name: C/C++ CI permissions: contents: read on: push: branches: [ main, develop ] pull_request: branches: [ main, develop ] - name: Install dependencies run: | set -e SUDO="" if [ "$(id -u)" -ne 0 ]; then SUDO="sudo"; fi if command -v apt-get >/dev/null 2>&1; then $SUDO apt-get update -o Acquire::ForceIPv4=true || true $SUDO apt-get install -y \ build-essential \ libssl-dev \ libmagic-dev \ libnghttp2-dev \ pkg-config \ file \ cppcheck \ clang-format \ clang-tidy \ flawfinder || true elif command -v apk >/dev/null 2>&1; then $SUDO apk update || true $SUDO apk add --no-cache \ build-base \ openssl-dev \ file-dev \ nghttp2-dev \ zlib-dev \ pkgconf \ file \ cppcheck \ clang-extra-tools || true elif command -v dnf >/dev/null 2>&1; then $SUDO dnf -y install \ gcc gcc-c++ make \ openssl-devel \ file-devel \ libnghttp2-devel \ pkgconf-pkg-config \ file \ cppcheck \ clang-tools-extra \ flawfinder || true else echo "No supported package manager found; skipping install" fi jobs: build: runs-on: ubuntu-latest env: C_INCLUDE_PATH: /usr/include:/usr/local/include LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu LD_LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu steps: - name: Checkout repository uses: actions/checkout@v4 - name: Verify build environment run: | echo "Checking for required build tools..." which gcc || echo "WARNING: gcc not found" - name: Ensure test dependencies run: | set -e SUDO="" if [ "$(id -u)" -ne 0 ]; then SUDO="sudo"; fi if command -v apt-get >/dev/null 2>&1; then $SUDO apt-get update -o Acquire::ForceIPv4=true || true $SUDO apt-get install -y \ build-essential \ libssl-dev \ libmagic-dev \ libnghttp2-dev \ pkg-config \ file || true elif command -v apk >/dev/null 2>&1; then $SUDO apk update || true $SUDO apk add --no-cache \ build-base \ openssl-dev \ file-dev \ nghttp2-dev \ zlib-dev \ pkgconf \ file || true fi which make || echo "WARNING: make not found" echo "Include path: $C_INCLUDE_PATH" echo "Looking for magic.h..." ls -la /usr/include/magic.h || echo "magic.h not in /usr/include" gcc -E -x c - -v < /dev/null 2>&1 | grep "include" - name: Build project run: | make clean || true make INCLUDES="-I/usr/include -I/usr/local/include" - name: Upload build artifact uses: actions/upload-artifact@v4 with: name: server-binary path: server test: runs-on: ubuntu-latest needs: build env: C_INCLUDE_PATH: /usr/include:/usr/local/include LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu LD_LIBRARY_PATH: /usr/lib:/usr/local/lib:/usr/lib/x86_64-linux-gnu steps: - name: Checkout repository uses: actions/checkout@v4 - name: Build for testing run: | make clean || true make INCLUDES="-I/usr/include -I/usr/local/include" - name: Verify ELF executable run: | if file server | grep -q "ELF"; then echo "✓ Server binary is a valid ELF executable" else echo "✗ Invalid server binary!" exit 1 fi - name: Run basic tests run: | echo "✓ (No unit tests configured yet, smoke test passed)" code-quality: runs-on: ubuntu-latest steps: - name: Install code quality tools run: | set -e SUDO="" if [ "$(id -u)" -ne 0 ]; then SUDO="sudo"; fi if command -v apt-get >/dev/null 2>&1; then $SUDO apt-get update -o Acquire::ForceIPv4=true || true $SUDO apt-get install -y cppcheck clang-format || true elif command -v apk >/dev/null 2>&1; then $SUDO apk update || true $SUDO apk add --no-cache cppcheck clang-extra-tools || true fi - name: Checkout repository uses: actions/checkout@v4 - name: Run Cppcheck run: | cppcheck --enable=all --inconclusive --error-exitcode=0 \ --suppress=missingIncludeSystem \ src/ 2>&1 | tee cppcheck-report.txt - name: Check formatting run: | mismatches=0 for file in $(find src/ -name "*.c" -o -name "*.h"); do if clang-format -style=file -output-replacements-xml "$file" | grep -q "/dev/null 2>&1; then $SUDO apt-get update -o Acquire::ForceIPv4=true || true $SUDO apt-get install -y flawfinder cppcheck || true elif command -v apk >/dev/null 2>&1; then $SUDO apk update || true # flawfinder may not be available on Alpine repos; install cppcheck $SUDO apk add --no-cache cppcheck || true fi - name: Checkout repository uses: actions/checkout@v4 - name: Run Flawfinder run: | flawfinder --minlevel=1 src/ | tee flawfinder.txt || true - name: Run Cppcheck (security-focused) run: | cppcheck --enable=warning,style,performance,portability \ --error-exitcode=0 src/ 2>&1 | tee cppcheck-security.txt - name: Upload security reports uses: actions/upload-artifact@v4 if: always() with: name: security-scan-reports path: | flawfinder.txt cppcheck-security.txt