diff --git a/.github/workflows/build_docs.yml b/.github/workflows/build_docs.yml index 5e342bb4..5608c044 100644 --- a/.github/workflows/build_docs.yml +++ b/.github/workflows/build_docs.yml @@ -29,6 +29,8 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout code + with: + persist-credentials: false uses: actions/checkout@v4 - name: Install Python diff --git a/.github/workflows/fypp_checks.yml b/.github/workflows/fypp_checks.yml index 90dc7a1a..cc1d56d1 100644 --- a/.github/workflows/fypp_checks.yml +++ b/.github/workflows/fypp_checks.yml @@ -23,6 +23,8 @@ jobs: runs-on: ubuntu-latest steps: - uses: actions/checkout@v3 + with: + persist-credentials: false - uses: actions/setup-python@v4 with: python-version: "3.11" diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml index f27f6fdd..303929aa 100644 --- a/.github/workflows/static_analysis.yml +++ b/.github/workflows/static_analysis.yml @@ -10,7 +10,7 @@ on: # Triggers the workflow on pushes to open pull requests with code changes pull_request: paths: - - '.github/workflows/static_analysis.yml' + - '.github/workflows/*.yml' - '**.c' - '**.cpp' - '**.fypp' @@ -18,6 +18,8 @@ on: - '**.F90' - '**.pf' - '**.py' + - '**.sh' + - '**CMakeLists.txt' # Allows you to run this workflow manually from the Actions tab workflow_dispatch: @@ -35,6 +37,8 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout code + with: + persist-credentials: false uses: actions/checkout@v4 - name: Install Python @@ -63,13 +67,31 @@ jobs: cmake .. -DCMAKE_BUILD_TYPE=Release -DCMAKE_INSTALL_PREFIX=${BUILD_DIR} -DCMAKE_Fortran_FLAGS="-std=f2008" -DCMAKE_EXPORT_COMPILE_COMMANDS=ON # Apply CMake linter, cmake-lint - - name: cmake + - name: cmake-lint if: always() run: | cd ${{ github.workspace }} . ftorch_venv/bin/activate cmake-lint $(find . -name CMakeLists.txt) + # Apply Shell linter, shellcheck + - name: shellcheck + if: always() + run: | + cd ${{ github.workspace }} + sudo apt install shellcheck + for FILE in $(find . -name "*.sh"); do + shellcheck ${FILE} + done + + # Apply GitHub Actions linter, zizmor + - name: zizmor + if: always() + run: | + cd ${{ github.workspace }} + . ftorch_venv/bin/activate + zizmor .github/workflows/*.yml + # Apply Fortran linter, fortitude # Configurable using the fortitude.toml file if present - name: fortitude source diff --git a/.github/workflows/test_suite_ubuntu.yml b/.github/workflows/test_suite_ubuntu.yml index ed9e74f7..cb314958 100644 --- a/.github/workflows/test_suite_ubuntu.yml +++ b/.github/workflows/test_suite_ubuntu.yml @@ -46,6 +46,8 @@ jobs: steps: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout code + with: + persist-credentials: false uses: actions/checkout@v4 - name: Install Python diff --git a/.github/workflows/test_suite_windows.yml b/.github/workflows/test_suite_windows.yml index d96712dd..2d220226 100644 --- a/.github/workflows/test_suite_windows.yml +++ b/.github/workflows/test_suite_windows.yml @@ -11,6 +11,7 @@ on: pull_request: paths: - '.github/workflows/test_suite_windows.yml' + - '**.bat' - '**.c' - '**.cpp' - '**.fypp' @@ -18,7 +19,6 @@ on: - '**.F90' - '**.pf' - '**.py' - - '**.sh' - '**CMakeLists.txt' - '**requirements.txt' - '**data/*' @@ -53,6 +53,8 @@ jobs: # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it - name: Checkout code + with: + persist-credentials: false uses: actions/checkout@v4 - name: Install Python diff --git a/pages/developer.md b/pages/developer.md index 826871be..16735f68 100644 --- a/pages/developer.md +++ b/pages/developer.md @@ -106,9 +106,17 @@ The tools we use are as follows on a language-by-language basis: * C++: [clang-format](https://clang.llvm.org/docs/ClangFormat.html) and [clang-tidy](https://clang.llvm.org/extra/clang-tidy/) * C: [clang-format](https://clang.llvm.org/docs/ClangFormat.html) and [clang-tidy](https://clang.llvm.org/extra/clang-tidy/) * Python: [ruff](https://docs.astral.sh/ruff/) +* Shell: [ShellCheck](https://github.com/koalaman/shellcheck) * CMake: [cmake-format](https://github.com/cheshirekow/cmake_format) +* GitHub Actions workflows: [zizmor](https://woodruffw.github.io/zizmor) Instructions on installing these tools can be found in their respective documentations. +Note that all but ShellCheck may be installed with pip. A shortcut for doing +this is to run the following from the base FTorch directory: +``` +pip install -r requirements.txt +``` + Contributors should run them over their code and ensure that it conforms before submitting a pull request. If there is a good reason to ignore a particular rule this should be justified in the pull request and ideally documented in the code. diff --git a/requirements.txt b/requirements.txt index 6aca14b6..4fb93fec 100644 --- a/requirements.txt +++ b/requirements.txt @@ -3,3 +3,4 @@ fortitude-lint==0.6.0 clang-format==19.1.3 clang-tidy==19.1.0 cmakelang +zizmor==0.9.2 diff --git a/run_integration_tests.sh b/run_integration_tests.sh index 63fbed42..94b27e8a 100755 --- a/run_integration_tests.sh +++ b/run_integration_tests.sh @@ -11,13 +11,12 @@ set -eu -CTEST_ARGS=$@ EXAMPLES="1_SimpleNet 2_ResNet18 4_MultiIO 6_Autograd" BUILD_DIR=src/build for EXAMPLE in ${EXAMPLES}; do - pip -q install -r examples/${EXAMPLE}/requirements.txt - cd ${BUILD_DIR}/test/examples/${EXAMPLE} - ctest ${CTEST_ARGS} + pip -q install -r examples/"${EXAMPLE}"/requirements.txt + cd "${BUILD_DIR}"/test/examples/"${EXAMPLE}" + ctest "$@" cd - done