From a1bb8a93eaeea1b15b04d887cf0ccac5737b7448 Mon Sep 17 00:00:00 2001 From: Steve Downey Date: Mon, 22 Dec 2025 11:28:09 -0500 Subject: [PATCH 1/5] Polish for Release Fix file names in code Add all licenses Check SPDX ids Document installtest Update python pinned deps in requirements-dev Update README Add devcontainer/.devcontainer.json for github codespaces --- .devcontainer/devcontainer.json | 19 + .github/workflows/pre-commit-check.yml | 1 + .gitignore | 2 + CMakeLists.txt | 2 +- LICENSE-CC-BY | 395 ++++++++++++++++++ LICENSE-CC0 | 121 ++++++ Makefile | 2 +- README.md | 117 ++++-- examples/CMakeLists.txt | 5 +- examples/base_derived_cast.cpp | 2 +- examples/concept_checks.cpp | 2 +- examples/optional_ref.cpp | 2 +- examples/pythagorean_triples.cpp | 2 +- examples/range_loop.cpp | 2 +- examples/sample.cpp | 2 +- examples/std_vs_beman.cpp | 2 +- include/beman/optional/CMakeLists.txt | 2 +- include/beman/optional/detail/iterator.hpp | 2 +- .../optional/detail/stl_interfaces/config.hpp | 2 +- .../optional/detail/stl_interfaces/fwd.hpp | 2 +- include/beman/optional/optional.hpp | 2 +- installtest/CMakeLists.txt | 11 +- installtest/README.md | 9 + requirements-dev.txt | 30 +- tests/beman/optional/optional.test.cpp | 2 +- .../optional/optional_constexpr.test.cpp | 2 +- .../beman/optional/optional_monadic.test.cpp | 2 +- .../optional/optional_range_support.test.cpp | 2 +- tests/beman/optional/optional_ref.test.cpp | 2 +- .../optional/optional_ref_monadic.test.cpp | 2 +- .../beman/optional/test_constructor_fail.cpp | 2 +- tests/beman/optional/test_types.hpp | 2 +- tests/beman/optional/test_utilities.hpp | 2 +- 33 files changed, 673 insertions(+), 83 deletions(-) create mode 100644 .devcontainer/devcontainer.json create mode 100644 LICENSE-CC-BY create mode 100644 LICENSE-CC0 create mode 100644 installtest/README.md diff --git a/.devcontainer/devcontainer.json b/.devcontainer/devcontainer.json new file mode 100644 index 00000000..87320e65 --- /dev/null +++ b/.devcontainer/devcontainer.json @@ -0,0 +1,19 @@ +// .devcontainer/devcontainer.json -*-json-*- +// SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception + +// For format details, see https://aka.ms/devcontainer.json. For config options, see the +// README at: https://github.com/devcontainers/templates/tree/main/src/cpp + +{ + "name": "Beman Project Generic Devcontainer", + "image": "ghcr.io/bemanproject/infra-containers-devcontainer-gcc:14", + "postCreateCommand": "pre-commit", + "customizations": { + "vscode": { + "extensions": [ + "ms-vscode.cpptools", + "ms-vscode.cmake-tools" + ] + } + } +} diff --git a/.github/workflows/pre-commit-check.yml b/.github/workflows/pre-commit-check.yml index 70895b4e..b9f166e2 100644 --- a/.github/workflows/pre-commit-check.yml +++ b/.github/workflows/pre-commit-check.yml @@ -1,6 +1,7 @@ name: Lint Check (pre-commit) on: + workflow_dispatch: # We have to use pull_request_target here as pull_request does not grant # enough permission for reviewdog pull_request_target: diff --git a/.gitignore b/.gitignore index 28b88950..f590abca 100644 --- a/.gitignore +++ b/.gitignore @@ -32,3 +32,5 @@ compile_commands.json /docs/html /docs/latex /docs/adoc/ +/build/ +/installtest/.build/ diff --git a/CMakeLists.txt b/CMakeLists.txt index d0cc596f..cacfad6a 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -3,7 +3,7 @@ cmake_minimum_required(VERSION 3.27) -project(beman.optional VERSION 0.0.0 LANGUAGES CXX) +project(beman.optional VERSION 1.0.0 LANGUAGES CXX) # Includes include(CTest) diff --git a/LICENSE-CC-BY b/LICENSE-CC-BY new file mode 100644 index 00000000..4ea99c21 --- /dev/null +++ b/LICENSE-CC-BY @@ -0,0 +1,395 @@ +Attribution 4.0 International + +======================================================================= + +Creative Commons Corporation ("Creative Commons") is not a law firm and +does not provide legal services or legal advice. Distribution of +Creative Commons public licenses does not create a lawyer-client or +other relationship. Creative Commons makes its licenses and related +information available on an "as-is" basis. Creative Commons gives no +warranties regarding its licenses, any material licensed under their +terms and conditions, or any related information. Creative Commons +disclaims all liability for damages resulting from their use to the +fullest extent possible. + +Using Creative Commons Public Licenses + +Creative Commons public licenses provide a standard set of terms and +conditions that creators and other rights holders may use to share +original works of authorship and other material subject to copyright +and certain other rights specified in the public license below. The +following considerations are for informational purposes only, are not +exhaustive, and do not form part of our licenses. + + Considerations for licensors: Our public licenses are + intended for use by those authorized to give the public + permission to use material in ways otherwise restricted by + copyright and certain other rights. Our licenses are + irrevocable. Licensors should read and understand the terms + and conditions of the license they choose before applying it. + Licensors should also secure all rights necessary before + applying our licenses so that the public can reuse the + material as expected. Licensors should clearly mark any + material not subject to the license. This includes other CC- + licensed material, or material used under an exception or + limitation to copyright. More considerations for licensors: + wiki.creativecommons.org/Considerations_for_licensors + + Considerations for the public: By using one of our public + licenses, a licensor grants the public permission to use the + licensed material under specified terms and conditions. If + the licensor's permission is not necessary for any reason--for + example, because of any applicable exception or limitation to + copyright--then that use is not regulated by the license. Our + licenses grant only permissions under copyright and certain + other rights that a licensor has authority to grant. Use of + the licensed material may still be restricted for other + reasons, including because others have copyright or other + rights in the material. A licensor may make special requests, + such as asking that all changes be marked or described. + Although not required by our licenses, you are encouraged to + respect those requests where reasonable. More considerations + for the public: + wiki.creativecommons.org/Considerations_for_licensees + +======================================================================= + +Creative Commons Attribution 4.0 International Public License + +By exercising the Licensed Rights (defined below), You accept and agree +to be bound by the terms and conditions of this Creative Commons +Attribution 4.0 International Public License ("Public License"). To the +extent this Public License may be interpreted as a contract, You are +granted the Licensed Rights in consideration of Your acceptance of +these terms and conditions, and the Licensor grants You such rights in +consideration of benefits the Licensor receives from making the +Licensed Material available under these terms and conditions. + + +Section 1 -- Definitions. + + a. Adapted Material means material subject to Copyright and Similar + Rights that is derived from or based upon the Licensed Material + and in which the Licensed Material is translated, altered, + arranged, transformed, or otherwise modified in a manner requiring + permission under the Copyright and Similar Rights held by the + Licensor. For purposes of this Public License, where the Licensed + Material is a musical work, performance, or sound recording, + Adapted Material is always produced where the Licensed Material is + synched in timed relation with a moving image. + + b. Adapter's License means the license You apply to Your Copyright + and Similar Rights in Your contributions to Adapted Material in + accordance with the terms and conditions of this Public License. + + c. Copyright and Similar Rights means copyright and/or similar rights + closely related to copyright including, without limitation, + performance, broadcast, sound recording, and Sui Generis Database + Rights, without regard to how the rights are labeled or + categorized. For purposes of this Public License, the rights + specified in Section 2(b)(1)-(2) are not Copyright and Similar + Rights. + + d. Effective Technological Measures means those measures that, in the + absence of proper authority, may not be circumvented under laws + fulfilling obligations under Article 11 of the WIPO Copyright + Treaty adopted on December 20, 1996, and/or similar international + agreements. + + e. Exceptions and Limitations means fair use, fair dealing, and/or + any other exception or limitation to Copyright and Similar Rights + that applies to Your use of the Licensed Material. + + f. Licensed Material means the artistic or literary work, database, + or other material to which the Licensor applied this Public + License. + + g. Licensed Rights means the rights granted to You subject to the + terms and conditions of this Public License, which are limited to + all Copyright and Similar Rights that apply to Your use of the + Licensed Material and that the Licensor has authority to license. + + h. Licensor means the individual(s) or entity(ies) granting rights + under this Public License. + + i. Share means to provide material to the public by any means or + process that requires permission under the Licensed Rights, such + as reproduction, public display, public performance, distribution, + dissemination, communication, or importation, and to make material + available to the public including in ways that members of the + public may access the material from a place and at a time + individually chosen by them. + + j. Sui Generis Database Rights means rights other than copyright + resulting from Directive 96/9/EC of the European Parliament and of + the Council of 11 March 1996 on the legal protection of databases, + as amended and/or succeeded, as well as other essentially + equivalent rights anywhere in the world. + + k. You means the individual or entity exercising the Licensed Rights + under this Public License. Your has a corresponding meaning. + + +Section 2 -- Scope. + + a. License grant. + + 1. Subject to the terms and conditions of this Public License, + the Licensor hereby grants You a worldwide, royalty-free, + non-sublicensable, non-exclusive, irrevocable license to + exercise the Licensed Rights in the Licensed Material to: + + a. reproduce and Share the Licensed Material, in whole or + in part; and + + b. produce, reproduce, and Share Adapted Material. + + 2. Exceptions and Limitations. For the avoidance of doubt, where + Exceptions and Limitations apply to Your use, this Public + License does not apply, and You do not need to comply with + its terms and conditions. + + 3. Term. The term of this Public License is specified in Section + 6(a). + + 4. Media and formats; technical modifications allowed. The + Licensor authorizes You to exercise the Licensed Rights in + all media and formats whether now known or hereafter created, + and to make technical modifications necessary to do so. The + Licensor waives and/or agrees not to assert any right or + authority to forbid You from making technical modifications + necessary to exercise the Licensed Rights, including + technical modifications necessary to circumvent Effective + Technological Measures. For purposes of this Public License, + simply making modifications authorized by this Section 2(a) + (4) never produces Adapted Material. + + 5. Downstream recipients. + + a. Offer from the Licensor -- Licensed Material. Every + recipient of the Licensed Material automatically + receives an offer from the Licensor to exercise the + Licensed Rights under the terms and conditions of this + Public License. + + b. No downstream restrictions. You may not offer or impose + any additional or different terms or conditions on, or + apply any Effective Technological Measures to, the + Licensed Material if doing so restricts exercise of the + Licensed Rights by any recipient of the Licensed + Material. + + 6. No endorsement. Nothing in this Public License constitutes or + may be construed as permission to assert or imply that You + are, or that Your use of the Licensed Material is, connected + with, or sponsored, endorsed, or granted official status by, + the Licensor or others designated to receive attribution as + provided in Section 3(a)(1)(A)(i). + + b. Other rights. + + 1. Moral rights, such as the right of integrity, are not + licensed under this Public License, nor are publicity, + privacy, and/or other similar personality rights; however, to + the extent possible, the Licensor waives and/or agrees not to + assert any such rights held by the Licensor to the limited + extent necessary to allow You to exercise the Licensed + Rights, but not otherwise. + + 2. Patent and trademark rights are not licensed under this + Public License. + + 3. To the extent possible, the Licensor waives any right to + collect royalties from You for the exercise of the Licensed + Rights, whether directly or through a collecting society + under any voluntary or waivable statutory or compulsory + licensing scheme. In all other cases the Licensor expressly + reserves any right to collect such royalties. + + +Section 3 -- License Conditions. + +Your exercise of the Licensed Rights is expressly made subject to the +following conditions. + + a. Attribution. + + 1. If You Share the Licensed Material (including in modified + form), You must: + + a. retain the following if it is supplied by the Licensor + with the Licensed Material: + + i. identification of the creator(s) of the Licensed + Material and any others designated to receive + attribution, in any reasonable manner requested by + the Licensor (including by pseudonym if + designated); + + ii. a copyright notice; + + iii. a notice that refers to this Public License; + + iv. a notice that refers to the disclaimer of + warranties; + + v. a URI or hyperlink to the Licensed Material to the + extent reasonably practicable; + + b. indicate if You modified the Licensed Material and + retain an indication of any previous modifications; and + + c. indicate the Licensed Material is licensed under this + Public License, and include the text of, or the URI or + hyperlink to, this Public License. + + 2. You may satisfy the conditions in Section 3(a)(1) in any + reasonable manner based on the medium, means, and context in + which You Share the Licensed Material. For example, it may be + reasonable to satisfy the conditions by providing a URI or + hyperlink to a resource that includes the required + information. + + 3. If requested by the Licensor, You must remove any of the + information required by Section 3(a)(1)(A) to the extent + reasonably practicable. + + 4. If You Share Adapted Material You produce, the Adapter's + License You apply must not prevent recipients of the Adapted + Material from complying with this Public License. + + +Section 4 -- Sui Generis Database Rights. + +Where the Licensed Rights include Sui Generis Database Rights that +apply to Your use of the Licensed Material: + + a. for the avoidance of doubt, Section 2(a)(1) grants You the right + to extract, reuse, reproduce, and Share all or a substantial + portion of the contents of the database; + + b. if You include all or a substantial portion of the database + contents in a database in which You have Sui Generis Database + Rights, then the database in which You have Sui Generis Database + Rights (but not its individual contents) is Adapted Material; and + + c. You must comply with the conditions in Section 3(a) if You Share + all or a substantial portion of the contents of the database. + +For the avoidance of doubt, this Section 4 supplements and does not +replace Your obligations under this Public License where the Licensed +Rights include other Copyright and Similar Rights. + + +Section 5 -- Disclaimer of Warranties and Limitation of Liability. + + a. UNLESS OTHERWISE SEPARATELY UNDERTAKEN BY THE LICENSOR, TO THE + EXTENT POSSIBLE, THE LICENSOR OFFERS THE LICENSED MATERIAL AS-IS + AND AS-AVAILABLE, AND MAKES NO REPRESENTATIONS OR WARRANTIES OF + ANY KIND CONCERNING THE LICENSED MATERIAL, WHETHER EXPRESS, + IMPLIED, STATUTORY, OR OTHER. THIS INCLUDES, WITHOUT LIMITATION, + WARRANTIES OF TITLE, MERCHANTABILITY, FITNESS FOR A PARTICULAR + PURPOSE, NON-INFRINGEMENT, ABSENCE OF LATENT OR OTHER DEFECTS, + ACCURACY, OR THE PRESENCE OR ABSENCE OF ERRORS, WHETHER OR NOT + KNOWN OR DISCOVERABLE. WHERE DISCLAIMERS OF WARRANTIES ARE NOT + ALLOWED IN FULL OR IN PART, THIS DISCLAIMER MAY NOT APPLY TO YOU. + + b. TO THE EXTENT POSSIBLE, IN NO EVENT WILL THE LICENSOR BE LIABLE + TO YOU ON ANY LEGAL THEORY (INCLUDING, WITHOUT LIMITATION, + NEGLIGENCE) OR OTHERWISE FOR ANY DIRECT, SPECIAL, INDIRECT, + INCIDENTAL, CONSEQUENTIAL, PUNITIVE, EXEMPLARY, OR OTHER LOSSES, + COSTS, EXPENSES, OR DAMAGES ARISING OUT OF THIS PUBLIC LICENSE OR + USE OF THE LICENSED MATERIAL, EVEN IF THE LICENSOR HAS BEEN + ADVISED OF THE POSSIBILITY OF SUCH LOSSES, COSTS, EXPENSES, OR + DAMAGES. WHERE A LIMITATION OF LIABILITY IS NOT ALLOWED IN FULL OR + IN PART, THIS LIMITATION MAY NOT APPLY TO YOU. + + c. The disclaimer of warranties and limitation of liability provided + above shall be interpreted in a manner that, to the extent + possible, most closely approximates an absolute disclaimer and + waiver of all liability. + + +Section 6 -- Term and Termination. + + a. This Public License applies for the term of the Copyright and + Similar Rights licensed here. However, if You fail to comply with + this Public License, then Your rights under this Public License + terminate automatically. + + b. Where Your right to use the Licensed Material has terminated under + Section 6(a), it reinstates: + + 1. automatically as of the date the violation is cured, provided + it is cured within 30 days of Your discovery of the + violation; or + + 2. upon express reinstatement by the Licensor. + + For the avoidance of doubt, this Section 6(b) does not affect any + right the Licensor may have to seek remedies for Your violations + of this Public License. + + c. For the avoidance of doubt, the Licensor may also offer the + Licensed Material under separate terms or conditions or stop + distributing the Licensed Material at any time; however, doing so + will not terminate this Public License. + + d. Sections 1, 5, 6, 7, and 8 survive termination of this Public + License. + + +Section 7 -- Other Terms and Conditions. + + a. The Licensor shall not be bound by any additional or different + terms or conditions communicated by You unless expressly agreed. + + b. Any arrangements, understandings, or agreements regarding the + Licensed Material not stated herein are separate from and + independent of the terms and conditions of this Public License. + + +Section 8 -- Interpretation. + + a. For the avoidance of doubt, this Public License does not, and + shall not be interpreted to, reduce, limit, restrict, or impose + conditions on any use of the Licensed Material that could lawfully + be made without permission under this Public License. + + b. To the extent possible, if any provision of this Public License is + deemed unenforceable, it shall be automatically reformed to the + minimum extent necessary to make it enforceable. If the provision + cannot be reformed, it shall be severed from this Public License + without affecting the enforceability of the remaining terms and + conditions. + + c. No term or condition of this Public License will be waived and no + failure to comply consented to unless expressly agreed to by the + Licensor. + + d. Nothing in this Public License constitutes or may be interpreted + as a limitation upon, or waiver of, any privileges and immunities + that apply to the Licensor or You, including from the legal + processes of any jurisdiction or authority. + + +======================================================================= + +Creative Commons is not a party to its public +licenses. Notwithstanding, Creative Commons may elect to apply one of +its public licenses to material it publishes and in those instances +will be considered the “Licensor.” The text of the Creative Commons +public licenses is dedicated to the public domain under the CC0 Public +Domain Dedication. Except for the limited purpose of indicating that +material is shared under a Creative Commons public license or as +otherwise permitted by the Creative Commons policies published at +creativecommons.org/policies, Creative Commons does not authorize the +use of the trademark "Creative Commons" or any other trademark or logo +of Creative Commons without its prior written consent including, +without limitation, in connection with any unauthorized modifications +to any of its public licenses or any other arrangements, +understandings, or agreements concerning use of licensed material. For +the avoidance of doubt, this paragraph does not form part of the +public licenses. + +Creative Commons may be contacted at creativecommons.org. diff --git a/LICENSE-CC0 b/LICENSE-CC0 new file mode 100644 index 00000000..0e259d42 --- /dev/null +++ b/LICENSE-CC0 @@ -0,0 +1,121 @@ +Creative Commons Legal Code + +CC0 1.0 Universal + + CREATIVE COMMONS CORPORATION IS NOT A LAW FIRM AND DOES NOT PROVIDE + LEGAL SERVICES. DISTRIBUTION OF THIS DOCUMENT DOES NOT CREATE AN + ATTORNEY-CLIENT RELATIONSHIP. CREATIVE COMMONS PROVIDES THIS + INFORMATION ON AN "AS-IS" BASIS. CREATIVE COMMONS MAKES NO WARRANTIES + REGARDING THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS + PROVIDED HEREUNDER, AND DISCLAIMS LIABILITY FOR DAMAGES RESULTING FROM + THE USE OF THIS DOCUMENT OR THE INFORMATION OR WORKS PROVIDED + HEREUNDER. + +Statement of Purpose + +The laws of most jurisdictions throughout the world automatically confer +exclusive Copyright and Related Rights (defined below) upon the creator +and subsequent owner(s) (each and all, an "owner") of an original work of +authorship and/or a database (each, a "Work"). + +Certain owners wish to permanently relinquish those rights to a Work for +the purpose of contributing to a commons of creative, cultural and +scientific works ("Commons") that the public can reliably and without fear +of later claims of infringement build upon, modify, incorporate in other +works, reuse and redistribute as freely as possible in any form whatsoever +and for any purposes, including without limitation commercial purposes. +These owners may contribute to the Commons to promote the ideal of a free +culture and the further production of creative, cultural and scientific +works, or to gain reputation or greater distribution for their Work in +part through the use and efforts of others. + +For these and/or other purposes and motivations, and without any +expectation of additional consideration or compensation, the person +associating CC0 with a Work (the "Affirmer"), to the extent that he or she +is an owner of Copyright and Related Rights in the Work, voluntarily +elects to apply CC0 to the Work and publicly distribute the Work under its +terms, with knowledge of his or her Copyright and Related Rights in the +Work and the meaning and intended legal effect of CC0 on those rights. + +1. Copyright and Related Rights. A Work made available under CC0 may be +protected by copyright and related or neighboring rights ("Copyright and +Related Rights"). Copyright and Related Rights include, but are not +limited to, the following: + + i. the right to reproduce, adapt, distribute, perform, display, + communicate, and translate a Work; + ii. moral rights retained by the original author(s) and/or performer(s); +iii. publicity and privacy rights pertaining to a person's image or + likeness depicted in a Work; + iv. rights protecting against unfair competition in regards to a Work, + subject to the limitations in paragraph 4(a), below; + v. rights protecting the extraction, dissemination, use and reuse of data + in a Work; + vi. database rights (such as those arising under Directive 96/9/EC of the + European Parliament and of the Council of 11 March 1996 on the legal + protection of databases, and under any national implementation + thereof, including any amended or successor version of such + directive); and +vii. other similar, equivalent or corresponding rights throughout the + world based on applicable law or treaty, and any national + implementations thereof. + +2. Waiver. To the greatest extent permitted by, but not in contravention +of, applicable law, Affirmer hereby overtly, fully, permanently, +irrevocably and unconditionally waives, abandons, and surrenders all of +Affirmer's Copyright and Related Rights and associated claims and causes +of action, whether now known or unknown (including existing as well as +future claims and causes of action), in the Work (i) in all territories +worldwide, (ii) for the maximum duration provided by applicable law or +treaty (including future time extensions), (iii) in any current or future +medium and for any number of copies, and (iv) for any purpose whatsoever, +including without limitation commercial, advertising or promotional +purposes (the "Waiver"). Affirmer makes the Waiver for the benefit of each +member of the public at large and to the detriment of Affirmer's heirs and +successors, fully intending that such Waiver shall not be subject to +revocation, rescission, cancellation, termination, or any other legal or +equitable action to disrupt the quiet enjoyment of the Work by the public +as contemplated by Affirmer's express Statement of Purpose. + +3. Public License Fallback. Should any part of the Waiver for any reason +be judged legally invalid or ineffective under applicable law, then the +Waiver shall be preserved to the maximum extent permitted taking into +account Affirmer's express Statement of Purpose. In addition, to the +extent the Waiver is so judged Affirmer hereby grants to each affected +person a royalty-free, non transferable, non sublicensable, non exclusive, +irrevocable and unconditional license to exercise Affirmer's Copyright and +Related Rights in the Work (i) in all territories worldwide, (ii) for the +maximum duration provided by applicable law or treaty (including future +time extensions), (iii) in any current or future medium and for any number +of copies, and (iv) for any purpose whatsoever, including without +limitation commercial, advertising or promotional purposes (the +"License"). The License shall be deemed effective as of the date CC0 was +applied by Affirmer to the Work. Should any part of the License for any +reason be judged legally invalid or ineffective under applicable law, such +partial invalidity or ineffectiveness shall not invalidate the remainder +of the License, and in such case Affirmer hereby affirms that he or she +will not (i) exercise any of his or her remaining Copyright and Related +Rights in the Work or (ii) assert any associated claims and causes of +action with respect to the Work, in either case contrary to Affirmer's +express Statement of Purpose. + +4. Limitations and Disclaimers. + + a. No trademark or patent rights held by Affirmer are waived, abandoned, + surrendered, licensed or otherwise affected by this document. + b. Affirmer offers the Work as-is and makes no representations or + warranties of any kind concerning the Work, express, implied, + statutory or otherwise, including without limitation warranties of + title, merchantability, fitness for a particular purpose, non + infringement, or the absence of latent or other defects, accuracy, or + the present or absence of errors, whether or not discoverable, all to + the greatest extent permissible under applicable law. + c. Affirmer disclaims responsibility for clearing rights of other persons + that may apply to the Work or any use thereof, including without + limitation any person's Copyright and Related Rights in the Work. + Further, Affirmer disclaims responsibility for obtaining any necessary + consents, permissions or other rights required for any use of the + Work. + d. Affirmer understands and acknowledges that Creative Commons is not a + party to this document and has no duty or obligation with respect to + this CC0 or use of the Work. diff --git a/Makefile b/Makefile index 6a336564..86efc1cf 100755 --- a/Makefile +++ b/Makefile @@ -1,5 +1,5 @@ #! /usr/bin/make -f -# /Makefile -*-makefile-*- +# Makefile -*-makefile-*- # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception INSTALL_PREFIX?