From 8284e8b5c233c5045171208d45ef17c61b5e24e6 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino Date: Fri, 22 Aug 2025 14:58:27 +0200 Subject: [PATCH 1/9] add ghct image auto-builder action Signed-off-by: Dario Pellegrino --- .github/workflows/sdk-image.yml | 54 +++++++++++++++++++++++++++++++++ 1 file changed, 54 insertions(+) create mode 100644 .github/workflows/sdk-image.yml diff --git a/.github/workflows/sdk-image.yml b/.github/workflows/sdk-image.yml new file mode 100644 index 0000000..9c32d34 --- /dev/null +++ b/.github/workflows/sdk-image.yml @@ -0,0 +1,54 @@ + +name: Build & Publish SDK image + +on: + push: + branches: [ main, develop, ghcr-sdk-image ] + paths: + - Dockerfile.ci + - .github/workflows/sdk-image.yml + workflow_dispatch: + +permissions: + contents: read + packages: write # to push to GHCR + +jobs: + build-and-push: + runs-on: ubuntu-22.04 + steps: + - uses: actions/checkout@v4 + - uses: docker/setup-buildx-action@v3 + + - name: Compute lowercase image name + run: | + owner_lc=$(echo '${{ github.repository_owner }}' | tr '[:upper:]' '[:lower:]') + echo "IMAGE=ghcr.io/${owner_lc}/freeswitch-sdk" >> $GITHUB_ENV + + - name: Docker metadata + id: meta + uses: docker/metadata-action@v5 + with: + images: ${{ env.IMAGE }} + tags: | + type=raw,value=ci + type=sha,format=short + type=ref,event=branch + + - name: Login to GHCR + uses: docker/login-action@v3 + with: + registry: ghcr.io + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + - name: Build & push + uses: docker/build-push-action@v6 + with: + context: . + file: Dockerfile.ci + push: true + tags: ${{ steps.meta.outputs.tags }} + labels: ${{ steps.meta.outputs.labels }} + cache-from: type=registry,ref=${{ env.IMAGE }}:cache + cache-to: type=registry,ref=${{ env.IMAGE }}:cache,mode=max From 27ef4a63d27a024006d0549bd6fb7bfcfaf973f3 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino Date: Fri, 22 Aug 2025 15:26:17 +0200 Subject: [PATCH 2/9] update static checks using GHCR image Signed-off-by: Dario Pellegrino --- .github/workflows/checks.yml | 75 ---------------------- .github/workflows/code-static-checks.yml | 79 ++++++++++++++++++++++++ 2 files changed, 79 insertions(+), 75 deletions(-) delete mode 100644 .github/workflows/checks.yml create mode 100644 .github/workflows/code-static-checks.yml diff --git a/.github/workflows/checks.yml b/.github/workflows/checks.yml deleted file mode 100644 index 15416bc..0000000 --- a/.github/workflows/checks.yml +++ /dev/null @@ -1,75 +0,0 @@ -name: Build & Static Checks - -on: - push: - branches: [ main, develop ] - pull_request: - branches: [ main, develop ] - workflow_dispatch: - -jobs: - analyze: - runs-on: ubuntu-22.04 - - steps: - - uses: actions/checkout@v4 - with: - submodules: 'recursive' - - - name: Set up Buildx - uses: docker/setup-buildx-action@v3 - - - name: Build SDK image (cached) - uses: docker/build-push-action@v6 - with: - context: . - file: Dockerfile.ci - tags: freeswitch-sdk:ci - load: true - cache-from: type=gha - cache-to: type=gha,mode=max - - - name: Run analysis inside container - uses: addnab/docker-run-action@v3 - with: - image: freeswitch-sdk:ci - options: -v ${{ github.workspace }}:/work - run: | - set -eux - cd /work - git config --global --add safe.directory /work - cmake -S . -B build \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \ - -DCMAKE_C_COMPILER=clang \ - -DCMAKE_CXX_COMPILER=clang++ \ - -DCMAKE_C_COMPILER_LAUNCHER=ccache \ - -DCMAKE_CXX_COMPILER_LAUNCHER=ccache - - scan-build --status-bugs cmake --build build -j"$(nproc)" - - FILES="$(git ls-files '*.c' '*.cc' '*.cpp' '*.cxx' | grep -v '^buffer/' | grep -v '^libs/')" - if [ -n "$FILES" ]; then - clang-tidy -p build $FILES \ - --warnings-as-errors='clang-analyzer-*,bugprone-*,performance-*' - else - echo "No source files found for clang-tidy analysis." - fi - - - cppcheck --enable=warning,performance,portability --std=c++17 --force \ - --project=build/compile_commands.json \ - --suppress=missingIncludeSystem \ - -i build -i buffer -i libs 2> cppcheck-warn.log - - cppcheck --enable=style --std=c++17 --force \ - --project=build/compile_commands.json \ - --suppress=missingIncludeSystem \ - -i build -i buffer -i libs 2> cppcheck-style.log || true - - if [ -s cppcheck-style.log ]; then - echo "Style issues found by cppcheck:" - cat cppcheck-style.log - else - echo "No style issues found by cppcheck." - fi diff --git a/.github/workflows/code-static-checks.yml b/.github/workflows/code-static-checks.yml new file mode 100644 index 0000000..07cbe4d --- /dev/null +++ b/.github/workflows/code-static-checks.yml @@ -0,0 +1,79 @@ +name: Static Checks + +on: + push: + branches: [ main, develop ] + pull_request: + branches: [ main, develop ] + workflow_dispatch: + +permissions: + contents: read + packages: read # per pull da GHCR privato + +jobs: + analyze: + runs-on: ubuntu-22.04 + container: + image: ghcr.io/${{ toLower(github.repository_owner) }}/freeswitch-sdk:ci + # se l’immagine è privata: + credentials: + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Configure + run: | + set -eux + git config --global --add safe.directory "$GITHUB_WORKSPACE" + cmake -S . -B build \ + -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \ + -DCMAKE_C_COMPILER=clang \ + -DCMAKE_CXX_COMPILER=clang++ \ + -DCMAKE_C_COMPILER_LAUNCHER=ccache \ + -DCMAKE_CXX_COMPILER_LAUNCHER=ccache + + - name: Analyze + run: | + set -eux + scan-build --status-bugs cmake --build build -j"$(nproc)" + + FILES="$(git ls-files '*.c' '*.cc' '*.cpp' '*.cxx' | grep -v '^buffer/' | grep -v '^libs/')" + if [ -n "$FILES" ]; then + clang-tidy -p build $FILES \ + --warnings-as-errors='clang-analyzer-*,bugprone-*,performance-*' + else + echo "No source files found for clang-tidy analysis." + fi + + cppcheck --enable=warning,performance,portability --std=c++17 --force \ + --project=build/compile_commands.json \ + --suppress=missingIncludeSystem \ + -i build -i buffer -i libs 2> cppcheck-warn.log + + cppcheck --enable=style --std=c++17 --force \ + --project=build/compile_commands.json \ + --suppress=missingIncludeSystem \ + -i build -i buffer -i libs 2> cppcheck-style.log || true + + if [ -s cppcheck-style.log ]; then + echo "Style issues found by cppcheck:" + cat cppcheck-style.log + else + echo "No style issues found by cppcheck." + fi + + - name: Upload logs + if: always() + uses: actions/upload-artifact@v4 + with: + name: static-checks-logs + path: | + cppcheck-warn.log + cppcheck-style.log + build/compile_commands.json From 609fd3c585f70d843c1adf4049c647102859daa6 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino Date: Fri, 22 Aug 2025 15:36:02 +0200 Subject: [PATCH 3/9] add separated build action check Signed-off-by: Dario Pellegrino --- .github/workflows/build.yml | 57 ++++++++++++++++++++++++ .github/workflows/code-static-checks.yml | 3 +- 2 files changed, 58 insertions(+), 2 deletions(-) create mode 100644 .github/workflows/build.