score-json · Erikhu1 · Jul 31, 2025 · Aug 1, 2025 · Aug 1, 2025 · Aug 1, 2025
diff --git a/.github/workflows/check_amalgamation.yml b/.github/workflows/check_amalgamation.yml
@@ -1,7 +1,12 @@
 name: "Check amalgamation"
 
 on:
-  pull_request:
+  workflow_call:
+    inputs:
+      artifact_id:
+        description: 'Unique identifier for artifacts'
+        required: true
+        type: string
 
 permissions:
   contents: read
@@ -74,3 +79,15 @@ jobs:
           ${{ github.workspace }}/venv/bin/astyle --project=tools/astyle/.astylerc --suffix=orig $(find docs/examples include tests -type f \( -name '*.hpp' -o -name '*.cpp' -o -name '*.cu' \) -not -path 'tests/thirdparty/*' -not -path 'tests/abi/include/nlohmann/*' | sort)
           echo Check
           find $MAIN_DIR -name '*.orig' -exec false {} \+
+
+      - name: Generate amalgamation artifact
+        run: |
+          echo "Generating amalgamation artifact..."
+          mkdir -p check_amalgamation
+          echo "Amalgamation processed for ${{ inputs.artifact_id }}" > check_amalgamation/check_amalgamation.txt
+
+      - name: Upload amalgamation artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_id }}
+          path: check_amalgamation/
diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml
@@ -1,5 +1,12 @@
 name: CIFuzz
-on: [pull_request]
+
+on:
+  workflow_call:
+    inputs:
+      artifact_id:
+        description: 'Unique identifier for artifacts'
+        required: true
+        type: string
 
 permissions:
   contents: read
@@ -8,28 +15,46 @@ jobs:
   Fuzzing:
     runs-on: ubuntu-latest
     steps:
-    - name: Harden Runner
-      uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
-      with:
-        egress-policy: audit
-
-    - name: Build Fuzzers
-      id: build
-      uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@57fe4475324c5506adbfecdcdd2917f65c86ee9e # master
-      with:
-        oss-fuzz-project-name: 'json'
-        dry-run: false
-        language: c++
-    - name: Run Fuzzers
-      uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@57fe4475324c5506adbfecdcdd2917f65c86ee9e # master
-      with:
-        oss-fuzz-project-name: 'json'
-        fuzz-seconds: 300
-        dry-run: false
-        language: c++
-    - name: Upload Crash
-      uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
-      if: failure() && steps.build.outcome == 'success'
-      with:
-        name: artifacts
-        path: ./out/artifacts
+      - name: Checkout code
+        uses: actions/checkout@v4
+        with:
+          fetch-depth: 1
+      - name: Harden Runner
+        uses: step-security/harden-runner@6c439dc8bdf85cadbbce9ed30d1c7b959517bc49 # v2.12.2
+        with:
+          egress-policy: audit
+
+      - name: Build Fuzzers
+        id: build
+        uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@57fe4475324c5506adbfecdcdd2917f65c86ee9e 
+        with:
+          oss-fuzz-project-name: 'json'
+          dry-run: false
+          language: c++
+
+      - name: Run Fuzzers
+        uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@57fe4475324c5506adbfecdcdd2917f65c86ee9e # master
+        with:
+          oss-fuzz-project-name: 'json'
+          fuzz-seconds: 300
+          dry-run: false
+          language: c++
+
+      - name: Upload Crash
+        uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+        if: failure() && steps.build.outcome == 'success'
+        with:
+          name: artifacts
+          path: ./out/artifacts
+
+      - name: Generate cifuzz artifact
+        run: |
+          echo "Generating cifuzz artifact..."
+          mkdir -p cifuzz
+          echo "cifuzz processed for ${{ inputs.artifact_id }}" > cifuzz/cifuzz.txt
+
+      - name: Upload cifuzz artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_id }}
+          path: cifuzz/
diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml
@@ -1,12 +1,17 @@
 name: "Code scanning - action"
 
 on:
-  push:
-    branches:
-      - develop
-      - main
-      - release/*
-  pull_request:
+#  push:
+#    branches:
+#      - develop
+#      - main
+#      - release/*
+  workflow_call:
+    inputs:
+      artifact_id:
+        description: 'Unique identifier for artifacts'
+        required: true
+        type: string
   schedule:
     - cron: '0 19 * * 1'
   workflow_dispatch:
@@ -17,6 +22,7 @@ concurrency:
 
 permissions:
   contents: read
+
 
 jobs:
   CodeQL-Build:
@@ -47,3 +53,15 @@ jobs:
 
     - name: Perform CodeQL Analysis
       uses: github/codeql-action/analyze@fc7e4a0fa01c3cca5fd6a1fddec5c0740c977aa2 # v3.28.14
+
+    - name: Generate codeql artifact
+      run: |
+        echo "Generating codeql artifact..."
+        mkdir -p codeql
+        echo "codeql processed for ${{ inputs.artifact_id }}" > codeql/codeql.txt
+
+    - name: Upload codeql artifact
+      uses: actions/upload-artifact@v4
+      with:
+        name: ${{ inputs.artifact_id }}
+        path: codeql/
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
@@ -7,7 +7,14 @@
 #
 # Source repository: https://github.com/actions/dependency-review-action
 name: 'Dependency Review'
-on: [pull_request]
+on:  
+  workflow_call:
+    inputs:
+      artifact_id:
+        description: 'Unique identifier for artifacts'
+        required: true
+        type: string
+
 
