Bump step-security/harden-runner from 2.10.2 to 2.10.3 #506
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: svdconv | |
on: | |
workflow_call: | |
push: | |
branches: | |
- main | |
paths: | |
- '.github/workflows/svdconv.yml' | |
- '.github/workflows/unit_test_results.yml' | |
- '.github/matrix_includes_svdconv.json' | |
- 'CMakeLists.txt' | |
- 'tools/svdconv/**' | |
- 'libs/xml**' | |
- '!**/docs/**/*' | |
- '!**/*.md' | |
pull_request: | |
paths: | |
- '.github/workflows/svdconv.yml' | |
- '.github/workflows/unit_test_results.yml' | |
- '.github/matrix_includes_svdconv.json' | |
- 'CMakeLists.txt' | |
- 'tools/svdconv/**' | |
- 'libs/xml**' | |
- '!**/docs/**/*' | |
- '!**/*.md' | |
release: | |
types: [published] | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
setup: | |
uses: Open-CMSIS-Pack/devtools/.github/workflows/shared_setup_env.yml@main | |
with: | |
run_if: ${{ fromJSON((github.event_name == 'pull_request') || (github.event_name == 'workflow_dispatch') || (github.event_name == 'release' && startsWith(github.ref, 'refs/tags/tools/svdconv/')) || ((github.event.schedule != '') && (!github.event.repository.private))) }} | |
matrix_prep: | |
needs: setup | |
uses: Open-CMSIS-Pack/devtools/.github/workflows/shared_matrix_prep.yml@main | |
with: | |
workflow_name: svdconv | |
build: | |
needs: [ setup, matrix_prep ] | |
runs-on: ${{ matrix.runs_on }} | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: true | |
matrix: ${{ fromJson(needs.matrix_prep.outputs.matrix) }} | |
steps: | |
- name: Harden Runner | |
if: ${{ !github.event.repository.private }} | |
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
egress-policy: audit | |
- name: Checkout devtools | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: recursive | |
fetch-depth: 0 | |
- name: Build svdconv | |
uses: Open-CMSIS-Pack/devtools-build-action@f447c00e0c2a58681faacce9312ead5813f93888 # arm64 | |
with: | |
target: svdconvdist | |
arch: ${{ matrix.arch }} | |
- name: Archive svdconv binary | |
if: ${{ github.event_name != 'release' || (needs.setup.outputs.nightly == 'true')}} | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: svdconv-${{ matrix.target }}-${{ matrix.arch }} | |
path: ./build/tools/svdconv/SVDConv/svdconv-*-${{ matrix.target }}-${{ matrix.arch }}.* | |
retention-days: ${{ needs.setup.outputs.retention_days }} | |
if-no-files-found: error | |
- name: Attach svdconv binary to release | |
if: ${{ github.event_name == 'release' }} | |
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
tag: ${{ github.ref }} | |
overwrite: true | |
file_glob: true | |
file: build/tools/svdconv/SVDConv/svdconv-*-${{ matrix.target }}-${{ matrix.arch }}.* | |
test: | |
needs: [ setup, matrix_prep ] | |
runs-on: ${{ matrix.runs_on }} | |
timeout-minutes: 15 | |
strategy: | |
fail-fast: false | |
matrix: ${{ fromJson(needs.matrix_prep.outputs.matrix) }} | |
steps: | |
- name: Harden Runner | |
if: ${{ !github.event.repository.private }} | |
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
egress-policy: audit | |
- name: Checkout devtools | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: recursive | |
# https://github.com/Open-CMSIS-Pack/devtools-build-action | |
- name: Build SVDConvUnitTests | |
uses: Open-CMSIS-Pack/devtools-build-action@f447c00e0c2a58681faacce9312ead5813f93888 # arm64 | |
with: | |
arch: ${{ matrix.arch }} | |
build_type: Debug | |
target: SVDConvUnitTests | |
- name: Run svdconv unit tests | |
if: (matrix.arch != 'arm64') | |
run: | | |
