From f8769ef626b32de60c3a8ca3c60db8d1c0d2cf85 Mon Sep 17 00:00:00 2001 From: Even Rouault Date: Thu, 6 Jun 2024 22:39:29 +0200 Subject: [PATCH] REMOVE_ME --- .github/workflows/android_cmake.yml | 39 -- .github/workflows/backport.yml | 19 - .github/workflows/cifuzz.yml | 38 -- .github/workflows/clang_static_analyzer.yml | 30 -- .github/workflows/code_checks.yml | 173 -------- .github/workflows/codeql.yml | 132 ------ .github/workflows/conda.yml | 89 ---- .github/workflows/coverity_scan.yml | 77 ---- .../workflows/delete_untagged_containers.yml | 28 -- .github/workflows/doc_build.yml | 142 ------- .github/workflows/linux_build.yml | 396 ------------------ .github/workflows/macos.yml | 53 --- .github/workflows/scorecard.yml | 76 ---- .github/workflows/slow_tests.yml | 187 --------- .github/workflows/stale.yml | 55 --- .github/workflows/windows_build.yml | 204 --------- 16 files changed, 1738 deletions(-) delete mode 100644 .github/workflows/android_cmake.yml delete mode 100644 .github/workflows/backport.yml delete mode 100644 .github/workflows/cifuzz.yml delete mode 100644 .github/workflows/clang_static_analyzer.yml delete mode 100644 .github/workflows/code_checks.yml delete mode 100644 .github/workflows/codeql.yml delete mode 100644 .github/workflows/conda.yml delete mode 100644 .github/workflows/coverity_scan.yml delete mode 100644 .github/workflows/delete_untagged_containers.yml delete mode 100644 .github/workflows/doc_build.yml delete mode 100644 .github/workflows/linux_build.yml delete mode 100644 .github/workflows/macos.yml delete mode 100644 .github/workflows/scorecard.yml delete mode 100644 .github/workflows/slow_tests.yml delete mode 100644 .github/workflows/stale.yml delete mode 100644 .github/workflows/windows_build.yml diff --git a/.github/workflows/android_cmake.yml b/.github/workflows/android_cmake.yml deleted file mode 100644 index d81b50ff90dd..000000000000 --- a/.github/workflows/android_cmake.yml +++ /dev/null @@ -1,39 +0,0 @@ -name: Android CMake build - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - pull_request: - paths-ignore: - - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - android_cmake_build: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Cache - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - id: cache - with: - path: | - ${{ github.workspace }}/ccache.tar.gz - key: ${{ runner.os }}-cache-android-cmake-${{ github.run_id }} - restore-keys: ${{ runner.os }}-cache-android-cmake- - - - name: Build - run: docker run -e WORK_DIR="$PWD" -v $PWD:$PWD ubuntu:20.04 $PWD/.github/workflows/android_cmake/start.sh diff --git a/.github/workflows/backport.yml b/.github/workflows/backport.yml deleted file mode 100644 index f04f0a2f8976..000000000000 --- a/.github/workflows/backport.yml +++ /dev/null @@ -1,19 +0,0 @@ -name: Backport -on: - pull_request_target: - types: - - closed - - labeled - -permissions: {} -jobs: - backport: - runs-on: ubuntu-latest - name: Backport - steps: - - name: Backport Bot - id: backport - if: github.event.pull_request.merged && ( ( github.event.action == 'closed' && contains( join( github.event.pull_request.labels.*.name ), 'backport') ) || contains( github.event.label.name, 'backport' ) ) - uses: m-kuhn/backport@7f3cab83e4b3b26aefcffda21851c3dc3d389f45 # v1.2.7 - with: - github_token: ${{ secrets.BACKPORT_TOKEN }} diff --git a/.github/workflows/cifuzz.yml b/.github/workflows/cifuzz.yml deleted file mode 100644 index c482fb8973b0..000000000000 --- a/.github/workflows/cifuzz.yml +++ /dev/null @@ -1,38 +0,0 @@ -name: CIFuzz - -on: - pull_request: - paths-ignore: - - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - Fuzzing: - runs-on: ubuntu-latest - if: github.repository == 'OSGeo/gdal' - - steps: - - name: Build Fuzzers - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@56f58e25299ee6559fa40369bd4af908000c0c36 # master on 2023/12/31 - with: - oss-fuzz-project-name: 'gdal' - dry-run: false - - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@56f58e25299ee6559fa40369bd4af908000c0c36 # master on 2023/12/31 - with: - oss-fuzz-project-name: 'gdal' - fuzz-seconds: 600 - dry-run: false - - name: Upload Crash - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - if: failure() && steps.build.outcome == 'success' - with: - name: artifacts - path: ./out/artifacts diff --git a/.github/workflows/clang_static_analyzer.yml b/.github/workflows/clang_static_analyzer.yml deleted file mode 100644 index f1cddfbfb00f..000000000000 --- a/.github/workflows/clang_static_analyzer.yml +++ /dev/null @@ -1,30 +0,0 @@ -name: CLang Static Analyzer - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - pull_request: - paths-ignore: - - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - clang_static_analyzer: - runs-on: ubuntu-22.04 - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Run - run: docker run --rm -v $PWD:$PWD ubuntu:22.04 sh -c "cd $PWD && apt update && DEBIAN_FRONTEND=noninteractive apt-get install -y --no-install-recommends sudo software-properties-common && DEBIAN_FRONTEND=noninteractive sh ./ci/travis/csa_common/before_install.sh && sh ./ci/travis/csa_common/install.sh && sh ./ci/travis/csa_common/script.sh" diff --git a/.github/workflows/code_checks.yml b/.github/workflows/code_checks.yml deleted file mode 100644 index 321cd50a897e..000000000000 --- a/.github/workflows/code_checks.yml +++ /dev/null @@ -1,173 +0,0 @@ -name: Code Checks - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - pull_request: - paths-ignore: - - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - cppcheck_2004: - runs-on: ubuntu-20.04 - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Install Requirements - run: | - sudo apt update - sudo apt install -y cppcheck libsqlite3-dev ccache sqlite3 libproj-dev cmake - - - name: Run cmake - run: | - mkdir build - cd build - cmake .. - - - name: Run cppcheck test - run: | - cd build - ../scripts/cppcheck.sh - - cppcheck_2404: - runs-on: ubuntu-latest - container: ubuntu:24.04 - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Install Requirements - run: | - apt update - apt install -y cppcheck libsqlite3-dev ccache sqlite3 libproj-dev cmake g++ make - - - name: Run cmake - run: | - mkdir build - cd build - cmake .. - - - name: Run cppcheck test - run: | - cd build - ../scripts/cppcheck.sh - - code_quality_checks: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Detect tabulations - run: ./scripts/detect_tabulations.sh - - - name: Detect printf - run: ./scripts/detect_printf.sh - - - name: Detect self assignments - run: ./scripts/detect_self_assignment.sh - - - name: Detect suspicious char digit zero - run: ./scripts/detect_suspicious_char_digit_zero.sh - - - name: Detect missing includes - run: ./scripts/detect_missing_include.sh - - # Helps detecting updates of internal libjson-c where