Skip to content

Add Synopsys Security Scan Workflow #237

Add Synopsys Security Scan Workflow

Add Synopsys Security Scan Workflow #237

# This starter workflow is for a CMake project running on multiple platforms. There is a different starter workflow if you just want a single platform.
# See: https://github.com/actions/starter-workflows/blob/main/ci/cmake-single-platform.yml
name: CMake on multiple platforms
on:
push:
branches: [ "main" ]
pull_request:
branches: [ "main" ]
schedule:
- cron: '30 2 * * *' # Run once per day
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
QT_VERSION: "6.2.0"
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
# Set fail-fast to false to ensure that feedback is delivered for all matrix combinations. Consider changing this to true when your workflow is stable.
fail-fast: false
# Set up a matrix to run the following 3 configurations:
# 1. <Windows, Release, latest MSVC compiler toolchain on the default runner image, default generator>
# 2. <Linux, Release, latest GCC compiler toolchain on the default runner image, default generator>
# 3. <Linux, Release, latest Clang compiler toolchain on the default runner image, default generator>
#
# To add more build types (Release, Debug, RelWithDebInfo, etc.) customize the build_type list.
matrix:
os: [ubuntu-latest, macos-latest, windows-latest]
build_type: [Release, Debug]
c_compiler: [gcc, clang, cl]
include:
- os: windows-latest
c_compiler: cl
cpp_compiler: cl
- os: ubuntu-latest
c_compiler: gcc
cpp_compiler: g++
- os: ubuntu-latest
c_compiler: clang
cpp_compiler: clang++
- os: macos-latest
c_compiler: gcc
cpp_compiler: g++
- os: macos-latest
c_compiler: clang
cpp_compiler: clang++
exclude:
- os: windows-latest
c_compiler: gcc
- os: windows-latest
c_compiler: clang
- os: ubuntu-latest
c_compiler: cl
- os: macos-latest
c_compiler: cl
steps:
- uses: actions/checkout@v3
- name: Install Qt
uses: jurplel/install-qt-action@v3
with:
version: ${{ env.QT_VERSION }}
cache: 'true'
cache-key-prefix: ${{ runner.os }}-Qt-Cache-${{ env.QT_VERSION }}
dir: ${{ github.workspace }}/Qt
# - name: Install correct version of mingw
# uses: crazy-max/ghaction-chocolatey@v1
# with:
# args: install mingw --version=8.1.0 -y
# Compared to Window and MacOS best option with stable ~2 min installation time.
- name: Install LaTeX (Linux)
if: startsWith(matrix.os,'ubuntu-')
run: |
sudo apt update --fix-missing
sudo apt upgrade
sudo apt update
sudo apt-get install texlive texlive-latex-recommended texlive-extra-utils texlive-latex-extra texlive-font-utils
shell: bash
# Takes too long > 13 min
# - name: Install LaTeX (MacOS)
# if: startsWith(matrix.os,'macos-')
# run: |
# brew update
# brew install --cask mactex;
# echo "/Library/TeX/texbin/" >> $GITHUB_PATH
# shell: bash
# Takes too long >> 25 min
# - name: Install LaTeX (Windows)
# if: startsWith(matrix.os, 'windows-')
# uses: teatimeguest/setup-texlive-action@v3
# with:
# packages: >-
# scheme-medium
# collection-latexextra
# babel-dutch
# cjk
# bibtex
# For Doxygen installation use action from https://github.com/marketplace/actions/doxygen-install.
- name: doxygen-install
uses: ssciwr/[email protected]
- name: Set reusable strings
# Turn repeated input strings (such as the build output directory) into step outputs. These step outputs can be used throughout the workflow file.