ctest -V -R SVDConvUnitTests | |
working-directory: ./build | |
# https://github.com/Open-CMSIS-Pack/devtools-build-action | |
- name: Build SvdConvIntegTests | |
uses: Open-CMSIS-Pack/devtools-build-action@f447c00e0c2a58681faacce9312ead5813f93888 # arm64 | |
with: | |
arch: ${{ matrix.arch }} | |
build_type: Debug | |
target: SvdConvIntegTests | |
- name: Run svdconv integ tests | |
if: matrix.arch != 'arm64' | |
run: | | |
ctest -V -R SvdConvIntegTests | |
working-directory: ./build | |
- name: Archive unit test results | |
if: always() && (matrix.arch != 'arm64') | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: unit_test_result_svdconv-${{ matrix.target }}-${{ matrix.arch }} | |
path: ./build/test_reports/svdconvunittests-*.xml | |
if-no-files-found: error | |
retention-days: ${{ needs.setup.outputs.retention_days }} | |
- name: Archive integration test results | |
if: always() && (matrix.arch != 'arm64') | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: integ_test_result_svdconv-${{ matrix.target }}-${{ matrix.arch }} | |
path: ./build/test_reports/svdconvintegtests-*.xml | |
if-no-files-found: error | |
retention-days: ${{ needs.setup.outputs.retention_days }} | |
coverage: | |
if: | | |
(github.event_name == 'pull_request') || | |
(github.event_name == 'workflow_dispatch') || | |
(github.event_name == 'push') || | |
(github.event_name == 'release' && startsWith(github.ref, 'refs/tags/tools/svdconv/')) || | |
((github.event.schedule != '') && (!github.event.repository.private)) | |
env: | |
lcov_base: https://github.com/linux-test-project/lcov/releases/download/v1.15/ | |
lcov_installer: lcov-1.15.tar.gz | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
steps: | |
- name: Harden Runner | |
if: ${{ !github.event.repository.private }} | |
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
egress-policy: audit | |
- name: Install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get install \ | |
lcov | |
- name: Checkout devtools | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
submodules: recursive | |
# https://github.com/Open-CMSIS-Pack/devtools-build-action | |
- name: Build SVDConvUnitTests | |
uses: Open-CMSIS-Pack/devtools-build-action@f447c00e0c2a58681faacce9312ead5813f93888 # arm64 | |
with: | |
add_cmake_variables: -DCOVERAGE=ON | |
arch: amd64 | |
build_type: Debug | |
target: SVDConvUnitTests | |
# https://github.com/Open-CMSIS-Pack/devtools-build-action | |
- name: Build SvdConvIntegTests | |
uses: Open-CMSIS-Pack/devtools-build-action@f447c00e0c2a58681faacce9312ead5813f93888 # arm64 | |
with: | |
add_cmake_variables: -DCOVERAGE=ON | |
arch: amd64 | |
build_type: Debug | |
target: SvdConvIntegTests | |
- name: Run svdconv tests | |
run: | | |
ctest -V -C Debug -R SVDConvUnitTests | |
ctest -V -C Debug -R SvdConvIntegTests | |
working-directory: ./build | |
- name: Get retention days | |
id: var | |
run: | | |
echo "retention_days=$(echo '${{ (!github.event.repository.private && (github.event_name == 'push' || github.event.schedule != '')) && '7' || '1' }}')" >> $GITHUB_OUTPUT | |
- name: Archive unit test results | |
if: (github.event_name == 'push') | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: unit_test_report_svdconv-linux-amd64 | |
path: ./build/test_reports/svdconvunittests-*.xml | |
if-no-files-found: error | |
retention-days: ${{ steps.var.outputs.retention_days }} | |
- name: Archive integration test results | |
if: (github.event_name == 'push') | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: integ_test_report_svdconv-linux-amd64 | |
