From 0550fed9e3dd18f735f283e51d06d08869c9e8fe Mon Sep 17 00:00:00 2001 From: synacker Date: Sat, 12 Apr 2025 21:30:09 +0300 Subject: [PATCH 1/3] Removed SignPath attestation for signing builds --- .github/workflows/daggy-github-actions.yaml | 18 ------------------ 1 file changed, 18 deletions(-) diff --git a/.github/workflows/daggy-github-actions.yaml b/.github/workflows/daggy-github-actions.yaml index 310a0249..cdead373 100644 --- a/.github/workflows/daggy-github-actions.yaml +++ b/.github/workflows/daggy-github-actions.yaml @@ -190,12 +190,6 @@ jobs: working-directory: build run: ctest -C Release --output-on-failure --output-junit tests/local_tests.xml - - name: Attest - uses: actions/attest-build-provenance@v1 - if: github.ref_type == 'tag' || startsWith(github.ref, 'refs/heads/release/') - with: - subject-path: build/bin/* - - name: win-msvc193_x64 Tests Report uses: mikepenz/action-junit-report@v4 with: @@ -262,12 +256,6 @@ jobs: working-directory: build/Release run: ctest -C Release --output-on-failure --output-junit tests/local_tests.xml - - name: Attest - uses: actions/attest-build-provenance@v1 - if: github.ref_type == 'tag' || startsWith(github.ref, 'refs/heads/release/') - with: - subject-path: 'build/Release/bin/**, build/Release/lib/**' - - name: macos-arm64 Tests Report uses: mikepenz/action-junit-report@v4 with: @@ -334,12 +322,6 @@ jobs: working-directory: build/Release run: ctest -C Release --output-on-failure --output-junit tests/local_tests.xml - - name: Attest - uses: actions/attest-build-provenance@v1 - if: github.ref_type == 'tag' || startsWith(github.ref, 'refs/heads/release/') - with: - subject-path: 'build/Release/bin/**, build/Release/lib/**' - - name: macos-x64 Tests Report uses: mikepenz/action-junit-report@v4 with: From 705ed62574f95d946fdbdd0c8471388adefdc442 Mon Sep 17 00:00:00 2001 From: synacker Date: Sat, 12 Apr 2025 20:24:17 +0300 Subject: [PATCH 2/3] Github actions refactoring for code sign --- .github/actions/check_cache/action.yaml | 27 ++ .github/actions/conan_build/action.yaml | 26 ++ .github/actions/deploy/action.yaml | 38 ++ .github/actions/deploy_with_sign/action.yaml | 61 ++++ .github/actions/enable_conan/action.yaml | 29 ++ .github/actions/enable_python/action.yaml | 26 ++ .../actions/enable_python_macos/action.yaml | 13 + .github/actions/pack/action.yaml | 38 ++ .github/actions/setup_ubuntu_env/action.yaml | 58 +++ .github/actions/sign/action.yaml | 33 ++ .github/actions/tests/action.yaml | 31 ++ .github/workflows/build.yaml | 132 +++++++ .github/workflows/check_cache.yaml | 66 ++++ .github/workflows/daggy-github-actions.yaml | 340 ------------------ .github/workflows/make_cache.yaml | 83 +++++ .github/workflows/pull_request.yaml | 14 + CI/conan/profiles/linux-gcc12_x64 | 2 +- CI/conan/profiles/macos-clang15_arm | 8 + CI/conan/profiles/macos-clang15_x64 | 8 + CI/conan/profiles/win-msvc194_x64 | 8 + docs/daggy_c4_L2.plantuml | 2 +- docs/daggy_hld.svg | 76 ++-- 22 files changed, 739 insertions(+), 380 deletions(-) create mode 100644 .github/actions/check_cache/action.yaml create mode 100644 .github/actions/conan_build/action.yaml create mode 100644 .github/actions/deploy/action.yaml create mode 100644 .github/actions/deploy_with_sign/action.yaml create mode 100644 .github/actions/enable_conan/action.yaml create mode 100644 .github/actions/enable_python/action.yaml create mode 100644 .github/actions/enable_python_macos/action.yaml create mode 100644 .github/actions/pack/action.yaml create mode 100644 .github/actions/setup_ubuntu_env/action.yaml create mode 100644 .github/actions/sign/action.yaml create mode 100644 .github/actions/tests/action.yaml create mode 100644 .github/workflows/build.yaml create mode 100644 .github/workflows/check_cache.yaml delete mode 100644 .github/workflows/daggy-github-actions.yaml create mode 100644 .github/workflows/make_cache.yaml create mode 100644 .github/workflows/pull_request.yaml create mode 100644 CI/conan/profiles/macos-clang15_arm create mode 100644 CI/conan/profiles/macos-clang15_x64 create mode 100644 CI/conan/profiles/win-msvc194_x64 diff --git a/.github/actions/check_cache/action.yaml b/.github/actions/check_cache/action.yaml new file mode 100644 index 00000000..bd276aa6 --- /dev/null +++ b/.github/actions/check_cache/action.yaml @@ -0,0 +1,27 @@ +name: Check cache +description: Check is