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml new file mode 100644 index 0000000..2a5e2b7 --- /dev/null +++ b/.github/workflows/build.yml @@ -0,0 +1,57 @@ + +name: Build + +on: + push: + branches: [ main, develop ] + pull_request: + branches: [ main, develop ] + workflow_dispatch: + +permissions: + contents: read + packages: read + +jobs: + build: + runs-on: ubuntu-22.04 + container: + image: ghcr.io/${{ toLower(github.repository_owner) }}/freeswitch-sdk:ci + credentials: + username: ${{ github.actor }} + password: ${{ secrets.GITHUB_TOKEN }} + + steps: + - uses: actions/checkout@v4 + with: + submodules: recursive + + - name: Cache ccache + uses: actions/cache@v4 + with: + path: ~/.cache/ccache + key: ${{ runner.os }}-ccache-${{ github.ref }}-${{ hashFiles('**/CMakeLists.txt', '**/*.cmake') }} + restore-keys: | + ${{ runner.os }}-ccache- + + - name: Configure & Build + run: | + set -eux + git config --global --add safe.directory "$GITHUB_WORKSPACE" + cmake -S . -B build -DCMAKE_BUILD_TYPE=Release \ + -DCMAKE_C_COMPILER=clang -DCMAKE_CXX_COMPILER=clang++ \ + -DCMAKE_C_COMPILER_LAUNCHER=ccache -DCMAKE_CXX_COMPILER_LAUNCHER=ccache + cmake --build build -j"$(nproc)" + + - name: Upload build artifacts + uses: actions/upload-artifact@v4 + with: + name: build-artifacts + path: | + build/**/*.so + build/**/*.a + build/**/*.dll + build/**/*.dylib + build/**/*.exe + build/compile_commands.json + if-no-files-found: ignore diff --git a/.github/workflows/code-static-checks.yml b/.github/workflows/code-static-checks.yml index 07cbe4d..3d91074 100644 --- a/.github/workflows/code-static-checks.yml +++ b/.github/workflows/code-static-checks.yml @@ -15,8 +15,7 @@ jobs: analyze: runs-on: ubuntu-22.04 container: - image: ghcr.io/${{ toLower(github.repository_owner) }}/freeswitch-sdk:ci - # se l’immagine è privata: + image: ghcr.io/voismart/freeswitch-sdk:ci # make org name dinamic in case of future org name changes credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} From 3a0b75e6b3d4ed051e28c8bf1dd98b4adb2ac408 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino Date: Fri, 22 Aug 2025 15:43:42 +0200 Subject: [PATCH 4/9] fix ca-certificate error in workflow using image Signed-off-by: Dario Pellegrino --- .github/workflows/build.yml | 2 +- Dockerfile.ci | 3 +++ 2 files changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 2a5e2b7..284f03d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -16,7 +16,7 @@ jobs: build: runs-on: ubuntu-22.04 container: - image: ghcr.io/${{ toLower(github.repository_owner) }}/freeswitch-sdk:ci + image: ghcr.io/voismart/freeswitch-sdk:ci credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} diff --git a/Dockerfile.ci b/Dockerfile.ci index 58c18f4..1cc0dca 100644 --- a/Dockerfile.ci +++ b/Dockerfile.ci @@ -65,14 +65,17 @@ FROM debian:12 ENV DEBIAN_FRONTEND=noninteractive RUN apt-get update && apt-get install -y --no-install-recommends \ + ca-certificates \ build-essential \ clang clang-tidy clang-tools \ cppcheck cmake pkg-config ccache \ libssl-dev zlib1g-dev \ libspeexdsp-dev libspandsp-dev \ git curl wget \ + && update-ca-certificates \ && rm -rf /var/lib/apt/lists/* + # Copy only SDK bits COPY --from=builder /usr/include/freeswitch/ /usr/include/freeswitch/ COPY --from=builder /usr/lib/pkgconfig/freeswitch.pc /usr/lib/pkgconfig/ From 48e70c92e1a245c2ed9d47d9820e7423eff64ec2 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino Date: Fri, 22 Aug 2025 16:14:22 +0200 Subject: [PATCH 5/9] add group to avoid multiple concurrent sdk build actions Signed-off-by: Dario Pellegrino --- .github/workflows/build.yml | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 284f03d..5c4869c 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -8,6 +8,10 @@ on: branches: [ main, develop ] workflow_dispatch: +concurrency: + group: ghcr-publish # run in the same group do not overlap + cancel-in-progress: false + permissions: contents: read packages: read From f32bb7b7ff76964d5793d51286d4ee69d4158140 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino Date: Fri, 22 Aug 2025 16:15:30 +0200 Subject: [PATCH 6/9] remove trigger in SDK image build; allow image build only manually via actions tab Signed-off-by: Dario Pellegrino --- .github/workflows/build.