=.install/ diff --git a/README.md b/README.md index 9dddc7c7..9f00a6d1 100644 --- a/README.md +++ b/README.md @@ -73,7 +73,7 @@ Full code can be found in [./examples/optional_ref.cpp](./examples/optional_ref. ## License -Source is licensed with the Apache 2.0 license with LLVM exceptions +`beman.optional` is licensed under the Apache License v2.0 with LLVM Exceptions. // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception @@ -97,8 +97,6 @@ Default build: `C++23`. Please check `etc/${compiler}-flags.cmake`. ### Dependencies -This project is mainly tested on `Ubuntu 22.04` and `Ubuntu 24.04`, but it should be as portable as CMake is. This project has no C or C++ dependencies. - Build-time dependencies: * `cmake` @@ -133,54 +131,67 @@ The precise version of GoogleTest that will be used is maintained in +### Supported Platforms + +This project officially supports: + +* GCC versions 12–15 +* LLVM Clang++ (with libstdc++ or libc++) versions 18–21 +* AppleClang version 17.0.0 (i.e., the [latest version on GitHub-hosted macOS runners](https://github.com/actions/runner-images/blob/main/images/macos/macos-15-arm64-Readme.md)) +* MSVC version 19.44.35215.0 (i.e., the [latest version on GitHub-hosted Windows runners](https://github.com/actions/runner-images/blob/main/images/windows/Windows2022-Readme.md)) + +> [!NOTE] +> +> Versions above these ranges would likely work as well, +> (e.g. HEAD/ nightly). +> These development environments are verified using our CI configuration in [.github/workflows/ci_tests.yml](.github/workflows/ci_tests.yml). + ### Instructions -Full set of supported toolchains can be found in [.github/workflows/ci.yml](.github/workflows/ci.yml). +#### Develop using GitHub Codespace -#### Preset CMake Flows +This project supports [GitHub Codespace](https://github.com/features/codespaces) +via [Development Containers](https://containers.dev/), +which allows rapid development and instant hacking in your browser. +We recommend using GitHub codespace to explore this project as it +requires minimal setup. -This project strives to be as normal and simple a CMake project as possible. This build workflow in particular will work, producing a static `beman.optional` library, ready to package: +Click the following badge to create a codespace: -```shell -# List available preset configurations: -$ cmake --workflow --list-presets -Available workflow presets: - - "system" - "gcc-14" - "gcc-13" - "clang-18" - "clang-17" - -# Run examples: -$ cmake --workflow --preset gcc-14 -cmake --workflow --preset gcc-14 -Executing workflow step 1 of 3: configure preset "gcc-14" -... --- Build files have been written to: /path/to/repo/.build/gcc-14 +[![Open in GitHub Codespaces](https://github.com/codespaces/badge.svg)](https://codespaces.new/bemanproject/optional) -Executing workflow step 2 of 3: build preset "gcc-14" +For more documentation on GitHub codespaces, please see +[this doc](https://docs.github.com/en/codespaces/). -ninja: no work to do. +> [!NOTE] +> +> The codespace container may take up to 5 minutes to build and spin-up; this is normal. -Executing workflow step 3 of 3: test preset "gcc-14" +#### Preset CMake Flows -Test project /path/to/repo/.build/gcc-14 - Start 1: OptionalTest.TestGTest - 1/... Test #1: OptionalTest.TestGTest ........................... Passed 0.00 sec -... - Start x: RangeSupportTest.RangeConcepts -.../... Test #x: RangeSupportTest.RangeConcepts ................... Passed 0.00 sec - Start x+1: RangeSupportTest.IteratorConcepts -.../... Test #x+1: RangeSupportTest.IteratorConcepts ................ Passed 0.00 sec -... +This project recommends using [CMake Presets](https://cmake.org/cmake/help/latest/manual/cmake-presets.7.html) +to configure, build and test the project. +Appropriate presets for major compilers have been included by default. +You can use `cmake --list-presets` to see all available presets. -100% tests passed, 0 tests failed out of ... +Here is an example to invoke the `gcc-debug` preset. -Total Test time (real) = 0.09 sec +```shell +cmake --workflow --preset gcc-debug ``` -This should build and run the tests with GCC 14 with the address and undefined behavior sanitizers enabled. +Generally, there are two kinds of presets, `debug` and `release`. + +The `debug` presets are designed to aid development, so it has debugging +instrumentation enabled and many sanitizers enabled. + +> [!NOTE] +> +> The sanitizers that are enabled vary from compiler to compiler. +> See the toolchain files under ([`cmake`](cmake/)) to determine the exact configuration used for each preset. + +The `release` presets are designed for production use, and +consequently have the highest optimization turned on (e.g. `O3`). #### Custom CMake Flows @@ -273,6 +284,36 @@ There is also a Makefile that will automate this process and keep everything up make lint ``` +#### Install beman.optional + + +```bash +cmake --workflow --preset gcc-release +cmake --install build/gcc-release --prefix /opt/beman +``` + +This will generate the following directory structure at `/opt/beman`. + +```txt +/opt/beman +├── include +│   └── beman +│   └── optional +│   ├── detail +│   │   ├── iterator.hpp +│   │   └── stl_interfaces +│   │   ├── config.hpp +│   │   ├── fwd.hpp +│   │   └── iterator_interface.hpp +│   └── optional.hpp +└── lib + └── cmake + └── beman.optional + ├── beman.optional-config.cmake + ├── beman.optional-config-version.cmake + └── beman.optional-targets.cmake +``` + ## Papers Latest revision(s) of the papers can be built / found at: diff --git a/examples/CMakeLists.txt b/examples/CMakeLists.txt index 0d25c6e3..cf977403 100644 --- a/examples/CMakeLists.txt +++ b/examples/CMakeLists.txt @@ -1,8 +1,6 @@ # examples/CMakeLists.txt -*-cmake-*- # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception -set(BEMAN_OPTIONAL_LIBRARY "beman.optional") - include(GNUInstallDirs) # List of all buildable examples. @@ -24,12 +22,13 @@ foreach(example ${EXAMPLES}) target_sources(${example} PRIVATE ${example}.cpp) # Link example with the library. - target_link_libraries(${example} "${BEMAN_OPTIONAL_LIBRARY}") + target_link_libraries(${example} PRIVATE beman.optional) # Install . install( TARGETS ${example} COMPONENT beman.optional_examples DESTINATION ${CMAKE_INSTALL_BINDIR} + EXCLUDE_FROM_ALL ) endforeach() diff --git a/examples/base_derived_cast.cpp b/examples/base_derived_cast.cpp index 4f5d0057..54637448 100644 --- a/examples/base_derived_cast.cpp +++ b/examples/base_derived_cast.cpp @@ -1,4 +1,4 @@ -// examples/optional_ref.cpp -*-C++-*- +// examples/base_derived_cast.