Skip to content

Bump github/codeql-action from 3.26.12 to 3.27.9 #1167

Bump github/codeql-action from 3.26.12 to 3.27.9

Bump github/codeql-action from 3.26.12 to 3.27.9 #1167

Workflow file for this run

name: CI
on:
push:
branches: [main]
pull_request:
branches: [main]
env:
FFMPEG_VERSION_TAG: n4.4.1
FX9_BUILD_DEPENDENCIES_DIRECTORY: ${{ github.workspace }}/out/dependencies
GLFW_VERSION_TAG: 3.3.8
ICU_VERSION_TAG: release-71-1
NANOEM_BUILD_DEPENDENCIES_DIRECTORY: ${{ github.workspace }}/out/dependencies
NANOEM_BUILD_ARTIFACT_DIRECTORY: ${{ github.workspace }}/out/core
NANOEM_RUST_DIRECTORY: ${{ github.workspace }}/rust
permissions:
contents: read
jobs:
build-linux:
runs-on: ubuntu-latest
timeout-minutes: 30
# libc++/libc++abi are not prerequsite libraries but specifies to test CXXFLAGS/LDFLAGS are functional
env:
CC: clang
CXX: clang++
CXXFLAGS: -stdlib=libc++
LDFLAGS: -lc++abi
GIT_CLONE_PROTECTION_ACTIVE: false
steps:
- name: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
# Assumes clang/cmake/libc++/libc++abi are installed on GitHub Actions Runner
- name: setup prerequisite packages
run: |
sudo apt-get update && sudo apt-get install -y \
libasound-dev \
libgtk-3-dev \
libglu1-mesa-dev \
ninja-build \
xorg-dev \
libxi-dev \
libxcursor-dev
- name: checkout ffmpeg
run: git clone --depth=1 --branch=${{ env.FFMPEG_VERSION_TAG }} https://github.com/ffmpeg/ffmpeg.git dependencies/ffmpeg
- name: checkout glfw
run: git clone --depth=1 --branch=${{ env.GLFW_VERSION_TAG }} https://github.com/glfw/glfw.git dependencies/glfw
- name: checkout ICU
run: git clone --depth=1 --branch=${{ env.ICU_VERSION_TAG }} https://github.com/unicode-org/icu.git dependencies/icu
- name: build all dependencies of nanoem
run: cmake -DCONFIG=release -P ${{ github.workspace }}/scripts/build.cmake
env:
NANOEM_ENABLE_BUILD_FFMPEG: 1
NANOEM_ENABLE_BUILD_GLFW: 1
NANOEM_ENABLE_BUILD_ICU4C: 1
NANOEM_ENABLE_BUILD_MIMALLOC: 1
NANOEM_TARGET_ARCHITECTURES: x86_64
NANOEM_TARGET_CONFIGURATIONS: "debug;release"
NANOEM_TARGET_COMPILER: clang
- name: build nanoem itself
run: |
mkdir -p ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
cd ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
cmake \
-DCMAKE_INSTALL_PREFIX=${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}/install-root \
-DFX9_ENABLE_OPTIMIZER=OFF \
-DNANOEM_ENABLE_BULLET=ON \
-DNANOEM_ENABLE_GLFW=ON \
-DNANOEM_ENABLE_ICU=ON \
-DNANOEM_ENABLE_IMGUI_FILE_DIALOG=ON \
-DNANOEM_ENABLE_MIMALLOC=ON \
-DNANOEM_ENABLE_NMD=ON \
-DNANOEM_ENABLE_TBB=OFF \
-DNANOEM_ENABLE_TEST=ON \
-DNANOEM_INSTALL_EFFECT_PLUGIN=ON \
-DNANOEM_INSTALL_FFMPEG_PLUGIN=ON \
-DNANOEM_INSTALL_GIF_PLUGIN=OFF \
-DNANOEM_INSTALL_LSMASH_PLUGIN=ON \
-DNANOEM_TARGET_COMPILER=clang \
-GNinja \
../..
cmake --build . --config release
- name: test nanoem's unit tests
run: |
cd ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
ctest
build-macos:
