From ba2d8c922822a2fa6b026f97e88385d811035a07 Mon Sep 17 00:00:00 2001 From: "msclock-bot[bot]" <163820484+msclock-bot[bot]@users.noreply.github.com> Date: Mon, 9 Dec 2024 02:14:34 +0000 Subject: [PATCH 1/2] chore(deps): update dependency https://github.com/serious-scaffold/ss-cpp to v1.6.14 --- .copier-answers.yml | 2 +- .devcontainer/devcontainer.json | 2 +- .github/workflows/cd.yml | 2 +- .github/workflows/ci.yml | 25 ++++++----- .github/workflows/codeql.yml | 2 +- .github/workflows/renovate.yml | 5 ++- .github/workflows/semantic-release.yml | 2 +- .pre-commit-config.yaml | 2 +- .renovaterc.json | 24 +++++++--- cmake/ConfigureCoverage.cmake | 3 +- cmake/ConfigureWarningsAndHardening.cmake | 44 +++++++++++++++++++ cmake/vcpkg/bootstrap/vcpkg_configure.cmake | 27 ++++++++++++ .../vcpkg/bootstrap/vcpkg_load_triplet.cmake | 17 +++++-- vcpkg.json | 10 ++++- 14 files changed, 136 insertions(+), 31 deletions(-) diff --git a/.copier-answers.yml b/.copier-answers.yml index 9ea1fb2..8058ae1 100644 --- a/.copier-answers.yml +++ b/.copier-answers.yml @@ -1,4 +1,4 @@ -_commit: v1.6.12 +_commit: v1.6.14 _src_path: https://github.com/serious-scaffold/ss-cpp author_email: msclock@126.com author_name: l.feng diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index 7ba47df..c8c4bf0 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -2,7 +2,7 @@ // https://github.com/devcontainers/images/tree/main/src/base-ubuntu { "name": "cppfront-practice", - "image": "mcr.microsoft.com/devcontainers/base:ubuntu-22.04", + "image": "mcr.microsoft.com/devcontainers/base:ubuntu-24.04", "capAdd": [ // Enable ptrace-based debugging for C++ "SYS_PTRACE" diff --git a/.github/workflows/cd.yml b/.github/workflows/cd.yml index 3813f18..e4fc4bf 100644 --- a/.github/workflows/cd.yml +++ b/.github/workflows/cd.yml @@ -19,7 +19,7 @@ env: jobs: pages: name: Deploy to GitHub Pages - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: ${{ github.ref_name == github.event.repository.default_branch || (github.event_name == 'release' && github.event.action == 'published') }} permissions: contents: write diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index f2b56e0..7bcd0b7 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -18,7 +18,7 @@ concurrency: jobs: pre-commit: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4 with: @@ -34,7 +34,7 @@ jobs: check-on-linux: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [pre-commit] timeout-minutes: 15 strategy: @@ -112,14 +112,17 @@ jobs: check-on-macos: +<<<<<<< before updating if: false +======= +>>>>>>> after updating runs-on: macos-14 needs: [pre-commit] timeout-minutes: 30 strategy: fail-fast: false matrix: - triplet: [x64-osx] + triplet: [arm64-osx] compiler: [gcc@13, llvm@17] std: [23] build_type: [Debug, RelWithDebInfo] @@ -335,7 +338,7 @@ jobs: run: cmake --build --preset=default --target ccov-all check-sanitizers: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [pre-commit] timeout-minutes: 15 strategy: @@ -385,7 +388,7 @@ jobs: run: ctest --preset=default check-valgrind: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [pre-commit] timeout-minutes: 15 strategy: @@ -453,7 +456,7 @@ jobs: path: out/valgrind-results.tar.gz clang-tidy: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [pre-commit] timeout-minutes: 15 @@ -502,7 +505,7 @@ jobs: cppcheck: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [pre-commit] timeout-minutes: 15 @@ -551,7 +554,7 @@ jobs: check-docs: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [pre-commit] timeout-minutes: 15 @@ -597,7 +600,7 @@ jobs: codecov: - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 needs: [pre-commit] timeout-minutes: 15 @@ -667,7 +670,7 @@ jobs: - clang-tidy - cppcheck - codecov - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 2 permissions: pull-requests: write @@ -679,5 +682,5 @@ jobs: jobs: ${{ toJSON(needs) }} - name: Approve pr if all jobs succeeded - if: contains(github.event.pull_request.labels.