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/examples/concept_checks.cpp b/examples/concept_checks.cpp index 41016b3a..9c42b015 100644 --- a/examples/concept_checks.cpp +++ b/examples/concept_checks.cpp @@ -1,4 +1,4 @@ -// examples/concept_checks.cpp -*-C++-*- +// examples/concept_checks.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/examples/optional_ref.cpp b/examples/optional_ref.cpp index 1c0bacbf..b54761cb 100644 --- a/examples/optional_ref.cpp +++ b/examples/optional_ref.cpp @@ -1,4 +1,4 @@ -// examples/optional_ref.cpp -*-C++-*- +// examples/optional_ref.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/examples/pythagorean_triples.cpp b/examples/pythagorean_triples.cpp index 9e924865..837a4bc5 100644 --- a/examples/pythagorean_triples.cpp +++ b/examples/pythagorean_triples.cpp @@ -1,4 +1,4 @@ -// examples/pythagorean_triples.cpp -*-C++-*- +// examples/pythagorean_triples.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/examples/range_loop.cpp b/examples/range_loop.cpp index 96185e93..7b06547a 100644 --- a/examples/range_loop.cpp +++ b/examples/range_loop.cpp @@ -1,4 +1,4 @@ -// examples/range_loop.cpp -*-C++-*- +// examples/range_loop.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/examples/sample.cpp b/examples/sample.cpp index 14536f77..428ff998 100644 --- a/examples/sample.cpp +++ b/examples/sample.cpp @@ -1,4 +1,4 @@ -// examples/sample.cpp -*-C++-*- +// examples/sample.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/examples/std_vs_beman.cpp b/examples/std_vs_beman.cpp index 729d4fe9..616da8c5 100644 --- a/examples/std_vs_beman.cpp +++ b/examples/std_vs_beman.cpp @@ -1,4 +1,4 @@ -// examples/std_vs_beman.cpp -*-C++-*- +// examples/std_vs_beman.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/include/beman/optional/CMakeLists.txt b/include/beman/optional/CMakeLists.txt index 6227f008..a27526ba 100644 --- a/include/beman/optional/CMakeLists.txt +++ b/include/beman/optional/CMakeLists.txt @@ -1,4 +1,4 @@ -# include/beman/optional/CMakeLists.txt -*-cmake-*- +# include/beman/optional/CMakeLists.txt -*-cmake-*- # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception target_sources( diff --git a/include/beman/optional/detail/iterator.hpp b/include/beman/optional/detail/iterator.hpp index c7a99f75..7dc8751f 100644 --- a/include/beman/optional/detail/iterator.hpp +++ b/include/beman/optional/detail/iterator.hpp @@ -1,4 +1,4 @@ -// include/beman/optional/detail/iterator.hpp -*-C++-*- +// include/beman/optional/detail/iterator.hpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #ifndef BEMAN_OPTIONAL_DETAIL_ITERATOR_HPP diff --git a/include/beman/optional/detail/stl_interfaces/config.hpp b/include/beman/optional/detail/stl_interfaces/config.hpp index 994b933e..0d5a0880 100644 --- a/include/beman/optional/detail/stl_interfaces/config.hpp +++ b/include/beman/optional/detail/stl_interfaces/config.hpp @@ -1,4 +1,4 @@ -// include/beman/optional/detail/stl_interfaces/config.hpp -*-C++-*- +// include/beman/optional/detail/stl_interfaces/config.hpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // Copyright (C) 2020 T. Zachary Laine diff --git a/include/beman/optional/detail/stl_interfaces/fwd.hpp b/include/beman/optional/detail/stl_interfaces/fwd.hpp index 536ac8ae..08bc9ca2 100644 --- a/include/beman/optional/detail/stl_interfaces/fwd.hpp +++ b/include/beman/optional/detail/stl_interfaces/fwd.hpp @@ -1,4 +1,4 @@ -// include/beman/optional/detail/stl_interfaces/fwd.hpp -*-C++-*- +// include/beman/optional/detail/stl_interfaces/fwd.hpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception // Copyright (C) 2019 T. Zachary Laine diff --git a/include/beman/optional/optional.hpp b/include/beman/optional/optional.hpp index 266a07df..08c023fc 100644 --- a/include/beman/optional/optional.hpp +++ b/include/beman/optional/optional.hpp @@ -1,4 +1,4 @@ -// include/beman/optional/optional.hpp -*-C++-*- +// include/beman/optional/optional.hpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #ifndef BEMAN_OPTIONAL_OPTIONAL_HPP diff --git a/installtest/CMakeLists.txt b/installtest/CMakeLists.txt index dc1c07ef..e3f202b1 100644 --- a/installtest/CMakeLists.txt +++ b/installtest/CMakeLists.txt @@ -1,7 +1,10 @@ -cmake_minimum_required(VERSION 3.30) -project(ConsumerBemanOptional) +# installtest/CMakeLists.txt -*-CMake-*- +# SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception -set(CMAKE_CXX_STANDARD 20) +cmake_minimum_required(VERSION 3.27) +project(TestInstalledOptional) + +set(CMAKE_CXX_STANDARD 20) #current minimum C++ version # Enable testing in this separate project enable_testing() @@ -15,7 +18,7 @@ find_package( NO_DEFAULT_PATH ) -# Add your test executable +# Add the test executable add_executable(TestInstalledOptional test.cpp) # Link against the imported target diff --git a/installtest/README.md b/installtest/README.md new file mode 100644 index 00000000..72ffa943 --- /dev/null +++ b/installtest/README.md @@ -0,0 +1,9 @@ +# Test Project against installed `beman.optional` + +To test from the root of the source tree +```sh +cmake --workflow --preset gcc-release +cmake --install build/gcc-release --prefix .install --component beman.optional +cmake -S installtest -B installtest/build +cmake --build installtest/build --target test +``` diff --git a/requirements-dev.txt b/requirements-dev.txt index c586c00c..dd872583 100644 --- a/requirements-dev.txt +++ b/requirements-dev.txt @@ -1,32 +1,32 @@ -cfgv==3.4.0 +cfgv==3.5.0 # via pre-commit clang-format==18.1.8 # via -r requirements-dev.in -colorlog==6.8.2 +colorlog==6.10.1 # via gcovr -distlib==0.3.8 +distlib==0.4.0 # via virtualenv -filelock==3.15.4 +filelock==3.20.1 # via virtualenv -gcovr==7.2 +gcovr==8.4 # via -r requirements-dev.in -identify==2.6.0 +identify==2.6.15 # via pre-commit -jinja2==3.1.4 +jinja2==3.1.6 # via gcovr -lxml==5.3.0 +lxml==6.0.2 # via gcovr -markupsafe==2.1.5 +markupsafe==3.0.3 # via jinja2 -nodeenv==1.9.1 +nodeenv==1.10.0 # via pre-commit -platformdirs==4.2.2 +platformdirs==4.5.1 # via virtualenv -pre-commit==3.7.1 +pre-commit==4.5.1 # via -r requirements-dev.in -pygments==2.18.0 +pygments==2.19.2 # via gcovr -pyyaml==6.0.1 +pyyaml==6.0.3 # via pre-commit -virtualenv==20.26.6 +virtualenv==20.35.4 # via pre-commit diff --git a/tests/beman/optional/optional.test.cpp b/tests/beman/optional/optional.test.cpp index 6294a7ee..bfa62088 100644 --- a/tests/beman/optional/optional.test.cpp +++ b/tests/beman/optional/optional.test.cpp @@ -1,4 +1,4 @@ -// tests/beman/optional/optional.t.cpp -*-C++-*- +// tests/beman/optional/optional.test.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/tests/beman/optional/optional_constexpr.test.cpp b/tests/beman/optional/optional_constexpr.test.cpp index 626ce9e2..ee99fc61 100644 --- a/tests/beman/optional/optional_constexpr.test.cpp +++ b/tests/beman/optional/optional_constexpr.test.cpp @@ -1,4 +1,4 @@ -// tests/beman/optional/optional_constexpr.t.cpp -*-C++-*- +// tests/beman/optional/optional_constexpr.test.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/tests/beman/optional/optional_monadic.test.cpp b/tests/beman/optional/optional_monadic.test.cpp index 40c604a1..6bd41006 100644 --- a/tests/beman/optional/optional_monadic.test.cpp +++ b/tests/beman/optional/optional_monadic.test.cpp @@ -1,4 +1,4 @@ -// tests/beman/optional/optional_monadic.t.cpp -*-C++-*- +// tests/beman/optional/optional_monadic.test.