runs-on: macos-latest
timeout-minutes: 30
steps:
- name: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- name: checkout ffmpeg
run: git clone --depth=1 --branch=${{ env.FFMPEG_VERSION_TAG }} https://github.com/ffmpeg/ffmpeg.git dependencies/ffmpeg
- name: checkout ICU
run: git clone --depth=1 --branch=${{ env.ICU_VERSION_TAG }} https://github.com/unicode-org/icu.git dependencies/icu
- name: setup prerequisite packages
run: brew install ninja
- name: build all dependencies of nanoem
run: cmake -DCONFIG=release -P ${{ github.workspace }}/scripts/build.cmake
env:
NANOEM_TARGET_CONFIGURATIONS: "debug;release"
NANOEM_TARGET_COMPILER: clang
NANOEM_ENABLE_BUILD_FFMPEG: 1
NANOEM_ENABLE_BUILD_ICU4C: 1
NANOEM_ENABLE_BUILD_MIMALLOC: 1
- name: build nanoem itself
run: |
mkdir -p ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
cd ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
cmake \
-DCMAKE_INSTALL_PREFIX=${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}/install-root \
-DFX9_ENABLE_OPTIMIZER=OFF \
-DNANOEM_ENABLE_BULLET=ON \
-DNANOEM_ENABLE_ICU=ON \
-DNANOEM_ENABLE_MIMALLOC=ON \
-DNANOEM_ENABLE_NMD=ON \
-DNANOEM_ENABLE_TEST=ON \
-DNANOEM_INSTALL_EFFECT_PLUGIN=ON \
-DNANOEM_INSTALL_FFMPEG_PLUGIN=ON \
-DNANOEM_INSTALL_GIF_PLUGIN=OFF \
-DNANOEM_INSTALL_LSMASH_PLUGIN=ON \
-DNANOEM_TARGET_COMPILER=clang \
-GNinja \
../..
cmake --build . --config release
- name: test nanoem's unit tests
run: |
cd ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
ctest
build-windows:
runs-on: windows-2022
timeout-minutes: 30
steps:
- name: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
fetch-depth: 0
submodules: recursive
- name: build all dependencies of nanoem
run: cmake -DCONFIG=release -P ${{ github.workspace }}/scripts/build.cmake
env:
NANOEM_TARGET_ARCHITECTURES: x86_64
NANOEM_TARGET_CONFIGURATIONS: "debug;release"
NANOEM_TARGET_COMPILER: vs2019
NANOEM_TARGET_TOOLSET: v142
NANOEM_ENABLE_BUILD_MIMALLOC: 1
- name: build nanoem itself
run: |
mkdir -p ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
cd ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
cmake `
-DCMAKE_INSTALL_PREFIX="${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}/install-root" `
-DFX9_ENABLE_OPTIMIZER=OFF `
-DNANOEM_ENABLE_BULLET=ON `
-DNANOEM_ENABLE_MIMALLOC=ON `
-DNANOEM_ENABLE_NMD=ON `
-DNANOEM_ENABLE_TEST=ON `
-DNANOEM_INSTALL_EFFECT_PLUGIN=ON `
-DNANOEM_INSTALL_FFMPEG_PLUGIN=OFF `
-DNANOEM_INSTALL_GIF_PLUGIN=OFF `
-DNANOEM_INSTALL_LSMASH_PLUGIN=ON `
-DNANOEM_TARGET_COMPILER=vs2019 `
-G"Visual Studio 17 2022" `
-Tv142 `
../..
cmake --build . --config release
- name: test nanoem's unit tests
run: |
cd ${{ env.NANOEM_BUILD_ARTIFACT_DIRECTORY }}
ctest
build-rust:
runs-on: ubuntu-latest
timeout-minutes: 15
defaults:
run:
working-directory: ${{ env.NANOEM_RUST_DIRECTORY }}
steps:
- name: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