replacement - # of strtod() -> CPLStrtod() is missing. The later function is not - # locale sensitive. An alternative would be to make sure that HAVE_USELOCALE - # or HAVE_SETLOCALE are passed on Windows, but avoiding to mess with - # locale seems to be a better option - - name: Detect invalid use of atof() or strtod() in internal libjson - run: | - grep -e "CPLStrtod(" ../ogr/ogrsf_frmts/geojson/libjson/*.c >/dev/null && echo "CPLStrtod() found as expected" - if grep -e "strtod(" ogr/ogrsf_frmts/geojson/libjson/*.c; then echo "Unexpected use of strtod(). Use CPLStrtod() instead"; /bin/false; fi - if grep -e "atof(" ogr/ogrsf_frmts/geojson/libjson/*.c; then echo "Unexpected use of atof()."; /bin/false; fi - - - name: Shellcheck - # SC2129: (style): Consider using { cmd1; cmd2; } >> file instead of individual redirects - run: shellcheck -e SC2086,SC2046,SC2164,SC2054,SC2129 $(find . -name '*.sh' -a -not -name ltmain.sh -a -not -wholename "./autotest/*" -a -not -wholename "./.github/*") - - linting: - runs-on: ubuntu-latest - steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - - uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1 - - doxygen: - runs-on: ubuntu-latest - container: ghcr.io/osgeo/proj-docs - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Run doxygen - run: | - cd doc - make doxygen_check_warnings - - other_checks: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Install Requirements - run: | - sudo apt install python3-pip wget - sudo pip3 install cffconvert - - - name: Validate citation file - run: | - cffconvert --validate - cffconvert -f bibtex - cffconvert -f apalike - - cmake-lint: - # Disabled because of https://github.com/OSGeo/gdal/pull/5326#issuecomment-1042617407 - if: false - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - name: Set up Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - with: - python-version: 3.8 - - name: Install lint tool - run: | - python -m pip install --upgrade pip - pip install cmake-format pyyaml - - name: Check cmakelist - run: find . -name CMakeLists.txt |xargs cmake-format --check - - validate_xml: - runs-on: ubuntu-latest - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Install requirements - run: | - sudo apt update - sudo apt install -y libxml2-utils - - - name: Run xmllint checks - run: | - xmllint --schema ./frmts/nitf/data/nitf_spec.xsd ./frmts/nitf/data/nitf_spec.xml --noout - xmllint --schema ./ogr/ogrsf_frmts/vdv/data/vdv452.xsd ./ogr/ogrsf_frmts/vdv/data/vdv452.xml --noout - xmllint --schema ./ogr/ogrsf_frmts/gmlas/data/gmlasconf.xsd ./ogr/ogrsf_frmts/gmlas/data/gmlasconf.xml --noout diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index bdac6681fb81..000000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,132 +0,0 @@ -name: "CodeQL" - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - pull_request: - paths-ignore: - - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - analyze: - name: Analyze - # Runner size impacts CodeQL analysis time. To learn more, please see: - # - https://gh.io/recommended-hardware-resources-for-running-codeql - # - https://gh.io/supported-runners-and-hardware-resources - # - https://gh.io/using-larger-runners - # Consider using larger runners for possible analysis time improvements. - runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} - timeout-minutes: ${{ (matrix.language == 'swift' && 120) || 360 }} - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'c-cpp' ] - # CodeQL supports [ 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' ] - # Use only 'java-kotlin' to analyze code written in Java, Kotlin or both - # Use only 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Checkout repository - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Install dependencies - run: | - sudo apt-get update - sudo apt-get install -y g++ swig python3-numpy libproj-dev libqhull-dev - sudo apt-get install -y \ - libblosc-dev \ - libboost-dev \ - libcairo2-dev \ - libcfitsio-dev \ - libcrypto++-dev \ - libcurl4-gnutls-dev \ - libexpat-dev \ - libfcgi-dev \ - libfyba-dev \ - libfreexl-dev \ - libgeos-dev \ - libgeotiff-dev \ - libgif-dev \ - libhdf5-serial-dev \ - libjpeg-dev \ - libkml-dev \ - liblcms2-2 \ - liblz4-dev \ - liblzma-dev \ - libmysqlclient-dev \ - libnetcdf-dev \ - libogdi-dev \ - libopenexr-dev \ - libopenjp2-7-dev \ - libpcre3-dev \ - libpng-dev \ - libpoppler-dev \ - libpoppler-private-dev \ - libpq-dev \ - libproj-dev \ - librasterlite2-dev \ - libspatialite-dev \ - libssl-dev \ - libwebp-dev \ - libxerces-c-dev \ - libxml2-dev \ - libxslt-dev \ - libzstd-dev \ - unixodbc-dev - - - name: Install latest ninja - run: pip install ninja - - - name: Configure - if: matrix.language == 'c-cpp' - run: | - cmake -S . -B build \ - -DCMAKE_BUILD_TYPE=Debug \ - -DGDAL_USE_LERC_INTERNAL=OFF \ - -DBUILD_TESTING=OFF \ - -G Ninja \ - - # Initializes the CodeQL tools for scanning. - # We do that after running CMake to avoid CodeQL to trigger during CMake time, - # in particular during HDF5 detection which is terribly slow (https://github.com/OSGeo/gdal/issues/9549) - - name: Initialize CodeQL - uses: github/codeql-action/init@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - config: | - query-filters: - - exclude: - id: cpp/non-https-url - - - name: Build - if: matrix.language == 'c-cpp' - run: | - cmake --build build -j$(nproc) - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 - with: - category: "/language:${{matrix.language}}" diff --git a/.github/workflows/conda.yml b/.github/workflows/conda.yml deleted file mode 100644 index eaba06ddd159..000000000000 --- a/.github/workflows/conda.yml +++ /dev/null @@ -1,89 +0,0 @@ -name: Conda - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - - # Disabled because run is quite slow, especially for Mac - #pull_request: - # paths-ignore: - # - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read # to fetch code (actions/checkout) - -jobs: - build: - name: Conda ${{ matrix.platform }} - - runs-on: ${{ matrix.platform }} - strategy: - fail-fast: true - matrix: - # macos-13: Intel - # macos-14: arm64 - platform: ['ubuntu-latest','windows-latest','macos-13','macos-14'] - - env: - GHA_CI_PLATFORM: ${{ matrix.platform }} - CACHE_NUMBER: 0 - - steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Support longpaths - run: git config --system core.longpaths true - if: matrix.platform == 'windows-latest' - - - name: Cache Conda Environment - uses: actions/cache@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ~/conda_pkgs_dir - key: ${{ runner.os }}-${{ steps.get-date.outputs.today }}-conda-${{ env.CACHE_NUMBER }} - - - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 - with: - #miniforge-variant: Mambaforge - miniforge-version: latest - use-mamba: true - channels: conda-forge - auto-update-conda: true - - - name: Remove conflicting libraries - shell: bash -l {0} - if: matrix.platform == 'windows-latest' - run: | - rm -rf C:/Strawberry || /bin/true - - - name: Setup - shell: bash -l {0} - run: | - source ./ci/travis/conda/setup.sh - - - name: Build - shell: bash -l {0} - run: | - source ../ci/travis/conda/compile.sh - working-directory: ./gdal-feedstock - - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: ${{ matrix.platform }}-conda-package - path: ./gdal-feedstock/packages/ - - - name: Deploy to gdal-master Conda channel - if: github.ref == 'refs/heads/master' - shell: bash -l {0} - env: - ANACONDA_TOKEN: ${{ secrets.ANACONDA_TOKEN }} - run: | - source ../ci/travis/conda/upload.sh || true - working-directory: ./gdal-feedstock diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml deleted file mode 100644 index 7b560539f657..000000000000 --- a/.github/workflows/coverity_scan.yml +++ /dev/null @@ -1,77 +0,0 @@ -name: coverity-scan - -# Controls when the action will run. -on: - # Run this action on a schedule (we're allowed a maximum of two per day) - schedule: - - cron: '0 18 * * SUN' # Sunday at 18:00 UTC - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -permissions: - contents: read - -jobs: - - coverity_scan: - runs-on: ubuntu-latest - if: github.repository == 'OSGeo/gdal' - - strategy: - fail-fast: false - matrix: - include: - - id: coverity_scan - container: ubuntu_20.04 - build_script: build.sh - - # Store the components of the container name as environment variables: - # ${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER}/${CONTAINER_NAME} - env: - CONTAINER_REGISTRY: ${{ vars.gdal_container_registry || 'ghcr.io' }} - CONTAINER_REGISTRY_USER: ${{ vars.gdal_container_registry_user || github.repository_owner }} - CONTAINER_NAME: gdal-deps - CONTAINER_TAG: ${{ matrix.container }}-${{ github.base_ref || github.ref_name }} - GDAL_SOURCE_DIR: /gdal # Directory to which workspace (source root) will be mounted inside container - - defaults: - run: - # bash is needed to use ${CONTAINER_REGISTRY_USER,,}, which forces the - # username to lower-case as required by docker. - shell: bash - - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Login to GHCR - if: env.CONTAINER_REGISTRY == 'ghcr.io' - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin - - - name: Set variables - shell: bash - # This logic needs to be kept in sync between linux_build.yml and converity_scan.yml - run: | - CONTAINER_TAG_CLEAN=$(echo ${CONTAINER_TAG} | tr -d -c "[:alnum:].-") - echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}" - echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV} - CACHE_CONTAINER_TAG_CLEAN=$(echo ${CACHE_CONTAINER_TAG} | tr -d -c "[:alnum:].-") - echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}" - echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV} - echo "CONTAINER_NAME_FULL=${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER,,}/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN}" >>${GITHUB_ENV} - - - name: Build - run: | - mkdir -p build-${{ matrix.id }} - docker run --name gdal-build \ - --rm \ - -e COVERITY_SCAN_TOKEN -e COVERITY_SCAN_EMAIL \ - -v $(pwd):/${GDAL_SOURCE_DIR}:rw \ - -v ${{ github.workspace }}/.ccache:/root/.ccache:rw \ - --workdir ${GDAL_SOURCE_DIR}/build-${{ matrix.id }} \ - ${CONTAINER_NAME_FULL} \ - "${GDAL_SOURCE_DIR}/.github/workflows/${{ matrix.id }}/${{ matrix.build_script }}" - env: - COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} - COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} diff --git a/.github/workflows/delete_untagged_containers.yml b/.github/workflows/delete_untagged_containers.yml deleted file mode 100644 index 6e0fdc998e41..000000000000 --- a/.github/workflows/delete_untagged_containers.yml +++ /dev/null @@ -1,28 +0,0 @@ -name: Delete untagged containers - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - -permissions: - contents: read - -jobs: - delete-untagged-containers: - name: Delete all containers from gdal-deps without tags - runs-on: ubuntu-latest - if: github.repository == 'OSGeo/gdal' - steps: - - name: Delete all containers from gdal-deps without tags - uses: Chizkiyahu/delete-untagged-ghcr-action@e8c780ca2d589797e657691fc16bffe066714890 # v4.0.0 - with: - token: ${{ secrets.PAT_TOKEN_DELETE_UNTAGGED_CONTAINERS }} - repository_owner: ${{ github.repository_owner }} - repository: ${{ github.repository }} - package_name: gdal-deps - untagged_only: true - owner_type: org diff --git a/.github/workflows/doc_build.yml b/.github/workflows/doc_build.yml deleted file mode 100644 index ee75f953b0c0..000000000000 --- a/.github/workflows/doc_build.yml +++ /dev/null @@ -1,142 +0,0 @@ -name: Docs - -on: - push: - branches-ignore: - - 'backport**' - - 'dependabot**' - pull_request: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - docs: - name: Docs - - runs-on: ubuntu-latest - strategy: - fail-fast: true - container: ghcr.io/osgeo/proj-docs - - steps: - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - name: Setup environment - shell: bash -l {0} - run: | - apt update - apt install -y libproj-dev swig - python3 -m pip install -r doc/requirements.txt - python3 -m pip install numpy setuptools - pushd . - mkdir build - cd build - export LD_LIBRARY_PATH=/usr/local/lib:$LD_LIBRARY_PATH - cmake .. \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_INSTALL_PREFIX=/usr \ - -DBUILD_APPS=OFF \ - -DGDAL_BUILD_OPTIONAL_DRIVERS=OFF \ - -DOGR_BUILD_OPTIONAL_DRIVERS=OFF - cmake --build . -j$(nproc) - cmake --install . - # With the new ghcr.io/osgeo/proj-docs image based on Ubuntu 24.04 - # a venv is activated. The above does not install the - # Python bindings into it (and the ones in the system are not found - # without overriding PYTHONPATH), so do it through pip install - cd swig/python - python3 setup.py sdist - cp dist/* /tmp/gdal.tar.gz - python3 -m pip install /tmp/gdal.tar.gz - ldconfig - popd - - - name: Print versions - shell: bash -l {0} - run: | - python3 --version - sphinx-build --version - python3 -m pip list --not-required --format=columns - - name: Lint .rst files - shell: bash -l {0} - run: | - if find . -name '*.rst' | xargs grep -P '\t'; then echo 'Tabs are bad, please use four spaces in .rst files.'; false; fi - if find . -name '*.rst' | xargs grep "\.\.versionadded"; then echo 'Wrong annotation. Should be .. versionadded'; false; fi - if find . -name '*.rst' | xargs grep "\.\.note"; then echo 'Wrong annotation. Should be .. note'; false; fi - if find . -name '*.rst' | xargs grep "\.\.warning"; then echo 'Wrong annotation. Should be .. warning'; false; fi - if find . -name '*.rst' | xargs grep "\.