id: strings
shell: bash
run: |
echo "build-output-dir=${{ github.workspace }}/build" >> "$GITHUB_OUTPUT"
- name: Configure CMake
env:
CMAKE_PREFIX_PATH: ${{env.Qt6_DIR}}
CMAKE_MODULE_PATH: ${{env.Qt6_DIR}}
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
run: >
cmake -B ${{ steps.strings.outputs.build-output-dir }}
-DCMAKE_CXX_COMPILER=${{ matrix.cpp_compiler }}
-DCMAKE_C_COMPILER=${{ matrix.c_compiler }}
-DCMAKE_BUILD_TYPE=${{ matrix.build_type }}
-DBoost_NO_SYSTEM_PATHS=TRUE
-DEGOA_BUILD_TYPE=${{ matrix.build_type }}
-DEGOA_DOWNLOAD_CPPAD=OFF
-DEGOA_DOWNLOAD_EIGEN=ON
-DEGOA_DOWNLOAD_GOOGLE_TEST_FRAMEWORK=ON
-DEGOA_DOWNLOAD_IEEE=ON
-DEGOA_DOWNLOAD_PYPSA_EUR=ON
-DEGOA_DOWNLOAD_PYPSA_ITI_COLLABORATION=ON
-DEGOA_DOWNLOAD_SCIGRID=ON
-DEGOA_DOWNLOAD_WINDFARM=ON
-DEGOA_ENABLE_ASSERTION=ON
-DEGOA_ENABLE_BONMIN=OFF
-DEGOA_ENABLE_BOOST=OFF
-DEGOA_ENABLE_CPLEX=OFF
-DEGOA_ENABLE_DOCUMENTATION=OFF
-DEGOA_ENABLE_EXCEPTION_HANDLING=ON
-DEGOA_ENABLE_GUROBI=OFF
-DEGOA_ENABLE_IPOPT=OFF
-DEGOA_ENABLE_OGDF=OFF
-DEGOA_ENABLE_OPENMP=OFF
-DEGOA_ENABLE_TESTS=OFF
-DEGOA_ENABLE_VERBOSE_MAKEFILE=ON
-DEGOA_PEDANTIC_AS_ERRORS=OFF
-DEGOA_PEDANTIC_MODE=ON
-DEGOA_TEST_FRAMEWORK=OfflineGoogleTestFramework
-DEGOA_TEST_FRAMEWORK_LOCATION=external/GoogleTestFramework
-DEGOA_THREAD_LIMIT=0
-DEGOA_WARNINGS_AS_ERRORS=ON
-DBONMIN_ROOT_DIR="NONE-DIR"
-DBoost_DIRECTORIES="/opt/homebrew/opt/boost/"
-DCOIN_INCLUDE_DIR="NONE-DIR"
-DCOIN_LIBRARY_DIR="NONE-DIR"
-DCPLEX_HOME="NONE-DIR"
-DGUROBI_ROOT_DIR="NONE-DIR"
-DOGDF_AUTOGEN_INCLUDE_DIR="NONE-DIR"
-DOGDF_INCLUDE_DIR="NONE-DIR"
-DOGDF_LIBRARY_DIR="NONE-DIR"
-DOPENMP_INCLUDES="/opt/homebrew/opt/llvm/include"
-DOPENMP_LIBRARIES="/opt/homebrew/opt/llvm/lib"
-S ${{ github.workspace }}
- name: Build (Unix)
# Build your program with the given configuration. Note that --config is needed because the default Windows generator is a multi-config generator (Visual Studio generator).
if: ${{ !startsWith(matrix.os,'windows-') }}
run: sudo cmake --build ${{ steps.strings.outputs.build-output-dir }} --config ${{ matrix.build_type }}
- name: Build (Windows)
# Build your program with the given configuration. Note that --config is needed because the default Windows generator is a multi-config generator (Visual Studio generator).
if: startsWith(matrix.os,'windows-')
run: cmake --build ${{ steps.strings.outputs.build-output-dir }} --config ${{ matrix.build_type }}
# Downloads are done
- name: Configure CMake Full
env:
CMAKE_PREFIX_PATH: ${{env.Qt6_DIR}}
CMAKE_MODULE_PATH: ${{env.Qt6_DIR}}
# Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
run: >
cmake -B ${{ steps.strings.outputs.build-output-dir }}
-DCMAKE_CXX_COMPILER=${{ matrix.cpp_compiler }}
-DCMAKE_C_COMPILER=${{ matrix.c_compiler }}
-DCMAKE_BUILD_TYPE=${{ matrix.build_type }}
-DBoost_NO_SYSTEM_PATHS=TRUE
-DEGOA_BUILD_TYPE=${{ matrix.build_type }}
-DEGOA_DOWNLOAD_CPPAD=OFF
-DEGOA_DOWNLOAD_EIGEN=OFF
-DEGOA_DOWNLOAD_GOOGLE_TEST_FRAMEWORK=OFF
-DEGOA_DOWNLOAD_IEEE=OFF
-DEGOA_DOWNLOAD_PYPSA_EUR=OFF
-DEGOA_DOWNLOAD_PYPSA_ITI_COLLABORATION=OFF
-DEGOA_DOWNLOAD_SCIGRID=OFF
-DEGOA_DOWNLOAD_WINDFARM=OFF
-DEGOA_ENABLE_ASSERTION=ON
-DEGOA_ENABLE_BONMIN=OFF
-DEGOA_ENABLE_BOOST=OFF
-DEGOA_ENABLE_CPLEX=OFF
-DEGOA_ENABLE_DOCUMENTATION=ON
-DEGOA_ENABLE_EXCEPTION_HANDLING=ON
-DEGOA_ENABLE_GUROBI=OFF
-DEGOA_ENABLE_IPOPT=OFF
-DEGOA_ENABLE_OGDF=OFF
-DEGOA_ENABLE_OPENMP=OFF
-DEGOA_ENABLE_TESTS=ON
-DEGOA_ENABLE_VERBOSE_MAKEFILE=ON
-DEGOA_PEDANTIC_AS_ERRORS=OFF
-DEGOA_PEDANTIC_MODE=ON
-DEGOA_TEST_FRAMEWORK=OfflineGoogleTestFramework
-DEGOA_TEST_FRAMEWORK_LOCATION=external/GoogleTestFramework
-DEGOA_THREAD_LIMIT=0
-DEGOA_WARNINGS_AS_ERRORS=ON
-DBONMIN_ROOT_DIR="NONE-DIR"
-DBoost_DIRECTORIES="/opt/homebrew/opt/boost/"
-DCOIN_INCLUDE_DIR="NONE-DIR"
-DCOIN_LIBRARY_DIR="NONE-DIR"
-DCPLEX_HOME="NONE-DIR"
-DGUROBI_ROOT_DIR="NONE-DIR"
-DOGDF_AUTOGEN_INCLUDE_DIR="NONE-DIR"
-DOGDF_INCLUDE_DIR="NONE-DIR"
-DOGDF_LIBRARY_DIR="NONE-DIR"
-DOPENMP_INCLUDES="/opt/homebrew/opt/llvm/include"
-DOPENMP_LIBRARIES="/opt/homebrew/opt/llvm/lib"
-S ${{ github.workspace }}
- name: Build (Unix)
# Build your program with the given configuration. Note that --config is needed because the default Windows generator is a multi-config generator (Visual Studio generator).
