diff --git a/.github/workflows/check_amalgamation.yml b/.github/workflows/check_amalgamation.yml index 906a5c5b72..9cd5bb1c51 100644 --- a/.github/workflows/check_amalgamation.yml +++ b/.github/workflows/check_amalgamation.yml @@ -1,7 +1,12 @@ name: "Check amalgamation" on: - pull_request: + workflow_call: + inputs: + artifact_id: + description: 'Unique identifier for artifacts' + required: true + type: string permissions: contents: read @@ -74,3 +79,15 @@ jobs: ${{ github.workspace }}/venv/bin/astyle --project=tools/astyle/.astylerc --suffix=orig $(find docs/examples include tests -type f \( -name '*.hpp' -o -name '*.cpp' -o -name '*.cu' \) -not -path 'tests/thirdparty/*' -not -path 'tests/abi/include/nlohmann/*' | sort) echo Check find $MAIN_DIR -name '*.orig' -exec false {} \+ + + - name: Generate amalgamation artifact + run: | + echo "Generating amalgamation artifact..." + mkdir -p check_amalgamation + echo "Amalgamation processed for ${{ inputs.artifact_id }}" > check_amalgamation/check_amalgamation.txt + + - name: Upload amalgamation artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact_id }} + path: check_amalgamation/ \ No newline at end of file diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml index d7dcda74b2..2982923fe6 100644 --- a/.github/workflows/cifuzz.yml +++ b/.github/workflows/cifuzz.yml @@ -1,5 +1,12 @@ name: CIFuzz -on: [pull_request] + +on: + workflow_call: + inputs: + artifact_id: + description: 'Unique identifier for artifacts' + required: true + type: string permissions: contents: read @@ -8,28 +15,46 @@ jobs: Fuzzing: runs-on: ubuntu-latest steps: - - name: Harden Runner - uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 - with: - egress-policy: audit - - - name: Build Fuzzers - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@57fe4475324c5506adbfecdcdd2917f65c86ee9e # master - with: - oss-fuzz-project-name: 'json' - dry-run: false - language: c++ - - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@57fe4475324c5506adbfecdcdd2917f65c86ee9e # master - with: - oss-fuzz-project-name: 'json' - fuzz-seconds: 300 - dry-run: false - language: c++ - - name: Upload Crash - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: failure() && steps.build.outcome == 'success' - with: - name: artifacts - path: ./out/artifacts \ No newline at end of file + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 1 + - name: Harden Runner + uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2 + with: + egress-policy: audit + + - name: Build Fuzzers + id: build + uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@57fe4475324c5506adbfecdcdd2917f65c86ee9e + with: + oss-fuzz-project-name: 'json' + dry-run: false + language: c++ + + - name: Run Fuzzers + uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@57fe4475324c5506adbfecdcdd2917f65c86ee9e # master + with: + oss-fuzz-project-name: 'json' + fuzz-seconds: 300 + dry-run: false + language: c++ + + - name: Upload Crash + uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 + if: failure() && steps.build.outcome == 'success' + with: + name: artifacts + path: ./out/artifacts + + - name: Generate cifuzz artifact + run: | + echo "Generating cifuzz artifact..." + mkdir -p cifuzz + echo "cifuzz processed for ${{ inputs.artifact_id }}" > cifuzz/cifuzz.txt + + - name: Upload cifuzz artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact_id }} + path: cifuzz/ \ No newline at end of file diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 6dd814cf7e..a097b537ab 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,12 +1,17 @@ name: "Code scanning - action" on: - push: - branches: - - develop - - main - - release/* - pull_request: +# push: +# branches: +# - develop +# - main +# - release/* + workflow_call: + inputs: + artifact_id: + description: 'Unique identifier for artifacts' + required: true + type: string schedule: - cron: '0 19 * * 1' workflow_dispatch: @@ -17,6 +22,7 @@ concurrency: permissions: contents: read + jobs: CodeQL-Build: @@ -47,3 +53,15 @@ jobs: - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14 + + - name: Generate codeql artifact + run: | + echo "Generating codeql artifact..." + mkdir -p codeql + echo "codeql processed for ${{ inputs.artifact_id }}" > codeql/codeql.txt + + - name: Upload codeql artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact_id }} + path: codeql/ diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml index 70f08cee36..d81f4eb91b 100644 --- a/.github/workflows/dependency-review.yml +++ b/.github/workflows/dependency-review.yml @@ -7,7 +7,14 @@ # # Source repository: https://github.com/actions/dependency-review-action name: 'Dependency Review' -on: [pull_request] +on: + workflow_call: + inputs: + artifact_id: + description: 'Unique identifier for artifacts' + required: true + type: string + permissions: contents: read @@ -25,3 +32,16 @@ jobs: uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: 'Dependency Review' uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0 + + + - name: Generate dependency_review artifact + run: | + echo "Generating Dependency Review artifact..." + mkdir -p dependency_review + echo "dependency review processed for ${{ inputs.artifact_id }}" > dependency_review/dependency_review.txt + + - name: Upload dependency_review artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact_id }} + path: dependency_review/ diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml index a71bd0f495..ccfe246ae0 100644 --- a/.github/workflows/labeler.yml +++ b/.github/workflows/labeler.yml @@ -1,8 +1,12 @@ name: "Pull Request Labeler" on: - pull_request_target: - types: [opened, synchronize] + workflow_call: + inputs: + artifact_id: + description: 'Unique identifier for artifacts' + required: true + type: string permissions: contents: read @@ -24,3 +28,15 @@ jobs: - uses: srvaroa/labeler@e216fb40e2e6d3b17d90fb1d950f98bee92f65ce # master env: GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + + - name: Generate label artifact + run: | + echo "Generating label artifact..." + mkdir -p labeler + echo "Labels processed for ${{ inputs.artifact_id }}" > labeler/labeler.txt + + - name: Upload label artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact_id }} + path: labeler/ \ No newline at end of file diff --git a/.github/workflows/parent-workflow.yml b/.github/workflows/parent-workflow.yml new file mode 100644 index 0000000000..5ce6323681 --- /dev/null +++ b/.github/workflows/parent-workflow.yml @@ -0,0 +1,98 @@ +name: Parent Workflow + +on: + pull_request: + #push: + # branches: + # - develop + # - main + +permissions: + contents: write + pages: write + pull-requests: write + id-token: write + security-events: write + +jobs: + labeler: + name: Run Labeler Workflow + uses: ./.github/workflows/labeler.yml + with: + artifact_id: "labeler-${{ github.sha }}" + + check_amalgamation: + name: Run Amalgamation Workflow + uses: ./.github/workflows/check_amalgamation.yml + with: + artifact_id: "check_amalgamation-${{ github.sha }}" + + test_trudag_extensions: + name: Run Test Trudag Extensions Workflow + uses: ./.github/workflows/test_trudag_extensions.yml + with: + artifact_id: "test_trudag_extensions-${{ github.sha }}" + + cifuzz: + name: Run CIFuzz Workflow + uses: ./.github/workflows/cifuzz.yml + with: + artifact_id: "cifuzz-${{ github.sha }}" + + codeql: + name: Run Codeql analysis Workflow + uses: ./.github/workflows/codeql-analysis.yml + with: + artifact_id: "codeql-${{ github.sha }}" + + #ubuntu: + #name: Run Ubuntu Workflow + #uses: ./.github/workflows/ubuntu.yml + #with: + # artifact_id: "ubuntu-${{ github.sha }}" + + dependency_review: + name: Run dependency_review Workflow + uses: ./.github/workflows/dependency-review.yml + with: + artifact_id: "dependency_review-${{ github.sha }}" + + + collect-and-deploy: + name: "Collect Results & Deploy" + needs: [labeler, check_amalgamation, test_trudag_extensions, codeql, cifuzz, dependency_review] + runs-on: ubuntu-latest + if: always() # Run even if some jobs fail + strategy: + matrix: + target: [labeler, check_amalgamation, test_trudag_extensions, codeql, cifuzz, dependency_review ] + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Check child workflow results + run: | + echo "=== Checking Child Workflow Results ===" + result="${{ needs[matrix.target].result }}" + echo "${{ matrix.target }} workflow result: $result" + + if [[ "$result" != "success" ]]; then + echo "❌ ${{ matrix.target }} workflow failed! Exiting..." + exit 1 + fi + echo "✅ Child workflows completed successfully!" + env: + current_workflow: ${{ matrix.target }} + + - name: Download artifacts + uses: actions/download-artifact@v4 + with: + name: "${{ matrix.target }}-${{ github.sha }}" + path: artifacts/ + + - name: Deployment simulation + run: | + echo "🚀 Simulating deployment..." + sleep 2 + echo "✅ Deployment completed successfully!" \ No newline at end of file diff --git a/.github/workflows/publish_documentation.yml b/.github/workflows/publish_documentation.yml index e16e707551..35472a9c6c 100644 --- a/.github/workflows/publish_documentation.yml +++ b/.github/workflows/publish_documentation.yml @@ -20,13 +20,11 @@ permissions: id-token: write on: - pull_request_target: - types: [opened, reopened, synchronize] # Allows forks to trigger the docs build - push: - branches: - - main - merge_group: - types: [checks_requested] + workflow_run: + workflows: + - "Parent Workflow" + types: + - completed jobs: run-trudag: @@ -40,7 +38,6 @@ jobs: steps: - name: Checkout repository uses: actions/checkout@v4 - - name: Set up Python uses: actions/setup-python@v5 with: @@ -51,6 +48,7 @@ jobs: sudo apt-get update sudo apt-get install -y graphviz pip install trustable --index-url https://gitlab.com/api/v4/projects/66600816/packages/pypi/simple + - name: Generate trudag report run: | diff --git a/.github/workflows/test_trudag_extensions.yml b/.github/workflows/test_trudag_extensions.yml index 8b45862d09..f7cb879064 100644 --- a/.github/workflows/test_trudag_extensions.yml +++ b/.github/workflows/test_trudag_extensions.yml @@ -1,9 +1,17 @@ name: Test Trudag extensions on: + workflow_call: + inputs: + artifact_id: + description: 'Unique identifier for artifacts' + required: true + type: string push: branches: [ main ] - pull_request: + +permissions: + contents: read jobs: test: @@ -26,4 +34,16 @@ jobs: - name: Run tests run: | cd .dotstop_extensions - pytest -v \ No newline at end of file + pytest -v + + - name: Generate test_trudag_extensions artifact + run: | + echo "Generating test_trudag_extensions artifact..." + mkdir -p test_trudag_extensions + echo "test_trudag_extensions processed for ${{ inputs.artifact_id }}" > test_trudag_extensions/test_trudag_extensions.txt + + - name: Upload test_trudag_extensions artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact_id }} + path: test_trudag_extensions/ \ No newline at end of file diff --git a/.github/workflows/ubuntu.yml b/.github/workflows/ubuntu.yml index 3130a3f434..6b5d7b33b2 100644 --- a/.github/workflows/ubuntu.yml +++ b/.github/workflows/ubuntu.yml @@ -1,16 +1,21 @@ name: Ubuntu on: - push: - branches: - - develop - - main - - release/* - pull_request: + workflow_call: + inputs: + artifact_id: + description: 'Unique identifier for artifacts' + required: true + type: string workflow_dispatch: - schedule: + # push: + # branches: + # - develop + # - main + # - release/* + #schedule: # Runs every day at 9:00 AM UTC - - cron: "0 9 * * *" + #- cron: "0 9 * * *" permissions: contents: read @@ -253,3 +258,15 @@ jobs: run: cmake -S . -B build -DJSON_CI=On - name: Build run: cmake --build build --target ${{ matrix.target }} + + - name: Generate ubuntu artifact + run: | + echo "Generating ubuntu artifact..." + mkdir -p ubuntu + echo "ubuntu processed for ${{ inputs.artifact_id }}" > ubuntu/ubuntu.txt + + - name: Upload ubuntu artifact + uses: actions/upload-artifact@v4 + with: + name: ${{ inputs.artifact_id }} + path: ubuntu/ diff --git a/TSF/docs/index.rst b/TSF/docs/index.rst index 0d79ec02ac..e8b988cc23 100644 --- a/TSF/docs/index.rst +++ b/TSF/docs/index.rst @@ -15,7 +15,7 @@ .. _library_description: S-CORE NLOHMANN JSON LIBRARY FORK -============================= +=================================== This module is dedicated to implementing the Trustable Software Framework for the Niels Lohmann JSON Library. Initially, it emphasizes ensuring the reliability and correctness of the library's parsing functionality. The Niels Lohmann JSON Library is recognized for its efficient and straightforward approach to JSON parsing, manipulation, and serialization within modern C++ applications, aiming to provide developers with a flexible and robust tool for managing JSON data structures. The framework seeks to enhance these capabilities, aligning them with rigorous software quality standards to ensure dependable JSON processing across diverse applications. @@ -35,4 +35,4 @@ This repository provides the aspired setup for projects using **C++** and **Baze introduction/index.rst concept.rst report.rst - Eclipse \ No newline at end of file + Eclipse