 permissions:
   contents: read
@@ -25,3 +32,16 @@ jobs:
         uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: 'Dependency Review'
         uses: actions/dependency-review-action@ce3cf9537a52e8119d91fd484ab5b8a807627bf8 # v4.6.0
+
+
+      - name: Generate dependency_review artifact
+        run: |
+          echo "Generating Dependency Review artifact..."
+          mkdir -p dependency_review
+          echo "dependency review processed for ${{ inputs.artifact_id }}" > dependency_review/dependency_review.txt
+
+      - name: Upload dependency_review artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_id }}
+          path: dependency_review/
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
@@ -1,8 +1,12 @@
 name: "Pull Request Labeler"
 
 on:
-  pull_request_target:
-    types: [opened, synchronize]
+  workflow_call:
+    inputs:
+      artifact_id:
+        description: 'Unique identifier for artifacts'
+        required: true
+        type: string
 
 permissions:
   contents: read
@@ -24,3 +28,15 @@ jobs:
       - uses: srvaroa/labeler@e216fb40e2e6d3b17d90fb1d950f98bee92f65ce # master
         env:
           GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
+
+      - name: Generate label artifact
+        run: |
+          echo "Generating label artifact..."
+          mkdir -p labeler
+          echo "Labels processed for ${{ inputs.artifact_id }}" > labeler/labeler.txt
+
+      - name: Upload label artifact
+        uses: actions/upload-artifact@v4
+        with:
+          name: ${{ inputs.artifact_id }}
+          path: labeler/
diff --git a/.github/workflows/parent-workflow.yml b/.github/workflows/parent-workflow.yml
@@ -0,0 +1,98 @@
+name: Parent Workflow
+
+on: 
+  pull_request:
+  #push: 
+  #  branches:
+  #    - develop
+  #    - main
+
+permissions:
+  contents: write
+  pages: write
+  pull-requests: write
+  id-token: write
+  security-events: write
+
+jobs:
+  labeler:
+    name: Run Labeler Workflow
+    uses: ./.github/workflows/labeler.yml
+    with:
+      artifact_id: "labeler-${{ github.sha }}"
+
+  check_amalgamation:
+    name: Run Amalgamation Workflow
+    uses: ./.github/workflows/check_amalgamation.yml
+    with:
+      artifact_id: "check_amalgamation-${{ github.sha }}"
+
+  test_trudag_extensions:
+    name: Run Test Trudag Extensions Workflow
+    uses: ./.github/workflows/test_trudag_extensions.yml
+    with:
+      artifact_id: "test_trudag_extensions-${{ github.sha }}"
+
+  cifuzz:
+    name: Run CIFuzz Workflow
+    uses: ./.github/workflows/cifuzz.yml
+    with:
+      artifact_id: "cifuzz-${{ github.sha }}"
+
+  codeql:
+    name: Run Codeql analysis Workflow
+    uses: ./.github/workflows/codeql-analysis.yml
+    with:
+      artifact_id: "codeql-${{ github.sha }}"
+
+  #ubuntu:
+    #name: Run Ubuntu Workflow
+    #uses: ./.github/workflows/ubuntu.yml
+    #with:
+    #  artifact_id: "ubuntu-${{ github.sha }}"
+
+  dependency_review:
+    name: Run dependency_review Workflow
+    uses: ./.github/workflows/dependency-review.yml
+    with:
+      artifact_id: "dependency_review-${{ github.sha }}"
+
+
+  collect-and-deploy:
+    name: "Collect Results & Deploy"
+    needs: [labeler, check_amalgamation, test_trudag_extensions, codeql, cifuzz, dependency_review]
+    runs-on: ubuntu-latest
+    if: always() # Run even if some jobs fail
+    strategy:
+      matrix:
+        target: [labeler, check_amalgamation, test_trudag_extensions, codeql, cifuzz, dependency_review ] 
+
+    steps:
+      - name: Checkout code
+        uses: actions/checkout@v4
+
+      - name: Check child workflow results 
+        run: |
+          echo "=== Checking Child Workflow Results ==="
+          result="${{ needs[matrix.target].result }}"
+          echo "${{ matrix.target }} workflow result: $result"
+
+          if [[ "$result" != "success" ]]; then
+            echo "❌ ${{ matrix.target }} workflow failed! Exiting..."
+            exit 1
+          fi
+          echo "✅ Child workflows completed successfully!" 
+        env:
+          current_workflow: ${{ matrix.target }}
+
+      - name: Download artifacts
+        uses: actions/download-artifact@v4
+        with:
+          name: "${{ matrix.target }}-${{ github.sha }}"
+          path: artifacts/
+
+      - name: Deployment simulation
+        run: |
+          echo "🚀 Simulating deployment..."
+          sleep 2
+          echo "✅ Deployment completed successfully!"
diff --git a/.github/workflows/publish_documentation.yml b/.github/workflows/publish_documentation.yml
@@ -20,13 +20,11 @@ permissions:
   id-token: write
 
 on:
-  pull_request_target:
-    types: [opened, reopened, synchronize] # Allows forks to trigger the docs build
-  push:
-    branches:
-      - main
-  merge_group:
-    types: [checks_requested]
+  workflow_run:
+    workflows: 
+     - "Parent Workflow"
+    types:
+      - completed
 
 jobs:
   run-trudag:
@@ -40,7 +38,6 @@ jobs:
     steps:
       - name: Checkout repository
         uses: actions/checkout@v4
-
       - name: Set up Python
         uses: actions/setup-python@v5
         with:
@@ -51,6 +48,7 @@ jobs:
           sudo apt-get update
           sudo apt-get install -y graphviz
           pip install trustable --index-url https://gitlab.com/api/v4/projects/66600816/packages/pypi/simple
+
 
       - name: Generate trudag report
         run: |