diff --git a/.devcontainer/Dockerfile b/.devcontainer/Dockerfile index d032aa4..be1e6a1 100644 --- a/.devcontainer/Dockerfile +++ b/.devcontainer/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 AS build +FROM ubuntu:24.04@sha256:e3f92abc0967a6c19d0dfa2d55838833e947b9d74edbcb0113e48535ad4be12a AS build ENV LC_ALL=C.UTF-8 ENV LANG=C.UTF-8 @@ -7,7 +7,7 @@ ENV LANGUAGE=en_US RUN \ export DEBIAN_FRONTEND=noninteractive && \ apt-get update && \ - apt-get install -y --no-install-recommends bash sudo ca-certificates wget file cmake git make pkgconf valgrind autoconf automake libtool m4 ninja-build && \ + apt-get install -y --no-install-recommends bash sudo ca-certificates wget file cmake git make pkgconf valgrind autoconf automake libtool m4 ninja-build jq less && \ rm -rf /var/lib/apt/lists/* /var/cache/apt/archives/* RUN \ @@ -32,8 +32,6 @@ RUN \ echo "ubuntu ALL=(root) NOPASSWD:ALL" > "/etc/sudoers.d/ubuntu" && \ chmod 0440 "/etc/sudoers.d/ubuntu" -RUN sudo npm i -g @microsoft/sarif-multitool - WORKDIR /usr/src RUN \ diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json index e011af1..c73266b 100644 --- a/.devcontainer/devcontainer.json +++ b/.devcontainer/devcontainer.json @@ -7,14 +7,16 @@ "customizations": { "vscode": { "extensions": [ + "akiramiyakoda.cppincludeguard", + "github.copilot", + "GitHub.copilot-chat", + "github.vscode-github-actions", + "ms-azuretools.vscode-docker", "ms-vscode.cmake-tools", "ms-vscode.cpptools", - "github.copilot", - "akiramiyakoda.cppincludeguard", - "SonarSource.sonarlint-vscode", "ms-vscode.cpptools-extension-pack", - "xaver.clang-format", - "GitHub.copilot-chat" + "SonarSource.sonarlint-vscode", + "xaver.clang-format" ], "settings": { "sonarlint.ls.javaHome": "/usr/lib/jvm/java-21-openjdk-amd64", diff --git a/.github/actions/install-dependencies/action.yml b/.github/actions/install-dependencies/action.yml index 07b2e34..42993c9 100644 --- a/.github/actions/install-dependencies/action.yml +++ b/.github/actions/install-dependencies/action.yml @@ -15,12 +15,8 @@ runs: run: | wget https://apt.llvm.org/llvm.sh chmod +x ./llvm.sh - sudo ./llvm.sh 17 - sudo apt-get install -y clang-tools-17 - - - name: Install sarif-multitool - shell: bash - run: npm i -g @microsoft/sarif-multitool + sudo ./llvm.sh 18 + sudo apt-get install -y clang-tools-18 - name: Set up ccache uses: hendrikmuhs/ccache-action@c92f40bee50034e84c763e33b317c77adaa81c92 # v1.2.13 diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 1922f98..e216eff 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -25,14 +25,14 @@ jobs: language: - c-cpp env: - CC: clang-17 - CXX: clang++-17 + CC: clang-18 + CXX: clang++-18 steps: - name: Check out code uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Initialize CodeQL - uses: github/codeql-action/init@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/init@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: languages: ${{ matrix.language }} @@ -45,6 +45,6 @@ jobs: cmake --build build - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/analyze@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml index 971c668..b81999e 100644 --- a/.github/workflows/docker.yml +++ b/.github/workflows/docker.yml @@ -34,7 +34,7 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: Login to GHCR - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 + uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 with: registry: https://ghcr.io username: ${{ github.actor }} diff --git a/.github/workflows/lint.yml b/.github/workflows/lint.yml index a50727f..22f5647 100644 --- a/.github/workflows/lint.yml +++ b/.github/workflows/lint.yml @@ -23,7 +23,7 @@ jobs: uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - name: clang-format Check - uses: jidicula/clang-format-action@f62da5e3d3a2d88ff364771d9d938773a618ab5e # v4.11.0 + uses: jidicula/clang-format-action@c74383674bf5f7c69f60ce562019c1c94bc1421a # v4.13.0 with: - clang-format-version: 17 + clang-format-version: 18 check-path: src diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index cad52c7..2313f76 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -14,8 +14,8 @@ jobs: runs-on: ubuntu-latest env: BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory - CC: clang-17 - CXX: clang++-17 + CC: clang-18 + CXX: clang++-18 steps: - name: Check out code uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 54c84fa..d4c63b1 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -20,10 +20,10 @@ jobs: contents: read security-events: write env: - CC: clang-17 - CXX: clang++-17 - CCC_CC: clang-17 - CCC_CXX: clang++-17 + CC: clang-18 + CXX: clang++-18 + CCC_CC: clang-18 + CCC_CXX: clang++-18 DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1 SCANBUILD_DIR: /tmp/scanbuild steps: @@ -35,16 +35,25 @@ jobs: - name: Run analysis run: | - scan-build-17 cmake -B build - scan-build-17 --force-analyze-debug-code -sarif --status-bugs -no-failure-reports -o "${SCANBUILD_DIR}" --exclude build cmake --build build + scan-build-18 cmake -B build + scan-build-18 --force-analyze-debug-code -sarif --status-bugs -no-failure-reports -o "${SCANBUILD_DIR}" --exclude build cmake --build build continue-on-error: true id: scanbuild - - name: Merge SARIF reports - run: sarif-multitool merge "${{ env.SCANBUILD_DIR }}/" --recurse --output-directory=/tmp --output-file=scan-build.sarif + - name: Merge reports + run: | + pip install sarif-tools + sarif copy --output /tmp/merged.sarif "${SCANBUILD_DIR}/**/*.sarif" + jq 'del(.runs[].conversion)' /tmp/merged.sarif > /tmp/scan-build.sarif + if [ $(jq '[.runs[].results | length] | add' /tmp/scan-build.sarif) -gt 0 ]; then + exit 1 + fi + exit 0 + id: merge + continue-on-error: true - name: Upload scan results - uses: github/codeql-action/upload-sarif@9fdb3e49720b44c48891d036bb502feb25684276 # v3.25.6 + uses: github/codeql-action/upload-sarif@2e230e8fe0ad3a14a340ad0815ddb96d599d2aff # v3.25.8 with: sarif_file: /tmp/scan-build.sarif category: scanbuild @@ -52,4 +61,4 @@ jobs: - name: Set exit code run: exit 1 - if: steps.scanbuild.outcome == 'failure' + if: steps.scanbuild.outcome == 'failure' || steps.merge.outcome == 'failure' diff --git a/.github/workflows/test.yml b/.github/workflows/test.yml new file mode 100644 index 0000000..cb27fab --- /dev/null +++ b/.github/workflows/test.yml @@ -0,0 +1,19 @@ +name: Interesting Test + +on: + pull_request: + branches: + - master_clone + +permissions: + contents: read + +jobs: + test: + name: Run tests + runs-on: ubuntu-latest + permissions: + contents: read + steps: + - name: Run test + run: exit 0 diff --git a/Dockerfile b/Dockerfile index 3019197..102f80c 100644 --- a/Dockerfile +++ b/Dockerfile @@ -1,4 +1,4 @@ -FROM ubuntu:24.04@sha256:3f85b7caad41a95462cf5b787d8a04604c8262cdcdf9a472b8c52ef83375fe15 AS build +FROM ubuntu:24.04@sha256:e3f92abc0967a6c19d0dfa2d55838833e947b9d74edbcb0113e48535ad4be12a AS build ENV DEBIAN_FRONTEND=noninteractive @@ -16,6 +16,6 @@ RUN \ cmake --build build && \ strip --strip-unneeded build/src/tfhttp -FROM cgr.dev/chainguard/glibc-dynamic:latest@sha256:6dff3d81e2edaa0ef48ea87b808c34c4b24959169d9ad317333bdda4ec3c4002 +FROM cgr.dev/chainguard/glibc-dynamic:latest@sha256:31073f3a1add4bfc3ce4ee474ee171bf9dcc9799a468a39c8180c45ddf11c883 COPY --from=build /app/build/src/tfhttp /tfhttp ENTRYPOINT ["/tfhttp"] diff --git a/Dockerfile.alpine b/Dockerfile.alpine index 66b2f4c..744be1f 100644 --- a/Dockerfile.alpine +++ b/Dockerfile.alpine @@ -1,12 +1,12 @@ FROM alpine:3.20.0@sha256:77726ef6b57ddf65bb551896826ec38bc3e53f75cdde31354fbffb4f25238ebd AS build -RUN apk add --no-cache cmake make libc-dev clang17 git file libev-dev ada-static ada-dev sqlite-dev sqlite-static sqlite3pp nlohmann-json libressl-dev +RUN apk add --no-cache cmake make libc-dev clang18 git file libev-dev ada-static ada-dev sqlite-dev sqlite-static sqlite3pp nlohmann-json libressl-dev WORKDIR / COPY . /app WORKDIR /app RUN \ - cmake -B build -DCMAKE_BUILD_TYPE=Release -DBUILD_STATIC_BINARY=on && \ + cmake -B build -DCMAKE_BUILD_TYPE=Release -DBUILD_STATIC_BINARY=on -DCMAKE_CXX_COMPILER=clang++-18 -DCMAKE_C_COMPILER=clang-18 && \ cmake --build build && \ strip --strip-unneeded build/src/tfhttp diff --git a/README.md b/README.md index 8d5f717..20d33ec 100644 --- a/README.md +++ b/README.md @@ -58,3 +58,7 @@ terraform { ``` ([More details](https://developer.hashicorp.com/terraform/language/settings/backends/http#configuration-variables)). + +------ + +