cache exists +inputs: + profile: + description: conan-profile + required: true + default: default + +outputs: + exists: + value: ${{steps.check-cache.outputs.cache_hit}} + +runs: + using: composite + steps: + - name: Cache conan packages + id: check-cache + env: + GH_TOKEN: ${{ github.token }} + shell: bash + run: | + gh extension install actions/gh-actions-cache + KEY=${{ inputs.profile }} + CACHE_HIT=$(gh actions-cache list --key $KEY | grep -q $KEY && echo 'true' || echo 'false') + echo "cache_hit=$CACHE_HIT" >> $GITHUB_OUTPUT + echo "Cache for profile ${{inputs.profile}}: ${CACHE_HIT}" + diff --git a/.github/actions/conan_build/action.yaml b/.github/actions/conan_build/action.yaml new file mode 100644 index 00000000..5b301ee5 --- /dev/null +++ b/.github/actions/conan_build/action.yaml @@ -0,0 +1,26 @@ +name: Conan build +description: Build project using conan +inputs: + profile: + description: conan-profile + required: true + default: default + +runs: + using: composite + steps: + - uses: ./.github/actions/enable_conan + with: + profile: ${{inputs.profile}} + + - name: git add safe dir + shell: bash + run: git config --global --add safe.directory $GITHUB_WORKSPACE + + - name: Install profiles + shell: bash + run: conan config install CI/conan + + - name: Conan build + shell: bash + run: conan build . --profile:build=${{inputs.profile}} --profile:host=${{inputs.profile}} --build=missing --output-folder=. \ No newline at end of file diff --git a/.github/actions/deploy/action.yaml b/.github/actions/deploy/action.yaml new file mode 100644 index 00000000..4d23b308 --- /dev/null +++ b/.github/actions/deploy/action.yaml @@ -0,0 +1,38 @@ +name: Test, Sign and Attestation +description: Test, sign and attestation artifacts +inputs: + builddir: + description: build directory + required: true + + artifact: + description: artifact name + required: true + + attestation: + description: need attestation + type: boolean + default: false + +runs: + using: composite + steps: + - uses: ./.github/actions/tests + with: + testdir: ${{inputs.builddir}} + name: ${{inputs.artifact}} tests + + - uses: ./.github/actions/pack + id: pack + with: + packdir: ${{inputs.builddir}} + artifact: ${{inputs.artifact}} + + - name: Attest + if: ${{inputs.attestation == 'true'}} + uses: actions/attest-build-provenance@v1 + with: + subject-path: | + ${{inputs.builddir}}/*.zip + ${{inputs.builddir}}/*.rpm + ${{inputs.builddir}}/*.deb diff --git a/.github/actions/deploy_with_sign/action.yaml b/.github/actions/deploy_with_sign/action.yaml new file mode 100644 index 00000000..0f81e99d --- /dev/null +++ b/.github/actions/deploy_with_sign/action.yaml @@ -0,0 +1,61 @@ +name: Test, Sign and Attestation +description: Test, sign and attestation artifacts +inputs: + sign: + description: sign policy + type: string + default: test-signing + + builddir: + description: build directory + required: true + + signeddir: + description: directory for signed artifacts + reguired: true + + artifact: + description: artifact name + required: true + + token: + description: token for sign api + required: true + +runs: + using: composite + steps: + - uses: ./.github/actions/tests + with: + testdir: ${{inputs.builddir}} + name: ${{inputs.artifact}} tests + + - uses: ./.github/actions/pack + id: pack + with: + packdir: ${{inputs.builddir}} + artifact: ${{inputs.artifact}} + + - uses: ./.github/actions/sign + id: sign + with: + artifactid: ${{steps.pack.outputs.artifactid}} + output: ${{inputs.signeddir}} + policy: ${{inputs.sign}} + token: ${{inputs.token}} + + - name: Attest + if: ${{inputs.sign != ''}} + uses: actions/attest-build-provenance@v1 + with: + subject-path: "${{inputs.signeddir}}/**" + + - name: Upload Signed artifacts + if: ${{inputs.sign != ''}} + id: upload + uses: actions/upload-artifact@v4 + with: + name: ${{inputs.artifact}}-signed + path: ${{inputs.signeddir}} + + diff --git a/.github/actions/enable_conan/action.yaml b/.github/actions/enable_conan/action.yaml new file mode 100644 index 00000000..66182433 --- /dev/null +++ b/.github/actions/enable_conan/action.yaml @@ -0,0 +1,29 @@ +name: Enable Conan +description: Setup conan with dependecies and cache it +inputs: + profile: + description: conan-profile + required: true + default: default + +runs: + using: composite + steps: + - name: Set storage path + shell: bash + run: echo "CONAN_STORAGE=$(conan config home)/p" >> $GITHUB_ENV + + - name: Cache conan packages + id: cache + uses: actions/cache@v4 + with: + path: ${{env.CONAN_STORAGE}} + key: ${{inputs.profile}} + + - if: ${{steps.cache.outputs.cache-hit != 'true'}} + name: Conan install + shell: bash + run: | + conan config install CI/conan + conan install . --build=missing --profile:build=${{inputs.profile}} --profile:host=${{inputs.profile}} --output-folder=. + conan cache clean "*" --source --build --temp --download diff --git a/.github/actions/enable_python/action.yaml b/.github/actions/enable_python/action.yaml new file mode 100644 index 00000000..531eb51c --- /dev/null +++ b/.github/actions/enable_python/action.yaml @@ -0,0 +1,26 @@ +name: Enable Python +description: Install python with requirenments and cache it + +runs: + using: composite + steps: + - name: Set up Python 3.13 + uses: actions/setup-python@v5 + with: + python-version: 3.13 + + - name: Cache dependencies + id: cache + uses: actions/cache@v4 + with: + path: ${{ env.pythonLocation }} + key: ${{ env.pythonLocation }}-${{ hashFiles('requirements.txt') }} + restore-keys: + ${{ env.pythonLocation }} + + - if: ${{steps.cache.outputs.cache-hit != 'true'}} + name: Install dependencies + shell: bash + run: | + python -m pip install --upgrade pip + python -m pip install -r requirements.txt \ No newline at end of file diff --git a/.github/actions/enable_python_macos/action.yaml b/.github/actions/enable_python_macos/action.yaml new file mode 100644 index 00000000..01b6270e --- /dev/null +++ b/.github/actions/enable_python_macos/action.yaml @@ -0,0 +1,13 @@ +name: Setup Pyhthon MacOS +description: Install python deps for MacOS +runs: + using: composite + steps: + - name: Set up Python 3.13 + uses: actions/setup-python@v5 + with: + python-version: '3.13' + cache: pip + + - run: pip install -r requirements.txt + shell: bash diff --git a/.github/actions/pack/action.yaml b/.github/actions/pack/action.yaml new file mode 100644 index 00000000..ef453f0a --- /dev/null +++ b/.github/actions/pack/action.yaml @@ -0,0 +1,38 @@ +name: Pack artifacts +description: Pack project artifacts for deploy +inputs: + packdir: + description: directory for packaging + required: true + default: build + artifact: + description: artifacts name + required: true + sign: + description: test or release sign + type: string + required: true + default: test-signing + +outputs: + artifactid: + description: artifactid for uploaded package + value: ${{steps.upload.outputs.artifact-id}} + +runs: + using: composite + steps: + - name: Packaging + working-directory: ${{inputs.packdir}} + shell: bash + run: cpack + + - name: Archive production artifacts + id: upload + uses: actions/upload-artifact@v4 + with: + name: ${{inputs.artifact}} + path: | + ${{inputs.packdir}}/*.zip + ${{inputs.packdir}}/*.rpm + ${{inputs.packdir}}/*.deb diff --git a/.github/actions/setup_ubuntu_env/action.yaml b/.github/actions/setup_ubuntu_env/action.yaml new file mode 100644 index 00000000..c412e78a --- /dev/null +++ b/.github/actions/setup_ubuntu_env/action.yaml @@ -0,0 +1,58 @@ +name: Ubuntu env +description: Install dev packages for compilation +runs: + using: composite + steps: + - name: Setup environment + shell: bash + run: | + sudo apt-get update + sudo apt-get install -y libgl-dev \ + libgl-dev \ + libgl1-mesa-dev \ + libx11-dev \ + libx11-xcb-dev \ + libfontenc-dev \ + libice-dev \ + libsm-dev \ + libxau-dev \ + libxaw7-dev \ + libx11-xcb-dev \ + libfontenc-dev \ + libxcomposite-dev \ + libxcursor-dev \ + libxdamage-dev \ + libxfixes-dev \ + libxi-dev \ + libxinerama-dev \ + libxmu-dev \ + libxmuu-dev \ + libxpm-dev \ + libxrandr-dev \ + libxres-dev \ + libxss-dev \ + libxtst-dev \ + libxv-dev \ + libxxf86vm-dev \ + libxcb-glx0-dev \ + libxcb-render-util0-dev \ + libxcb-xkb-dev \ + libxcb-icccm4-dev \ + libxcb-image0-dev \ + libxcb-keysyms1-dev \ + libxcb-randr0-dev \ + libxcb-shape0-dev \ + libxcb-sync-dev \ + libxcb-xfixes0-dev \ + libxcb-xinerama0-dev \ + libxcb-dri3-dev \ + libxcb-cursor-dev \ + libxcb-dri2-0-dev \ + libxcb-dri3-dev \ + libxcb-present-dev \ + libxcb-composite0-dev \ + libxcb-ewmh-dev \ + libxcb-res0-dev \ + libxv-dev \ + libxcb-util-dev \ + libxcb-util0-dev \ No newline at end of file diff --git a/.github/actions/sign/action.yaml b/.github/actions/sign/action.yaml