From fa3180bbf84b192050414cfbe030c435ca37756e Mon Sep 17 00:00:00 2001 From: Jairaj Solanki Date: Tue, 20 Jan 2026 22:39:35 +0530 Subject: [PATCH] ci: Add comprehensive GitHub Actions workflows - Add build workflow for Linux x86 architecture - Add build workflow for Linux GNU architecture - Add CodeQL security analysis workflow - Add pull request validation workflow - Update build script for CI/CD integration Signed-off-by: Jairaj Solanki --- .github/workflows/build_linux_gnu.yml | 66 +++++++++++++++++++++++++ .github/workflows/build_linux_x86.yml | 45 +++++++++++++++++ .github/workflows/codeql.yml | 69 +++++++++++++++++++++++++++ .github/workflows/pull-request.yml | 23 +++++++++ build_script.sh | 1 + 5 files changed, 204 insertions(+) create mode 100644 .github/workflows/build_linux_gnu.yml create mode 100644 .github/workflows/build_linux_x86.yml create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/pull-request.yml diff --git a/.github/workflows/build_linux_gnu.yml b/.github/workflows/build_linux_gnu.yml new file mode 100644 index 0000000..15472a5 --- /dev/null +++ b/.github/workflows/build_linux_gnu.yml @@ -0,0 +1,66 @@ +name: CI - Linux ARM64 Build + +on: + push: + branches: + - "main" + - "development" + pull_request: + branches: + - "**" + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Cache QMI Framework + id: cache-qmi + uses: actions/cache@v4 + with: + path: ${{ github.workspace }}/qmi-framework/install + key: qmi-framework-v0.1.3-${{ runner.os }}-aarch64-linux-gnu + + - name: Install cross-compilation tools + run: | + sudo apt-get update + sudo apt-get install -y gcc-aarch64-linux-gnu g++-aarch64-linux-gnu + + - name: Set up QEMU for ARM64 + uses: docker/setup-qemu-action@v3 + with: + platforms: arm64 + + - name: Build QMI Framework v0.1.3 in ARM64 container + if: steps.cache-qmi.outputs.cache-hit != 'true' + run: | + docker run --rm --platform linux/arm64 \ + -v ${{ github.workspace }}:/workspace \ + -w /workspace \ + arm64v8/ubuntu:24.04 \ + bash -c " + apt-get update && \ + apt-get install -y git automake libtool build-essential libglib2.0-dev pkg-config && \ + git clone --branch v0.1.3 --depth 1 https://github.com/quic/qmi-framework.git qmi-framework && \ + cd qmi-framework && \ + chmod +x build_script.sh && \ + ./build_script.sh --host aarch64-linux-gnu + " + + - name: Build time-services in ARM64 container + run: | + docker run --rm --platform linux/arm64 \ + -v ${{ github.workspace }}:/workspace \ + -w /workspace \ + arm64v8/ubuntu:24.04 \ + bash -c " + apt-get update && \ + apt-get install -y automake libtool build-essential libglib2.0-dev pkg-config && \ + chmod +x build_script.sh && \ + ./build_script.sh --host aarch64-linux-gnu --with_qmi_prefix /workspace/qmi-framework/install/aarch64-linux-gnu && \ + test -f install/bin/time_daemon || { echo 'Build failed: time_daemon not found'; exit 1; } + " diff --git a/.github/workflows/build_linux_x86.yml b/.github/workflows/build_linux_x86.yml new file mode 100644 index 0000000..f4dd86a --- /dev/null +++ b/.github/workflows/build_linux_x86.yml @@ -0,0 +1,45 @@ +name: CI - Linux x86_64 Build + +on: + push: + branches: + - "main" + - "development" + pull_request: + branches: + - "**" + workflow_dispatch: + +jobs: + build: + runs-on: ubuntu-latest + + steps: + - name: Checkout + uses: actions/checkout@v4 + + - name: Cache QMI Framework + id: cache-qmi + uses: actions/cache@v4 + with: + path: ${{ github.workspace }}/qmi-framework/install + key: qmi-framework-v0.1.3-${{ runner.os }}-x86_64 + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y automake libtool build-essential libglib2.0-dev pkg-config + + - name: Build QMI Framework v0.1.3 + if: steps.cache-qmi.outputs.cache-hit != 'true' + run: | + git clone --branch v0.1.3 --depth 1 https://github.com/quic/qmi-framework.git ${{ github.workspace }}/qmi-framework + cd ${{ github.workspace }}/qmi-framework + chmod +x build_script.sh + ./build_script.sh --host x86_64-linux-gnu + + - name: Build time-services + run: | + chmod +x build_script.sh + ./build_script.sh --host x86_64-linux-gnu --with_qmi_prefix "${{ github.workspace }}/qmi-framework/install/x86_64-linux-gnu" + test -f install/bin/time_daemon || { echo "Build failed: time_daemon not found"; exit 1; } diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 0000000..79b7ce4 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,69 @@ +name: CodeQL Security Analysis + +on: + push: + branches: + - main + - development + pull_request: + branches: + - main + - development + schedule: + # Run at 2:30 AM UTC every Monday + - cron: '30 2 * * 1' + workflow_dispatch: + +jobs: + analyze: + name: Analyze C/C++ Code + runs-on: ubuntu-latest + permissions: + actions: read + contents: read + security-events: write + + strategy: + fail-fast: false + matrix: + language: ['cpp'] + + steps: + - name: Checkout repository + uses: actions/checkout@v4 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v3 + with: + languages: ${{ matrix.language }} + queries: +security-and-quality + + - name: Install dependencies + run: | + sudo apt-get update + sudo apt-get install -y automake libtool build-essential libglib2.0-dev pkg-config + + - name: Cache QMI Framework + id: cache-qmi + uses: actions/cache@v4 + with: + path: ${{ github.workspace }}/qmi-framework/install/x86_64-linux-gnu + key: qmi-framework-v0.1.3-${{ runner.os }}-x86_64-codeql + + - name: Build QMI Framework v0.1.3 + if: steps.cache-qmi.outputs.cache-hit != 'true' + run: | + git clone --branch v0.1.3 --depth 1 https://github.com/quic/qmi-framework.git ${{ github.workspace }}/qmi-framework + cd ${{ github.workspace }}/qmi-framework + chmod +x build_script.sh + ./build_script.sh --host x86_64-linux-gnu + + - name: Build time-services + run: | + chmod +x build_script.sh + ./build_script.sh --host x86_64-linux-gnu --with_qmi_prefix "${{ github.workspace }}/qmi-framework/install/x86_64-linux-gnu" + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v3 + with: + category: "/language:${{ matrix.language }}" diff --git a/.github/workflows/pull-request.yml b/.github/workflows/pull-request.yml new file mode 100644 index 0000000..7abfc18 --- /dev/null +++ b/.github/workflows/pull-request.yml @@ -0,0 +1,23 @@ +name: Prevent pull request to main +on: + pull_request_target: + types: + - opened + - reopened + - synchronize + - edited + +jobs: + check-branches: + runs-on: ubuntu-latest + steps: + - name: Check branches + env: + GITHUB_HEAD_REF: ${{ github.head_ref }} + GITHUB_BASE_REF: ${{ github.base_ref }} + run: | + if [ "$GITHUB_HEAD_REF" != "development" ] && [ "$GITHUB_BASE_REF" == "main" ]; then + echo "Create a pull request to quic/time-services:development branch" + echo "Pull requests to quic/time-services:main branch are only allowed from quic/time-services:development branch." + exit 1 + fi diff --git a/build_script.sh b/build_script.sh index bd9af2f..23fc85f 100755 --- a/build_script.sh +++ b/build_script.sh @@ -1,3 +1,4 @@ +#!/bin/bash # Copyright (c) 2025, Qualcomm Innovation Center, Inc. All rights reserved. # SPDX-License-Identifier: BSD-3-Clause