path: ./build/test_reports/svdconvintegtests-*.xml | |
if-no-files-found: error | |
retention-days: ${{ steps.var.outputs.retention_days }} | |
# Needs to be removed once the bug is resolved | |
# lcov reporting 1.14 on 1.15 version | |
# https://groups.google.com/g/linux.debian.bugs.dist/c/a9SZGCENJ2s?pli=1 | |
- name: Setup lcov1.15 | |
run: | | |
wget -q ${{ env.lcov_base }}/${{ env.lcov_installer }} | |
tar -xvf ${{ env.lcov_installer }} | |
working-directory: ./build/tools/svdconv | |
- name: Generate coverage report | |
run: | | |
lcov-1.15/bin/lcov --rc lcov_branch_coverage=1 --rc geninfo_no_exception_branch=1 --rc lcov_branch_coverage=1 -c --directory . --output-file full_coverage.info | |
lcov-1.15/bin/lcov --rc lcov_branch_coverage=1 --rc geninfo_no_exception_branch=1 --rc lcov_branch_coverage=1 -e full_coverage.info \ | |
'*/tools/svdconv/SVDConv/include/*' \ | |
'*/tools/svdconv/SVDConv/src/*' \ | |
'*/tools/svdconv/SVDGenerator/include/*' \ | |
'*/tools/svdconv/SVDGenerator/src/*' \ | |
'*/tools/svdconv/SVDModel/include/*' \ | |
'*/tools/svdconv/SVDModel/src/*' \ | |
-o coverage_svdconv.info | |
genhtml coverage_svdconv.info --output-directory coverage_svdconv --branch-coverage | |
working-directory: ./build/tools/svdconv | |
- name: Upload Report to Codecov | |
if: ${{ !github.event.repository.private }} | |
uses: Wandalen/wretry.action@ffdd254f4eaf1562b8a2c66aeaa37f1ff2231179 # v3.7.3 | |
with: | |
action: codecov/codecov-action@v4 | |
with: | | |
files: ./build/tools/svdconv/coverage_svdconv.info | |
fail_ci_if_error: true | |
flags: svdconv-cov | |
token: ${{ secrets.CODECOV_TOKEN }} | |
verbose: true | |
attempt_limit: 3 | |
attempt_delay: 5000 | |
- name: Archive coverage report | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: coverage-report-svdconv | |
path: | | |
./build/tools/svdconv/coverage_svdconv/ | |
./build/tools/svdconv/coverage_svdconv.info | |
retention-days: ${{ steps.var.outputs.retention_days }} | |
if-no-files-found: error | |
release: | |
if: | | |
github.event_name == 'release' && | |
startsWith(github.ref, 'refs/tags/tools/svdconv/') | |
needs: [ build, test, coverage ] | |
runs-on: ubuntu-22.04 | |
timeout-minutes: 15 | |
steps: | |
- name: Checkout devtools | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- name: Create distribution folders | |
run: | | |
mkdir -p tools/svdconv/distribution/ | |
- name: Download coverage report | |
uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 | |
with: | |
name: coverage-report-svdconv | |
path: tools/svdconv/distribution/coverage/ | |
- name: Zip distribution folder | |
run: zip -r svdconv.zip * | |
working-directory: tools/svdconv/distribution | |
- name: Attach zip archive to release assets | |
uses: svenstaro/upload-release-action@04733e069f2d7f7f0b4aebc4fbdbce8613b03ccd # v2 | |
with: | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
file: tools/svdconv/distribution/svdconv.zip | |
tag: ${{ github.ref }} | |
overwrite: true | |
asset_name: svdconv.zip | |
test-results-preparation: | |
name: "Publish Tests Results" | |
needs: [ test ] | |
runs-on: ubuntu-22.04 | |
steps: | |
- name: Harden Runner | |
if: ${{ !github.event.repository.private }} | |
uses: step-security/harden-runner@c95a14d0e5bab51a9f56296a4eb0e416910cd350 # v2.10.3 | |
with: | |
egress-policy: audit | |
- name: Event File | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
with: | |
name: Event File svdconv | |
path: ${{ github.event_path }} |