From 8de357a6f3933c2b63d13a23969c09a54b44a020 Mon Sep 17 00:00:00 2001 From: Edoardo Zoni Date: Tue, 20 May 2025 18:05:32 -0700 Subject: [PATCH 1/6] CI: Fix Skipped Required Workflows (again) --- .github/workflows/check_changes.yml | 1 + .github/workflows/clang_tidy.yml | 10 ++++----- .github/workflows/codeql.yml | 32 ++++++++++------------------- 3 files changed, 16 insertions(+), 27 deletions(-) diff --git a/.github/workflows/check_changes.yml b/.github/workflows/check_changes.yml index 1e90dfb2bab..8f83cd423dd 100644 --- a/.github/workflows/check_changes.yml +++ b/.github/workflows/check_changes.yml @@ -22,6 +22,7 @@ jobs: - '!Docs/**' - '!**.md' - '!**.rst' + - '!.github/**' # FIXME predicate-quantifier: 'every' - id: set-output run: | diff --git a/.github/workflows/clang_tidy.yml b/.github/workflows/clang_tidy.yml index b8e7bdc0de8..9ac42011426 100644 --- a/.github/workflows/clang_tidy.yml +++ b/.github/workflows/clang_tidy.yml @@ -24,13 +24,15 @@ jobs: runs-on: ubuntu-24.04 timeout-minutes: 250 needs: check_changes - if: ${{ github.event.pull_request.draft == false && needs.check_changes.outputs.has_non_docs_changes == 'true' }} + if: ${{ github.event.pull_request.draft }} steps: - uses: actions/checkout@v4 - name: install dependencies + if: ${{ needs.check_changes.outputs.has_non_docs_changes == 'true' }} run: | .github/workflows/dependencies/clang.sh 17 - name: set up cache + if: ${{ needs.check_changes.outputs.has_non_docs_changes == 'true' }} uses: actions/cache@v4 with: path: ~/.cache/ccache @@ -38,6 +40,7 @@ jobs: restore-keys: | ccache-${{ github.workflow }}-${{ github.job }}-git- - name: build WarpX & run clang-tidy + if: ${{ needs.check_changes.outputs.has_non_docs_changes == 'true' }} run: | export CCACHE_COMPRESS=1 export CCACHE_COMPRESSLEVEL=10 @@ -45,10 +48,8 @@ jobs: export CCACHE_EXTRAFILES=${{ github.workspace }}/.clang-tidy export CCACHE_LOGFILE=${{ github.workspace }}/ccache.log.txt ccache -z - export CXX=$(which clang++-17) export CC=$(which clang-17) - cmake -S . -B build_clang_tidy \ -DCMAKE_VERBOSE_MAKEFILE=ON \ -DWarpX_DIMS="${{ matrix.dim }}" \ @@ -60,13 +61,10 @@ jobs: -DWarpX_OPENPMD=ON \ -DWarpX_PRECISION=SINGLE \ -DCMAKE_CXX_COMPILER_LAUNCHER=ccache - cmake --build build_clang_tidy -j 4 - ${{github.workspace}}/.github/workflows/source/makeMakefileForClangTidy.py --input ${{github.workspace}}/ccache.log.txt make -j4 --keep-going -f clang-tidy-ccache-misses.mak \ CLANG_TIDY=clang-tidy-17 \ CLANG_TIDY_ARGS="--config-file=${{github.workspace}}/.clang-tidy --warnings-as-errors=*" - ccache -s du -hs ~/.cache/ccache diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1df507fc646..def510435d7 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,52 +2,52 @@ name: 🔍 CodeQL on: push: - branches: [ "development" ] + branches: + - "development" pull_request: - branches: [ "development" ] - schedule: - - cron: "27 3 * * 0" + branches: + - "development" concurrency: group: ${{ github.ref }}-${{ github.head_ref }}-codeql cancel-in-progress: true jobs: + + check_changes: + name: Analyze + uses: ./.github/workflows/check_changes.yml + analyze: name: Analyze runs-on: ubuntu-24.04 - if: github.event.pull_request.draft == false + needs: check_changes + if: ${{ github.event.pull_request.draft == false && needs.check_changes.outputs.has_non_docs_changes == 'true' }} permissions: actions: read contents: read security-events: write - strategy: fail-fast: false matrix: language: [ python, cpp ] - steps: - name: Checkout uses: actions/checkout@v4 - - uses: actions/setup-python@v5 name: Install Python with: python-version: '3.x' - - name: Install Packages (C++) if: ${{ matrix.language == 'cpp' }} run: | sudo apt-get update sudo apt-get