new file mode 100644 index 00000000..fb03b5a1 --- /dev/null +++ b/.github/actions/sign/action.yaml @@ -0,0 +1,33 @@ +name: Sign +description: Sign distributed package +inputs: + artifactid: + description: artifact upload id + required: true + output: + description: signed artifacts dir + required: true + default: . + policy: + description: sign policy + type: string + required: true + default: test-signing + token: + description: sign api token + required: true + +runs: + using: composite + steps: + - uses: signpath/github-action-submit-signing-request@v1.1 + with: + api-token: '${{ inputs.token }}' + organization-id: 458e74d2-1c0a-4e3a-b1e7-9bc24caf673e + project-slug: daggy + artifact-configuration-slug: win + signing-policy-slug: ${{inputs.policy}} + github-artifact-id: ${{inputs.artifactid}} + wait-for-completion: true + output-artifact-directory: ${{inputs.output}} + diff --git a/.github/actions/tests/action.yaml b/.github/actions/tests/action.yaml new file mode 100644 index 00000000..1c4434bf --- /dev/null +++ b/.github/actions/tests/action.yaml @@ -0,0 +1,31 @@ +name: Conan build +description: Build project using conan +inputs: + testdir: + description: directory for run ctest + required: true + default: build/Release + name: + description: tests name + require: true + default: Tests Result + +runs: + using: "composite" + steps: + - name: Tests + working-directory: ${{inputs.testdir}} + shell: bash + run: ctest -C Release --output-on-failure --output-junit tests/local_tests.xml + + - name: daggy version + working-directory: ${{inputs.testdir}} + shell: bash + run: bin/daggy --version + + - uses: mikepenz/action-junit-report@v5 + with: + report_paths: ${{inputs.testdir}}/tests/local_tests.xml + detailed_summary: true + include_passed: true + check_name: ${{inputs.name}} \ No newline at end of file diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml new file mode 100644 index 00000000..f4db66cc --- /dev/null +++ b/.github/workflows/build.yaml @@ -0,0 +1,132 @@ +name: Build project +on: + workflow_call: + inputs: + linux_x64_profile: + description: profile for linux x64 + required: true + default: linux-gcc12_x64 + type: string + + win_x64_profile: + description: profile for win x64 + required: true + default: win-msvc194_x64 + type: string + + macos_arm_profile: + description: profile for macos arm + required: true + default: macos-clang15_arm + type: string + + macos_x64_profile: + description: profile for macos x64 + required: true + default: macos-clang15_x64 + type: string + + sign: + description: test or release sign + type: string + required: true + +jobs: + cache: + uses: ./.github/workflows/make_cache.yaml + with: + linux_x64_profile: ${{inputs.linux_x64_profile}} + win_x64_profile: ${{inputs.win_x64_profile}} + macos_arm_profile: ${{inputs.macos_arm_profile}} + macos_x64_profile: ${{inputs.macos_x64_profile}} + + linux-x64-build: + runs-on: ubuntu-22.04 + needs: [cache] + permissions: + id-token: write + attestations: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: ./.github/actions/setup_ubuntu_env + - uses: ./.github/actions/enable_python + - uses: ./.github/actions/conan_build + with: + profile: ${{inputs.linux_x64_profile}} + + - uses: ./.github/actions/deploy + with: + builddir: build/Release + artifact: ${{inputs.linux_x64_profile}} + attestation: ${{inputs.sign != ''}} + + macos-arm-build: + runs-on: macos-14 + needs: [cache] + permissions: + id-token: write + attestations: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: ./.github/actions/enable_python_macos + - uses: ./.github/actions/conan_build + with: + profile: ${{inputs.macos_arm_profile}} + + - uses: ./.github/actions/deploy + with: + builddir: build/Release + artifact: ${{inputs.macos_arm_profile}} + attestation: ${{inputs.sign != ''}} + + macos-x64-build: + runs-on: macos-13 + needs: [cache] + permissions: + id-token: write + attestations: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: ./.github/actions/enable_python_macos + - uses: ./.github/actions/conan_build + with: + profile: ${{inputs.macos_x64_profile}} + + - uses: ./.github/actions/deploy + with: + builddir: build/Release + artifact: ${{inputs.macos_x64_profile}} + attestation: ${{inputs.sign != ''}} + + win-x64-build: + runs-on: windows-2022 + needs: [cache] + permissions: + id-token: write + attestations: write + steps: + - uses: actions/checkout@v4 + with: + fetch-depth: 0 + + - uses: ./.github/actions/enable_python + - uses: ./.github/actions/conan_build + with: + profile: ${{inputs.win_x64_profile}} + + - uses: ./.github/actions/deploy_with_sign + with: + builddir: build + artifact: ${{inputs.win_x64_profile}} + sign: ${{inputs.sign}} + signeddir: build/signed + token: ${{secrets.SIGNPATH_API_TOKEN}} \ No newline at end of file diff --git a/.github/workflows/check_cache.yaml b/.github/workflows/check_cache.yaml new file mode 100644 index 00000000..19e10eab --- /dev/null +++ b/.github/workflows/check_cache.yaml @@ -0,0 +1,66 @@ +name: Check cache deps +on: + workflow_call: + inputs: + linux_x64_profile: + description: profile for linux x64 + required: true + default: linux-gcc12_x64 + type: string + + win_x64_profile: + description: profile for win x64 + required: true + default: win-msvc194_x64 + type: string + + macos_arm_profile: + description: profile for macos arm + required: true + default: macos-clang15_arm + type: string + + macos_x64_profile: + description: profile for macos x64 + required: true + default: macos-clang15_x64 + type: string + + outputs: + linux_x64_hit: + value: ${{jobs.check-cache.outputs.linux-x64}} + macos_arm_hit: + value: ${{jobs.check-cache.outputs.macos-arm}} + macos_x64_hit: + value: ${{jobs.check-cache.outputs.macos-x64}} + win_x64_hit: + value: ${{jobs.check-cache.outputs.win-x64}} + +jobs: + check-cache: + runs-on: ubuntu-latest + outputs: + linux-x64: ${{steps.check-linux-x64.outputs.exists}} + macos-arm: ${{steps.check-macos-arm.outputs.exists}} + macos-x64: ${{steps.check-macos-x64.outputs.exists}} + win-x64: ${{steps.check-win-x64.outputs.exists}} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/check_cache + id: check-linux-x64 + with: + profile: ${{inputs.linux_x64_profile}} + - uses: ./.github/actions/check_cache + id: check-macos-arm + with: + profile: ${{inputs.macos_arm_profile}} + + - uses: ./.github/actions/check_cache + id: check-macos-x64 + with: + profile: ${{inputs.macos_x64_profile}} + + - uses: ./.github/actions/check_cache + id: check-win-x64 + with: + profile: ${{inputs.win_x64_profile}} diff --git a/.github/workflows/daggy-github-actions.yaml b/.github/workflows/daggy-github-actions.yaml deleted file mode 100644 index cdead373..00000000 --- a/.github/workflows/daggy-github-actions.yaml +++ /dev/null @@ -1,340 +0,0 @@ -name: Daggy Build -on: - push: - tags: - - v* - branches: - - release/* - pull_request: - -jobs: - linux-gcc12_x64: - runs-on: ubuntu-22.04 - permissions: - id-token: write - contents: read - checks: write - attestations: write - - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Setup environment - run: | - sudo apt-get update - sudo apt-get install -y libgl-dev \ - libgl-dev \ - libgl1-mesa-dev \ - libx11-dev \ - libx11-xcb-dev \ - libfontenc-dev \ - libice-dev \ - libsm-dev \ - libxau-dev \ - libxaw7-dev \ - libx11-xcb-dev \ - libfontenc-dev \ - libxcomposite-dev \ - libxcursor-dev \ - libxdamage-dev \ - libxfixes-dev \ - libxi-dev \ - libxinerama-dev \ - libxmu-dev \ - libxmuu-dev \ - libxpm-dev \ - libxrandr-dev \ - libxres-dev \ - libxss-dev \ - libxtst-dev \ - libxv-dev \ - libxxf86vm-dev \ - libxcb-glx0-dev \ - libxcb-render-util0-dev \ - libxcb-xkb-dev \ - libxcb-icccm4-dev \ - libxcb-image0-dev \ - libxcb-keysyms1-dev \ - libxcb-randr0-dev \ - libxcb-shape0-dev \ - libxcb-sync-dev \ - libxcb-xfixes0-dev \ - libxcb-xinerama0-dev \ - libxcb-dri3-dev \ - libxcb-cursor-dev \ - libxcb-dri2-0-dev \ - libxcb-dri3-dev \ - libxcb-present-dev \ - libxcb-composite0-dev \ - libxcb-ewmh-dev \ - libxcb-res0-dev \ - libxv-dev \ - libxcb-util-dev \ - libxcb-util0-dev - shell: bash - - - name: Cache conan packages - uses: actions/cache@v4 - id: conan-data-gcc12 - with: - path: ~/.conan2/p - key: conan-data-gcc12 - - - name: Set up Python 3.11 - uses: actions/setup-python@v5 - with: - python-version: '3.11' - cache: pip - - - run: pip install -r requirements.txt - - run: conan --version - - run: conan profile detect - - - name: Conan config - run: conan config install CI/conan - - - name: Conan install - run: conan install . --build=missing --profile:build=linux-gcc12_x64 --profile:host=linux-gcc12_x64 --output-folder=. - - - name: Conan cache clean - run: conan cache clean "*" --source --build --temp --download - - - name: git add safe dir - run: git config --global --add safe.directory $GITHUB_WORKSPACE - - - name: Conan build - run: conan build . --profile:build=linux-gcc12_x64 --profile:host=linux-gcc12_x64 --build=missing --output-folder=. - - - name: Tests - working-directory: build/Release - run: ctest -C Release --output-on-failure --output-junit tests/local_tests.xml - - - name: Attest - uses: actions/attest-build-provenance@v1 - if: github.ref_type == 'tag' || startsWith(github.ref, 'refs/heads/release/') - with: - subject-path: 'build/Release/bin/**, build/Release/lib/**' - - - name: linux-gcc12_x64 Tests Report - uses: mikepenz/action-junit-report@v4 - with: - report_paths: build/Release/tests/local_tests.xml - summary: linux-gcc12_x64 Tests Report - - - name: Packaging - working-directory: build/Release - run: cpack - - - name: Archive production artifacts - uses: actions/upload-artifact@v4 - with: - name: daggy_linux_x64 - path: | - build/Release/*.deb - build/Release/*.rpm - build/Release/*.zip - - win: - runs-on: windows-2022 - permissions: - id-token: write - contents: read - checks: write - attestations: write - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Cache conan packages - uses: actions/cache@v4 - id: conan-data-msvc - with: - path: | - ~/.conan2/p - c:\.conan2\ - key: conan-data-msvc - - - name: Set up Python 3.11 - uses: actions/setup-python@v5 - with: - python-version: '3.11' - cache: pip - - - run: pip install -r requirements.txt - - run: conan --version - - run: conan profile detect - - - name: Make build dir - run: mkdir build - - - name: Conan config - run: conan config install CI/conan - - - name: Conan install - run: conan install . --build=missing -s compiler.cppstd=17 -of . - - - name: Conan cache clean - working-directory: build - run: conan cache clean "*" --source --build --temp --download - - - name: git add safe dir - run: git config --global --add safe.directory %GITHUB_WORKSPACE% - - - name: Conan build - run: conan build . --build=missing -s compiler.cppstd=17 -of . - - - name: Tests - working-directory: build - run: ctest -C Release --output-on-failure --output-junit tests/local_tests.xml - - - name: win-msvc193_x64 Tests Report - uses: mikepenz/action-junit-report@v4 - with: - report_paths: build/Release/tests/local_tests.xml - summary: win-msvc193_x64 Tests Report - - - name: Packaging - working-directory: build - run: cpack - - - name: Archive production artifacts - uses: actions/upload-artifact@v4 - with: - name: daggy_win_x64 - path: | - build/*.zip - - macos-arm: - runs-on: macos-14 - permissions: - id-token: write - contents: read - checks: write - attestations: write - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Cache conan packages - uses: actions/cache@v4 - id: conan-data-clang-arm64 - with: - path: ~/.conan2/p - key: conan-data-clang-arm64 - - - name: Set up Python 3.11 - uses: actions/setup-python@v5 - with: - python-version: '3.11' - cache: pip - - - run: pip install -r requirements.txt - - run: conan --version - - run: conan profile detect - - - name: Conan config - run: conan config install CI/conan - - - name: Conan install - run: conan install . --build=missing -s compiler.cppstd=17 -of . - - - name: Conan remove build folders - run: conan cache clean "*" --source --build --temp --download - - - name: Conan build - run: conan build . --build=missing -s compiler.cppstd=17 -of . - - - name: daggy version - working-directory: build/Release - run: bin/daggy --version - - - name: Tests - working-directory: build/Release - run: ctest -C Release --output-on-failure --output-junit tests/local_tests.xml - - - name: macos-arm64 Tests Report - uses: mikepenz/action-junit-report@v4 - with: - report_paths: build/Release/tests/local_tests.xml - summary: macos-arm64 Tests Report - - - name: Packaging - working-directory: build/Release - run: cpack - - - name: Archive production artifacts - uses: actions/upload-artifact@v4 - with: - name: daggy_macos_arm64 - path: - build/Release/*.zip - - macos-x64: - runs-on: macos-13 - permissions: - id-token: write - contents: read - checks: write - attestations: write - steps: - - uses: actions/checkout@v4 - with: - fetch-depth: 0 - - - name: Cache conan packages - uses: actions/cache@v4 - id: conan-data-clang-x64 - with: - path: ~/.conan2/p - key: conan-data-clang-x64 - - - name: Set up Python 3.11 - uses: actions/setup-python@v5 - with: - python-version: '3.11' - cache: pip - - - run: pip install -r requirements.txt - - run: conan --version - - run: conan profile detect - - - name: Conan config - run: conan config install CI/conan - - - name: Conan install - run: conan install . --build=missing -s compiler.cppstd=17 -of . - - - name: Conan remove build folders - run: conan cache clean "*" --source --build --temp --download - - - name: Conan build - run: conan build . --build=missing -s compiler.cppstd=17 -of . - - - name: daggy version - working-directory: build/Release - run: bin/daggy --version - - - name: Tests - working-directory: build/Release - run: ctest -C Release --output-on-failure --output-junit tests/local_tests.xml - - - name: macos-x64 Tests Report - uses: mikepenz/action-junit-report@v4 - with: - report_paths: build/Release/tests/local_tests.xml - summary: macos-x64 Tests Report - - - name: Packaging - working-directory: build/Release - run: cpack - - - name: Archive production artifacts - uses: actions/upload-artifact@v4 - with: - name: daggy_macos_x64 - path: - build/Release/*.zip \ No newline at end of file diff --git a/.github/workflows/make_cache.yaml b/.github/workflows/make_cache.yaml new file mode 100644 index 00000000..0d58d918 --- /dev/null +++ b/.github/workflows/make_cache.yaml @@ -0,0 +1,83 @@ +name: Make cache deps +on: + workflow_call: + inputs: + linux_x64_profile: + description: profile for linux x64 + required: true + default: linux-gcc12_x64 + type: string + + win_x64_profile: + description: profile for win x64 + required: true + default: win-msvc194_x64 + type: string + + macos_arm_profile: + description: profile for macos arm + required: true + default: macos-clang15_arm + type: string + + macos_x64_profile: + description: profile for macos x64 + required: true + default: macos-clang15_x64 + type: string + +jobs: + check-cache: + uses: ./.github/workflows/check_cache.yaml + with: + linux_x64_profile: ${{inputs.linux_x64_profile}} + win_x64_profile: ${{inputs.win_x64_profile}} + macos_arm_profile: ${{inputs.macos_arm_profile}} + macos_x64_profile: ${{inputs.macos_x64_profile}} + + linux-x64-make-cache: + runs-on: ubuntu-22.04 + needs: [check-cache] + if: ${{needs.check-cache.outputs.linux_x64_hit != 'true'}} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/setup_ubuntu_env + - uses: ./.github/actions/enable_python + - uses: ./.github/actions/enable_conan + with: + profile: ${{inputs.linux_x64_profile}} + + macos-arm-make-cache: + runs-on: macos-14 + needs: [check-cache] + if: ${{needs.check-cache.outputs.macos_arm_hit != 'true'}} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/enable_python_macos + - uses: ./.github/actions/enable_conan + with: + profile: ${{inputs.macos_arm_profile}} + + macos-x64-make-cache: + runs-on: macos-13 + needs: [check-cache] + if: ${{needs.check-cache.outputs.macos_x64_hit != 'true'}} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/enable_python_macos + - uses: ./.github/actions/enable_conan + with: + profile: ${{inputs.macos_x64_profile}} + + win-x64-make-cache: + runs-on: windows-2022 + needs: [check-cache] + if: ${{needs.check-cache.outputs.win_x64_hit != 'true'}} + steps: + - uses: actions/checkout@v4 + - uses: ./.github/actions/enable_python + - uses: ./.github/actions/enable_conan + with: + profile: ${{inputs.win_x64_profile}} + + \ No newline at end of file diff --git a/.github/workflows/pull_request.yaml b/.github/workflows/pull_request.yaml new file mode 100644 index 00000000..26606730 --- /dev/null +++ b/.github/workflows/pull_request.yaml @@ -0,0 +1,14 @@ +name: Develop build +on: pull_request + +jobs: + build: + uses: ./.github/workflows/build.yaml + with: + linux_x64_profile: linux-gcc12_x64 + win_x64_profile: win-msvc194_x64 + macos_arm_profile: macos-clang15_arm + macos_x64_profile: macos-clang15_x64 + sign: test-signing + secrets: inherit + \ No newline at end of file diff --git a/CI/conan/profiles/linux-gcc12_x64 b/CI/conan/profiles/linux-gcc12_x64 index 4f3004ee..11a8edaf 100644 --- a/CI/conan/profiles/linux-gcc12_x64 +++ b/CI/conan/profiles/linux-gcc12_x64 @@ -5,4 +5,4 @@ compiler=gcc compiler.version=12 compiler.cppstd=17 compiler.libcxx=libstdc++ -build_type=Release \ No newline at end of file +build_type=Release diff --git a/CI/conan/profiles/macos-clang15_arm