fix: resolve Dependabot security vulnerabilities in extension and cli #370
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: ProXPL CI | |
| on: | |
| push: | |
| branches: [ main, develop ] | |
| pull_request: | |
| branches: [ main, develop ] | |
| permissions: | |
| contents: read | |
| env: | |
| BUILD_TYPE: Release | |
| jobs: | |
| build: | |
| name: Build on ${{ matrix.os }} | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| os: [ubuntu-latest, windows-latest, macos-latest] | |
| include: | |
| - os: ubuntu-latest | |
| bin_path: | | |
| build/proxpl | |
| build/prm | |
| - os: macos-latest | |
| bin_path: | | |
| build/proxpl | |
| build/prm | |
| - os: windows-latest | |
| bin_path: build/ProXPL_Installer_*.exe | |
| steps: | |
| - name: Checkout source | |
| uses: actions/checkout@v4 | |
| - name: Install LLVM (Ubuntu) | |
| if: matrix.os == 'ubuntu-latest' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y llvm-dev libclang-dev clang | |
| - name: Install LLVM (macOS) | |
| if: matrix.os == 'macos-latest' | |
| run: | | |
| brew install llvm | |
| echo "CMAKE_PREFIX_PATH=$(brew --prefix llvm)" >> $GITHUB_ENV | |
| - name: Set up LLVM (Windows) | |
| if: matrix.os == 'windows-latest' | |
| shell: pwsh | |
| run: ./scripts/setup_llvm_windows.ps1 | |
| - name: Configure (Unix) | |
| if: matrix.os != 'windows-latest' | |
| shell: bash | |
| run: | | |
| cmake -S . -B build \ | |
| -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE }} \ | |
| -DBUILD_TESTS=ON \ | |
| -DBUILD_BENCH=OFF | |
| - name: Configure (Windows) | |
| if: matrix.os == 'windows-latest' | |
| shell: pwsh | |
| run: | | |
| Write-Host "LLVM_DIR is: $env:LLVM_DIR" | |
| Write-Host "LLVM_ROOT is: $env:LLVM_ROOT" | |
| Write-Host "CMAKE_PREFIX_PATH is: $env:CMAKE_PREFIX_PATH" | |
| cmake -S . -B build ` | |
| -G "Visual Studio 17 2022" -A x64 ` | |
| -DLLVM_DIR="$env:LLVM_DIR" ` | |
| -DCMAKE_PREFIX_PATH="$env:LLVM_ROOT" ` | |
| -DCMAKE_BUILD_TYPE=${{ env.BUILD_TYPE }} ` | |
| -DBUILD_TESTS=ON ` | |
| -DBUILD_BENCH=OFF | |
| - name: Build | |
| shell: bash | |
| run: cmake --build build --config Release --verbose | |
| - name: Run Tests | |
| shell: bash | |
| run: | | |
| cd build | |
| ctest -C Release --output-on-failure | |
| - name: Run Benchmarks | |
| shell: bash | |
| run: | | |
| if [ "${{ matrix.os }}" == "windows-latest" ]; then | |
| EXE_PATH="build/Release/proxpl.exe" | |
| else | |
| EXE_PATH="build/proxpl" | |
| fi | |
| echo "Running benchmarks with $EXE_PATH" | |
| python benchmarks/run_benchmarks.py --executable "$EXE_PATH" | |
| - name: Build Installer (Windows) | |
| if: matrix.os == 'windows-latest' | |
| shell: pwsh | |
| run: | | |
| choco install innosetup -y | |
| New-Item -ItemType Directory -Force -Path bin | |
| # Visual Studio puts Release binaries in build/Release/ | |
| Copy-Item "build/Release/proxpl.exe" -Destination "bin/" | |
| Copy-Item "build/Release/prm.exe" -Destination "bin/" | |
| # Copy any DLLs produced by the build (e.g. LLVM shared libs) | |
| Get-ChildItem "build/Release/*.dll" -ErrorAction SilentlyContinue | Copy-Item -Destination "bin/" | |
| iscc setup.iss | |
| - name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: ProXPL-v1.2.0-${{ matrix.os }} | |
| path: | | |
| ${{ matrix.bin_path }} | |
| examples/ |