if: ${{ !startsWith(matrix.os,'windows-') }}
run: sudo cmake --build ${{ steps.strings.outputs.build-output-dir }} --config ${{ matrix.build_type }}
- name: Build (Windows)
# Build your program with the given configuration. Note that --config is needed because the default Windows generator is a multi-config generator (Visual Studio generator).
if: startsWith(matrix.os,'windows-')
run: cmake --build ${{ steps.strings.outputs.build-output-dir }} --config ${{ matrix.build_type }}
- name: Test
working-directory: ${{ steps.strings.outputs.build-output-dir }}
# Execute tests defined by the CMake configuration. Note that --build-config is needed because the default Windows generator is a multi-config generator (Visual Studio generator).
# See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
# The tests are run single threaded due to the fact that the Google Testframework uses forks in the Death Tests. The following warning
# we try to avoid:
# Warning: NG] /Users/runner/work/egoa/egoa/external/GoogleTestFramework/googletest/src/gtest-death-test.cc:1102::
# Death tests use fork(), which is unsafe particularly in a threaded context. For this test, Google Test detected
# 3 threads. See https://github.com/google/googletest/blob/main/docs/advanced.md#death-tests-and-threads for more
# explanation and suggested solutions, especially if this is the last message you see before your test times out.
run: ctest --verbose -j1 --build-config ${{ matrix.build_type }} -T Test
- name: Test Coverage Collection (Ubuntu GCC Debug only)
working-directory: ${{ steps.strings.outputs.build-output-dir }}
# Execute tests defined by the CMake configuration. Note that --build-config is needed because the default Windows generator is a multi-config generator (Visual Studio generator).
# See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
# The tests are run single threaded due to the fact that the Google Testframework uses forks in the Death Tests. The following warning
# we try to avoid:
# Warning: NG] /Users/runner/work/egoa/egoa/external/GoogleTestFramework/googletest/src/gtest-death-test.cc:1102::
# Death tests use fork(), which is unsafe particularly in a threaded context. For this test, Google Test detected
# 3 threads. See https://github.com/google/googletest/blob/main/docs/advanced.md#death-tests-and-threads for more
# explanation and suggested solutions, especially if this is the last message you see before your test times out.
if: ${{ startsWith(matrix.os,'ubuntu-') && startsWith(matrix.c_compiler,'gcc') && matrix.build_type == 'Debug' }}
run: ctest --verbose -j1 --build-config ${{ matrix.build_type }} -T Coverage
- name: Upload coverage reports to Codecov (Ubuntu GCC Debug only)
if: ${{ startsWith(matrix.os,'ubuntu-') && startsWith(matrix.c_compiler,'gcc') && matrix.build_type == 'Debug' }}
uses: codecov/codecov-action@v3
env:
CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }}
- name: Generate documentation
if: startsWith(matrix.os,'ubuntu-')
shell: sudo cmake -P {0}
run: |
execute_process(
COMMAND cmake --build build --target doc
RESULT_VARIABLE result
)
if (NOT result EQUAL 0)
message(FATAL_ERROR "Building documentation failed")
endif()
# See https://github.com/marketplace/actions/github-pages-action#%EF%B8%8F-deploy-to-external-repository-external_repository
# for more information on the parameters.
- name: Publish Documentation to Github Pages
uses: peaceiris/actions-gh-pages@v3
if: ${{ github.event_name == 'push' && startsWith(matrix.os,'ubuntu-') }}
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
deploy_key: ${{ secrets.ACTIONS_DEPLOY_KEY }}
publish_dir: documentation/html
force_orphan: true
commit_message: ${{ github.event.head_commit.message }}
publish_branch: gh-pages
user_name: 'github-actions[bot]'
user_email: 'github-actions[bot]@users.noreply.github.com'