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 5c4869c..1aa4ed5 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,10 +2,6 @@ name: Build on: - push: - branches: [ main, develop ] - pull_request: - branches: [ main, develop ] workflow_dispatch: concurrency: From 3186654e30c3199555ea67b9cc63bc982289de63 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino Date: Fri, 22 Aug 2025 16:22:33 +0200 Subject: [PATCH 7/9] fix edited wrong workflow; build insted of sdk-image Signed-off-by: Dario Pellegrino --- .github/workflows/build.yml | 8 ++++---- .github/workflows/sdk-image.yml | 9 ++++----- 2 files changed, 8 insertions(+), 9 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 1aa4ed5..284f03d 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -2,12 +2,12 @@ name: Build on: + push: + branches: [ main, develop ] + pull_request: + branches: [ main, develop ] workflow_dispatch: -concurrency: - group: ghcr-publish # run in the same group do not overlap - cancel-in-progress: false - permissions: contents: read packages: read diff --git a/.github/workflows/sdk-image.yml b/.github/workflows/sdk-image.yml index 9c32d34..2b08ab3 100644 --- a/.github/workflows/sdk-image.yml +++ b/.github/workflows/sdk-image.yml @@ -2,13 +2,12 @@ name: Build & Publish SDK image on: - push: - branches: [ main, develop, ghcr-sdk-image ] - paths: - - Dockerfile.ci - - .github/workflows/sdk-image.yml workflow_dispatch: +concurrency: + group: ghcr-publish # run in the same group do not overlap + cancel-in-progress: false + permissions: contents: read packages: write # to push to GHCR From a0c7284e12a0ebead9273683ae61f0b498beb935 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino <72254164+dariopellegrino00@users.noreply.github.com> Date: Fri, 22 Aug 2025 16:26:52 +0200 Subject: [PATCH 8/9] Update .github/workflows/code-static-checks.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/code-static-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-static-checks.yml b/.github/workflows/code-static-checks.yml index 3d91074..c9c1e15 100644 --- a/.github/workflows/code-static-checks.yml +++ b/.github/workflows/code-static-checks.yml @@ -15,7 +15,7 @@ jobs: analyze: runs-on: ubuntu-22.04 container: - image: ghcr.io/voismart/freeswitch-sdk:ci # make org name dinamic in case of future org name changes + image: ghcr.io/voismart/freeswitch-sdk:ci # make org name dynamic in case of future org name changes credentials: username: ${{ github.actor }} password: ${{ secrets.GITHUB_TOKEN }} From dd2d93376bcb7fb9636ced756c3982631a972a96 Mon Sep 17 00:00:00 2001 From: Dario Pellegrino <72254164+dariopellegrino00@users.noreply.github.com> Date: Fri, 22 Aug 2025 16:27:30 +0200 Subject: [PATCH 9/9] Update .github/workflows/code-static-checks.yml Co-authored-by: Copilot <175728472+Copilot@users.noreply.github.com> --- .github/workflows/code-static-checks.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/code-static-checks.yml b/.github/workflows/code-static-checks.yml index c9c1e15..7ced647 100644 --- a/.github/workflows/code-static-checks.yml +++ b/.github/workflows/code-static-checks.yml @@ -9,7 +9,7 @@ on: permissions: contents: read - packages: read # per pull da GHCR privato + packages: read # to pull from private GHCR jobs: analyze: