security: bump actions/upload-artifact from 4 to 6 #183
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Test, Build and Test - MAIN | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| branches: | |
| - main | |
| jobs: | |
| Testing_Code_Quality: | |
| runs-on: ubuntu-latest | |
| steps: | |
| # Checkout | |
| - name: Checkout | |
| uses: actions/checkout@v5 | |
| with: | |
| submodules: true | |
| #instalando dependencias das libraries | |
| - name: Installing Dependencies | |
| run: | | |
| sudo apt-get update && sudo apt-get install build-essential | |
| sudo apt install cmake -y | |
| sudo apt install clang-18 clang-tidy-18 clang-format ninja-build -y | |
| # Add security analysis tools for enterprise-grade scanning | |
| sudo apt install cppcheck valgrind -y | |
| sudo add-apt-repository ppa:pistache+team/unstable && sudo apt update && sudo apt install libpistache-dev | |
| sudo apt-get update && sudo apt-get install libcurl4 libcurl4-openssl-dev libpoco-dev libmysqlcppconn-dev -y | |
| sudo apt install libgtest-dev googletest -y | |
| sudo apt install redis-server redis-tools -y | |
| sudo sed -i 's/^supervised no/supervised systemd/g' /etc/redis/redis.conf | |
| sudo systemctl restart redis-server | |
| - name: Setup cmake | |
| uses: jwlawson/[email protected] | |
| with: | |
| cmake-version: '3.16.x' | |
| - name: Mkdir build | |
| run: | | |
| mkdir -p build | |
| - name: Cache build | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${{github.workspace}}/build | |
| key: ${{ runner.os }}-build | |
| restore-keys: ${{ runner.os }}-build | |
| - name: Build project | |
| run: | | |
| export CC=$(which clang-18) | |
| export CXX=$(which clang++-18) | |
| export CURRENT_SOURCE_DIR=$(pwd) | |
| mkdir -p build && cd build | |
| export CURRENT_BUILD_DIR=$(pwd) | |
| # Enhanced security build flags for enterprise-grade security | |
| cmake .. -G Ninja \ | |
| -DCMAKE_CXX_FLAGS="-Wall -Wextra -fstack-protector-strong -D_FORTIFY_SOURCE=3 -fPIE" \ | |
| -DCMAKE_EXE_LINKER_FLAGS="-pie -Wl,-z,relro,-z,now" | |
| cmake --build . --config Debug --target all -j $(nproc) -- | |
| - name: Security Analysis - cppcheck | |
| run: | | |
| cd build | |
| # Run cppcheck with security-focused analysis | |
| cppcheck --enable=all --error-exitcode=1 --xml --xml-version=2 \ | |
| --suppress=missingIncludeSystem --suppress=unmatchedSuppression \ | |
| --suppress=unusedFunction --check-config \ | |
| --std=c++20 --platform=unix64 \ | |
| ../src/ 2> cppcheck-results.xml || true | |
| # Parse and display critical security findings | |
| if [ -f cppcheck-results.xml ]; then | |
| echo "=== Security Analysis Results (cppcheck) ===" | |
| grep -E "(error|warning)" cppcheck-results.xml | head -20 || echo "No critical issues found" | |
| echo "=============================================" | |
| fi | |
| - name: Security Analysis - Enhanced clang-tidy | |
| run: | | |
| cd build | |
| # Run enhanced clang-tidy with security focus | |
| echo "=== Running enhanced security-focused clang-tidy ===" | |
| find ../src -name "*.cpp" -o -name "*.hpp" | head -10 | \ | |
| xargs clang-tidy-18 --config-file=../.clang-tidy \ | |
| -p . --format-style=file || true | |
| echo "====================================================" | |
| - name: Test project | |
| run: | | |
| export CC=$(which clang-18) | |
| export CXX=$(which clang++-18) | |
| cd build | |
| ctest -j 20 -C Debug -T test --output-on-failure |