*.name, 'auto-approval') + if: contains(github.event.pull_request.labels.*.name, 'auto-approval') && contains(github.actor, '[bot]') uses: hmarr/auto-approve-action@v4 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index ea3ae81..c7f1ece 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -30,7 +30,7 @@ permissions: jobs: analyze: name: Analyze - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 timeout-minutes: 15 permissions: actions: read diff --git a/.github/workflows/renovate.yml b/.github/workflows/renovate.yml index 7712494..490f616 100644 --- a/.github/workflows/renovate.yml +++ b/.github/workflows/renovate.yml @@ -2,7 +2,8 @@ name: Renovate on: schedule: - - cron: '*/15 0-3 * * 1' + # Match renovate schedule:earlyMondays and schedule:automergeMonthly + - cron: '*/15 0-3 * * *' workflow_dispatch: jobs: @@ -20,7 +21,7 @@ jobs: RENOVATE_REPOSITORY_CACHE: enabled image: ghcr.io/renovatebot/renovate:39.42.4@sha256:c5d718e312cdacc0746e37f13c215ff498be28c51e50efd24c070ae29f5b636a options: --user root - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 steps: - run: env | sort diff --git a/.github/workflows/semantic-release.yml b/.github/workflows/semantic-release.yml index 3837a48..e35957e 100644 --- a/.github/workflows/semantic-release.yml +++ b/.github/workflows/semantic-release.yml @@ -13,7 +13,7 @@ on: jobs: semantic-release: name: Semantic Release - runs-on: ubuntu-22.04 + runs-on: ubuntu-24.04 if: github.event.workflow_run.conclusion == 'success' && github.repository == 'msclock/cppfront-practice' permissions: contents: write diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml index 6fe8349..1c4c9bc 100644 --- a/.pre-commit-config.yaml +++ b/.pre-commit-config.yaml @@ -82,7 +82,7 @@ repos: # Clang format the codebase automatically - repo: https://github.com/pre-commit/mirrors-clang-format - rev: v18.1.8 + rev: v19.1.4 hooks: - id: clang-format types_or: [c++, c, cuda] diff --git a/.renovaterc.json b/.renovaterc.json index fb962d4..5a79f6b 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -11,19 +11,33 @@ "platformAutomerge": true, "packageRules": [ { +<<<<<<< before updating +======= + "automerge": true, + "addLabels": [ + "auto-approval" + ], + "extends": [ + "schedule:earlyMondays", + "schedule:automergeMonthly" + ], +>>>>>>> after updating "matchUpdateTypes": [ "minor", "patch", "pin", "digest" +<<<<<<< before updating ], "automerge": true +======= + ] +>>>>>>> after updating }, { "description": "Group renovate docker tag and pre-commit-hooks tag", "groupName": "renovate group", "addLabels": [ - "auto-approval", "renovate" ], "matchDatasources": [ @@ -51,12 +65,12 @@ ] }, { - "description": "Update vcpkg.json builtin-baseline with git hash", + "description": "Update microsoft vcpkg baseline", "customType": "regex", "currentValueTemplate": "master", "datasourceTemplate": "git-refs", "depNameTemplate": "https://github.com/microsoft/vcpkg", - "depTypeTemplate": "vcpkg-builtin-baseline", + "depTypeTemplate": "vcpkg-baseline", "fileMatch": [ "^vcpkg\\.json$" ], @@ -65,11 +79,11 @@ ] }, { - "description": "Update registration baseline with git hash", + "description": "Update custom registry