diff options
| author | mbkma <[email protected]> | 2025-08-14 21:30:32 +0200 |
|---|---|---|
| committer | Luke from DC <[email protected]> | 2025-08-21 04:18:04 +0000 |
| commit | ed3d1a39b9543bb0acec8b824e1e999952ccb123 (patch) | |
| tree | d1f7d35bccada68f13d06552277dc6c658dc1358 | |
| parent | 7ef327f6f269c7a49357e001cd41d7aaf5807749 (diff) | |
| download | mate-calc-ed3d1a39b9543bb0acec8b824e1e999952ccb123.tar.bz2 mate-calc-ed3d1a39b9543bb0acec8b824e1e999952ccb123.tar.xz | |
use github actions
| -rw-r--r-- | .github/workflows/build.yml | 161 | ||||
| -rw-r--r-- | .github/workflows/notify.yml | 44 | ||||
| -rw-r--r-- | .github/workflows/pages.yml | 139 | ||||
| -rw-r--r-- | .github/workflows/quality.yml | 95 | ||||
| -rw-r--r-- | .github/workflows/release.yml | 117 |
5 files changed, 556 insertions, 0 deletions
diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..7d24ac4 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,161 @@ +name: Build and Test + +on: + push: + branches: [ master, main ] + tags: [ 'v*' ] + pull_request: + branches: [ master, main ] + +jobs: + build: + runs-on: ubuntu-latest + strategy: + matrix: + distro: + - 'debian:testing' + - 'fedora:latest' + include: + - distro: 'debian:testing' + distro_name: 'debian' + - distro: 'fedora:latest' + distro_name: 'fedora' + + container: + image: ${{ matrix.distro }} + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install dependencies (Debian) + if: matrix.distro_name == 'debian' + run: | + apt-get update + apt-get install -y \ + autopoint \ + clang \ + clang-tools \ + cppcheck \ + gcc \ + git \ + libatk1.0-dev \ + libglib2.0-dev \ + libgmp-dev \ + libgtk-3-dev \ + libmpc-dev \ + libmpfr-dev \ + libxml2-dev \ + make \ + mate-common \ + yelp-tools \ + bison \ + flex \ + curl + + - name: Install dependencies (Fedora) + if: matrix.distro_name == 'fedora' + run: | + dnf update -y + dnf install -y \ + autoconf-archive \ + clang \ + clang-analyzer \ + cppcheck-htmlreport \ + bison \ + desktop-file-utils \ + flex \ + gcc \ + git \ + gmp-devel \ + gtk3 \ + libmpc-devel \ + libxml2-devel \ + make \ + mate-common \ + mate-desktop-devel \ + mpfr-devel \ + redhat-rpm-config \ + curl \ + which + + - name: Set up environment variables + run: | + export CPU_COUNT=$(nproc) + echo "CPU_COUNT=$CPU_COUNT" >> $GITHUB_ENV + echo "DISTRO_NAME=${{ matrix.distro_name }}" >> $GITHUB_ENV + echo "REPO_NAME=mate-calc" >> $GITHUB_ENV + echo "OWNER_NAME=mate-desktop" >> $GITHUB_ENV + export CHECKERS="-enable-checker deadcode.DeadStores -enable-checker alpha.deadcode.UnreachableCode -enable-checker alpha.core.CastSize -enable-checker alpha.core.CastToStruct -enable-checker alpha.core.IdenticalExpr -enable-checker alpha.core.SizeofPtr -enable-checker alpha.security.ArrayBoundV2 -enable-checker alpha.security.MallocOverflow -enable-checker alpha.security.ReturnPtrRange -enable-checker alpha.unix.SimpleStream -enable-checker alpha.unix.cstring.BufferOverlap -enable-checker alpha.unix.cstring.NotNullTerminated -enable-checker alpha.unix.cstring.OutOfBounds -enable-checker alpha.core.FixedAddr -enable-checker security.insecureAPI.strcpy" + echo "CHECKERS=$CHECKERS" >> $GITHUB_ENV + + - name: Run cppcheck (Debian only) + if: matrix.distro_name == 'debian' + run: | + export CFLAGS+=" -Wsign-compare" + cppcheck --enable=warning,style,performance,portability,information,missingInclude . + + - name: Generate build system + run: | + NOCONFIGURE=1 ./autogen.sh + + - name: Configure with scan-build + run: | + scan-build $CHECKERS ./configure --enable-compile-warnings=maximum + + - name: Build with scan-build + run: | + if [ $CPU_COUNT -gt 1 ]; then + if [ "$DISTRO_NAME" == "debian" ]; then + scan-build $CHECKERS --keep-cc --use-cc=clang --use-c++=clang++ -o html-report make -j $CPU_COUNT + make clean + fi + scan-build $CHECKERS --keep-cc -o html-report make -j $CPU_COUNT + else + if [ "$DISTRO_NAME" == "debian" ]; then + scan-build $CHECKERS --keep-cc --use-cc=clang --use-c++=clang++ -o html-report make + make clean + fi + scan-build $CHECKERS --keep-cc -o html-report make + fi + + - name: Run additional checks (Fedora only) + if: matrix.distro_name == 'fedora' + run: | + cppcheck --xml --output-file=cppcheck.xml --enable=warning,style,performance,portability,information,missingInclude . + cppcheck-htmlreport --title=$REPO_NAME --file=cppcheck.xml --report-dir=cppcheck-htmlreport + + - name: Generate index (Fedora only) + if: matrix.distro_name == 'fedora' + run: | + curl -Ls -o gen-index https://github.com/mate-desktop/mate-dev-scripts/raw/master/travis/gen-index.sh + chmod +x gen-index + ./gen-index -l 20 -i https://github.com/${OWNER_NAME}/mate-icon-theme/raw/master/mate/16x16/apps/accessories-calculator.png + + - name: Run distcheck + run: | + make distcheck + + - name: Upload HTML reports (Fedora only) + if: matrix.distro_name == 'fedora' + uses: actions/upload-artifact@v4 + with: + name: html-report-${{ matrix.distro_name }} + path: html-report/ + retention-days: 30 + + - name: Upload cppcheck reports (Fedora only) + if: matrix.distro_name == 'fedora' + uses: actions/upload-artifact@v4 + with: + name: cppcheck-report-${{ matrix.distro_name }} + path: cppcheck-htmlreport/ + retention-days: 30 + + - name: Upload distribution archives + if: matrix.distro_name == 'fedora' + uses: actions/upload-artifact@v4 + with: + name: distribution-archives + path: mate-calc-*.tar.xz + retention-days: 90
\ No newline at end of file diff --git a/.github/workflows/notify.yml b/.github/workflows/notify.yml new file mode 100644 index 0000000..12e39ee --- /dev/null +++ b/.github/workflows/notify.yml @@ -0,0 +1,44 @@ +name: Notifications + +on: + push: + branches: [ master, main ] + tags: [ 'v*' ] + workflow_run: + workflows: ["Build and Test"] + types: + - completed + +jobs: + irc-notify: + runs-on: ubuntu-latest + if: > + (github.event_name == 'push' && (github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' || startsWith(github.ref, 'refs/tags/'))) || + (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure') + + steps: + - name: Send IRC notification on success + if: > + (github.event_name == 'push') || + (github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'success') + uses: Gottox/irc-message-action@v2 + continue-on-error: true + with: + server: irc.libera.chat + channel: '#mate-dev' + nickname: mate-github-bot + message: | + [mate-calc] ${{ github.actor }}: ${{ github.event.head_commit.message || 'Workflow completed successfully' }} + [${{ github.ref_name }}] ${{ github.sha }} Success ${{ github.server_url }}/${{ github.repository }}/actions/runs/${{ github.run_id }} + + - name: Send IRC notification on failure + if: github.event_name == 'workflow_run' && github.event.workflow_run.conclusion == 'failure' + uses: Gottox/irc-message-action@v2 + continue-on-error: true + with: + server: irc.libera.chat + channel: '#mate-dev' + nickname: mate-github-bot + message: | + [mate-calc] Build failed: ${{ github.event.workflow_run.head_commit.message }} + [${{ github.event.workflow_run.head_branch }}] ${{ github.event.workflow_run.head_sha }} Failure ${{ github.event.workflow_run.html_url }}
\ No newline at end of file diff --git a/.github/workflows/pages.yml b/.github/workflows/pages.yml new file mode 100644 index 0000000..c1c1af6 --- /dev/null +++ b/.github/workflows/pages.yml @@ -0,0 +1,139 @@ +name: Deploy to GitHub Pages + +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] + +permissions: + contents: read + pages: write + id-token: write + pull-requests: write + +concurrency: + group: "pages" + cancel-in-progress: false + +jobs: + build-docs: + runs-on: ubuntu-latest + container: + image: 'fedora:latest' + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install dependencies + run: | + dnf update -y + dnf install -y \ + autoconf-archive \ + clang \ + clang-analyzer \ + cppcheck-htmlreport \ + bison \ + desktop-file-utils \ + flex \ + gcc \ + git \ + gmp-devel \ + gtk3 \ + libmpc-devel \ + libxml2-devel \ + make \ + mate-common \ + mate-desktop-devel \ + mpfr-devel \ + redhat-rpm-config \ + curl \ + which + + - name: Set up environment variables + run: | + export CPU_COUNT=$(nproc) + echo "CPU_COUNT=$CPU_COUNT" >> $GITHUB_ENV + echo "REPO_NAME=mate-calc" >> $GITHUB_ENV + echo "OWNER_NAME=mate-desktop" >> $GITHUB_ENV + export CHECKERS="-enable-checker deadcode.DeadStores -enable-checker alpha.deadcode.UnreachableCode -enable-checker alpha.core.CastSize -enable-checker alpha.core.CastToStruct -enable-checker alpha.core.IdenticalExpr -enable-checker alpha.core.SizeofPtr -enable-checker alpha.security.ArrayBoundV2 -enable-checker alpha.security.MallocOverflow -enable-checker alpha.security.ReturnPtrRange -enable-checker alpha.unix.SimpleStream -enable-checker alpha.unix.cstring.BufferOverlap -enable-checker alpha.unix.cstring.NotNullTerminated -enable-checker alpha.unix.cstring.OutOfBounds -enable-checker alpha.core.FixedAddr -enable-checker security.insecureAPI.strcpy" + echo "CHECKERS=$CHECKERS" >> $GITHUB_ENV + + - name: Generate build system + run: | + NOCONFIGURE=1 ./autogen.sh + + - name: Configure with scan-build + run: | + scan-build $CHECKERS ./configure --enable-compile-warnings=maximum + + - name: Build with scan-build + run: | + scan-build $CHECKERS --keep-cc -o html-report make -j $CPU_COUNT + + - name: Run cppcheck + run: | + cppcheck --xml --output-file=cppcheck.xml --enable=warning,style,performance,portability,information,missingInclude . + cppcheck-htmlreport --title=$REPO_NAME --file=cppcheck.xml --report-dir=cppcheck-htmlreport + + - name: Generate index page + run: | + curl -Ls -o gen-index https://github.com/mate-desktop/mate-dev-scripts/raw/master/travis/gen-index.sh + chmod +x gen-index + ./gen-index -l 20 -i https://github.com/${OWNER_NAME}/mate-icon-theme/raw/master/mate/16x16/apps/accessories-calculator.png + + - name: Setup Pages + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' + uses: actions/configure-pages@v5 + + - name: Upload artifact + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' + uses: actions/upload-pages-artifact@v3 + with: + path: html-report + + - name: Comment on PR with analysis results + if: github.event_name == 'pull_request' + uses: actions/github-script@v7 + with: + script: | + const fs = require('fs'); + const path = require('path'); + + // Check if html-report exists and has content + const reportDir = 'html-report'; + let reportCount = 0; + + if (fs.existsSync(reportDir)) { + const files = fs.readdirSync(reportDir); + reportCount = files.filter(f => f.endsWith('.html')).length; + } + + const comment = `## 🔍 Static Analysis Results + + Code analysis completed for this pull request. + + - **Scan-build reports**: ${reportCount} files generated + - **Status**: ${reportCount > 0 ? '⚠️ Issues found' : '✅ No issues found'} + + The detailed reports are available in the workflow artifacts.`; + + github.rest.issues.createComment({ + issue_number: context.issue.number, + owner: context.repo.owner, + repo: context.repo.repo, + body: comment + }); + + deploy: + if: github.ref == 'refs/heads/master' || github.ref == 'refs/heads/main' + environment: + name: github-pages + url: ${{ steps.deployment.outputs.page_url }} + runs-on: ubuntu-latest + needs: build-docs + steps: + - name: Deploy to GitHub Pages + id: deployment + uses: actions/deploy-pages@v4
\ No newline at end of file diff --git a/.github/workflows/quality.yml b/.github/workflows/quality.yml new file mode 100644 index 0000000..82ba076 --- /dev/null +++ b/.github/workflows/quality.yml @@ -0,0 +1,95 @@ +name: Code Quality + +on: + push: + branches: [ master, main ] + pull_request: + branches: [ master, main ] + +jobs: + lint: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y \ + clang-format \ + cppcheck \ + shellcheck \ + xmllint \ + desktop-file-utils + + - name: Check C/C++ code formatting + run: | + # Find all C/C++ files and check formatting + find src/ -name "*.c" -o -name "*.h" | while read file; do + echo "Checking format of $file" + clang-format --dry-run --Werror "$file" || true + done + + - name: Run cppcheck + run: | + cppcheck --error-exitcode=1 \ + --enable=warning,style,performance,portability,information \ + --suppress=missingIncludeSystem \ + --suppress=unusedFunction \ + --inline-suppr \ + src/ + + - name: Check shell scripts + run: | + find . -name "*.sh" -type f -exec shellcheck {} \; || true + + - name: Validate desktop files + run: | + find . -name "*.desktop.in" -type f | while read file; do + echo "Validating $file" + # Basic validation - desktop-file-validate would need the processed .desktop file + xmllint --noout --nonet --quiet "$file" 2>/dev/null || echo "XML validation skipped for $file" + done + + - name: Check XML files + run: | + find . -name "*.xml" -type f -exec xmllint --noout {} \; + + - name: Check for common issues + run: | + # Check for trailing whitespace + if grep -r '[[:space:]]$' src/ --exclude-dir=.git; then + echo "Found trailing whitespace" + exit 1 + fi + + # Check for tabs in source files (if project prefers spaces) + if grep -r $'\t' src/ --include="*.c" --include="*.h" --exclude-dir=.git; then + echo "Found tabs in source files - please use spaces" + # Don't fail on this for now, just warn + fi + + security: + runs-on: ubuntu-latest + + steps: + - name: Checkout code + uses: actions/checkout@v4 + + - name: Run security checks + run: | + # Check for potential security issues + echo "Checking for potential security issues..." + + # Look for dangerous functions + if grep -r '\(strcpy\|sprintf\|gets\|strcat\)(' src/ --include="*.c"; then + echo "Warning: Found potentially unsafe functions" + fi + + # Check for TODO/FIXME comments that might indicate security issues + grep -r 'TODO.*\(security\|vulner\|exploit\)' src/ || true + grep -r 'FIXME.*\(security\|vulner\|exploit\)' src/ || true + + echo "Security check completed"
\ No newline at end of file diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..a6cfbb4 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,117 @@ +name: Release + +on: + push: + tags: + - 'v*' + +jobs: + release: + runs-on: ubuntu-latest + container: + image: 'fedora:latest' + + steps: + - name: Checkout code + uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - name: Install dependencies + run: | + dnf update -y + dnf install -y \ + autoconf-archive \ + clang \ + clang-analyzer \ + bison \ + desktop-file-utils \ + flex \ + gcc \ + git \ + gmp-devel \ + gtk3 \ + libmpc-devel \ + libxml2-devel \ + make \ + mate-common \ + mate-desktop-devel \ + mpfr-devel \ + redhat-rpm-config \ + curl \ + which \ + sha256sum + + - name: Set up environment variables + run: | + export CPU_COUNT=$(nproc) + echo "CPU_COUNT=$CPU_COUNT" >> $GITHUB_ENV + echo "REPO_NAME=mate-calc" >> $GITHUB_ENV + echo "OWNER_NAME=mate-desktop" >> $GITHUB_ENV + + - name: Generate build system + run: | + NOCONFIGURE=1 ./autogen.sh + + - name: Configure + run: | + ./configure --enable-compile-warnings=maximum + + - name: Build + run: | + make -j $CPU_COUNT + + - name: Create distribution archive + run: | + make distcheck + + - name: Generate checksums + run: | + for file in mate-calc-*.tar.xz; do + if [ -f "$file" ]; then + sha256sum "$file" > "$file.sha256" + fi + done + + - name: Notify release servers + run: | + # Notify MATE release servers (if configured) + if [ -n "${{ secrets.RELEASE_NOTIFY_TOKEN }}" ]; then + curl -X POST -H "Authorization: token ${{ secrets.RELEASE_NOTIFY_TOKEN }}" \ + -d '{"tag":"${{ github.ref_name }}","repo":"mate-calc"}' \ + https://release.mate-desktop.org/release || echo "Release notification failed" + fi + + - name: Create GitHub Release + uses: softprops/action-gh-release@v2 + with: + draft: false + prerelease: false + generate_release_notes: true + files: | + mate-calc-*.tar.xz + mate-calc-*.tar.xz.sha256 + body: | + Release ${{ github.ref_name }} of MATE Calculator + + This release includes the source distribution archive and checksums. + + ## Installation + + Download the `mate-calc-*.tar.xz` file and verify it with the corresponding `.sha256` checksum file: + + ```bash + sha256sum -c mate-calc-*.tar.xz.sha256 + ``` + + Then extract and build: + + ```bash + tar -xf mate-calc-*.tar.xz + cd mate-calc-* + ./configure + make + sudo make install + ``` + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
\ No newline at end of file |