build-release:
name: 🐯 js build release
needs: [semantic-release]
if: ${{ needs.semantic-release.outputs.release == 'True' }}
runs-on: ubuntu-latest
env:
EM_VERSION: 3.1.59
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 20.x
- uses: mymindstorm/setup-emsdk@v14
with:
version: ${{ env.EM_VERSION }}
- name: Install dependencies
run: |
sudo apt-get -qy update
sudo apt-get install -qy meson ninja-build
- name: Install yarn dependencies
run: |
yarn --cwd bindings/javascript
- name: Build Zenroom Wasm
run: |
yarn --cwd bindings/javascript build
env:
EMSCRIPTEN: ${{ env.EMSDK }}/upstream/emscripten
- uses: actions/upload-artifact@v4
with:
name: javascript-artifact
path: |
./bindings/javascript/CHANGELOG.md
./bindings/javascript/LICENSE
./bindings/javascript/package.json
./bindings/javascript/README.md
./bindings/javascript/dist/
build-release-on-ubuntu:
name: 🐧 Binary builds on Ubuntu
runs-on: ubuntu-latest
needs: [semantic-release]
if: ${{ needs.semantic-release.outputs.release == 'True' }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Upload release docs artifacts
uses: actions/upload-artifact@v4
with:
name: documentation
path: |
build/release-intro.md
- name: Install build deps
run: |
sudo apt install -qy tree jq cmake make gcc g++ musl-tools musl-dev meson clang gcc-mingw-w64 g++-mingw-w64 libreadline-dev ccache
- name: Build x86_64 with musl-system
run: |
make -f build/musl-linux.mk CCACHE=1
- name: Upload artifact linux-amd64
uses: actions/upload-artifact@v4
with:
name: release-bin-linux-amd64
path: |
zenroom
zencode-exec
- name: Clean for next build
run: make clean
- name: Build x86_64 shlib
run: |
make -f build/meson.mk
- name: Upload artifact linux-lib-amd64
uses: actions/upload-artifact@v4
with:
name: release-lib-linux-amd64
path: |
meson/libzenroom.a
meson/libzenroom.so
- name: Clean for next build
run: make clean
- name: Build x86_64 windows .exe
run: |
make -f build/win-exe.mk CCACHE=1 RELEASE=1
make clean -C src
make -f build/win-dll.mk CCACHE=1 RELEASE=1
- name: Upload artifact win x86_64
uses: actions/upload-artifact@v4
with:
name: release-exe-win-w64
path: |
zenroom.exe
zencode-exec.exe
libzenroom_dll.lib
zenroom.dll
file-changes:
name: "🗃️ Check file changes"
runs-on: ubuntu-latest
needs: [semantic-release]
if: "needs.semantic-release.outputs.release == 'True'"
outputs:
python3: ${{ steps.filter.outputs.python3 }}
steps:
- uses: actions/checkout@v4
- uses: dorny/paths-filter@v3
id: filter
with:
filters: |
python3:
- 'bindings/python3/**'
python-sdist:
name: 🐍 Python create source distribution
runs-on: ubuntu-latest
needs: [semantic-release, file-changes]
if: "needs.semantic-release.outputs.release == 'True' && needs.file-changes.outputs.python3 == 'true'"
defaults:
run:
working-directory: bindings/python3
steps:
- uses: actions/checkout@v4
with:
ref: master
fetch-depth: 0
- run: |
pip install ninja twine
./prepare.sh
- run: pipx run build --sdist
- run: twine check dist/*.tar.gz
- uses: actions/upload-artifact@v4
with:
path: ./bindings/python3/dist/*.tar.gz
build-release-on-osx:
name: 🍎 mac osx release build
needs: [semantic-release]
runs-on: macos-latest
if: ${{ needs.semantic-release.outputs.release == 'True' }}
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
- uses: hendrikmuhs/[email protected]
- run: |
make -f build/apple-osx.mk CCACHE=1
make clean
make -f build/apple-ios.mk ios-arm64 CCACHE=1
make clean
make -f build/apple-ios.mk ios-sim CCACHE=1
- name: Upload artifacts for Apple OSX
uses: actions/upload-artifact@v4
with:
name: release-apple-osx
path: |
zenroom.command
zencode-exec.command
- name: Upload artifacts for Apple iOS
uses: actions/upload-artifact@v4
with:
name: release-apple-ios
path: |
zenroom-ios-arm64.a
zenroom-ios-x86_64.a
npm-release:
name: 📦 npm release
runs-on: ubuntu-latest
needs: [js-build-release, build-release-on-osx, build-release-on-ubuntu]
steps:
- uses: actions/checkout@v4
with:
ref: master
fetch-depth: 0
- uses: actions/setup-node@v4
with:
node-version: 20.x
registry-url: 'https://registry.npmjs.org'
- uses: actions/download-artifact@v4
with:
name: javascript-artifact
path: .
- run: |
version=$(git describe --tags --abbrev=0)
yarn version --new-version ${version:1} --no-git-tag-version
- run: npm publish . --tag latest
env:
NODE_AUTH_TOKEN: ${{ secrets.NPM_TOKEN }}
pypi-release:
name: 📦 PyPI release
needs: [js-build-release, python-sdist, build-release-on-osx, build-release-on-ubuntu]
runs-on: ubuntu-latest
steps:
- uses: actions/download-artifact@v4
with:
name: artifact
path: dist
- uses: pypa/gh-action-pypi-publish@release/v1
with:
user: __token__
password: ${{ secrets.PYPI_API_TOKEN }}
draft-binary-release:
name: 📦 Pack release
needs: [semantic-release, js-build-release, build-release-on-osx, build-release-on-ubuntu]
runs-on: ubuntu-latest
steps:
- name: download binary artifacts
uses: actions/download-artifact@v4
with:
path: |
zenroom-bin
- name: show directory structure
run: tree -dL 3
- name: relase all binary artifacts
uses: softprops/action-gh-release@v2
with:
files: |
zenroom-bin/release*/*
tag_name: ${{ needs.semantic-release.outputs.version }}
body_path: zenroom-bin/documentation/release-intro.md
append_body: true
draft: false
prerelease: false
fail_on_unmatched_files: true
generate_release_notes: true
publish_docker_image:
name: 🐳 Publish Docker image
needs: [semantic-release, js-build-release, build-release-on-osx, build-release-on-ubuntu]
uses: ForkbombEu/workflows/.github/workflows/publish-ghcr.yml@main
secrets: inherit
remove-tag-on-fail:
name: 🧻 Remove tag on fail
needs: [semantic-release, js-build-release, build-release-on-osx, build-release-on-ubuntu]
runs-on: ubuntu-latest
if: ${{ (failure() || cancelled()) && needs.semantic-release.outputs.release == 'True' }}
steps:
- name: Checkout repository
uses: actions/checkout@v4
with:
fetch-depth: 0
- name: Remove tag
uses: dev-drprasad/[email protected]
with:
tag_name: ${{ needs.semantic-release.outputs.version }}
github_token: ${{ secrets.GITHUB_TOKEN }}
delete_release: false
repo: dyne/zenroom