\.codeblock"; then echo 'Wrong annotation. Should be .. codeblock'; false; fi - working-directory: ./doc - - name: Doxygen - shell: bash -l {0} - run: | - mkdir -p doc/build - doxygen Doxyfile - - name: HTML - shell: bash -l {0} - run: | - make html O="-D enable_redirects=1" - working-directory: ./doc - - name: PDF - shell: bash -l {0} - run: | - make latexpdf - working-directory: ./doc - #- name: Spelling - # shell: bash -l {0} - # run: | - # make spelling - # working-directory: ./doc - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: PDF - path: doc/build/latex/gdal.pdf - - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: HTML - path: doc/build/html/* - #- uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - # with: - # name: Misspelled - # path: doc/build/spelling/output.txt - - name: Deploy ssh key - if: ${{ github.ref_name == 'master' && github.repository == 'OSGeo/gdal' }} - shell: bash -l {0} - run: | - mkdir -p /root/.ssh && echo "${{ secrets.SSH_KEY_DOCS }}" > /root/.ssh/id_rsa - chmod 700 /root/.ssh && chmod 600 /root/.ssh/id_rsa - ssh-keyscan -t rsa github.com >> /root/.ssh/known_hosts - eval `ssh-agent -s` - ssh-add /root/.ssh/id_rsa - - name: Deploy to gdal.org - if: ${{ github.ref_name == 'master' && github.repository == 'OSGeo/gdal' }} - shell: bash -l {0} - run: | - set -x - set -e - cd /__w/gdal - mv gdal/doc/build/html gdal-docs - rm gdal-docs/gdal.pdf - cp gdal/doc/build/latex/gdal.pdf gdal-docs - cp gdal/data/gdalicon.png gdal-docs # For GDAL autotest... - cp -r gdal/resources gdal-docs # Do not change this without changing swig/python/gdal-utils/osgeo_utils/gdal2tiles.py - # - git clone https://github.com/OSGeo/libgeotiff - cp -r libgeotiff/geotiff/html/proj_list gdal-docs/ - # - cd gdal-docs - wget http://download.osgeo.org/gdal/for_doc/javadoc.zip -O /tmp/javadoc.zip - unzip -q /tmp/javadoc.zip - git init - git config user.email "proj4bot@proj4.bot" - git config user.name "GDAL Bot" - git remote add origin git@github.com:OSGeo/gdal-docs.git - git remote -v - echo "gdal.org" > CNAME - touch .nojekyll - git add -A - git commit -m "Update with OSGeo/gdal commit $GITHUB_SHA" - git push -f origin master diff --git a/.github/workflows/linux_build.yml b/.github/workflows/linux_build.yml deleted file mode 100644 index 1ec856e4e5c5..000000000000 --- a/.github/workflows/linux_build.yml +++ /dev/null @@ -1,396 +0,0 @@ -name: Linux Builds - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - pull_request: - paths-ignore: - - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - linux-build: - - # Store the components of the container name as environment variables: - # ${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER}/${CONTAINER_NAME}:${CONTAINER_TAG} - # - # Additionally, CACHE_CONTAINER_TAG may be used as as source for the - # Docker build cache. So if the Dockerfile in a feature branch is - # unchanged relative to master, a full container rebuild should not - # be required. - env: - CONTAINER_REGISTRY: ${{ vars.gdal_container_registry || 'ghcr.io' }} - CONTAINER_REGISTRY_USER: ${{ vars.gdal_container_registry_user || github.repository_owner }} - CONTAINER_NAME: gdal-deps - CONTAINER_TAG: ${{ matrix.container }}-${{ github.base_ref || github.ref_name }} - CACHE_CONTAINER_TAG: ${{ matrix.container }}-master - - permissions: - packages: write - - strategy: - fail-fast: false - matrix: - # Matrix variables: - # - # * name : readable summary of configuration, used for display - # * id : used as a ccache key, and to create a build subdirectory - # * container : build environment container and path to build script - # * use_avx2 : if true, determine arch at runtime and use in ccache key - # * build_script : name of custom build script, if any. Will be executed - # inside container, from build subdirectory. - # * before_test_script : name of script to run before tests, if any. - # Will be executed outside container, from - # workspace root. Can be used to start docker - # containers as services for testing. - # * test_script : name of custom test script, if any. Will be executed - # inside container, from build subdirectory. - # * travis_branch : value of TRAVIS_BRANCH environment variable, - # used for test skipping - include: - - name: Alpine, gcc - id: alpine - container: alpine - build_script: build.sh - os: ubuntu-22.04 - - - name: Alpine, numpy 2 - id: alpine_numpy2 - container: alpine_numpy2 - build_script: build.sh - os: ubuntu-22.04 - - - name: Alpine, clang 32-bit - id: alpine_32bit - container: alpine_32bit - build_script: build.sh - test_script: test.sh - travis_branch: alpine_32bit - os: ubuntu-22.04 - - - name: Fedora Rawhide, clang++ - id: fedora_rawhide - travis_branch: sanitize - container: fedora_rawhide - build_script: build.sh - os: ubuntu-22.04 - - - name: Ubuntu 24.04, gcc - id: ubuntu_24.04 - travis_branch: ubuntu_2404 - container: ubuntu_24.04 - before_test_script: services.sh - build_script: build.sh - test_script: test.sh - os: ubuntu-22.04 - - - name: Ubuntu 22.04, gcc - id: ubuntu_22.04 - travis_branch: ubuntu_2204 - container: ubuntu_22.04 - before_test_script: services.sh - build_script: build.sh - test_script: test.sh - os: ubuntu-22.04 - - - name: Ubuntu 22.04, clang ASAN - id: asan - travis_branch: sanitize - container: ubuntu_22.04 - build_script: build.sh - test_script: test.sh - os: ubuntu-22.04 - - - name: Ubuntu 20.04, gcc - id: ubuntu_20.04 - travis_branch: ubuntu_2004 - container: ubuntu_20.04 - use_avx2: true - build_script: build.sh - test_script: test.sh - os: ubuntu-22.04 - - - name: Ubuntu 20.04, coverage - id: coverage - travis_branch: ubuntu_2004 - container: ubuntu_20.04 - before_test_script: services.sh - build_script: build.sh - test_script: test.sh - os: ubuntu-22.04 - - - name: Ubuntu 20.04, benchmarks - id: benchmarks - travis_branch: ubuntu_2004 - container: ubuntu_20.04 - build_script: build.sh - test_script: test.sh - os: ubuntu-22.04 - - - name: Ubuntu 20.04, Intel compiler - id: icc - container: icc - build_script: build.sh - os: ubuntu-22.04 - - name: ${{ matrix.name }} - - runs-on: ${{ matrix.os }} - - defaults: - run: - # bash is needed to use ${CONTAINER_REGISTRY_USER,,}, which forces the - # username to lower-case as required by docker. - shell: bash - - steps: - - name: Set variables - # This logic needs to be kept in sync between linux_build.yml and converity_scan.yml - run: | - CONTAINER_TAG_CLEAN=$(echo ${CONTAINER_TAG} | tr -d -c "[:alnum:].-") - echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}" - echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV} - CACHE_CONTAINER_TAG_CLEAN=$(echo ${CACHE_CONTAINER_TAG} | tr -d -c "[:alnum:].-") - echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}" - echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV} - echo "CONTAINER_NAME_FULL=${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER,,}/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN}" >>${GITHUB_ENV} - - # Work around segfaults in ASan/MSan jobs - # Cf https://github.com/libjpeg-turbo/libjpeg-turbo/commit/2dfe6c0fe9e18671105e94f7cbf044d4a1d157e6 - # and https://github.com/actions/runner-images/issues/9491 - - name: Set up build - run: | - sudo sysctl vm.mmap_rnd_bits=28 - - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Login to Docker Hub - if: env.CONTAINER_REGISTRY == 'docker.io' - uses: docker/login-action@0d4c9c5ea7693da7b068278f7b52bda2a190a446 # v3.2.0 - with: - username: ${{ secrets.DOCKERHUB_USERNAME }} - password: ${{ secrets.DOCKERHUB_TOKEN }} - - - name: Login to GHCR - if: env.CONTAINER_REGISTRY == 'ghcr.io' - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin - - # Pull build environment in forks or pull requests, unless [skip cache] is included in the commit message - - name: Pull build environment - if: "(github.repository_owner != 'OSGeo' || github.event_name == 'pull_request') && !contains(github.event.head_commit.message, '[skip cache]')" - run: | - docker pull ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN} || true - docker pull ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME}:${CACHE_CONTAINER_TAG_CLEAN} || true - docker pull ${CONTAINER_NAME_FULL} || true - echo "DOCKER_BUILD_CACHE_FROM=--cache-from ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN} --cache-from ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME}:${CACHE_CONTAINER_TAG_CLEAN} --cache-from ${CONTAINER_NAME_FULL}" >>${GITHUB_ENV} - - - name: Prepare build context - run: | - mkdir docker-build-context - cp autotest/requirements.txt docker-build-context - - - name: Update build environment - env: - DOCKER_BUILDKIT: 1 - run: | - # FIXME: for some reason, the fedora rawhide container pushed by - # master job is corrupted (looks like it contains an outdated layer - # symlinking libssl.so.3 to an older version of the actual file), - # once it is pushed. But in the job that generates it, - # compilation & tests work fine. It looks like some weird caching - # issue - if test "${{ matrix.container }}" = "fedora_rawhide"; then - DOCKER_BUILD_CACHE_FROM="" - else - BUILD_ARG_INLINE_CACHE="--build-arg BUILDKIT_INLINE_CACHE=1" - fi - docker build \ - ${BUILD_ARG_INLINE_CACHE} \ - ${DOCKER_BUILD_CACHE_FROM} \ - -t ${CONTAINER_NAME_FULL} \ - -f .github/workflows/${{ matrix.container }}/Dockerfile.ci \ - docker-build-context - - # Get the architecture so we can use it as part of the cache key, - # but only if we are going to use avx2 in the build. If we are not, - # including the arch will cause unnecessary cache misses. - - name: Get Architecture - id: get-arch - if: matrix.use_avx2 - run: | - export ARCH=$(cc -march=native -### -E - < /dev/null 2>&1 | sed -ne 's/.*cc1 .*-march=\([^ "]*\)[ "].*/\1/p') - echo "Architecture: $ARCH" - echo "arch=$ARCH" >> $GITHUB_OUTPUT - - # cache the .ccache directory - # key it on the runner os, build type, deps, and arch - # It's especially important to include arch in the key because we - # may get runtime errors with -mavx2 from objects built on a - # different architecture. - - name: Restore build cache - id: restore-cache - uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ${{ github.workspace }}/.ccache - key: ${{ matrix.id }}-${{ steps.get-arch.outputs.arch }}-${{ github.ref_name }}-${{ github.run_id }} - restore-keys: | - ${{ matrix.id }}-${{ steps.get-arch.outputs.arch }}-${{ github.ref_name }} - ${{ matrix.id }}-${{ steps.get-arch.outputs.arch }} - - - name: Prepare ccache - run: | - mkdir -p ${{ github.workspace }}/.ccache - chmod -R a+rw ${{ github.workspace }}/.ccache - docker run --rm \ - -v ${{ github.workspace }}/.ccache:/.ccache \ - -u $(id -u ${USER}):$(id -g ${USER}) \ - ${CONTAINER_NAME_FULL} \ - sh -c "ccache -M 1G && ccache -sp && ccache -z" - - # FIXME the default BUILD_CMD here isn't working...we get an error - # about the quotes not matching. - - name: Build - run: | - if test -f ".github/workflows/${{ matrix.id }}/${{ matrix.build_script }}"; then - BUILD_CMD="$(pwd)/.github/workflows/${{ matrix.id }}/${{ matrix.build_script }}" - else - BUILD_CMD="sh -c 'cmake .. && make -j$(nproc)'" - fi - - mkdir -p build-${{ matrix.id }} - docker run --name gdal-build \ - --rm \ - -e "GDAL_SOURCE_DIR=$(pwd)" \ - -u $(id -u ${USER}):$(id -g ${USER}) \ - -v $(pwd):$(pwd):rw \ - -v ${{ github.workspace }}/.ccache:/.ccache:rw \ - --workdir $(pwd)/build-${{ matrix.id }} \ - ${CONTAINER_NAME_FULL} \ - ${BUILD_CMD} - - - name: Summarize ccache - run: | - docker run --rm \ - -v ${{ github.workspace }}/.ccache:/.ccache \ - -u $(id -u ${USER}):$(id -g ${USER}) \ - ${CONTAINER_NAME_FULL} \ - ccache -s - - - name: Save build cache - uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ${{ github.workspace }}/.ccache - key: ${{ steps.restore-cache.outputs.cache-primary-key }} - - - name: Start test services - if: matrix.before_test_script - run: | - .github/workflows/${{ matrix.id }}/${{ matrix.before_test_script }} - - # --security-opt seccomp=unconfined, so that the userfaulfd syscall is availabledocker run \ - - name: Run tests - env: - TRAVIS: yes - TRAVIS_BRANCH: ${{ matrix.travis_branch }} - run: | - if test -f ".github/workflows/${{ matrix.id }}/${{ matrix.test_script }}"; then - TEST_CMD="$(pwd)/.github/workflows/${{ matrix.id }}/${{ matrix.test_script }}" - else - TEST_CMD="ctest -V -j $(nproc)" - fi - - if test "${{ matrix.id }}" = "benchmarks"; then - if test -f /sys/devices/system/cpu/intel_pstate/no_turbo; then - echo "Disable TurboBoost" - echo 1 | sudo tee /sys/devices/system/cpu/intel_pstate/no_turbo - fi - fi - - # For cache - mkdir .gdal - - docker run \ - -e CI \ - -e GITHUB_WORKFLOW \ - -e TRAVIS \ - -e TRAVIS_BRANCH \ - -e "GDAL_SOURCE_DIR=$(pwd)" \ - -u $(id -u ${USER}):$(id -g ${USER}) \ - --security-opt seccomp=unconfined \ - --add-host=host.docker.internal:host-gateway \ - --rm \ - -v $(pwd)/.gdal:/.gdal \ - -v $(pwd):$(pwd) \ - --workdir $(pwd)/build-${{ matrix.id }} \ - ${CONTAINER_NAME_FULL} \ - ${TEST_CMD} - - - name: Coveralls - uses: coverallsapp/github-action@643bc377ffa44ace6394b2b5d0d3950076de9f63 # v2.3.0 - if: ${{ matrix.id == 'coverage' }} - with: - format: lcov - file: build-coverage/gdal_filtered.info - - - name: Push build environment - if: github.event_name == 'push' - continue-on-error: true - env: - DOCKER_BUILDKIT: 1 - run: | - docker push ${CONTAINER_NAME_FULL} - - - name: Upload coverage artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - if: ${{ matrix.id == 'coverage' }} - with: - name: coverage_index.html - path: build-${{ matrix.id }}/coverage_html/index.html - - - name: Upload coverage artifacts - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - if: ${{ matrix.id == 'coverage' }} - with: - name: HTML - path: build-${{ matrix.id }}/coverage_html/* - - - name: Deploy ssh key (for coverage) - if: ${{ matrix.id == 