b/CI/conan/profiles/macos-clang15_arm new file mode 100644 index 00000000..ff3eccbc --- /dev/null +++ b/CI/conan/profiles/macos-clang15_arm @@ -0,0 +1,8 @@ +[settings] +arch=armv8 +build_type=Release +compiler=apple-clang +compiler.cppstd=17 +compiler.libcxx=libc++ +compiler.version=15 +os=Macos diff --git a/CI/conan/profiles/macos-clang15_x64 b/CI/conan/profiles/macos-clang15_x64 new file mode 100644 index 00000000..fbace614 --- /dev/null +++ b/CI/conan/profiles/macos-clang15_x64 @@ -0,0 +1,8 @@ +[settings] +arch=x86_64 +build_type=Release +compiler=apple-clang +compiler.cppstd=17 +compiler.libcxx=libc++ +compiler.version=15 +os=Macos diff --git a/CI/conan/profiles/win-msvc194_x64 b/CI/conan/profiles/win-msvc194_x64 new file mode 100644 index 00000000..d7945ac1 --- /dev/null +++ b/CI/conan/profiles/win-msvc194_x64 @@ -0,0 +1,8 @@ +[settings] +arch=x86_64 +build_type=Release +compiler=msvc +compiler.cppstd=17 +compiler.runtime=dynamic +compiler.version=194 +os=Windows diff --git a/docs/daggy_c4_L2.plantuml b/docs/daggy_c4_L2.plantuml index 8fc20afc..e3ff19c7 100644 --- a/docs/daggy_c4_L2.plantuml +++ b/docs/daggy_c4_L2.plantuml @@ -37,7 +37,7 @@ Rel(core, aggregator_user, "All Streams", "", $tags="session") Rel(aggregator_file, aggregator, "Streams", "files") Rel(aggregator_console, aggregator, "Streams", "console output") -Rel(aggregator_user, aggregator, "Streams", "user artefact") +Rel(aggregator_user, aggregator, "Streams", "user artifact") Rel_R(core, viewer, "All Streams", "", $tags="session") SHOW_LEGEND() diff --git a/docs/daggy_hld.svg b/docs/daggy_hld.svg index c478e76d..02997f7e 100644 --- a/docs/daggy_hld.svg +++ b/docs/daggy_hld.svg @@ -1,30 +1,30 @@ -Daggy Software[System]Local SourcesProvider[Qt Core Processes]Ssh2 SourcesProvider[ssh2 channels]Sources Provider[user commands]Core[C11 or Qt C++20 Interface]File Aggregator[Qt C++20 Object]Console Aggregator[Qt C++20 Object]Aggregator[Qt C++20 Object]Streams AggregatorSave and storage streamsStreams ViewerView of streamsLocal environmentSources of local dataRemote environmentSources of remote dataEnvironmentSources of user dataData[process channels]Data[ssh2]Data[user protocol]Local StreamsRemote StreamsUser StreamsAll StreamsAll StreamsAll StreamsStreams[files]Streams[console output]Streams[user artefact]All StreamsLegendpersonsystemcontainerexternal_systemuser defined, extendable entitiesQt Core Signals. Stream structured sequential partsQt Core Signals. Core Streams Session.Daggy Software[System]Local SourcesProvider[Qt Core Processes]Ssh2 SourcesProvider[ssh2 channels]Sources Provider[user commands]Core[C11 or Qt C++20 Interface]File Aggregator[Qt C++20 Object]Console Aggregator[Qt C++20 Object]Aggregator[Qt C++20 Object]Streams AggregatorSave and storage streamsStreams ViewerView of streamsLocal environmentSources of local dataRemote environmentSources of remote dataEnvironmentSources of user dataData[process channels]Data[ssh2]Data[user protocol]Local StreamsRemote StreamsUser StreamsAll StreamsAll StreamsAll StreamsStreams[files]Streams[console output]Streams[user artifact]All StreamsLegendpersonsystemcontainerexternal_systemuser defined, extendable entitiesQt Core Signals. Stream structured sequential partsQt Core Signals. Core Streams Session. \ No newline at end of file From ae233e1b1e830cb05909f797ce59b58168eaf1ac Mon Sep 17 00:00:00 2001 From: synacker Date: Sat, 19 Apr 2025 21:54:24 +0300 Subject: [PATCH 3/3] Fix permissions --- .github/workflows/build.yaml | 8 ++++++++ 1 file changed, 8 insertions(+) diff --git a/.github/workflows/build.yaml b/.github/workflows/build.yaml index f4db66cc..825d0996 100644 --- a/.github/workflows/build.yaml +++ b/.github/workflows/build.yaml @@ -45,6 +45,8 @@ jobs: needs: [cache] permissions: id-token: write + contents: read + checks: write attestations: write steps: - uses: actions/checkout@v4 @@ -68,6 +70,8 @@ jobs: needs: [cache] permissions: id-token: write + contents: read + checks: write attestations: write steps: - uses: actions/checkout@v4 @@ -90,6 +94,8 @@ jobs: needs: [cache] permissions: id-token: write + contents: read + checks: write attestations: write steps: - uses: actions/checkout@v4 @@ -112,6 +118,8 @@ jobs: needs: [cache] permissions: id-token: write + contents: read + checks: write attestations: write steps: - uses: actions/checkout@v4