Skip to content

Daily

Daily #16

---
name: Daily
permissions: read-all
on:
# Run on user request
workflow_dispatch:
inputs:
upload_sdl:
description: 'Trigger SDL Upload'
required: false
default: false
type: boolean
docker_opts:
description: 'extra options for docker build'
required: false
default: ''
type: string
# Run on schedule
schedule:
# daily at 8:00 UTC (1:00 MST)
- cron: '0 8 * * *'
concurrency:
# Cancel any existing jobs related to the target branch
group: nightly-ci-${{ github.ref || github.run_id }}
cancel-in-progress: true
jobs:
lint:
if: true
uses: ./.github/workflows/lint.yml
with:
docker_opts: ${{ inputs.docker_opts }}
scorecard:
if: true
uses: ./.github/workflows/scorecard.yml
hadolint:
if: true
uses: ./.github/workflows/hadolint.yml
with:
output_prefix: lib-
trivy:
if: true
uses: ./.github/workflows/trivy.yml
with:
output_prefix: lib-
ip-leak-scan:
if: true
name: IP Leak Scan
uses: ./.github/workflows/ipldt.yml
secrets: inherit
with:
output_prefix: lib-
docker_opts: ${{ inputs.docker_opts }}
source-malware-scan:
if: true
uses: ./.github/workflows/mcafee.yml
secrets: inherit
with:
output_prefix: lib-
docker_opts: ${{ inputs.docker_opts }}
coverity:
if: true
strategy:
fail-fast: false
matrix:
os:
- windows
- linux
uses: ./.github/workflows/coverity.yml
secrets: inherit
with:
os: ${{ matrix.os }}
output_prefix: lib-
extra_opts: --report
docker_opts: ${{ inputs.docker_opts }}
linux-build:
if: true
uses: ./.github/workflows/cmake.yml
with:
os: linux
build_type: release
artifact_name: linux-release-build
run_tests: true
no_artifacts: false
docker_opts: ${{ inputs.docker_opts }}
windows-build:
if: true
uses: ./.github/workflows/cmake.yml
with:
os: windows
build_type: release
artifact_name: windows-release-build
run_tests: true
no_artifacts: false
docker_opts: ${{ inputs.docker_opts }}
windows-malware-scan:
if: true
needs: [windows-build]
uses: ./.github/workflows/mcafee.yml
secrets: inherit
with:
artifact_name: windows-release-build
output_prefix: lib-
docker_opts: ${{ inputs.docker_opts }}
linux-malware-scan:
if: true
needs: [linux-build]
uses: ./.github/workflows/mcafee.yml
secrets: inherit
with:
artifact_name: linux-release-build
output_prefix: lib-
windows-sscb:
if: true
needs: [windows-build]
uses: ./.github/workflows/sscb.yml
with:
os: windows
artifact_name: windows-release-build
output_prefix: lib-
docker_opts: ${{ inputs.docker_opts }}
linux-sscb:
if: true
needs: [linux-build]
uses: ./.github/workflows/sscb.yml
with:
os: linux
artifact_name: linux-release-build
output_prefix: lib-
docker_opts: ${{ inputs.docker_opts }}
bdba:
if: true
needs:
- linux-build
- windows-build
uses: ./.github/workflows/bdba.yml
with:
output_prefix: lib-
version: ${{ github.ref_name }}
pattern: "*-release-build"
docker_opts: ${{ inputs.docker_opts }}
secrets: inherit
sdl:
if: ${{ github.event.inputs.upload_sdl == 'true' }}
needs:
- linux-build
- windows-build
- summary
- setup-variables
uses: ./.github/workflows/sdl.yml
with:
SUMMARY_ARTIFACT: lib-release-summary
label: ${{ needs.setup-variables.outputs.lib_version }}
SDLE_PROJECT: ${{vars.SDLE_ID}}
SDLE_USER: ${{vars.SDLE_API_USER}}
output_prefix: lib-
docker_opts: ${{ inputs.docker_opts }}
secrets:
SDLE_API_KEY: ${{ secrets.SDLE_API_KEY }}
# This job configures variables that are useful for other jobs. Other jobs
# that depend on this one can access the variables via
# needs.setup-variables.outputs.<variable-name>
setup-variables:
if: true
uses: ./.github/workflows/setup-variables.yml
secrets: inherit
ref-build:
if: true
needs: setup-variables
strategy:
fail-fast: false
matrix:
os:
- windows
- linux
uses: ./.github/workflows/cmake.yml
with:
os: ${{ matrix.os }}
build_type: release
artifact_name: ${{ matrix.os }}-ref-build
run_tests: false
no_artifacts: false
ref: ${{ needs.setup-variables.outputs.last_release_ref }}
docker_opts: ${{ inputs.docker_opts }}
diff-report:
if: true
needs: [linux-build, windows-build, ref-build]
strategy:
fail-fast: false
matrix:
os: [windows, linux]
uses: ./.github/workflows/diff.yml
with:
report_name: ${{ matrix.os }}-lib-diff-report
left: ${{ matrix.os }}-ref-build
right: ${{ matrix.os }}-release-build
linux-tools-build:
if: true
needs: [linux-build, setup-variables]
uses: ./.github/workflows/cmake.yml
with:
os: linux
build_type: release
artifact_name: linux-tools-build
run_tests: false
no_artifacts: false
repository: ${{ vars.TOOLS_REPO }}
ref: ${{ needs.setup-variables.outputs.tools_ref }}
dependent_artifact: linux-release-build
docker_opts: ${{ inputs.docker_opts }}
secrets:
token: ${{ secrets.TOOLS_REPO_TOKEN }}
windows-tools-build:
if: true
needs: [windows-build, setup-variables]
uses: ./.github/workflows/cmake.yml
with:
os: windows
build_type: release
artifact_name: windows-tools-build
run_tests: false
no_artifacts: false
repository: ${{ vars.TOOLS_REPO }}
ref: ${{ needs.setup-variables.outputs.tools_ref }}
dependent_artifact: windows-release-build
docker_opts: ${{ inputs.docker_opts }}
secrets:
token: ${{ secrets.TOOLS_REPO_TOKEN }}
windows-acceptance:
if: true
needs: [windows-build, windows-tools-build, setup-variables]
strategy:
fail-fast: false
matrix:
gpu:
- gen12.5
config:
- release
os:
- windows
uses: ./.github/workflows/acceptance.yml
secrets: inherit
with:
os: ${{ matrix.os }}
build_type: ${{ matrix.config }}
lib_artifact: ${{ matrix.os }}-${{ matrix.config }}-build
tools_artifact: windows-tools-build
gpu: ${{ matrix.gpu }}
distro_family: windows
distro_version: 11
test_ref: ${{ needs.setup-variables.outputs.test_ref }}
docker_opts: ${{ inputs.docker_opts }}
linux-acceptance:
if: true
needs: [linux-build, linux-tools-build, setup-variables]
strategy:
fail-fast: false
matrix:
gpu:
- gen12.5
distro:
- family: ubuntu
version: 22.04
config:
- release
os:
- linux
uses: ./.github/workflows/acceptance.yml
secrets: inherit
with:
os: ${{ matrix.os }}
build_type: ${{ matrix.config }}
lib_artifact: ${{ matrix.os }}-${{ matrix.config }}-build
tools_artifact: linux-tools-build
gpu: ${{ matrix.gpu }}
distro_family: ${{ matrix.distro.family }}
distro_version: ${{ matrix.distro.version }}
test_ref: ${{ needs.setup-variables.outputs.test_ref }}
docker_opts: ${{ inputs.docker_opts }}
distro-tests:
if: true
needs: [linux-build, linux-tools-build, setup-variables]
strategy:
fail-fast: false
matrix:
distro:
- family: rhel
version: 8.6
- family: sles
version: 15.4
gpu:
- gen12.5
os:
- linux
config:
- release
uses: ./.github/workflows/acceptance.yml
secrets: inherit
with:
os: ${{ matrix.os }}
build_type: ${{ matrix.config }}
lib_artifact: ${{ matrix.os }}-${{ matrix.config }}-build
tools_artifact: linux-tools-build
gpu: ${{ matrix.gpu }}
distro_family: ${{ matrix.distro.family }}
distro_version: ${{ matrix.distro.version }}
test_ref: ${{ needs.setup-variables.outputs.test_ref }}
docker_opts: ${{ inputs.docker_opts }}
debug-build:
if: true
strategy:
fail-fast: false
matrix:
os:
- windows
- linux
config:
- debug
uses: ./.github/workflows/cmake.yml
with:
os: ${{ matrix.os }}
build_type: ${{ matrix.config }}
artifact_name: ${{ matrix.os }}-${{ matrix.config }}-build
run_tests: true
docker_opts: ${{ inputs.docker_opts }}
tools-debug-build:
if: true
needs: [debug-build, setup-variables]
strategy:
fail-fast: false
matrix:
os:
- windows
- linux
uses: ./.github/workflows/cmake.yml
with:
os: ${{ matrix.os }}
build_type: debug
artifact_name: ${{ matrix.os }}-tools-debug-build
run_tests: false
no_artifacts: false
repository: ${{ vars.TOOLS_REPO }}
ref: ${{ needs.setup-variables.outputs.tools_ref }}
dependent_artifact: ${{ matrix.os }}-debug-build
docker_opts: ${{ inputs.docker_opts }}
secrets:
token: ${{ secrets.TOOLS_REPO_TOKEN }}
debug-acceptance:
if: true
needs:
- setup-variables
- debug-build
- tools-debug-build
strategy:
fail-fast: false
matrix:
os:
- windows
- linux
gpu:
- gen12.5
uses: ./.github/workflows/acceptance.yml
secrets: inherit
with:
os: ${{ matrix.os }}
build_type: debug
lib_artifact: ${{ matrix.os }}-debug-build
tools_artifact: ${{ matrix.os }}-tools-debug-build
gpu: ${{ matrix.gpu }}
distro_family: ${{ matrix.os == 'linux' && 'ubuntu' || 'windows' }}
distro_version: ${{ matrix.os == 'linux' && '22.04' || '11'}}
test_ref: ${{ needs.setup-variables.outputs.test_ref }}
docker_opts: ${{ inputs.docker_opts }}
experimental-off:
if: true
uses: ./.github/workflows/cmake.yml
strategy:
fail-fast: false
matrix:
os:
- windows
- linux
with:
os: ${{ matrix.os }}
build_type: release
run_tests: true
no_artifacts: true
configure_options: >-
-DBUILD_EXPERIMENTAL=OFF
docker_opts: ${{ inputs.docker_opts }}
linux-performance:
if: true
needs:
- linux-build
- ref-build
uses: ./.github/workflows/performance.yml
with:
image: ${{ vars.PERF_DOCKER_IMAGE }}
ref_lib_artifact: linux-ref-build
lib_artifact: linux-release-build
artifact_name: linux-performance
summary:
if: "always()"
needs:
- hadolint
- trivy
- ip-leak-scan
- source-malware-scan
- coverity
- windows-malware-scan
- linux-malware-scan
- windows-sscb
- linux-sscb
- bdba
- diff-report
- windows-acceptance
- linux-acceptance
- distro-tests
- linux-performance
uses: ./.github/workflows/summary.yml
with:
output_prefix: lib-