Some Lil changes here #79
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # .github/workflows/ci.yml | |
| name: CI Pipeline | |
| on: | |
| push: | |
| branches: [ main ] | |
| tags: [ 'v*.*.*' ] | |
| pull_request: | |
| branches: [ main ] | |
| jobs: | |
| build: | |
| name: Build Code | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Install Dependencies | |
| run: sudo apt-get update && sudo apt-get install -y build-essential cmake clang cppcheck | |
| - name: Clean build directory (remove stale cache) | |
| run: rm -rf build | |
| - name: Configure with CMake | |
| run: | | |
| mkdir -p build | |
| cmake -S . -B build | |
| - name: Build | |
| run: cmake --build build | |
| lint: | |
| name: Lint and Static Analysis | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Install cppcheck | |
| run: sudo apt-get update && sudo apt-get install -y cppcheck | |
| - name: Run cppcheck | |
| run: | | |
| cppcheck --enable=all --inconclusive --std=c++17 --language=c++ \ | |
| --suppress=missingIncludeSystem \ | |
| -I include src | |
| security: | |
| name: Security Scanning | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Install flawfinder | |
| run: sudo apt-get update && sudo apt-get install -y flawfinder | |
| - name: Run flawfinder | |
| run: flawfinder src/ include/ | |
| package: | |
| name: Package Artifacts | |
| needs: build | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Clean build directory (before packaging) | |
| run: rm -rf build | |
| - name: Configure and Build | |
| run: | | |
| mkdir -p build | |
| cmake -S . -B build | |
| cmake --build build | |
| - name: Upload Executable as Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: nids-binary | |
| path: build/nids | |
| release: | |
| name: Release | |
| needs: package | |
| runs-on: ubuntu-latest | |
| if: startsWith(github.ref, 'refs/tags/v') | |
| steps: | |
| - name: Download Artifact | |
| uses: actions/download-artifact@v4 | |
| with: | |
| name: nids-binary | |
| - name: Create GitHub Release | |
| uses: softprops/action-gh-release@v1 | |
| with: | |
| files: nids | |
| generate_release_notes: true | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GH_PAT }} |