'coverage' && github.event_name == 'push' && github.ref_name == 'master' && github.repository == 'OSGeo/gdal' }} - shell: bash -l {0} - run: | - mkdir $HOME/.ssh && echo "${{ secrets.GDAL_TEST_COVERAGE_RESULTS_SSH_KEY }}" > $HOME/.ssh/id_rsa - chmod 700 $HOME/.ssh && chmod 600 $HOME/.ssh/id_rsa - ssh-keyscan -t rsa github.com >> $HOME/.ssh/known_hosts - eval `ssh-agent -s` - ssh-add $HOME/.ssh/id_rsa - - - name: Deploy to https://github.com/OSGeo/gdal-test-coverage-results - if: ${{ matrix.id == 'coverage' && github.event_name == 'push' && github.ref_name == 'master' && github.repository == 'OSGeo/gdal' }} - shell: bash -l {0} - run: | - set -x - set -e - mkdir -p output_html/coverage_html - cp -r $GITHUB_WORKSPACE/build-${{ matrix.id }}/coverage_html/* output_html/coverage_html/ - cd output_html - git init - git config user.email "gdal-test-coverage-results-bot@example.com" - git config user.name "GDAL test coverage results bot" - git remote add origin git@github.com:gdalautotest-coverage-results/gdalautotest-coverage-results.github.io - git remote -v - echo "Results of coverage of GDAL autotest See https://gdalautotest-coverage-results.github.io/coverage_html/index.html" > README.md - git add -A - git commit -m "Update with OSGeo/gdal commit $GITHUB_SHA" - git push -f origin master diff --git a/.github/workflows/macos.yml b/.github/workflows/macos.yml deleted file mode 100644 index 715058dfc41a..000000000000 --- a/.github/workflows/macos.yml +++ /dev/null @@ -1,53 +0,0 @@ -name: MacOS build - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - pull_request: - paths-ignore: - - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read # to fetch code (actions/checkout) - -jobs: - - macos_build: - # Arm64 - runs-on: macos-14 - steps: - - - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - uses: conda-incubator/setup-miniconda@a4260408e20b96e80095f42ff7f1a15b27dd94ca # v3.0.4 - with: - channels: conda-forge - auto-update-conda: true - - - name: Install Requirements - shell: bash -l {0} - run: | - source ./ci/travis/osx/before_install.sh - - - name: Build - shell: bash -l {0} - run: | - source ./ci/travis/osx/install.sh - - - name: Run tests - shell: bash -l {0} - run: | - source ./ci/travis/osx/script.sh - env: - # Emulate a few Travis-CI env variable so that some tests get properly skipped - TRAVIS: true - TRAVIS_OS_NAME: osx - BUILD_NAME: macos_build_conda diff --git a/.github/workflows/scorecard.yml b/.github/workflows/scorecard.yml deleted file mode 100644 index d5727d248b87..000000000000 --- a/.github/workflows/scorecard.yml +++ /dev/null @@ -1,76 +0,0 @@ -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecard supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '28 23 * * 1' - push: - branches: [ "master" ] - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecard analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - - steps: - - name: "Checkout code" - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecard on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@65462800fd760344b1a7b4382951275a0abb4808 # v4.3.3 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@f079b8493333aace61c81488f8bd40919487bd9f # v3.25.7 - with: - sarif_file: results.sarif diff --git a/.github/workflows/slow_tests.yml b/.github/workflows/slow_tests.yml deleted file mode 100644 index c7fc3b084495..000000000000 --- a/.github/workflows/slow_tests.yml +++ /dev/null @@ -1,187 +0,0 @@ -name: Slow tests - -# Controls when the action will run. -on: - # Run this action on a schedule - schedule: - - cron: '0 3 * * *' # Everyday at 03:00 UTC - - # Allows you to run this workflow manually from the Actions tab - workflow_dispatch: - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - slow_tests: - runs-on: ubuntu-latest - - strategy: - fail-fast: false - matrix: - include: - - id: slow_tests - container: ubuntu_22.04 - build_script: build.sh - test_script: test.sh - - # Store the components of the container name as environment variables: - # ${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER}/${CONTAINER_NAME} - env: - CONTAINER_REGISTRY: ${{ vars.gdal_container_registry || 'ghcr.io' }} - CONTAINER_REGISTRY_USER: ${{ vars.gdal_container_registry_user || github.repository_owner }} - CONTAINER_NAME: gdal-deps - CONTAINER_TAG: ${{ matrix.container }}-${{ github.base_ref || github.ref_name }} - GDAL_SOURCE_DIR: /gdal # Directory to which workspace (source root) will be mounted inside container - - defaults: - run: - # bash is needed to use ${CONTAINER_REGISTRY_USER,,}, which forces the - # username to lower-case as required by docker. - shell: bash - - steps: - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Login to GHCR - if: env.CONTAINER_REGISTRY == 'ghcr.io' - run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin - - - name: Set variables - shell: bash - run: | - CONTAINER_TAG_CLEAN=$(echo ${CONTAINER_TAG} | tr -d -c "[:alnum:].-") - echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}" - echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV} - CACHE_CONTAINER_TAG_CLEAN=$(echo ${CACHE_CONTAINER_TAG} | tr -d -c "[:alnum:].-") - echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}" - echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV} - echo "CONTAINER_NAME_FULL=${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER,,}/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN}" >>${GITHUB_ENV} - - # Pull build environment in forks or pull requests, unless [skip cache] is included in the commit message - - name: Pull build environment - if: "(github.repository_owner != 'OSGeo' || github.event_name == 'pull_request') && !contains(github.event.head_commit.message, '[skip cache]')" - run: | - docker pull ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN} || true - docker pull ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME}:${CACHE_CONTAINER_TAG_CLEAN} || true - docker pull ${CONTAINER_NAME_FULL} || true - echo "DOCKER_BUILD_CACHE_FROM=--cache-from ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN} --cache-from ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME}:${CACHE_CONTAINER_TAG_CLEAN} --cache-from ${CONTAINER_NAME_FULL}" >>${GITHUB_ENV} - - - name: Prepare build context - run: | - mkdir docker-build-context - cp autotest/requirements.txt docker-build-context - - - name: Update build environment - env: - DOCKER_BUILDKIT: 1 - run: | - # FIXME: for some reason, the fedora rawhide container pushed by - # master job is corrupted (looks like it contains an outdated layer - # symlinking libssl.so.3 to an older version of the actual file), - # once it is pushed. But in the job that generates it, - # compilation & tests work fine. It looks like some weird caching - # issue - if test "${{ matrix.container }}" = "fedora_rawhide"; then - DOCKER_BUILD_CACHE_FROM="" - else - BUILD_ARG_INLINE_CACHE="--build-arg BUILDKIT_INLINE_CACHE=1" - fi - docker build \ - ${BUILD_ARG_INLINE_CACHE} \ - ${DOCKER_BUILD_CACHE_FROM} \ - -t ${CONTAINER_NAME_FULL} \ - -f .github/workflows/${{ matrix.container }}/Dockerfile.ci \ - docker-build-context - - # cache the .ccache directory - # key it on the runner os, build type, deps, and arch - # It's especially important to include arch in the key because we - # may get runtime errors with -mavx2 from objects built on a - # different architecture. - - name: Restore build cache - id: restore-cache - uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ${{ github.workspace }}/.ccache - key: ${{ matrix.id }}-${{ steps.get-arch.outputs.arch }}-${{ github.ref_name }}-${{ github.run_id }} - restore-keys: | - ${{ matrix.id }}-${{ steps.get-arch.outputs.arch }}-${{ github.ref_name }} - ${{ matrix.id }}-${{ steps.get-arch.outputs.arch }} - - - name: Prepare ccache - run: | - mkdir -p ${{ github.workspace }}/.ccache - chmod -R a+rw ${{ github.workspace }}/.ccache - docker run --rm \ - -v ${{ github.workspace }}/.ccache:/.ccache \ - -u $(id -u ${USER}):$(id -g ${USER}) \ - ${CONTAINER_NAME_FULL} \ - sh -c "ccache -M 1G && ccache -sp && ccache -z" - - - name: Build - run: | - mkdir -p build-${{ matrix.id }} - docker run --name gdal-build \ - --rm \ - -e "GDAL_SOURCE_DIR=$(pwd)" \ - -u $(id -u ${USER}):$(id -g ${USER}) \ - -v $(pwd):$(pwd):rw \ - -v ${{ github.workspace }}/.ccache:/.ccache:rw \ - --workdir $(pwd)/build-${{ matrix.id }} \ - ${CONTAINER_NAME_FULL} \ - $(pwd)/.github/workflows/${{ matrix.id }}/${{ matrix.build_script }} - - - name: Summarize ccache - run: | - docker run --rm \ - -v ${{ github.workspace }}/.ccache:/.ccache \ - -u $(id -u ${USER}):$(id -g ${USER}) \ - ${CONTAINER_NAME_FULL} \ - ccache -s - - - name: Save build cache - uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2 - with: - path: ${{ github.workspace }}/.ccache - key: ${{ steps.restore-cache.outputs.cache-primary-key }} - - - name: Push build environment - # if: github.event_name == 'push' - continue-on-error: true - env: - DOCKER_BUILDKIT: 1 - run: | - docker push ${CONTAINER_NAME_FULL} - - - name: Run tests - env: - TRAVIS: yes - TRAVIS_BRANCH: ${{ matrix.travis_branch }} - run: | - TEST_CMD="$(pwd)/.github/workflows/${{ matrix.id }}/${{ matrix.test_script }}" - - # For cache - mkdir .gdal - - docker run \ - -e CI \ - -e GITHUB_WORKFLOW \ - -e TRAVIS \ - -e TRAVIS_BRANCH \ - -e "GDAL_SOURCE_DIR=$(pwd)" \ - -u $(id -u ${USER}):$(id -g ${USER}) \ - --security-opt seccomp=unconfined \ - --add-host=host.docker.internal:host-gateway \ - --rm \ - -v $(pwd)/.gdal:/.gdal \ - -v $(pwd):$(pwd) \ - --workdir $(pwd)/build-${{ matrix.id }} \ - ${CONTAINER_NAME_FULL} \ - ${TEST_CMD} diff --git a/.github/workflows/stale.yml b/.github/workflows/stale.yml deleted file mode 100644 index 6fd9616bba74..000000000000 --- a/.github/workflows/stale.yml +++ /dev/null @@ -1,55 +0,0 @@ -name: 👓 Handle stale issues -on: - schedule: - - cron: "30 2 * * *" - -permissions: - contents: read - -jobs: - stale: - permissions: - # issues: write # for actions/stale to close stale issues - pull-requests: write # for actions/stale to close stale PRs - if: github.repository_owner == 'OSGeo' - runs-on: ubuntu-latest - steps: - - uses: actions/stale@28ca1036281a5e5922ead5184a1bbf96e5fc984e # v9.0.0 - with: - repo-token: ${{ secrets.GITHUB_TOKEN }} - stale-pr-message: > - The GDAL project highly values your contribution and would love to see - this work merged! - Unfortunately this PR has not had any activity in the last 28 days and - is being automatically marked as "stale". - If you think this pull request should be merged, please check - - - that all unit tests are passing - - - that all comments by reviewers have been addressed - - - that there is enough information for reviewers, in particular link - to any issues which this pull request fixes - - - that you have written unit tests where possible - - In case you should have any uncertainty, please leave a comment and we will - be happy to help you proceed with this pull request. - - If there is no further activity on this pull request, it will be closed in 2 - weeks. - - - close-pr-message: > - While we hate to see this happen, this PR has been automatically closed because - it has not had any activity in the last 6 weeks. If this pull request should be - reconsidered, please follow the guidelines in the previous comment and reopen - this pull request. Or, if you have any further questions, just ask! We love to - help, and if there's anything the GDAL project can do to help push this PR forward - please let us know how we can assist. - - - stale-pr-label: 'stale' - days-before-pr-stale: 28 - days-before-pr-close: 14 - operations-per-run: 1000 diff --git a/.github/workflows/windows_build.yml b/.github/workflows/windows_build.yml deleted file mode 100644 index a75a70f5878c..000000000000 --- a/.github/workflows/windows_build.yml +++ /dev/null @@ -1,204 +0,0 @@ -name: Windows builds - -on: - push: - paths-ignore: - - 'doc/**' - branches-ignore: - - 'backport**' - - 'dependabot**' - pull_request: - paths-ignore: - - 'doc/**' - -concurrency: - group: ${{ github.workflow }}-${{ github.head_ref || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - windows_build: - runs-on: windows-2022 - - strategy: - matrix: - include: - - VS_VERSION: Visual Studio 17 - VS_VER: 2022 - SDK: release-1930 - platform: x86 - PROJ_BRANCH: "9.3" - LIBZSTD_URL: "https://github.com/facebook/zstd/releases/download/v1.4.5/zstd-v1.4.5-win32.zip" - LIBDEFLATE_URL: "https://github.com/ebiggers/libdeflate/releases/download/v1.6/libdeflate-1.6-windows-i686-bin.zip" - SWIG_URL: "https://freefr.dl.sourceforge.net/project/swig/swigwin/swigwin-4.1.1/swigwin-4.1.1.zip" - - env: - VS_VERSION: ${{ matrix.VS_VERSION }} - VS_VER: ${{ matrix.VS_VER }} - SDK: ${{ matrix.SDK }} - platform: ${{ matrix.platform }} - PROJ_BRANCH: "${{ matrix.PROJ_BRANCH }}" - LIBZSTD_URL: "${{ matrix.LIBZSTD_URL }}" - LIBDEFLATE_URL: "${{ matrix.LIBDEFLATE_URL }}" - SWIG_URL: "${{ matrix.SWIG_URL }}" - APPVEYOR: true # to skip some tests - PYTHON_VERSION: "3.10.5" - - steps: - - # To avoid git clone to mess with the line endings of GDAL autotest data - # files that look like text, but should be handled as binary content - - name: Set git core.autocrlf to false - run: | - git config --global core.autocrlf false - - - name: Checkout - uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6 - - - name: Set environment - shell: pwsh - run: | - $env:PATH="C:\hostedtoolcache\windows\Python\$env:PYTHON_VERSION\$env:platform;C:\hostedtoolcache\windows\Python\$env:PYTHON_VERSION\$env:platform\Scripts;$env:PATH" - if($env:platform -eq "x86") - { - $env:ARCHITECTURE="x86" - $env:WIN64_ARG="" - $env:CMAKE_ARCHITECTURE="Win32" - } - else - { - $env:ARCHITECTURE="amd64" - $env:WIN64_ARG="WIN64=YES" - $env:CMAKE_ARCHITECTURE="x64" - } - echo "PATH=$env:PATH" >> $env:GITHUB_ENV - echo "ARCHITECTURE=$env:ARCHITECTURE" >> $env:GITHUB_ENV - echo "WIN64_ARG=$env:WIN64_ARG" >> $env:GITHUB_ENV - echo "CMAKE_ARCHITECTURE=$env:CMAKE_ARCHITECTURE" >> $env:GITHUB_ENV - - - name: Set compiler environment - shell: cmd - run: | - if "%VS_VER%" == "2022" CALL "C:\Program Files\Microsoft Visual Studio\2022\Enterprise\Common7\Tools\VsDevCmd.bat" -arch=%ARCHITECTURE% - echo PATH=%PATH%>> %GITHUB_ENV% - echo INCLUDE=%INCLUDE%>> %GITHUB_ENV% - echo LIB=%LIB%>> %GITHUB_ENV% - echo LIBPATH=%LIBPATH%>> %GITHUB_ENV% - - - name: Remove conflicting libraries - shell: bash -l {0} - run: | - rm -rf C:/Strawberry || /bin/true - - - name: Detect AVX2 - shell: bash - run: | - set -e - cl .github/workflows/detect-avx2.c - if ./detect-avx2.exe; then - echo "AVX2 available on CPU" - echo "ARCH_FLAGS=/arch:AVX2" >> $GITHUB_ENV - else - echo "AVX2 not available on CPU." - echo "ARCH_FLAGS=" >> $GITHUB_ENV - fi - - - name: Build - shell: pwsh - run: | - $ErrorActionPreference = 'continue' - function exec - { - param ( [ScriptBlock] $ScriptBlock ) - & $ScriptBlock 2>&1 | ForEach-Object -Process { "$_" } - if ($LastExitCode -ne 0) { exit $LastExitCode } - } - echo "ARCH_FLAGS = $env:ARCH_FLAGS" - exec { git clone --depth=1 -b $env:PROJ_BRANCH https://github.com/OSGeo/PROJ proj } - Import-PackageProvider NuGet -Force - Set-PSRepository -Name PSGallery -InstallationPolicy Trusted - Install-Module Pscx -AllowClobber - Install-Module VSSetup -Scope CurrentUser - exec { pip install numpy } - $env:SDK_ZIP="$env:SDK"+"-dev.zip" - $env:SDK_URL="http://download.gisinternals.com/sdk/downloads/$env:SDK_ZIP" - if(-Not (Test-Path -Path downloads)) { mkdir downloads } - cd downloads - if(-Not (Test-Path -Path $env:SDK_ZIP )) { Invoke-WebRequest "$env:SDK_URL" -OutFile "$env:SDK_ZIP" } - $env:LIBZSTD_ZIP="libzstd.zip" - if(-Not (Test-Path -Path $env:LIBZSTD_ZIP -PathType Leaf)) { Invoke-WebRequest "$env:LIBZSTD_URL" -OutFile "$env:LIBZSTD_ZIP" } - $env:SWIG_ZIP="swigwin-4.1.1.zip" - if(-Not (Test-Path -Path $env:SWIG_ZIP -PathType Leaf)) { Invoke-WebRequest "$env:SWIG_URL" -OutFile "$env:SWIG_ZIP" } - # $env:LIBDEFLATE_ZIP="libdeflate.zip" - # if(-Not (Test-Path -Path $env:LIBDEFLATE_ZIP -PathType Leaf)) { Invoke-WebRequest "$env:LIBDEFLATE_URL" -OutFile "$env:LIBDEFLATE_ZIP" } - cd .. - mkdir sdk - cd sdk - exec { 7z x ..\downloads\$env:SDK_ZIP } - cd $env:SDK - #exec { 7z x ..\..\downloads\$env:LIBZSTD_ZIP } - exec { 7z x ..\..\downloads\$env:SWIG_ZIP } - # exec { 7z x -y ..\..\downloads\$env:LIBDEFLATE_ZIP } - cd .. - $env:SDK_PREFIX="$env:GITHUB_WORKSPACE\sdk\$env:SDK" - $env:SDK_LIB="$env:SDK_PREFIX\lib" - cd $env:GITHUB_WORKSPACE - cd proj - mkdir build - cd build - $env:VCPKG_PLATFORM="$env:platform"+"-windows" - exec { vcpkg install sqlite3:$env:VCPKG_PLATFORM } - Invoke-WebRequest "https://sqlite.org/2018/sqlite-tools-win32-x86-3250100.zip" -OutFile "sqlite-tools-win32-x86-3250100.zip" - 7z x sqlite-tools-win32-x86-3250100.zip - copy sqlite-tools-win32-x86-3250100/sqlite3.exe $env:GITHUB_WORKSPACE - $env:PATH="$env:GITHUB_WORKSPACE;$env:PATH" - $env:PROJ_INSTALL_DIR="$env:GITHUB_WORKSPACE"+"\install-proj" - $env:CMAKE_INSTALL_PREFIX="-DCMAKE_INSTALL_PREFIX=" + $env:PROJ_INSTALL_DIR - cmake -G $env:VS_VERSION -A $env:CMAKE_ARCHITECTURE .. $env:CMAKE_INSTALL_PREFIX -DPROJ_TESTS=OFF -DCMAKE_BUILD_TYPE=Release -DBUILD_LIBPROJ_SHARED=ON -DCMAKE_TOOLCHAIN_FILE=c:/vcpkg/scripts/buildsystems/vcpkg.cmake -DBUILD_SHARED_LIBS=ON -DENABLE_CURL=OFF -DENABLE_TIFF=OFF -DBUILD_PROJSYNC=OFF - exec { cmake --build . --config Release --target install } - # - cd $env:GITHUB_WORKSPACE - mkdir build - cd build - $env:SDK_BIN="$env:SDK_PREFIX\bin" - $env:PATH="$env:SDK_BIN;$env:SDK\swigwin-4.1.1;$env:PATH" - $env:GDAL_INSTALL_DIR="$env:GITHUB_WORKSPACE"+"\install-gdal" - $env:CMAKE_INSTALL_PREFIX="-DCMAKE_INSTALL_PREFIX=" + $env:GDAL_INSTALL_DIR - $env:PROJ_ROOT="-DPROJ_ROOT=" + $env:PROJ_INSTALL_DIR - $env:CMAKE_PREFIX_PATH="-DCMAKE_PREFIX_PATH=" + $env:SDK_PREFIX - $env:MYSQL_LIBRARY="-DMYSQL_LIBRARY=" + $env:SDK_LIB + "\libmysql.lib" - $env:POPPLER_EXTRA_LIBRARIES="-DPOPPLER_EXTRA_LIBRARIES=" + $env:SDK_LIB + "\freetype.lib;" + $env:SDK_LIB + "\harfbuzz.lib" - # We disable Spatialite and external geotiff as they link to gisinternals proj9 and we have the following linking error - # referring to a file from the gisinternals build machine... - # LINK : fatal error LNK1181: cannot open input file 'E:\buildsystem\release-1930\lib\proj9.lib' [D:\a\gdal\gdal\build\GDAL.vcxproj] - # Disabling HDF4 (and netCDF) for similar reason: LINK : fatal error LNK1181: cannot open input file 'E:\buildsystem\release-1930\lib\mfhdf.lib' - # Disabling KEA because of "keadataset.obj : error LNK2019: unresolved external symbol "public: static class H5::FileAccPropList const & const H5::FileAccPropList::DEFAULT" - cmake -G $env:VS_VERSION -A $env:CMAKE_ARCHITECTURE .. $env:CMAKE_INSTALL_PREFIX -DCMAKE_BUILD_TYPE=Release $env:CMAKE_PREFIX_PATH -DCMAKE_C_FLAGS=" /WX $env:ARCH_FLAGS" -DCMAKE_CXX_FLAGS=" /WX $env:ARCH_FLAGS" -DGDAL_USE_DEFLATE=OFF $env:PROJ_ROOT $env:MYSQL_LIBRARY $env:POPPLER_EXTRA_LIBRARIES -DGDAL_USE_ZLIB_INTERNAL=ON -DECW_INTERFACE_COMPILE_DEFINITIONS="_MBCS;_UNICODE;UNICODE;_WINDOWS;LIBECWJ2;WIN32;_WINDLL;NO_X86_MMI" -DBUILD_CSHARP_BINDINGS=OFF -DBUILD_JAVA_BINDINGS=OFF -DOGR_ENABLE_DRIVER_LIBKML=OFF -DGDAL_USE_SPATIALITE=OFF -DGDAL_USE_GEOTIFF_INTERNAL=ON -DGDAL_USE_HDF4=OFF -DGDAL_USE_NETCDF=OFF -DGDAL_USE_WEBP=OFF -DGDAL_USE_KEA=OFF - exec { cmake --build . --config Release --target install } - - - name: Run tests - shell: pwsh - run: | - $ErrorActionPreference = 'continue' - function exec - { - param ( [ScriptBlock] $ScriptBlock ) - & $ScriptBlock 2>&1 | ForEach-Object -Process { "$_" } - if ($LastExitCode -ne 0) { exit $LastExitCode } - } - $env:SDK_PREFIX="$env:GITHUB_WORKSPACE\sdk\$env:SDK" - $env:SDK_BIN="$env:SDK_PREFIX\bin" - $env:PATH="$env:GITHUB_WORKSPACE\build\Release;$env:GITHUB_WORKSPACE\build\apps\Release;$env:GITHUB_WORKSPACE\install-proj\bin;$env:SDK_BIN;$env:PATH" - $env:GDAL_DATA="$env:GITHUB_WORKSPACE\data" - $env:DO_NOT_FAIL_ON_RECODE_ERRORS="YES" - $env:MDB_ODBC_DRIVER_INSTALLED="YES" - # The ca-bundle.crt file which we could point to is invalid in the current SDK - # See https://github.com/gisinternals/buildsystem/issues/104 - $env:GDAL_HTTP_UNSAFESSL="YES" - cd $env:GITHUB_WORKSPACE\autotest - python3 -m pip install -Ur requirements.txt - # For some reason I can't debug remotely, gdal.dll can'be loaded. Probably something missing in the path - # exec { ctest --test-dir $env:GITHUB_WORKSPACE\build -C Release -V -j 3 -R autotest }