Handle numeric domain file IDs safely #192
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Build & Tests | |
| on: | |
| pull_request: | |
| paths: | |
| - ".plan/**" | |
| - "bridge/**" # Python | |
| - "bin/plan_check.py" | |
| - "scripts/**" | |
| - "docs/**" | |
| - "pom.xml" | |
| - "src/**" | |
| - ".github/workflows/build.yml" | |
| jobs: | |
| # 1) Schnelle Checks (immer) | |
| plan: | |
| name: Plan Consistency | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - run: python3 bin/plan_check.py | |
| pytests: | |
| name: Python tests | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| cache: 'pip' | |
| cache-dependency-path: | | |
| requirements.txt | |
| requirements-dev.txt | |
| - run: | | |
| python -m pip install -r requirements.txt | |
| python -m pip install -r requirements-dev.txt | |
| - run: python -m pytest -q bridge/tests/unit | |
| - name: MCP smoke test (reference fixture) | |
| run: python scripts/mcp_smoke_test.py | |
| api-docs: | |
| name: API docs up-to-date | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-python@v5 | |
| with: | |
| python-version: '3.11' | |
| - name: Render OpenAPI markdown | |
| run: | | |
| python scripts/gen_api_md.py "${OPENAPI_SOURCE:-bridge/tests/golden/data/openapi_snapshot.json}" > docs/api.md | |
| - name: Upload API docs artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: api-md | |
| path: docs/api.md | |
| - name: Detect drift in docs/api.md | |
| run: | | |
| if ! git diff --exit-code -- docs/api.md; then | |
| echo "::error::docs/api.md is out of date. Run: python scripts/gen_api_md.py \"${OPENAPI_SOURCE:-bridge/tests/golden/data/openapi_snapshot.json}\" > docs/api.md" | |
| exit 1 | |
| fi | |
| # 2) Dateifilter bestimmen, ob Java gebaut wird | |
| changes: | |
| runs-on: ubuntu-latest | |
| outputs: | |
| maven: ${{ steps.filter.outputs.maven }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - id: filter | |
| uses: dorny/paths-filter@v3 | |
| with: | |
| filters: | | |
| maven: | |
| - 'pom.xml' | |
| - 'src/**' | |
| # 3) Maven nur, wenn Java geaendert wurde | |
| maven: | |
| name: Maven package (skip tests) | |
| needs: | |
| - changes | |
| - pytests | |
| - api-docs | |
| if: needs.changes.outputs.maven == 'true' | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v4 | |
| - uses: actions/setup-java@v4 | |
| with: | |
| distribution: temurin | |
| java-version: '21' | |
| cache: maven | |
| - name: Determine Ghidra version from POM | |
| id: ver | |
| run: echo "GHIDRA_VERSION=$(mvn -q -Dexec.executable=echo -Dexec.args='${project.properties.ghidra.version}' --non-recursive org.codehaus.mojo:exec-maven-plugin:3.1.0:exec)" >> $GITHUB_ENV | |
| - name: Download Ghidra | |
| run: | | |
| set -euo pipefail | |
| TAG="Ghidra_${GHIDRA_VERSION}_build" | |
| URL=$(curl -s https://api.github.com/repos/NationalSecurityAgency/ghidra/releases/tags/${TAG} \ | |
| | grep browser_download_url | grep PUBLIC | sed -E 's/.*"([^"]+)".*/\1/' | head -n1) | |
| curl -L "$URL" -o ghidra.zip | |
| unzip -q ghidra.zip | |
| echo "GHIDRA_DIR=$(echo ghidra_*_PUBLIC)" >> "$GITHUB_ENV" | |
| - name: Fetch required Ghidra jars | |
| run: python scripts/fetch_ghidra_jars.py --tag "Ghidra_${GHIDRA_VERSION}_build" | |
| - run: mvn -B -DskipTests package | |