023eb3380d
Restrict the GitHub token permissions only to the required ones; this way, even if the attackers will succeed in compromising your workflow, they won’t be able to do much. - Included permissions for the action. https://github.com/ossf/scorecard/blob/main/docs/checks.md#token-permissions https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions https://docs.github.com/en/actions/using-jobs/assigning-permissions-to-jobs [Keeping your GitHub Actions and workflows secure Part 1: Preventing pwn requests](https://securitylab.github.com/research/github-actions-preventing-pwn-requests/) Signed-off-by: naveen <172697+naveensrinivasan@users.noreply.github.com>
112 lines
4.4 KiB
YAML
112 lines
4.4 KiB
YAML
name: CMakeBuilds
|
|
|
|
on:
|
|
workflow_dispatch:
|
|
push:
|
|
paths:
|
|
- 'src/**'
|
|
- 'examples/**'
|
|
- '.github/workflows/cmake.yml'
|
|
- 'CMakeList.txt'
|
|
- 'CMakeOptions.txt'
|
|
- 'cmake/**'
|
|
pull_request:
|
|
paths:
|
|
- 'src/**'
|
|
- 'examples/**'
|
|
- '.github/workflows/cmake.yml'
|
|
- 'CMakeList.txt'
|
|
- 'CMakeOptions.txt'
|
|
- 'cmake/**'
|
|
|
|
env:
|
|
# Customize the CMake build type here (Release, Debug, RelWithDebInfo, etc.)
|
|
BUILD_TYPE: Release
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
build_windows:
|
|
name: Windows Build
|
|
# The CMake configure and build commands are platform agnostic and should work equally
|
|
# well on Windows or Mac. You can convert this to a matrix build if you need
|
|
# cross-platform coverage.
|
|
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
|
|
runs-on: windows-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Create Build Environment
|
|
# Some projects don't allow in-source building, so create a separate build directory
|
|
# We'll use this as our working directory for all subsequent commands
|
|
run: cmake -E make_directory ${{github.workspace}}/build
|
|
|
|
- name: Configure CMake
|
|
# Use a bash shell so we can use the same syntax for environment variable
|
|
# access regardless of the host operating system
|
|
shell: powershell
|
|
working-directory: ${{github.workspace}}/build
|
|
# Note the current convention is to use the -S and -B options here to specify source
|
|
# and build directories, but this is only available with CMake 3.13 and higher.
|
|
# The CMake binaries on the Github Actions machines are (as of this writing) 3.12
|
|
run: cmake $env:GITHUB_WORKSPACE -DCMAKE_BUILD_TYPE=$env:BUILD_TYPE -DPLATFORM=Desktop
|
|
|
|
- name: Build
|
|
working-directory: ${{github.workspace}}/build
|
|
shell: powershell
|
|
# Execute the build. You can specify a specific target with "--target <NAME>"
|
|
run: cmake --build . --config $env:BUILD_TYPE
|
|
|
|
- name: Test
|
|
working-directory: ${{github.workspace}}/build
|
|
shell: powershell
|
|
# Execute tests defined by the CMake configuration.
|
|
# See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
|
|
run: ctest -C $env:BUILD_TYPE
|
|
|
|
build_linux:
|
|
name: Linux Build
|
|
# The CMake configure and build commands are platform agnostic and should work equally
|
|
# well on Windows or Mac. You can convert this to a matrix build if you need
|
|
# cross-platform coverage.
|
|
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
|
|
- name: Create Build Environment
|
|
# Some projects don't allow in-source building, so create a separate build directory
|
|
# We'll use this as our working directory for all subsequent commands
|
|
run: cmake -E make_directory ${{github.workspace}}/build
|
|
|
|
- name: Setup Environment
|
|
run: |
|
|
sudo apt-get update -qq
|
|
sudo apt-get install gcc-multilib
|
|
sudo apt-get install -y --no-install-recommends libglfw3 libglfw3-dev libx11-dev libxcursor-dev libxrandr-dev libxinerama-dev libxi-dev libxext-dev libxfixes-dev
|
|
- name: Configure CMake
|
|
# Use a bash shell so we can use the same syntax for environment variable
|
|
# access regardless of the host operating system
|
|
shell: bash
|
|
working-directory: ${{github.workspace}}/build
|
|
# Note the current convention is to use the -S and -B options here to specify source
|
|
# and build directories, but this is only available with CMake 3.13 and higher.
|
|
# The CMake binaries on the Github Actions machines are (as of this writing) 3.12
|
|
run: cmake $GITHUB_WORKSPACE -DCMAKE_BUILD_TYPE=$BUILD_TYPE -DPLATFORM=Desktop
|
|
|
|
- name: Build
|
|
working-directory: ${{github.workspace}}/build
|
|
shell: bash
|
|
# Execute the build. You can specify a specific target with "--target <NAME>"
|
|
run: cmake --build . --config $BUILD_TYPE
|
|
|
|
- name: Test
|
|
working-directory: ${{github.workspace}}/build
|
|
shell: bash
|
|
# Execute tests defined by the CMake configuration.
|
|
# See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
|
|
run: ctest -C $BUILD_TYPE
|