-
Notifications
You must be signed in to change notification settings - Fork 3
167 lines (144 loc) · 6.17 KB
/
Copy pathci.yml
File metadata and controls
167 lines (144 loc) · 6.17 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
# CI pipeline for RTI MedTech Reference Architecture
#
# Uses GitHub-hosted Ubuntu runners with RTI Connext installed via apt.
# The RTI license file must be stored as a repository secret named
# RTI_LICENSE_FILE (base64-encoded contents of rti_license.dat).
#
# Connext installation is cached across runs to avoid repeated downloads.
name: CI
on:
push:
pull_request:
branches: [main, develop]
concurrency:
group: ci-${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
CONNEXT_VERSION: "7.7.0"
PYTHON_VERSION: "3.10"
QT_QPA_PLATFORM: offscreen
DISPLAY: ":99"
jobs:
# ── Lint ────────────────────────────────────────────────────────────────
lint:
name: Lint & Format
runs-on: ubuntu-24.04
timeout-minutes: 7
steps:
- uses: actions/checkout@v5
- uses: actions/setup-python@v6
with:
python-version: ${{ env.PYTHON_VERSION }}
- name: Run pre-commit hooks
uses: pre-commit/action@v3.0.1
with:
extra_args: --all-files --show-diff-on-failure
# ── Build + Test (root-level pytest) ─────────────────────────────────────
test:
name: Build & Test (root pytest)
needs: lint
runs-on: ubuntu-24.04
timeout-minutes: 15
steps:
- uses: actions/checkout@v5
- name: Cache Connext installation
id: cache-connext
uses: actions/cache@v5
with:
path: /opt/rti.com
key: connext-${{ env.CONNEXT_VERSION }}-${{ runner.arch }}-apt-v3
- name: Add RTI apt repository
if: steps.cache-connext.outputs.cache-hit != 'true'
run: |
sudo curl -sSL -o /usr/share/keyrings/rti-official-archive.gpg \
https://packages.rti.com/deb/official/repo.key
printf "deb [arch=%s, signed-by=%s] %s %s main\n" \
$(dpkg --print-architecture) \
/usr/share/keyrings/rti-official-archive.gpg \
https://packages.rti.com/deb/official \
$(. /etc/os-release && echo ${VERSION_CODENAME}) | \
sudo tee /etc/apt/sources.list.d/rti-official.list >/dev/null
sudo apt-get update
- name: Install Connext via apt
if: steps.cache-connext.outputs.cache-hit != 'true'
run: |
echo "rti-connext-dds-${{ env.CONNEXT_VERSION }}-common rti-connext-dds-${{ env.CONNEXT_VERSION }}/license/accepted select true" | \
sudo debconf-set-selections
sudo DEBIAN_FRONTEND=noninteractive \
apt-get install -y --no-install-recommends \
rti-connext-dds-${{ env.CONNEXT_VERSION }}-lib-dev \
rti-connext-dds-${{ env.CONNEXT_VERSION }}-rtiddsgen \
rti-connext-dds-${{ env.CONNEXT_VERSION }}-services-all
- name: Configure Connext build environment
run: |
NDDSHOME=/opt/rti.com/rti_connext_dds-${{ env.CONNEXT_VERSION }}
CONNEXTDDS_ARCH=$(basename $(ls -d "$NDDSHOME"/lib/*/libnddscore.so | head -1 | xargs dirname))
echo "NDDSHOME=$NDDSHOME" >> "$GITHUB_ENV"
echo "CONNEXTDDS_ARCH=$CONNEXTDDS_ARCH" >> "$GITHUB_ENV"
- name: Verify installation
run: |
test -d $NDDSHOME
test -f $NDDSHOME/lib/$CONNEXTDDS_ARCH/libnddssecurity.so
ls $NDDSHOME/third_party/openssl-*/$CONNEXTDDS_ARCH/release/lib/libssl.so* | head -1
- name: Install system dependencies
run: |
sudo rm -f /etc/apt/sources.list.d/{microsoft-prod,azure-cli}.*
sudo apt-get update
sudo apt-get install -y \
cmake \
libgtkmm-3.0-dev \
xvfb \
libegl1 \
libxkbcommon0 \
libgl1 \
libglib2.0-0
- uses: actions/setup-python@v6
with:
python-version: ${{ env.PYTHON_VERSION }}
cache: pip
- name: Install Python dependencies
run: |
pip install --upgrade pip
pip install rti.connext~=${{ env.CONNEXT_VERSION }}.0 \
-r requirements-dev.txt
- name: Build project binaries
run: python build.py -DRTICONNEXTDDS_VERSION=${{ env.CONNEXT_VERSION }} -DCMAKE_BUILD_TYPE=Release -DBUILD_SHARED_LIBS=ON
- name: Generate security artifacts
run: |
python system_arch/security/setup_security.py --force
python modules/04-security-threat/security/setup_threat_security.py --force
- name: Start Xvfb
run: |
Xvfb :99 -screen 0 1024x768x24 &
sleep 1
- name: Configure Connext runtime environment
run: |
OPENSSL_LIB=$(dirname $(ls "$NDDSHOME"/third_party/openssl-*/"$CONNEXTDDS_ARCH"/release/lib/libssl.so* 2>/dev/null | head -1) 2>/dev/null || true)
LD_LIBRARY_PATH="$NDDSHOME/lib/$CONNEXTDDS_ARCH${OPENSSL_LIB:+:$OPENSSL_LIB}${LD_LIBRARY_PATH:+:$LD_LIBRARY_PATH}"
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH" >> "$GITHUB_ENV"
echo "$NDDSHOME/bin" >> "$GITHUB_PATH"
- name: Write license file
run: |
RTI_LICENSE_FILE="$RUNNER_TEMP/rti_license.dat"
echo "${{ secrets.RTI_LICENSE_FILE }}" | base64 -d > "$RTI_LICENSE_FILE"
echo "RTI_LICENSE_FILE=$RTI_LICENSE_FILE" >> "$GITHUB_ENV"
echo "License file check:"
if [ ! -f "$RTI_LICENSE_FILE" ]; then
echo " ERROR: License file was not created"
exit 1
elif [ ! -s "$RTI_LICENSE_FILE" ]; then
echo " ERROR: License file is empty (secret RTI_LICENSE_FILE may not be set)"
exit 1
else
echo " Path: $RTI_LICENSE_FILE"
echo " Size: $(wc -c < $RTI_LICENSE_FILE) bytes"
echo " Contains 'Security': $(grep -ci 'security' $RTI_LICENSE_FILE || echo 0) matches"
fi
- name: Run full test suite from project root
run: python -m pytest -v -m "not build_pipeline" --junitxml=results.xml
- name: Upload test results
if: always()
uses: actions/upload-artifact@v6
with:
name: test-results
path: results.xml