From 2fc5e1e220b3fa8ed621bd1c136acc321ad08e70 Mon Sep 17 00:00:00 2001 From: Chuck Walbourn Date: Mon, 29 Jul 2024 20:04:33 -0700 Subject: [PATCH] Added GitHub Actions for build and security analysis (#33) --- .github/workflows/codeql.yml | 56 ++++++++++ .github/workflows/main.yml | 84 ++++++++++++++ .github/workflows/msbuild.yml | 42 +++++++ .github/workflows/msvc.yml | 57 ++++++++++ build/DXUT-GitHub-CMake-Dev17.yml | 176 +----------------------------- build/DXUT-GitHub-CMake.yml | 2 +- build/DXUT-GitHub-Dev17.yml | 24 ++-- build/DXUT-GitHub.yml | 24 ++-- build/DXUT-SDL.yml | 2 +- 9 files changed, 256 insertions(+), 211 deletions(-) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/main.yml create mode 100644 .github/workflows/msbuild.yml create mode 100644 .github/workflows/msvc.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..ee79071 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,56 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# http://go.microsoft.com/fwlink/?LinkId=320437 + +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + paths-ignore: + - '*.md' + - LICENSE + - '.nuget/*' + - build/*.yml + schedule: + - cron: '38 2 * * 3' + +jobs: + analyze: + name: Analyze (C/C++) + runs-on: windows-latest + timeout-minutes: 360 + permissions: + security-events: write + packages: read + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: 'Install Ninja' + run: choco install ninja + + - uses: ilammy/msvc-dev-cmd@v1 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: c-cpp + build-mode: manual + + - name: 'Configure CMake' + working-directory: ${{ github.workspace }} + run: cmake --preset=x64-Debug + + - name: 'Build' + working-directory: ${{ github.workspace }} + run: cmake --build out\build\x64-Debug + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:c-cpp" diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml new file mode 100644 index 0000000..9a9e3dc --- /dev/null +++ b/.github/workflows/main.yml @@ -0,0 +1,84 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# http://go.microsoft.com/fwlink/?LinkId=320437 + +name: 'CMake (Windows)' + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + paths-ignore: + - '*.md' + - LICENSE + - '.nuget/*' + - build/*.yml + +jobs: + build: + runs-on: ${{ matrix.os }} + + strategy: + fail-fast: false + + matrix: + os: [windows-2019, windows-2022] + build_type: [x64-Debug, x64-Release, x64-Debug-Clang, x64-Release-Clang] + arch: [amd64] + include: + - os: windows-2019 + build_type: x86-Debug + arch: amd64_x86 + - os: windows-2019 + build_type: x86-Release + arch: amd64_x86 + - os: windows-2019 + build_type: x86-Debug-Clang + arch: amd64_x86 + - os: windows-2019 + build_type: x86-Release-Clang + arch: amd64_x86 + - os: windows-2022 + build_type: x86-Debug + arch: amd64_x86 + - os: windows-2022 + build_type: x86-Release + arch: amd64_x86 + - os: windows-2022 + build_type: x86-Debug-Clang + arch: amd64_x86 + - os: windows-2022 + build_type: x86-Release-Clang + arch: amd64_x86 + - os: windows-2022 + build_type: arm64-Debug + arch: amd64_arm64 + - os: windows-2022 + build_type: arm64-Release + arch: amd64_arm64 + - os: windows-2022 + build_type: arm64ec-Debug + arch: amd64_arm64 + - os: windows-2022 + build_type: arm64ec-Release + arch: amd64_arm64 + + steps: + - uses: actions/checkout@v4 + + - name: 'Install Ninja' + run: choco install ninja + + - uses: ilammy/msvc-dev-cmd@v1 + with: + arch: ${{ matrix.arch }} + + - name: 'Configure CMake' + working-directory: ${{ github.workspace }} + run: cmake --preset=${{ matrix.build_type }} + + - name: 'Build' + working-directory: ${{ github.workspace }} + run: cmake --build out\build\${{ matrix.build_type }} diff --git a/.github/workflows/msbuild.yml b/.github/workflows/msbuild.yml new file mode 100644 index 0000000..fc6e06d --- /dev/null +++ b/.github/workflows/msbuild.yml @@ -0,0 +1,42 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# http://go.microsoft.com/fwlink/?LinkId=320437 + +name: MSBuild + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + paths-ignore: + - '*.md' + - LICENSE + - '.nuget/*' + - build/*.yml + +permissions: + contents: read + +jobs: + build: + runs-on: windows-${{ matrix.vs }} + + strategy: + fail-fast: false + + matrix: + vs: [2019, 2022] + build_type: [Debug, Release] + platform: [Win32, x64] + + steps: + - uses: actions/checkout@v4 + + - name: Add MSBuild to PATH + uses: microsoft/setup-msbuild@v2 + + - name: Build + working-directory: ${{ github.workspace }} + run: msbuild /m /p:Configuration=${{ matrix.build_type }} /p:Platform=${{ matrix.platform }} ./DXUT_${{ matrix.vs }}_Win10.sln diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml new file mode 100644 index 0000000..09a8fc4 --- /dev/null +++ b/.github/workflows/msvc.yml @@ -0,0 +1,57 @@ +# Copyright (c) Microsoft Corporation. +# Licensed under the MIT License. +# +# http://go.microsoft.com/fwlink/?LinkId=320437 + +name: Microsoft C++ Code Analysis + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + paths-ignore: + - '*.md' + - LICENSE + - '.nuget/*' + - build/*.yml + schedule: + - cron: '20 21 * * 2' + +permissions: + contents: read + +jobs: + analyze: + permissions: + contents: read + security-events: write + actions: read + name: Analyze + runs-on: windows-latest + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - uses: ilammy/msvc-dev-cmd@v1 + with: + arch: amd64 + + - name: Configure CMake + working-directory: ${{ github.workspace }} + run: cmake -B out -DCMAKE_DISABLE_PRECOMPILE_HEADERS=ON + + - name: Initialize MSVC Code Analysis + uses: microsoft/msvc-code-analysis-action@v0.1.1 + id: run-analysis + with: + cmakeBuildDirectory: ./out + buildConfiguration: Debug + ruleset: NativeRecommendedRules.ruleset + + # Upload SARIF file to GitHub Code Scanning Alerts + - name: Upload SARIF to GitHub + uses: github/codeql-action/upload-sarif@v3 + with: + sarif_file: ${{ steps.run-analysis.outputs.sarif }} diff --git a/build/DXUT-GitHub-CMake-Dev17.yml b/build/DXUT-GitHub-CMake-Dev17.yml index 8e50ca3..55ffb9c 100644 --- a/build/DXUT-GitHub-CMake-Dev17.yml +++ b/build/DXUT-GitHub-CMake-Dev17.yml @@ -3,7 +3,7 @@ # # http://go.microsoft.com/fwlink/?LinkId=320437 -# Builds the library using CMake. +# Builds the library using CMake with VS Generator (GitHub Actions covers Ninja). trigger: branches: @@ -140,177 +140,3 @@ jobs: inputs: cwd: '$(Build.SourcesDirectory)' cmakeArgs: --build out6 -v --config RelWithDebInfo - -- job: CMAKE_BUILD_X64 - displayName: 'CMake for X64' - timeoutInMinutes: 60 - workspace: - clean: all - steps: - - checkout: self - clean: true - fetchTags: false - - task: CmdLine@2 - displayName: Setup environment for CMake to use VS - inputs: - script: | - call "$(VC_PATH)\Auxiliary\Build\vcvars64.bat" - echo ##vso[task.setvariable variable=WindowsSdkVerBinPath;]%WindowsSdkVerBinPath% - echo ##vso[task.prependpath]%VSINSTALLDIR%Common7\IDE\CommonExtensions\Microsoft\CMake\Ninja - echo ##vso[task.prependpath]%VCINSTALLDIR%Tools\Llvm\x64\bin - echo ##vso[task.prependpath]%WindowsSdkBinPath%x64 - echo ##vso[task.prependpath]%WindowsSdkVerBinPath%x64 - echo ##vso[task.prependpath]%VCToolsInstallDir%bin\Hostx64\x64 - echo ##vso[task.setvariable variable=EXTERNAL_INCLUDE;]%EXTERNAL_INCLUDE% - echo ##vso[task.setvariable variable=INCLUDE;]%INCLUDE% - echo ##vso[task.setvariable variable=LIB;]%LIB% - - - task: CMake@1 - displayName: CMake (MSVC; x64-Debug) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=x64-Debug - - task: CMake@1 - displayName: CMake (MSVC; x64-Debug) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/x64-Debug -v - - task: DeleteFiles@1 - inputs: - Contents: 'out' - - task: CMake@1 - displayName: CMake (MSVC; x64-Release) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=x64-Release - - task: CMake@1 - displayName: CMake (MSVC; x64-Release) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/x64-Release -v - - task: DeleteFiles@1 - inputs: - Contents: 'out' - - task: CMake@1 - displayName: CMake (clang/LLVM; x64-Debug) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=x64-Debug-Clang - - task: CMake@1 - displayName: CMake (clang/LLVM; x64-Debug) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/x64-Debug-Clang -v - - task: DeleteFiles@1 - inputs: - Contents: 'out' - - task: CMake@1 - displayName: CMake (clang/LLVM; x64-Release) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=x64-Release-Clang - - task: CMake@1 - displayName: CMake (clang/LLVM; x64-Release) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/x64-Release-Clang -v - -- job: CMAKE_BUILD_ARM64 - displayName: 'CMake for ARM64' - timeoutInMinutes: 60 - workspace: - clean: all - steps: - - checkout: self - clean: true - fetchTags: false - - task: CmdLine@2 - displayName: Setup environment for CMake to use VS - inputs: - script: | - call "$(VC_PATH)\Auxiliary\Build\vcvarsamd64_arm64.bat" - echo ##vso[task.setvariable variable=WindowsSdkVerBinPath;]%WindowsSdkVerBinPath% - echo ##vso[task.prependpath]%VSINSTALLDIR%Common7\IDE\CommonExtensions\Microsoft\CMake\Ninja - echo ##vso[task.prependpath]%VCINSTALLDIR%Tools\Llvm\x64\bin - echo ##vso[task.prependpath]%WindowsSdkBinPath%x64 - echo ##vso[task.prependpath]%WindowsSdkVerBinPath%x64 - echo ##vso[task.prependpath]%VCToolsInstallDir%bin\Hostx64\arm64 - echo ##vso[task.setvariable variable=EXTERNAL_INCLUDE;]%EXTERNAL_INCLUDE% - echo ##vso[task.setvariable variable=INCLUDE;]%INCLUDE% - echo ##vso[task.setvariable variable=LIB;]%LIB% - - - task: CMake@1 - displayName: CMake (MSVC; arm64-Debug) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=arm64-Debug - - task: CMake@1 - displayName: CMake (MSVC; arm64-Debug) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/arm64-Debug -v - - task: DeleteFiles@1 - inputs: - Contents: 'out' - - task: CMake@1 - displayName: CMake (MSVC; arm64-Release) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=arm64-Release - - task: CMake@1 - displayName: CMake (MSVC; arm64-Release) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/arm64-Release -v - - task: DeleteFiles@1 - inputs: - Contents: 'out' - - task: CMake@1 - displayName: CMake (clang/LLVM; arm64-Debug) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=arm64-Debug-Clang - - task: CMake@1 - displayName: CMake (clang/LLVM; arm64-Debug) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/arm64-Debug-Clang -v - - task: DeleteFiles@1 - inputs: - Contents: 'out' - - task: CMake@1 - displayName: CMake (clang/LLVM; arm64-Release) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=arm64-Release-Clang - - task: CMake@1 - displayName: CMake (clang/LLVM; arm64-Release) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/arm64-Release-Clang -v - - task: DeleteFiles@1 - inputs: - Contents: 'out' - - task: CMake@1 - displayName: CMake (MSVC; arm64ec-Debug) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=arm64ec-Debug - - task: CMake@1 - displayName: CMake (MSVC; arm64ec-Debug) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/arm64ec-Debug -v - - task: DeleteFiles@1 - inputs: - Contents: 'out' - - task: CMake@1 - displayName: CMake (MSVC; arm64ec-Release) Config - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --preset=arm64ec-Release - - task: CMake@1 - displayName: CMake (MSVC; arm64ec-Release) Build - inputs: - cwd: '$(Build.SourcesDirectory)' - cmakeArgs: --build out/build/arm64ec-Release -v \ No newline at end of file diff --git a/build/DXUT-GitHub-CMake.yml b/build/DXUT-GitHub-CMake.yml index e2cc87b..daf6086 100644 --- a/build/DXUT-GitHub-CMake.yml +++ b/build/DXUT-GitHub-CMake.yml @@ -3,7 +3,7 @@ # # http://go.microsoft.com/fwlink/?LinkId=320437 -# Builds the library using CMake. +# Builds the library using CMake with VS Generator (GitHub Actions covers Ninja). trigger: branches: diff --git a/build/DXUT-GitHub-Dev17.yml b/build/DXUT-GitHub-Dev17.yml index b5fcf2d..2327127 100644 --- a/build/DXUT-GitHub-Dev17.yml +++ b/build/DXUT-GitHub-Dev17.yml @@ -5,32 +5,22 @@ # Builds the library for Windows Desktop. -trigger: +schedules: +- cron: "0 4 * * *" + displayName: 'Nightly build' branches: include: - main - paths: - exclude: - - '*.md' - - LICENSE - - CMake* - - '.github/*' - - build/*.cmake - - build/*.in +# GitHub Actions handles MSBuild for CI/PR +trigger: none pr: branches: include: - main paths: - exclude: - - '*.md' - - LICENSE - - CMake* - - '.github/*' - - build/*.cmake - - build/*.in - drafts: false + include: + - build/DXUT-GitHub-Dev17.yml resources: repositories: diff --git a/build/DXUT-GitHub.yml b/build/DXUT-GitHub.yml index faf44f0..e2b706e 100644 --- a/build/DXUT-GitHub.yml +++ b/build/DXUT-GitHub.yml @@ -5,32 +5,22 @@ # Builds the library for Windows Desktop. -trigger: +schedules: +- cron: "30 5 * * *" + displayName: 'Nightly build' branches: include: - main - paths: - exclude: - - '*.md' - - LICENSE - - CMake* - - '.github/*' - - build/*.cmake - - build/*.in +# GitHub Actions handles MSBuild for CI/PR +trigger: none pr: branches: include: - main paths: - exclude: - - '*.md' - - LICENSE - - CMake* - - '.github/*' - - build/*.cmake - - build/*.in - drafts: false + include: + - build/DXUT-GitHub.yml resources: repositories: diff --git a/build/DXUT-SDL.yml b/build/DXUT-SDL.yml index 17b0c1b..53e689b 100644 --- a/build/DXUT-SDL.yml +++ b/build/DXUT-SDL.yml @@ -12,8 +12,8 @@ schedules: include: - main +# GitHub Actions handles CodeQL and PREFAST for CI/PR trigger: none - pr: branches: include: