forked from Stullemon/emulemorph
-
Notifications
You must be signed in to change notification settings - Fork 0
Update github workflows #14
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Closed
Closed
Changes from all commits
Commits
Show all changes
6 commits
Select commit
Hold shift + click to select a range
5985c44
Add comprehensive GitHub Actions workflows for build, security, and q…
Copilot 262f217
Add comprehensive workflow documentation (WORKFLOWS.md)
Copilot 03e0612
Fix security: Add explicit permissions to all workflow jobs
Copilot b88797b
Configure workflows to use latest Visual Studio with MFC/ATL support
Copilot 3d93fc7
Update .github/workflows/security-scan.yml
Mika3578 cf3ffb3
Fix MFC/ATL installation and address reviewer comments
Copilot File filter
Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
There are no files selected for viewing
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,213 @@ | ||
| # GitHub Actions Workflows | ||
|
|
||
| This directory contains GitHub Actions workflows for automated building, testing, and security scanning of the eMule MorphXT project. | ||
|
|
||
| ## Workflows | ||
|
|
||
| ### 🔨 Build (`build.yml`) | ||
| **Triggers:** Push to main/master/develop, Pull Requests, Manual dispatch | ||
|
|
||
| Builds the eMule project using MSBuild on Windows runners. | ||
|
|
||
| **Features:** | ||
| - Builds both Debug and Release configurations | ||
| - Supports Win32 platform | ||
| - Automatically checks out and initializes git submodules | ||
| - Uploads Release build artifacts (executables, DLLs, PDBs) | ||
| - Provides build summary with file sizes | ||
|
|
||
| **Matrix Strategy:** | ||
| - Configuration: `Release`, `Debug` | ||
| - Platform: `Win32` | ||
|
|
||
| ### 🔒 CodeQL Security Scan (`codeql.yml`) | ||
| **Triggers:** Push to main/master/develop, Pull Requests, Weekly schedule (Mondays), Manual dispatch | ||
|
|
||
| Performs deep security analysis on C++ code using GitHub's CodeQL. | ||
|
|
||
| **Features:** | ||
| - Analyzes C++ code for security vulnerabilities | ||
| - Uses extended security queries | ||
| - Excludes test and build directories | ||
| - Results appear in the Security tab | ||
| - Builds the project to ensure comprehensive analysis | ||
|
|
||
| **Configuration:** | ||
| - Language: C++ | ||
| - Queries: Security Extended + Security and Quality | ||
| - Schedule: Weekly on Mondays at midnight UTC | ||
|
|
||
| ### 📦 Dependency Review (`dependency-review.yml`) | ||
| **Triggers:** Pull Requests only | ||
|
|
||
| Reviews dependencies for known security vulnerabilities. | ||
|
|
||
| **Features:** | ||
| - Scans for vulnerable dependencies | ||
| - Fails on moderate severity or higher | ||
| - Posts summary comments on pull requests | ||
| - Checks all git submodules | ||
|
|
||
| **Configuration:** | ||
| - Severity threshold: Moderate | ||
| - Includes submodule dependencies | ||
|
|
||
| ### ✅ Code Quality Check (`code-quality.yml`) | ||
| **Triggers:** Push to main/master/develop, Pull Requests, Manual dispatch | ||
|
|
||
| Performs static analysis and code quality checks. | ||
|
|
||
| **Features:** | ||
| - Runs Visual Studio Code Analysis with NativeRecommendedRules | ||
| - Counts source files and generates statistics | ||
| - Checks for TODO/FIXME/HACK comments | ||
| - Detects hardcoded paths | ||
| - Validates git submodule configuration | ||
| - Posts detailed summary to workflow run | ||
|
|
||
| **Analysis Includes:** | ||
| - Static code analysis | ||
| - Code metrics and statistics | ||
| - Common code smell detection | ||
| - Submodule health check | ||
|
|
||
| ### 🛡️ Security Scan (`security-scan.yml`) | ||
| **Triggers:** Push to main/master/develop, Pull Requests, Weekly schedule (Sundays), Manual dispatch | ||
|
|
||
| Comprehensive security vulnerability scanning using Trivy. | ||
|
|
||
| **Features:** | ||
| - Filesystem-based security scanning | ||
| - Detects vulnerabilities in dependencies | ||
| - Uploads results to GitHub Security tab | ||
| - License compliance check | ||
| - Lists all project dependencies | ||
|
|
||
| **Configuration:** | ||
| - Scanner: Trivy | ||
| - Severity levels: Critical, High, Medium | ||
| - Schedule: Weekly on Sundays at midnight UTC | ||
| - Includes license file detection | ||
|
|
||
| ## Dependencies | ||
|
|
||
| The project uses the following git submodules as dependencies: | ||
|
|
||
| - **cryptopp** - Crypto++ cryptographic library | ||
| - **zlib** - Data compression library | ||
| - **libpng** - PNG image library | ||
| - **id3lib** - ID3 tag manipulation library | ||
| - **pupnp** - Portable UPnP library | ||
| - **pthreads** - POSIX threads implementation for Windows | ||
|
|
||
| All workflows automatically initialize and update these submodules. | ||
|
|
||
| ## Build Requirements | ||
|
|
||
| ### Windows Build Environment | ||
| - Windows Server (latest) | ||
| - MSBuild (via microsoft/setup-msbuild) | ||
| - Visual Studio Developer Command Prompt | ||
| - NuGet package manager | ||
| - Platform Toolset: v142 (Visual Studio 2019+) | ||
|
|
||
| ### Configuration Options | ||
| - **Debug**: Development build with debugging symbols | ||
| - **Release**: Optimized production build | ||
| - **Beta**: Pre-release build configuration | ||
|
|
||
| ## Workflow Permissions | ||
|
|
||
| Workflows require the following permissions: | ||
|
|
||
| - **actions**: read - To access workflow artifacts | ||
| - **contents**: read - To checkout repository code | ||
| - **security-events**: write - To upload security scan results | ||
| - **pull-requests**: write - To post PR comments (dependency review) | ||
|
|
||
| ## Viewing Results | ||
|
|
||
| ### Build Artifacts | ||
| Build artifacts (executables, DLLs, debug symbols) are available: | ||
| 1. Navigate to the Actions tab | ||
| 2. Select the Build workflow run | ||
| 3. Download artifacts from the Artifacts section | ||
|
|
||
| ### Security Scan Results | ||
| Security vulnerabilities are reported in: | ||
| 1. **Security Tab** → Code scanning alerts | ||
| 2. Workflow run summaries | ||
| 3. Pull request comments (for dependency issues) | ||
|
|
||
| ### Code Quality Reports | ||
| Code quality metrics appear in: | ||
| 1. Workflow run summaries | ||
| 2. Job step outputs | ||
| 3. Build logs | ||
|
|
||
| ## Customization | ||
|
|
||
| ### Adjusting Build Configuration | ||
|
|
||
| To modify build settings, edit `build.yml`: | ||
| ```yaml | ||
| matrix: | ||
| configuration: [Release, Debug, Beta] # Add or remove configurations | ||
| platform: [Win32, x64] # Add x64 if needed | ||
| ``` | ||
|
|
||
| ### Changing Scan Schedules | ||
|
|
||
| To adjust security scan frequency, modify the cron expressions: | ||
| ```yaml | ||
| schedule: | ||
| - cron: '0 0 * * 1' # Change day/time as needed | ||
| ``` | ||
|
|
||
| ### Security Severity Levels | ||
|
|
||
| To adjust security thresholds, edit the respective workflow: | ||
| ```yaml | ||
| severity: 'CRITICAL,HIGH,MEDIUM,LOW' # Add/remove levels | ||
| fail-on-severity: moderate # Change threshold | ||
| ``` | ||
|
|
||
| ## Troubleshooting | ||
|
|
||
| ### Build Failures | ||
| 1. Check that all submodules are properly initialized | ||
| 2. Verify Visual Studio platform toolset version | ||
| 3. Review MSBuild error messages in workflow logs | ||
|
|
||
| ### CodeQL Timeout | ||
| If CodeQL analysis times out: | ||
| 1. Increase timeout in workflow (default: 360 minutes) | ||
| 2. Reduce code analysis scope if needed | ||
|
|
||
| ### Missing Dependencies | ||
| If builds fail due to missing dependencies: | ||
| 1. Ensure submodules are properly configured in `.gitmodules` | ||
| 2. Verify NuGet packages are restored correctly | ||
|
|
||
| ## Manual Workflow Execution | ||
|
|
||
| All workflows support manual dispatch via the GitHub Actions UI: | ||
| 1. Go to Actions tab | ||
| 2. Select the desired workflow | ||
| 3. Click "Run workflow" | ||
| 4. Choose branch and click "Run workflow" | ||
|
|
||
| ## Contributing | ||
|
|
||
| When adding new workflow files: | ||
| 1. Validate YAML syntax before committing | ||
| 2. Test workflows on a feature branch first | ||
| 3. Document any new configurations in this README | ||
| 4. Follow existing naming conventions | ||
|
|
||
| ## Additional Resources | ||
|
|
||
| - [GitHub Actions Documentation](https://docs.github.com/en/actions) | ||
| - [MSBuild Reference](https://docs.microsoft.com/en-us/visualstudio/msbuild/) | ||
| - [CodeQL Documentation](https://codeql.github.com/docs/) | ||
| - [Trivy Documentation](https://aquasecurity.github.io/trivy/) |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,85 @@ | ||
| name: Build | ||
|
|
||
| on: | ||
| push: | ||
| branches: [ main, master, develop ] | ||
| pull_request: | ||
| branches: [ main, master, develop ] | ||
| workflow_dispatch: | ||
|
|
||
| jobs: | ||
| build: | ||
| runs-on: windows-latest | ||
| permissions: | ||
| contents: read | ||
| actions: write | ||
|
|
||
| strategy: | ||
| fail-fast: false | ||
| matrix: | ||
| configuration: [Release, Debug] | ||
| platform: [Win32] | ||
|
|
||
| steps: | ||
| - name: Checkout code | ||
| uses: actions/checkout@v4 | ||
| with: | ||
| submodules: recursive | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Setup Visual Studio with MFC/ATL | ||
| uses: microsoft/setup-msbuild@v2 | ||
| with: | ||
| msbuild-architecture: x86 | ||
| vs-version: 'latest' | ||
|
|
||
| - name: Install Visual Studio MFC/ATL Components | ||
| shell: pwsh | ||
| run: | | ||
| # Install MFC and ATL components required for building eMule | ||
| Write-Host "Installing Visual Studio MFC and ATL components..." | ||
| choco install visualstudio2022-workload-vctools --package-parameters "--add Microsoft.VisualStudio.Component.VC.ATL --add Microsoft.VisualStudio.Component.VC.ATLMFC" -y | ||
|
|
||
| # Verify installation | ||
| $vsPath = & "C:\Program Files (x86)\Microsoft Visual Studio\Installer\vswhere.exe" -latest -property installationPath | ||
| Write-Host "Visual Studio Path: $vsPath" | ||
| if (Test-Path "$vsPath\VC\Tools\MSVC") { | ||
| $mfcPath = Get-ChildItem "$vsPath\VC\Tools\MSVC" -Directory | Select-Object -Last 1 | ||
| Write-Host "MFC/ATL installed at: $mfcPath" | ||
| } | ||
|
|
||
| - name: Setup Visual Studio Developer Environment | ||
| uses: ilammy/msvc-dev-cmd@v1 | ||
| with: | ||
| arch: x86 | ||
| vsversion: 'latest' | ||
|
|
||
| - name: Restore NuGet packages | ||
| working-directory: ${{github.workspace}}/srchybrid | ||
| run: nuget restore emule.sln | ||
|
|
||
| - name: Build Solution | ||
| working-directory: ${{github.workspace}}/srchybrid | ||
| run: msbuild /m /p:Configuration=${{matrix.configuration}} /p:Platform=${{matrix.platform}} emule.sln | ||
|
|
||
| - name: Upload Build Artifacts | ||
| if: matrix.configuration == 'Release' | ||
| uses: actions/upload-artifact@v4 | ||
| with: | ||
| name: emule-${{matrix.platform}}-${{matrix.configuration}} | ||
| path: | | ||
| srchybrid/${{matrix.configuration}}/*.exe | ||
| srchybrid/${{matrix.configuration}}/*.dll | ||
| srchybrid/${{matrix.configuration}}/*.pdb | ||
| retention-days: 30 | ||
|
|
||
| - name: Build Summary | ||
| if: always() | ||
| run: | | ||
| echo "### Build Complete :rocket:" >> $env:GITHUB_STEP_SUMMARY | ||
| echo "Configuration: ${{matrix.configuration}}" >> $env:GITHUB_STEP_SUMMARY | ||
| echo "Platform: ${{matrix.platform}}" >> $env:GITHUB_STEP_SUMMARY | ||
| if (Test-Path "srchybrid/${{matrix.configuration}}/emule.exe") { | ||
| $fileInfo = Get-Item "srchybrid/${{matrix.configuration}}/emule.exe" | ||
| echo "Executable Size: $([math]::Round($fileInfo.Length / 1MB, 2)) MB" >> $env:GITHUB_STEP_SUMMARY | ||
| } | ||
Oops, something went wrong.
Oops, something went wrong.
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Uh oh!
There was an error while loading. Please reload this page.