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/tests/beman/optional/optional_range_support.test.cpp b/tests/beman/optional/optional_range_support.test.cpp index 5429dff3..67be0871 100644 --- a/tests/beman/optional/optional_range_support.test.cpp +++ b/tests/beman/optional/optional_range_support.test.cpp @@ -1,4 +1,4 @@ -// tests/beman/optional/optional_range_support.t.cpp -*-C++-*- +// tests/beman/optional/optional_range_support.test.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception /** diff --git a/tests/beman/optional/optional_ref.test.cpp b/tests/beman/optional/optional_ref.test.cpp index 42d1ca6d..9917ff2a 100644 --- a/tests/beman/optional/optional_ref.test.cpp +++ b/tests/beman/optional/optional_ref.test.cpp @@ -1,4 +1,4 @@ -// tests/beman/optional/optional_ref.t.cpp -*-C++-*- +// tests/beman/optional/optional_ref.test.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/tests/beman/optional/optional_ref_monadic.test.cpp b/tests/beman/optional/optional_ref_monadic.test.cpp index 43473621..9255de39 100644 --- a/tests/beman/optional/optional_ref_monadic.test.cpp +++ b/tests/beman/optional/optional_ref_monadic.test.cpp @@ -1,4 +1,4 @@ -// tests/beman/optional/optional_ref_monadic.t.cpp -*-C++-*- +// tests/beman/optional/optional_ref_monadic.test.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/tests/beman/optional/test_constructor_fail.cpp b/tests/beman/optional/test_constructor_fail.cpp index 8711d10e..c5c6b9b0 100644 --- a/tests/beman/optional/test_constructor_fail.cpp +++ b/tests/beman/optional/test_constructor_fail.cpp @@ -1,4 +1,4 @@ -// tests/beman/optional/test_constructor_fail.t.cpp -*-C++-*- +// tests/beman/optional/test_constructor_fail.test.cpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #include diff --git a/tests/beman/optional/test_types.hpp b/tests/beman/optional/test_types.hpp index 332f96c5..b8435eca 100644 --- a/tests/beman/optional/test_types.hpp +++ b/tests/beman/optional/test_types.hpp @@ -1,4 +1,4 @@ -// tests/beman/optional/test_types.h -*-C++-*- +// tests/beman/optional/test_types.hpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #ifndef TESTS_BEMAN_OPTIONAL_TEST_TYPES_HPP diff --git a/tests/beman/optional/test_utilities.hpp b/tests/beman/optional/test_utilities.hpp index 243b98f4..fc001857 100644 --- a/tests/beman/optional/test_utilities.hpp +++ b/tests/beman/optional/test_utilities.hpp @@ -1,4 +1,4 @@ -// tests/beman/optional/test_utilities.hpp -*-C++-*- +// tests/beman/optional/test_utilities.hpp -*-C++-*- // SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception #ifndef TESTS_BEMAN_OPTIONAL_TEST_UTILITIES_HPP From 0b84738b687712c8e38b1f4404381a53c6e01f2b Mon Sep 17 00:00:00 2001 From: Steve Downey Date: Mon, 22 Dec 2025 12:07:10 -0500 Subject: [PATCH 2/5] Add security scanning configuration codeql and ossf scorecard --- .github/workflows/codeql.yml | 105 ++++++++++++++++++ .github/workflows/ossf-scorecard-analysis.yml | 56 ++++++++++ 2 files changed, 161 insertions(+) create mode 100644 .github/workflows/codeql.yml create mode 100644 .github/workflows/ossf-scorecard-analysis.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 00000000..a1ac81b0 --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,105 @@ +--- +# For most projects, this workflow file will not need changing; you simply need +# to commit it to your repository. +# +# You may wish to alter this file to override the set of languages analyzed, +# or to provide custom queries or build logic. +# +# ******** NOTE ******** +# We have attempted to detect the languages in your repository. Please check +# the `language` matrix defined below to confirm you have the correct set of +# supported CodeQL languages. +# +name: "CodeQL Advanced" + +on: + push: + branches: ["main"] + pull_request: + branches: ["main"] + schedule: + - cron: "33 19 * * 4" + +# Declare default permissions as read-only +permissions: read-all + +jobs: + analyze: + name: Analyze (${{ matrix.language }}) + # Runner size impacts CodeQL analysis time. To learn more, please see: + # - https://gh.io/recommended-hardware-resources-for-running-codeql + # - https://gh.io/supported-runners-and-hardware-resources + # - https://gh.io/using-larger-runners (GitHub.com only) + # Consider using larger runners or machines with greater resources for possible analysis time improvements. + runs-on: ${{ (matrix.language == 'swift' && 'macos-latest') || 'ubuntu-latest' }} + permissions: + # required for all workflows + security-events: write + + # required to fetch internal or private CodeQL packs + packages: read + + # only required for workflows in private repositories + actions: read + contents: read + + strategy: + fail-fast: false + matrix: + include: + - language: actions + build-mode: none + # CodeQL supports the following values keywords for 'language': 'actions', 'c-cpp', 'csharp', 'go', 'java-kotlin', 'javascript-typescript', 'python', 'ruby', 'swift' + # Use `c-cpp` to analyze code written in C, C++ or both + # Use 'java-kotlin' to analyze code written in Java, Kotlin or both + # Use 'javascript-typescript' to analyze code written in JavaScript, TypeScript or both + # To learn more about changing the languages that are analyzed or customizing the build mode for your analysis, + # see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/customizing-your-advanced-setup-for-code-scanning. + # If you are analyzing a compiled language, you can modify the 'build-mode' for that language to customize how + # your codebase is analyzed, see https://docs.github.com/en/code-security/code-scanning/creating-an-advanced-setup-for-code-scanning/codeql-code-scanning-for-compiled-languages + steps: + - name: Checkout repository + uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0 + with: + persist-credentials: false + + # Add any setup steps before running the `github/codeql-action/init` action. + # This includes steps like installing compilers or runtimes (`actions/setup-node` + # or others). This is typically only required for manual builds. + # Ensure the GitHub Actions hash is pinned if this setup step is uncommented. + # - name: Setup runtime (example) + # uses: actions/setup-example@v1 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + with: + languages: ${{ matrix.language }} + build-mode: ${{ matrix.build-mode }} + # If you wish to specify custom queries, you can do so here or in a config file. + # By default, queries listed here will override any specified in a config file. + # Prefix the list here with "+" to use these queries and those in the config file. + + # For more details on CodeQL's query packs, refer to: https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs + # queries: security-extended,security-and-quality + + # If the analyze step fails for one of the languages you are analyzing with + # "We were unable to automatically build your code", modify