diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..284f03d --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,57 @@ + +name: Build + +on: + push: + branches: [ main, develop ] + pull_request: + branches: [ main, develop ] + workflow_dispatch: + +permissions: + contents: read + packages: read + +jobs: + build: + runs-on: ubuntu-22.04 + container: + image: ghcr.io/voismart/freeswitch-sdk:ci + credentials: + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Cache ccache + uses: actions/cache@v4 + with: + path: ~/.cache/ccache + key: ${{ runner.os }}-ccache-${{ github.ref }}-${{ hashFiles('**/CMakeLists.txt', '**/*.cmake') }} + restore-keys: | + ${{ runner.os }}-ccache- + + - name: Configure & Build + run: | + set -eux + git config --global --add safe.directory "$GITHUB_WORKSPACE" + cmake -S . -B build -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ + -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache + cmake --build build -j"$(nproc)" + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: build-artifacts + path: | + build/**/*.so + build/**/*.a + build/**/*.dll + build/**/*.dylib + build/**/*.exe + build/compile_commands.json + if-no-files-found: ignore diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml deleted file mode 100644 index 15416bc..0000000 --- a/.github/workflows/checks.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: Build & Static Checks - -on: - push: - branches: [ main, develop ] - pull_request: - branches: [ main, develop ] - workflow_dispatch: - -jobs: - analyze: - runs-on: ubuntu-22.04 - - steps: - - uses: actions/checkout@v4 - with: - submodules: 'recursive' - - - name: Set up Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build SDK image (cached) - uses: docker/build-push-action@v6 - with: - context: . - file: Dockerfile.ci - tags: freeswitch-sdk:ci - load: true - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Run analysis inside container - uses: addnab/docker-run-action@v3 - with: - image: freeswitch-sdk:ci - options: -v ${{ github.workspace }}:/work - run: | - set -eux - cd /work - git config --global --add safe.directory /work - cmake -S . -B build \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \ - -DCMAKE_C_COMPILER=clang \ - -DCMAKE_CXX_COMPILER=clang++ \ - -DCMAKE_C_COMPILER_LAUNCHER=ccache \ - -DCMAKE_CXX_COMPILER_LAUNCHER=ccache - - scan-build --status-bugs cmake --build build -j"$(nproc)" - - FILES="$(git ls-files '*.c' '*.cc' '*.cpp' '*.cxx' | grep -v '^buffer/' | grep -v '^libs/')" - if [ -n "$FILES" ]; then - clang-tidy -p build $FILES \ - --warnings-as-errors='clang-analyzer-*,bugprone-*,performance-*' - else - echo "No source files found for clang-tidy analysis." - fi - - - cppcheck --enable=warning,performance,portability --std=c++17 --force \ - --project=build/compile_commands.json \ - --suppress=missingIncludeSystem \ - -i build -i buffer -i libs 2> cppcheck-warn.log - - cppcheck --enable=style --std=c++17 --force \ - --project=build/compile_commands.json \ - --suppress=missingIncludeSystem \ - -i build -i buffer -i libs 2> cppcheck-style.log || true - - if [ -s cppcheck-style.log ]; then - echo "Style issues found by cppcheck:" - cat cppcheck-style.log - else - echo "No style issues found by cppcheck." - fi diff --git a/.github/workflows/code-static-checks.yml b/.github/workflows/code-static-checks.yml new file mode 100644 index 0000000..7ced647 --- /dev/null +++ b/.github/workflows/code-static-checks.yml @@ -0,0 +1,78 @@ +name: Static Checks + +on: + push: + branches: [ main, develop ] + pull_request: + branches: [ main, develop ] + workflow_dispatch: + +permissions: + contents: read + packages: read # to pull from private GHCR + +jobs: + analyze: + runs-on: ubuntu-22.04 + container: + image: ghcr.io/voismart/freeswitch-sdk:ci # make org name dynamic in case of future org name changes + credentials: + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Configure + run: | + set -eux + git config --global --add safe.directory "$GITHUB_WORKSPACE" + cmake -S . -B build \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \ + -DCMAKE_C_COMPILER=clang \ + -DCMAKE_CXX_COMPILER=clang++ \ + -DCMAKE_C_COMPILER_LAUNCHER=ccache \ + -DCMAKE_CXX_COMPILER_LAUNCHER=ccache + + - name: Analyze + run: | + set -eux + scan-build --status-bugs cmake --build build -j"$(nproc)" + + FILES="$(git ls-files '*.c' '*.cc' '*.cpp' '*.cxx' | grep -v '^buffer/' | grep -v '^libs/')" + if [ -n "$FILES" ]; then + clang-tidy -p build $FILES \ + --warnings-as-errors='clang-analyzer-*,bugprone-*,performance-*' + else + echo "No source files found for clang-tidy analysis." + fi + + cppcheck --enable=warning,performance,portability --std=c++17 --force \ + --project=build/compile_commands.json \ + --suppress=missingIncludeSystem \ + -i build -i buffer -i libs 2> cppcheck-warn.log + + cppcheck --enable=style --std=c++17 --force \ + --project=build/compile_commands.json \ + --suppress=missingIncludeSystem \ + -i build -i buffer -i libs 2> cppcheck-style.log || true + + if [ -s cppcheck-style.log ]; then + echo "Style issues found by cppcheck:" + cat cppcheck-style.log + else + echo "No style issues found by cppcheck." + fi + + - name: Upload logs + if: always() + uses: actions/upload-artifact@v4 + with: + name: static-checks-logs + path: | + cppcheck-warn.log + cppcheck-style.log + build/compile_commands.json diff --git a/.github/workflows/sdk-image.yml b/.github/workflows/sdk-image.yml new file mode 100644 index 0000000..2b08ab3 --- /dev/null +++ b/.github/workflows/sdk-image.yml @@ -0,0 +1,53 @@ + +name: Build & Publish SDK image + +on: + workflow_dispatch: + +concurrency: + group: ghcr-publish # run in the same group do not overlap + cancel-in-progress: false + +permissions: + contents: read + packages: write # to push to GHCR + +jobs: + build-and-push: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: docker/setup-buildx-action@v3 + + - name: Compute lowercase image name + run: | + owner_lc=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]') + echo "IMAGE=ghcr.io/${owner_lc}/freeswitch-sdk" >> $GITHUB_ENV + + - name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGE }} + tags: | + type=raw,value=ci + type=sha,format=short + type=ref,event=branch + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build & push + uses: docker/build-push-action@v6 + with: + context: . + file: Dockerfile.ci + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.IMAGE }}:cache + cache-to: type=registry,ref=${{ env.IMAGE }}:cache,mode=max diff --git a/Dockerfile.ci b/Dockerfile.ci index 58c18f4..1cc0dca 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -65,14 +65,17 @@ FROM debian:12 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ build-essential \ clang clang-tidy clang-tools \ cppcheck cmake pkg-config ccache \ libssl-dev zlib1g-dev \ libspeexdsp-dev libspandsp-dev \ git curl wget \ + && update-ca-certificates \ && rm -rf /var/lib/apt/lists/* + # Copy only SDK bits COPY --from=builder /usr/include/freeswitch/ /usr/include/freeswitch/ COPY --from=builder /usr/lib/pkgconfig/freeswitch.pc /usr/lib/pkgconfig/