.github/workflows/build.yml

name: Build

on:
  push:
    branches: main
  pull_request:
    branches: main

permissions: read-all

jobs:
  dependabot-merge:
    name: Merge Dependabot
    runs-on: ubuntu-latest
    needs: []
    steps:
    - uses: ahmadnassri/action-dependabot-auto-merge@45fc124d949b19b6b8bf6645b6c9d55f4f9ac61a
      if: ${{ github.event_name == 'pull_request' }}
      with:
        target: minor
        github-token: ${{ secrets.GITHUB_TOKEN }}
  build:
    strategy:
      fail-fast: false
      matrix:
        os: [ubuntu, windows]
        arch: [x86, x64, arm64]
        tls: [schannel, openssl]
        link: [static, shared]
        exclude:
        - os: ubuntu
          tls: schannel
        - os: ubuntu
          arch: x86
    permissions:
      # required for all workflows
      security-events: write
      # required to fetch internal or private CodeQL packs
      packages: read
      # only required for workflows in private repositories
      actions: read
      contents: read
    name: Build
    runs-on: ${{ matrix.os }}-latest
    steps:
    - name: Harden Runner
      uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f
      with:
        egress-policy: audit
    - name: Checkout repository
      uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683
      with:
        submodules: 'recursive'
    - name: Install Perl
      if: runner.os == 'Windows'
      uses: shogo82148/actions-setup-perl@98dfedee230bcf1ee68d5b021931fc8d63f2016e
      with:
        perl-version: '5.34'
    - name: Install NASM
      if: runner.os == 'Windows'
      uses: ilammy/setup-nasm@13cbeb366c45c4379d3478cdcbadd8295feb5028
    - name: Install libnuma-dev
      if: runner.os == 'Ubuntu'
      run: sudo apt-get install -y libnuma-dev
    - name: Initialize CodeQL
      if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
      uses: github/codeql-action/init@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
      with:
        languages: c-cpp
        build-mode: manual
    - name: Build
      shell: pwsh
      run: ./build.ps1 -Arch ${{ matrix.arch }} -Tls ${{ matrix.tls }} -Link ${{ matrix.link }} -Install -BuildInstaller -Debug
    - name: Perform CodeQL Analysis
      if: ${{ (matrix.os == 'ubuntu') && (matrix.arch == 'x64') && (matrix.link == 'shared') }}
      uses: github/codeql-action/analyze@48ab28a6f5dbc2a99bf1e0131198dd8f1df78169
      with:
        category: "/language:c-cpp"
        output: sarif-results
        upload: failure-only
    - name: filter-sarif
      uses: advanced-security/filter-sarif@v1
      with:
        patterns: -msquic/**
        input: sarif-results/cpp.sarif
        output: sarif-results/cpp.sarif
    - name: Upload SARIF
      uses: github/codeql-action/upload-sarif@v3
      with:
        sarif_file: sarif-results/java.sarif
    - name: Upload loc as a Build Artifact
      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
      with:
        name: sarif-results
        path: sarif-results
    - name: Upload
      uses: actions/upload-artifact@6f51ac03b9356f520e9adb1b1b7802705f340c2b
      with:
        name: bin-${{ matrix.os }}-${{ matrix.arch }}-${{ matrix.tls }}-${{ matrix.link }}
        path: |
          build/bin/**/*.so
          build/bin/**/*.dll
          build/bin/**/quicreach
          build/bin/**/quicreach.exe
          build/bin/**/quicreach.msi
    - name: Test (Linux)
      if: runner.os == 'Linux'
      run: /usr/local/lib/quicreach outlook-evergreen.office.com,www.cloudflare.com,www.google.com --req-all --stats
    - name: Test (Windows, x64)
      if: ${{ runner.os == 'Windows' && matrix.arch == 'x64' }}
      run: |
        & 'C:/Program Files/quicreach/lib/quicreach' outlook-evergreen.office.com,www.cloudflare.com,www.google.com --req-all --stats
    - name: Test (Windows, x86)
      if: ${{ runner.os == 'Windows' && matrix.arch == 'x86' }}
      run: |
        & 'C:/Program Files (x86)/quicreach/lib/quicreach' outlook-evergreen.office.com,www.cloudflare.com,www.google.com --req-all --stats
  Complete:
    name: Complete
    if: always()
    needs: [build]
    runs-on: ubuntu-latest
    permissions: {} # No need for any permissions.
    steps:
    - name: Decide whether the needed jobs succeeded or failed
      uses: re-actors/alls-green@05ac9388f0aebcb5727afa17fcccfecd6f8ec5fe
      with:
        jobs: ${{ toJSON(needs) }}