install --yes cmake openmpi-bin libopenmpi-dev libhdf5-openmpi-dev libadios-openmpi-dev ccache - python -m pip install --upgrade pip python -m pip install --upgrade pipx python -m pip install --upgrade wheel python -m pip install --upgrade cmake python -m pipx install cmake - - name: Set Up Cache if: ${{ matrix.language == 'cpp' }} uses: actions/cache@v4 @@ -56,23 +56,19 @@ jobs: key: ccache-${{ github.workflow }}-${{ github.job }}-git-${{ github.sha }} restore-keys: | ccache-${{ github.workflow }}-${{ github.job }}-git- - - name: Configure (C++) if: ${{ matrix.language == 'cpp' }} run: | cmake -S . -B build -DWarpX_OPENPMD=ON - - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: config-file: ./.github/codeql/warpx-codeql.yml languages: ${{ matrix.language }} queries: +security-and-quality - - name: Build (py) uses: github/codeql-action/autobuild@v3 if: ${{ matrix.language == 'python' }} - - name: Build (C++) if: ${{ matrix.language == 'cpp' }} run: | @@ -80,24 +76,19 @@ jobs: export CCACHE_COMPRESSLEVEL=10 export CCACHE_MAXSIZE=100M ccache -z - cmake --build build -j 4 - ccache -s du -hs ~/.cache/ccache - # Make sure CodeQL has something to do touch Source/Utils/WarpXVersion.cpp export CCACHE_DISABLE=1 cmake --build build -j 4 - - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{ matrix.language }}" upload: False output: sarif-results - - name: filter-sarif uses: advanced-security/filter-sarif@v1 with: @@ -111,7 +102,6 @@ jobs: -build/_deps/*/*/*/*/*/*/*/* input: sarif-results/${{ matrix.language }}.sarif output: sarif-results/${{ matrix.language }}.sarif - - name: Upload SARIF uses: github/codeql-action/upload-sarif@v3 with: From f8834a9ef9efe1f0f1f7532a25766df6b4b0c6da Mon Sep 17 00:00:00 2001 From: Edoardo Zoni <59625522+EZoni@users.noreply.github.com> Date: Tue, 17 Jun 2025 15:58:42 -0700 Subject: [PATCH 2/6] Update .github/workflows/clang_tidy.yml --- .github/workflows/clang_tidy.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/clang_tidy.yml b/.github/workflows/clang_tidy.yml index 9ac42011426..245874c9591 100644 --- a/.github/workflows/clang_tidy.yml +++ b/.github/workflows/clang_tidy.yml @@ -24,7 +24,7 @@ jobs: runs-on: ubuntu-24.04 timeout-minutes: 250 needs: check_changes - if: ${{ github.event.pull_request.draft }} + if: ${{ github.event.pull_request.draft == false }} steps: - uses: actions/checkout@v4 - name: install dependencies From 1a24c23417aab115cb8142fb250e27dcf4309ee2 Mon Sep 17 00:00:00 2001 From: Edoardo Zoni Date: Tue, 17 Jun 2025 16:10:32 -0700 Subject: [PATCH 3/6] Revert changes to CodeQL workflow --- .github/workflows/codeql.yml | 32 +++++++++++++++++++++----------- 1 file changed, 21 insertions(+), 11 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index def510435d7..1df507fc646 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -2,52 +2,52 @@ name: 🔍 CodeQL on: push: - branches: - - "development" + branches: [ "development" ] pull_request: - branches: - - "development" + branches: [ "development" ] + schedule: + - cron: "27 3 * * 0" concurrency: group: ${{ github.ref }}-${{ github.head_ref }}-codeql cancel-in-progress: true jobs: - - check_changes: - name: Analyze - uses: ./.github/workflows/check_changes.yml - analyze: name: Analyze runs-on: ubuntu-24.04 - needs: check_changes - if: ${{ github.event.pull_request.draft == false && needs.check_changes.outputs.has_non_docs_changes == 'true' }} + if: github.event.pull_request.draft == false permissions: actions: read contents: read security-events: write + strategy: fail-fast: false matrix: language: [ python, cpp ] + steps: - name: Checkout uses: actions/checkout@v4 + - uses: actions/setup-python@v5 name: Install Python with: python-version: '3.x' + - name: Install Packages (C++) if: ${{ matrix.language == 'cpp' }} run: | sudo apt-get update sudo apt-get install --yes cmake openmpi-bin libopenmpi-dev libhdf5-openmpi-dev libadios-openmpi-dev ccache + python -m pip install --upgrade pip python -m pip install --upgrade pipx python -m pip install --upgrade wheel python -m pip install --upgrade cmake python -m pipx install cmake + - name: Set Up Cache if: ${{ matrix.language == 'cpp' }} uses: actions/cache@v4 @@ -56,19 +56,23 @@ jobs: key: ccache-${{ github.workflow }}-${{ github.job }}-git-${{ github.sha }} restore-keys: | ccache-${{ github.workflow }}-${{ github.job }}-git- + - name: Configure (C++) if: ${{ matrix.language == 'cpp' }} run: | cmake -S . -B build -DWarpX_OPENPMD=ON + - name: Initialize CodeQL uses: github/codeql-action/init@v3 with: config-file: ./.github/codeql/warpx-codeql.yml languages: ${{ matrix.language }} queries: +security-and-quality + - name: Build (py) uses: github/codeql-action/autobuild@v3 if: ${{ matrix.language == 'python' }} + - name: Build (C++) if: ${{ matrix.language == 'cpp' }} run: | @@ -76,19 +80,24 @@ jobs: export CCACHE_COMPRESSLEVEL=10 export CCACHE_MAXSIZE=100M ccache -z + cmake --build build -j 4 + ccache -s du -hs ~/.cache/ccache + # Make sure CodeQL has something to do touch Source/Utils/WarpXVersion.cpp export CCACHE_DISABLE=1 cmake --build build -j 4 + - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v3 with: category: "/language:${{ matrix.language }}" upload: False output: sarif-results + - name: filter-sarif uses: advanced-security/filter-sarif@v1 with: @@ -102,6 +111,7 @@ jobs: -build/_deps/*/*/*/*/*/*/*/* input: sarif-results/${{ matrix.language }}.sarif output: sarif-results/${{ matrix.language }}.sarif + - name: Upload SARIF uses: github/codeql-action/upload-sarif@v3 with: From a6a94e4116585ac92b0cdb029d71cb5c5c88dc94 Mon Sep 17 00:00:00 2001 From: Edoardo Zoni Date: Tue, 17 Jun 2025 16:26:48 -0700 Subject: [PATCH 4/6] Remove cron schedule for CodeQL workflows --- .github/workflows/codeql.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1df507fc646..f34ddc5cd44 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -5,8 +5,6 @@ on: branches: [ "development" ] pull_request: branches: [ "development" ] - schedule: - - cron: "27 3 * * 0" concurrency: group: ${{ github.ref }}-${{ github.head_ref }}-codeql From 705fd1a0d623e4d8222290b110a3f1735f85bdc4 Mon Sep 17 00:00:00 2001 From: Edoardo Zoni Date: Tue, 17 Jun 2025 17:05:25 -0700 Subject: [PATCH 5/6] Skip also initial checkout step --- .github/workflows/clang_tidy.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/clang_tidy.yml b/.github/workflows/clang_tidy.yml index 245874c9591..70f1398f2ea 100644 --- a/.github/workflows/clang_tidy.yml +++ b/.github/workflows/clang_tidy.yml @@ -27,6 +27,7 @@ jobs: if: ${{ github.event.pull_request.draft == false }} steps: - uses: actions/checkout@v4 + if: ${{ needs.check_changes.outputs.has_non_docs_changes == 'true' }} - name: install dependencies if: ${{ needs.check_changes.outputs.has_non_docs_changes == 'true' }} run: | From a862722ac68982f7b5d0124637790575bfc00adb Mon Sep 17 00:00:00 2001 From: Edoardo Zoni <59625522+EZoni@users.noreply.github.com> Date: Tue, 17 Jun 2025 19:04:41 -0700 Subject: [PATCH 6/6] Update .github/workflows/check_changes.yml --- .github/workflows/check_changes.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/check_changes.yml b/.github/workflows/check_changes.yml index 8f83cd423dd..1e90dfb2bab 100644 --- a/.github/workflows/check_changes.yml +++ b/.github/workflows/check_changes.yml @@ -22,7 +22,6 @@ jobs: - '!Docs/**' - '!**.md' - '!**.rst' - - '!.github/**' # FIXME predicate-quantifier: 'every' - id: set-output run: |