the matrix above + # to set the build mode to "manual" for that language. Then modify this step + # to build your code. + # ℹ️ Command-line programs to run using the OS shell. + # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun + - if: matrix.build-mode == 'manual' + shell: bash + run: | + echo 'If you are using a "manual" build mode for one or more of the' \ + 'languages you are analyzing, replace this with the commands to build' \ + 'your code, for example:' + echo ' make bootstrap' + echo ' make release' + exit 1 + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@0499de31b99561a6d14a36a5f662c2a54f91beee # v4.31.2 + with: + category: "/language:${{matrix.language}}" diff --git a/.github/workflows/ossf-scorecard-analysis.yml b/.github/workflows/ossf-scorecard-analysis.yml new file mode 100644 index 00000000..0c0ba08c --- /dev/null +++ b/.github/workflows/ossf-scorecard-analysis.yml @@ -0,0 +1,56 @@ +name: Scorecard analysis workflow +on: + push: + # Only the default branch is supported. + branches: + - main + schedule: + # Weekly on Saturdays. + - cron: '30 1 * * 6' + +permissions: read-all + +jobs: + analysis: + name: Scorecard analysis + runs-on: ubuntu-latest + permissions: + # Needed for Code scanning upload + security-events: write + # Needed for GitHub OIDC token if publish_results is true + id-token: write + + steps: + - name: "Checkout code" + uses: actions/checkout@8e8c483db84b4bee98b60c0593521ed34d9990e8 # v6.0.1 + with: + persist-credentials: false + + - name: "Run analysis" + uses: ossf/scorecard-action@4eaacf0543bb3f2c246792bd56e8cdeffafb205a # v2.4.3 + with: + results_file: results.sarif + results_format: sarif + # Scorecard team runs a weekly scan of public GitHub repos, + # see https://github.com/ossf/scorecard#public-data. + # Setting `publish_results: true` helps us scale by leveraging your workflow to + # extract the results instead of relying on our own infrastructure to run scans. + # And it's free for you! + publish_results: true + + # Upload the results as artifacts (optional). Commenting out will disable + # uploads of run results in SARIF format to the repository Actions tab. + # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts + - name: "Upload artifact" + uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 + with: + name: SARIF file + path: results.sarif + retention-days: 5 + + # Upload the results to GitHub's code scanning dashboard (optional). + # Commenting out will disable upload of results to your repo's Code Scanning dashboard + - name: "Upload to code-scanning" + uses: github/codeql-action/upload-sarif@cf1bb45a277cb3c205638b2cd5c984db1c46a412 # v4.31.7 + with: + sarif_file: results.sarif From 428efedbe0c3c858a7330e9dc89b3fb972d6e104 Mon Sep 17 00:00:00 2001 From: Steve Downey Date: Mon, 22 Dec 2025 12:40:48 -0500 Subject: [PATCH 3/5] Code issues with pre-commit hook --- .github/workflows/pre-commit.yml | 8 +++----- 1 file changed, 3 insertions(+), 5 deletions(-) diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index fc7ecc00..d8c70dd2 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -2,7 +2,7 @@ name: pre-commit on: workflow_dispatch: - pull_request_target: + pull_request: push: jobs: @@ -56,10 +56,8 @@ jobs: # we only lint on the changed file in PR. - name: Get Changed Files id: changed-files - uses: tj-actions/changed-files@v47 + uses: step-security/changed-files@v46 - # See: - # https://github.com/tj-actions/changed-files?tab=readme-ov-file#using-local-git-directory- - uses: pre-commit/action@v3.0.1 id: run-pre-commit with: @@ -67,7 +65,7 @@ jobs: # Review dog posts the suggested change from pre-commit to the pr. - name: suggester / pre-commit - uses: reviewdog/action-suggester@v1 + uses: reviewdog/action-suggester@aa38384ceb608d00f84b4690cacc83a5aba307ff #v1.24.0 if: ${{ failure() && steps.run-pre-commit.conclusion == 'failure' }} with: tool_name: pre-commit From 47bbee2b0b5748c4079d2d2398723fd24e99f2b9 Mon Sep 17 00:00:00 2001 From: Steve Downey Date: Mon, 22 Dec 2025 12:58:34 -0500 Subject: [PATCH 4/5] Limit permissions on actions --- .github/workflows/ci.yml | 5 +++++ .github/workflows/ci_tests.yml | 6 ++++++ .github/workflows/pre-commit-check.yml | 2 ++ .github/workflows/pre-commit-update.yml | 3 +++ .github/workflows/pre-commit.yml | 3 +++ 5 files changed, 19 insertions(+) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 5716cd8e..31c1dbb6 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -8,6 +8,8 @@ on: # minute hour day month day-of-week # Run at 12:25 UTC every day - cron: '25 12 * * *' + permissions: + contents: read jobs: build: @@ -111,6 +113,9 @@ jobs: runs-on: ubuntu-latest needs: [build] if: failure() && github.event_name == 'schedule' + permissions: + contents: read + issues: write steps: # See https://github.com/cli/cli/issues/5075 - uses: actions/checkout@v6 diff --git a/.github/workflows/ci_tests.yml b/.github/workflows/ci_tests.yml index e01e64ac..745d0899 100644 --- a/.github/workflows/ci_tests.yml +++ b/.github/workflows/ci_tests.yml @@ -2,6 +2,9 @@ name: Continuous Integration Tests +permissions: + contents: read + on: push: branches: @@ -127,4 +130,7 @@ jobs: create-issue-when-fault: needs: [preset-test, build-and-test] if: failure() && github.event_name == 'schedule' + permissions: + contents: read + issues: write uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-create-issue-when-fault.yml@1.1.0 diff --git a/.github/workflows/pre-commit-check.yml b/.github/workflows/pre-commit-check.yml index b9f166e2..46c4cdf5 100644 --- a/.github/workflows/pre-commit-check.yml +++ b/.github/workflows/pre-commit-check.yml @@ -8,6 +8,8 @@ on: push: branches: - main + permissions: + contents: read jobs: pre-commit: diff --git a/.github/workflows/pre-commit-update.yml b/.github/workflows/pre-commit-update.yml index ec7ac74c..6809c363 100644 --- a/.github/workflows/pre-commit-update.yml +++ b/.github/workflows/pre-commit-update.yml @@ -9,6 +9,9 @@ on: jobs: auto-update-pre-commit: + permissions: + contents: write + pull-requests: write uses: bemanproject/infra-workflows/.github/workflows/reusable-beman-update-pre-commit.yml@1.1.0 secrets: APP_ID: ${{ secrets.AUTO_PR_BOT_APP_ID }} diff --git a/.github/workflows/pre-commit.yml b/.github/workflows/pre-commit.yml index d8c70dd2..8dd28a36 100644 --- a/.github/workflows/pre-commit.yml +++ b/.github/workflows/pre-commit.yml @@ -11,6 +11,9 @@ jobs: runs-on: ubuntu-latest if: ${{ github.event_name == 'push' }} + permissions: + contents: read + steps: - name: Checkout repository uses: actions/checkout@v6 From 7c6c27d884535e4c17b7afdde11573034c25d0dd Mon Sep 17 00:00:00 2001 From: Steve Downey Date: Mon, 22 Dec 2025 13:23:43 -0500 Subject: [PATCH 5/5] Update paper status --- README.md | 2 ++ 1 file changed, 2 insertions(+) diff --git a/README.md b/README.md index 9f00a6d1..309829af 100644 --- a/README.md +++ b/README.md @@ -331,3 +331,5 @@ Latest revision(s) of the papers can be built / found at: * LEWG: * Reviewed in Tokyo 2024. * Forwarded by LEWG in 2025 in Hagenberg. + * LWG: + * Reviewed and approved in Hagenberg 2025.