baseline", "customType": "regex", "currentValueTemplate": "master", "datasourceTemplate": "git-refs", - "depTypeTemplate": "registration-baseline", + "depTypeTemplate": "vcpkg-baseline", "fileMatch": [ "^vcpkg\\.json$" ], diff --git a/cmake/ConfigureCoverage.cmake b/cmake/ConfigureCoverage.cmake index d0d853b..8d3816e 100644 --- a/cmake/ConfigureCoverage.cmake +++ b/cmake/ConfigureCoverage.cmake @@ -14,7 +14,6 @@ include_guard(GLOBAL) # cmake-format: off set(CODE_COVERAGE OFF CACHE BOOL "Enables code coverage.") set(CODE_COVERAGE_GCOVR_REPORT_FORMAT xml CACHE STRING "Sets the gcovr report format.") -set(CODE_COVERAGE_LCOV_EXTRA_FLAGS "--ignore-errors=gcov" CACHE STRING "Extra flags to pass to lcov") include(cmake-modules/test/Coverage) @@ -26,7 +25,7 @@ endif() # Exclude system directories from code coverage if(NOT CMAKE_HOST_SYSTEM_NAME MATCHES "Windows") - list(APPEND _excludes "/usr" "/opt") + list(APPEND _excludes "/usr") endif() add_code_coverage_all_targets( diff --git a/cmake/ConfigureWarningsAndHardening.cmake b/cmake/ConfigureWarningsAndHardening.cmake index dc89097..298cb6a 100644 --- a/cmake/ConfigureWarningsAndHardening.cmake +++ b/cmake/ConfigureWarningsAndHardening.cmake @@ -73,4 +73,48 @@ include(cmake-modules/build/CompilerFlags) # Hardening # ############################################################################## +# Comment `-Wl,-z,nodlopen` for dlopen call +if(NOT MSVC) + set(USE_HARDENING_FLAGS + -D_GLIBCXX_ASSERTIONS # Enable assertions + -U_FORTIFY_SOURCE # Disable stack protector + -D_FORTIFY_SOURCE=3 # Enable stack protector + -fstack-protector-strong # Enable stack protector + -fcf-protection # Control Flow Guard + -fstack-clash-protection # Control Flow Guard + -Wimplicit-fallthrough # Enabled in compiler flags by default + -fstrict-flex-arrays=3 # Enable strict array bounds + -Wformat # Enabled in compiler flags by default + -Wformat=2 # Enabled in compiler flags by default + # -Wl,-z,nodlopen # Restrict dlopen(3) calls to shared objects + -Wl,-z,noexecstack # Enable data execution prevention by marking stack + # memory as non-executable + -Wl,-z,relro # Mark relocation table entries resolved at load-time as + # read-only + -Wl,-z,now # Mark relocation table entries resolved at load-time as + # read-only. It impacts startup performance + "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime + # undefined behavior sanitizer + -fno-delete-null-pointer-checks + -fno-strict-overflow + -fno-strict-aliasing + -ftrivial-auto-var-init=zero + -Wtrampolines # Enable trampolines(gcc only) + -mbranch-protection=standard # Enable indirect branches(aarch64 only) + CACHE STRING "Additional hardening compilation flags for GCC/Clang") + + set(USE_HARDENING_LINKS + -fstack-protector-strong # Enable stack protector + "-fsanitize=undefined -fsanitize-minimal-runtime" # Enable minimal runtime + # undefined behavior sanitizer -Wl,-z,nodlopen # Restrict dlopen(3) calls + # to shared objects + -Wl,-z,noexecstack # Enable data execution prevention by marking stack + # memory as non-executable + -Wl,-z,relro # Mark relocation table entries resolved at load-time as + # read-only + -Wl,-z,now # Mark relocation table entries resolved at load-time as + # read-only. It impacts startup performance + CACHE STRING "Additional hardening linking flags for GCC/Clang") +endif() + include(cmake-modules/build/Hardening) diff --git a/cmake/vcpkg/bootstrap/vcpkg_configure.cmake b/cmake/vcpkg/bootstrap/vcpkg_configure.cmake index 527c070..3577557 100644 --- a/cmake/vcpkg/bootstrap/vcpkg_configure.cmake +++ b/cmake/vcpkg/bootstrap/vcpkg_configure.cmake @@ -52,6 +52,30 @@ macro(detect_vcpkg) endif() endmacro() +# Add VCPKG_INSTALL_REPORT_FAILURE option to report vcpkg failure in detail +function(_vcpkg_install_report_failure) + if(DEFINED ENV{CI} AND NOT "$ENV{CI}" STREQUAL "") + set(VCPKG_INSTALL_REPORT_FAILURE + ON + CACHE INTERNAL "Enable vcpkg install failure report in detail") + endif() + file(READ "$CACHE{_VCPKG_TOOLCHAIN_FILE}" _vcpkg_toolchain_content) + if(VCPKG_INSTALL_REPORT_FAILURE + AND NOT "${_vcpkg_toolchain_content}" MATCHES + [[VCPKG INSTALL REPORT FAILURE IN DETAIL]]) + string( + REPLACE + [[message(STATUS "Running vcpkg install - failed")]] + [[message(STATUS "Running vcpkg install - failed") + file(READ "${CMAKE_CURRENT_BINARY_DIR}/vcpkg_installed/vcpkg/issue_body.md" issue_body_content) + message(STATUS "") + set(Z_NATIVE_VCPKG_MANIFEST_INSTALL_LOGFILE "${Z_NATIVE_VCPKG_MANIFEST_INSTALL_LOGFILE}\nVCPKG INSTALL REPORT FAILURE IN DETAIL: ${CMAKE_CURRENT_BINARY_DIR}/vcpkg_installed/vcpkg/issue_body.md\n${issue_body_content}\n")]] + _vcpkg_toolchain_content + "${_vcpkg_toolchain_content}") + file(WRITE "$CACHE{_VCPKG_TOOLCHAIN_FILE}" "${_vcpkg_toolchain_content}") + endif() +endfunction() + # bootstrap and configure vcpkg macro(vcpkg_configure) detect_vcpkg() @@ -68,6 +92,9 @@ macro(vcpkg_configure) endif() _vcpkg_chainload_toolchain() + + _vcpkg_install_report_failure() + message(STATUS "vcpkg_toolchain_file:$CACHE{_VCPKG_TOOLCHAIN_FILE}") include("$CACHE{_VCPKG_TOOLCHAIN_FILE}") endmacro() diff --git a/cmake/vcpkg/bootstrap/vcpkg_load_triplet.cmake b/cmake/vcpkg/bootstrap/vcpkg_load_triplet.cmake index af2054e..6ceb2f0 100644 --- a/cmake/vcpkg/bootstrap/vcpkg_load_triplet.cmake +++ b/cmake/vcpkg/bootstrap/vcpkg_load_triplet.cmake @@ -46,7 +46,7 @@ function(_vcpkg_detect_host_triplet) if(_detect_osx_arch_count EQUAL "0") message( WARNING - "Unable to determine target architecture. " + "Unable to determine target architecture from ${CMAKE_OSX_ARCHITECTURES}. " "Consider providing a value for the CMAKE_OSX_ARCHITECTURES cache variable. " "Continuing without vcpkg.") set(VCPKG_TOOLCHAIN ON) @@ -57,7 +57,8 @@ function(_vcpkg_detect_host_triplet) if(_detect_osx_arch_count GREATER "1") message( WARNING - "Detected more than one target architecture. Using the first one.") + "Detected more than one target architecture from ${CMAKE_OSX_ARCHITECTURES}. Using the first one." + ) endif() list(GET CMAKE_OSX_ARCHITECTURES "0" _detect_osx_target_arch) if(_detect_osx_target_arch STREQUAL "arm64") @@ -75,7 +76,7 @@ function(_vcpkg_detect_host_triplet) else() message( WARNING - "Unable to determine target architecture, continuing without vcpkg." + "Unable to determine target architecture from ${CMAKE_OSX_ARCHITECTURES}, continuing without vcpkg." ) set(VCPKG_TOOLCHAIN ON) cmake_policy(POP) @@ -96,6 +97,8 @@ function(_vcpkg_detect_host_triplet) OR CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "AMD64" OR CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "amd64") set(_detect_target_triplet_arch x64) + elseif(CMAKE_HOST_SYSTEM_PROCESSOR MATCHES "^i.86$") + set(_detect_target_triplet_arch x86) elseif(CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "s390x") set(_detect_target_triplet_arch s390x) elseif(CMAKE_HOST_SYSTEM_PROCESSOR STREQUAL "ppc64le") @@ -115,7 +118,7 @@ function(_vcpkg_detect_host_triplet) else() message( WARNING - "Unable to determine target architecture, continuing without vcpkg." + "Unable to determine target architecture from ${CMAKE_HOST_SYSTEM_PROCESSOR}, continuing without vcpkg." ) set(VCPKG_TOOLCHAIN ON) cmake_policy(POP) @@ -166,6 +169,12 @@ function(_vcpkg_detect_host_triplet) if(NOT _detect_target_triplet_arch STREQUAL "" AND NOT _detect_target_triplet_plat STREQUAL "") + set(VCPKG_DETECT_TRIPLET_ARCH + ${_detect_target_triplet_arch} + PARENT_SCOPE) + set(VCPKG_DETECT_TRIPLET_PLAT + ${_detect_target_triplet_plat} + PARENT_SCOPE) set(VCPKG_HOST_TRIPLET "${_detect_target_triplet_arch}-${_detect_target_triplet_plat}" PARENT_SCOPE) diff --git a/vcpkg.json b/vcpkg.json index 69f11fb..289319c 100644 --- a/vcpkg.json +++ b/vcpkg.json @@ -2,7 +2,11 @@ "$schema": "https://raw.githubusercontent.com/microsoft/vcpkg-tool/main/docs/vcpkg.schema.json", "name": "cppfront-practice", "description": "Practice based on cppfront", +<<<<<<< before updating "builtin-baseline": "20a72ce99b12dd0ebfea5d39f32681bd68b19d03", +======= + "builtin-baseline": "55dec59d05cd1731a06a832302e80f6105a3d482", +>>>>>>> after updating "homepage": "https://github.com/msclock/cppfront-practice", "dependencies": [ "cppfront", @@ -23,7 +27,7 @@ }, { "name": "cmake-modules", - "version": "1.6.1" + "version": "1.6.8" }, { "name": "robotology-cmake-ycm", @@ -45,7 +49,11 @@ "registries": [ { "kind": "git", +<<<<<<< before updating "baseline": "a1d862fc6df3883df4516ccdd0c204d14cf4dc64", +======= + "baseline": "9d739d71af31a73a6000fb1e64b7cca54a962439", +>>>>>>> after updating "repository": "https://github.com/msclock/cmake-registry", "packages": [ "cmake-modules", From a5923c7531a5796a6827570f6238c9a658dc4ddf Mon Sep 17 00:00:00 2001 From: "l.feng" <43399351+msclock@users.noreply.github.com> Date: Mon, 9 Dec 2024 10:18:15 +0800 Subject: [PATCH 2/2] Resolve conflicts Signed-off-by: l.feng <43399351+msclock@users.noreply.github.com> --- .github/workflows/ci.yml | 3 --- .renovaterc.json | 8 -------- vcpkg.json | 8 -------- 3 files changed, 19 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 7bcd0b7..eb6b2a3 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -112,10 +112,7 @@ jobs: check-on-macos: -<<<<<<< before updating if: false -======= ->>>>>>> after updating runs-on: macos-14 needs: [pre-commit] timeout-minutes: 30 diff --git a/.renovaterc.json b/.renovaterc.json index 5a79f6b..8a3602c 100644 --- a/.renovaterc.json +++ b/.renovaterc.json @@ -11,8 +11,6 @@ "platformAutomerge": true, "packageRules": [ { -<<<<<<< before updating -======= "automerge": true, "addLabels": [ "auto-approval" @@ -21,18 +19,12 @@ "schedule:earlyMondays", "schedule:automergeMonthly" ], ->>>>>>> after updating "matchUpdateTypes": [ "minor", "patch", "pin", "digest" -<<<<<<< before updating - ], - "automerge": true -======= ] ->>>>>>> after updating }, { "description": "Group renovate docker tag and pre-commit-hooks tag", diff --git a/vcpkg.json b/vcpkg.json index 289319c..f1bc784 100644 --- a/vcpkg.json +++ b/vcpkg.json @@ -2,11 +2,7 @@ "$schema": "https://raw.githubusercontent.com/microsoft/vcpkg-tool/main/docs/vcpkg.schema.json", "name": "cppfront-practice", "description": "Practice based on cppfront", -<<<<<<< before updating - "builtin-baseline": "20a72ce99b12dd0ebfea5d39f32681bd68b19d03", -======= "builtin-baseline": "55dec59d05cd1731a06a832302e80f6105a3d482", ->>>>>>> after updating "homepage": "https://github.com/msclock/cppfront-practice", "dependencies": [ "cppfront", @@ -49,11 +45,7 @@ "registries": [ { "kind": "git", -<<<<<<< before updating - "baseline": "a1d862fc6df3883df4516ccdd0c204d14cf4dc64", -======= "baseline": "9d739d71af31a73a6000fb1e64b7cca54a962439", ->>>>>>> after updating "repository": "https://github.com/msclock/cmake-registry", "packages": [ "cmake-modules",