Refactor naming, headers, and include dependencies #50
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: PR Validation | |
| on: | |
| pull_request: | |
| types: [opened, edited, synchronize, reopened] | |
| concurrency: | |
| group: pr-${{ github.event.pull_request.number }} | |
| cancel-in-progress: true | |
| jobs: | |
| validate-commits: | |
| name: Validate Commit Messages | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| - name: Validate commit format | |
| run: | | |
| echo "Validating commit messages..." | |
| INVALID_COMMITS=0 | |
| # Get commits in PR | |
| git log --pretty=format:"%H %s" origin/${{ github.base_ref }}..${{ github.sha }} | while read hash message; do | |
| # Check conventional commit format | |
| if ! echo "$message" | grep -qE "^(feat|fix|docs|style|refactor|test|chore|perf|ci|build|revert)(\(.+\))?: .+"; then | |
| echo "❌ Invalid commit format: $hash" | |
| echo " Message: $message" | |
| echo " Expected format: type(scope): description" | |
| INVALID_COMMITS=$((INVALID_COMMITS + 1)) | |
| else | |
| echo "✓ Valid commit: $message" | |
| fi | |
| done | |
| if [ $INVALID_COMMITS -gt 0 ]; then | |
| echo "" | |
| echo "ERROR: Found $INVALID_COMMITS invalid commit message(s)" | |
| echo "Please use conventional commit format:" | |
| echo " feat: add new feature" | |
| echo " fix: fix bug" | |
| echo " docs: update documentation" | |
| exit 1 | |
| fi | |
| echo "✓ All commit messages are valid" | |
| validate-branch: | |
| name: Validate Branch Name | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check branch naming convention | |
| run: | | |
| BRANCH="${{ github.head_ref }}" | |
| echo "Validating branch name: $BRANCH" | |
| # Allow patterns: feature/*, fix/*, docs/*, NNN-description, develop | |
| if echo "$BRANCH" | grep -qE "^(feature|fix|docs|test|chore)/[a-z0-9-]+$|^[0-9]{3}-[a-z0-9-]+$|^develop$"; then | |
| echo "✓ Branch name is valid: $BRANCH" | |
| else | |
| echo "❌ Invalid branch name: $BRANCH" | |
| echo "Expected formats:" | |
| echo " - feature/description" | |
| echo " - fix/description" | |
| echo " - NNN-description (where NNN is a 3-digit number)" | |
| exit 1 | |
| fi | |
| validate-pr-template: | |
| name: Validate PR Description | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Check PR description | |
| uses: actions/github-script@v7 | |
| with: | |
| script: | | |
| const pr = context.payload.pull_request; | |
| const body = pr.body || ''; | |
| console.log('Checking PR description...'); | |
| // Check for required sections | |
| const requiredSections = [ | |
| 'Description', | |
| 'Changes', | |
| 'Testing' | |
| ]; | |
| let missingSection = false; | |
| requiredSections.forEach(section => { | |
| if (!body.includes(section)) { | |
| console.log(`❌ Missing required section: ${section}`); | |
| missingSection = true; | |
| } else { | |
| console.log(`✓ Found section: ${section}`); | |
| } | |
| }); | |
| if (missingSection) { | |
| core.setFailed('PR description is missing required sections. Please use the PR template.'); | |
| } else { | |
| console.log('✓ PR description has all required sections'); | |
| } | |
| detect-sensitive-files: | |
| name: Detect Sensitive Files | |
| runs-on: ubuntu-latest | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| - name: Check for sensitive files | |
| run: | | |
| echo "Checking for sensitive files..." | |
| SENSITIVE_FOUND=0 | |
| # Check for common sensitive file patterns | |
| if git diff --name-only origin/${{ github.base_ref }}...${{ github.sha }} | grep -qE "\.(key|pem|p12|pfx|env)$"; then | |
| echo "⚠️ Warning: Potential sensitive files detected" | |
| SENSITIVE_FOUND=1 | |
| fi | |
| # Check for hardcoded secrets patterns | |
| if git diff origin/${{ github.base_ref }}...${{ github.sha }} | grep -qiE "(api[_-]?key|password|secret|token|auth).*=.*['\"]"; then | |
| echo "⚠️ Warning: Potential hardcoded secrets detected" | |
| SENSITIVE_FOUND=1 | |
| fi | |
| if [ $SENSITIVE_FOUND -eq 1 ]; then | |
| echo "" | |
| echo "Please review changes for sensitive information" | |
| echo "Consider using environment variables or secrets management" | |
| else | |
| echo "✓ No sensitive files detected" | |
| fi | |
| memory-leak-check: | |
| name: Memory Leak Detection | |
| runs-on: ${{ matrix.os }} | |
| strategy: | |
| matrix: | |
| os: [ubuntu-latest, macos-latest] | |
| steps: | |
| - name: Checkout code | |
| uses: actions/checkout@v4 | |
| with: | |
| ssh-key: ${{ secrets.LIBFT_DEPLOY_KEY }} | |
| submodules: true | |
| - name: Install dependencies (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y gcc make xorg libxext-dev libbsd-dev | |
| - name: Setup MinilibX (Linux) | |
| if: runner.os == 'Linux' | |
| run: | | |
| if [ ! -f lib/minilibx-linux/Makefile ]; then | |
| echo "Cloning minilibx-linux..." | |
| rm -rf lib/minilibx-linux | |
| git clone https://github.com/42Paris/minilibx-linux.git lib/minilibx-linux | |
| fi | |
| cd lib/minilibx-linux | |
| make | |
| - name: Build miniRT | |
| run: make | |
| - name: Install memory leak tools | |
| run: .github/scripts/install-valgrind.sh | |
| - name: Check memory leaks | |
| run: | | |
| mkdir -p logs | |
| echo "Running memory leak checks on test scenes..." | |
| LEAK_FOUND=0 | |
| for scene in scenes/test*.rt; do | |
| if [ -f "$scene" ]; then | |
| echo "" | |
| echo "Testing: $scene" | |
| if .github/scripts/check-memory-leaks.sh --timeout 300 "$scene"; then | |
| echo "✓ No leaks in $scene" | |
| else | |
| echo "✗ Leaks detected in $scene" | |
| LEAK_FOUND=1 | |
| fi | |
| fi | |
| done | |
| if [ $LEAK_FOUND -eq 1 ]; then | |
| echo "" | |
| echo "❌ Memory leaks detected!" | |
| echo "See logs for details" | |
| exit 1 | |
| fi | |
| echo "" | |
| echo "✓ All scenes passed memory leak checks" | |
| - name: Upload memory leak logs on failure | |
| if: failure() | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: memory-leak-logs-${{ matrix.os }} | |
| path: logs/ | |
| retention-days: 30 |