- name: setup cargo-deny
uses: EmbarkStudios/cargo-deny-action@8371184bd11e21dcf8ac82ebf8c9c9f74ebf7268 # v2.0.1
with:
manifest-path: ./rust/Cargo.toml
- name: setup rust toolchain (stable and wasm32-wasi)
uses: actions-rust-lang/setup-rust-toolchain@1fbea72663f6d4c03efaab13560c8a24cfd2a7cc # v1.9.0
with:
cache-workspaces: ${{ env.NANOEM_RUST_DIRECTORY }}
components: rustfmt
target: wasm32-wasi
- name: run rustfmt for check
uses: actions-rust-lang/rustfmt@559aa3035a47390ba96088dffa783b5d26da9326 # v1.1.1
with:
manifest-path: ${{ env.NANOEM_RUST_DIRECTORY }}/Cargo.toml
- name: setup prerequisite packages
run: |
sudo apt-get update && sudo apt-get install -y \
protobuf-compiler
- name: build plugin_wasm and its test WASMs
run: |
profiles=('dev' 'release-lto')
packages=(
'plugin_wasm_test_model_minimum'
'plugin_wasm_test_motion_minimum'
'plugin_wasm_test_model_full'
'plugin_wasm_test_motion_full'
)
for profile in "${profiles[@]}"; do
for package in "${packages[@]}"; do
cargo build --profile "${profile}" --package "${package}" --target wasm32-wasi
done
done
cargo check --profile release-lto
cargo test --profile release-lto
codeql:
if: ${{ github.ref == 'refs/heads/main' }}
runs-on: ubuntu-latest
permissions:
security-events: write
timeout-minutes: 60
env:
CC: clang
CXX: clang++
steps:
- name: checkout
uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
with:
submodules: recursive
- name: initialize CodeQL
uses: github/codeql-action/init@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
with:
config-file: ${{ github.workspace }}/.github/codeql/codeql-config.yml
languages: c-cpp
- name: setup prerequisite packages
run: |
sudo apt-get update && sudo apt-get install -y \
cmake \
libasound-dev \
libicu-dev \
libgtk-3-dev \
libglu1-mesa-dev \
ninja-build \
xorg-dev \
libxi-dev \
libxcursor-dev
- name: checkout ffmpeg
run: git clone --depth=1 --branch=${{ env.FFMPEG_VERSION_TAG }} https://github.com/ffmpeg/ffmpeg.git dependencies/ffmpeg
- name: checkout glfw
run: git clone --depth=1 --branch=${{ env.GLFW_VERSION_TAG }} https://github.com/glfw/glfw.git dependencies/glfw
- name: checkout ICU
run: git clone --depth=1 --branch=${{ env.ICU_VERSION_TAG }} https://github.com/unicode-org/icu.git dependencies/icu
- name: build all dependencies of nanoem
run: |
cd ${{ github.workspace }}
cmake -DCONFIG=release -P "$PWD/scripts/build.cmake"
env:
NANOEM_ENABLE_BUILD_FFMPEG: 1
NANOEM_ENABLE_BUILD_GLFW: 1
NANOEM_ENABLE_BUILD_ICU4C: 1
NANOEM_ENABLE_BUILD_MIMALLOC: 1
NANOEM_TARGET_ARCHITECTURES: x86_64
NANOEM_TARGET_CONFIGURATIONS: "debug;release"
NANOEM_TARGET_COMPILER: clang
- name: autobuild
uses: github/codeql-action/autobuild@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9
env:
CODEQL_EXTRACTOR_CPP_AUTOINSTALL_DEPENDENCIES: false
- name: perform CodeQL Analysis
uses: github/codeql-action/analyze@df409f7d9260372bd5f19e5b04e83cb3c43714ae # v3.27.9