merge to release (#125)

.github/CODEOWNERS

@@ -0,0 +1,6 @@
+#
+#   CODEOWNERS
+#
+
+# Everything in this repo is owned by @nam20485
+*       @nam20485

.github/workflows/cmake-multi-platform.yml

@@ -3,9 +3,9 @@ name: CMake Build Multi-Platform
 
 on:
   push:
-    branches: [ "development", "main", "release" ]
+    branches: [ "development", "main", "release", "nam20485" ]
   pull_request:
-    branches: [ "development", "main", "release" ]  
+    branches: [ "development", "main", "release", "nam20485" ]  
 
 permissions:
   contents: read  
@@ -25,6 +25,7 @@ jobs:
     runs-on: ${{ matrix.os }}
     permissions:
       contents: write
+      checks: write
 
     strategy:
       # Set fail-fast to false to ensure that feedback is delivered for all matrix combinations. Consider changing this to true when your workflow is stable.
@@ -83,7 +84,7 @@ jobs:
 
     # Export vcpkg Cache Variables
     - name : Export vcpkg Cache Variables
-      uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
       with:
         script: |
           core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
@@ -141,8 +142,21 @@ jobs:
     - name: CMake Build          
       run: cmake --build --preset ${{matrix.preset}} 
 
-    - name: CMake Test
-      run: ctest --preset ${{matrix.preset}} -V
+    # - name: CMake Test
+    #   id: cmake-test      
+    #   run: ctest --test-dir ./out/build/${{matrix.preset}}/OdbDesignTests --output-log ${{github.workspace}}/testlog.txt --output-junit ${{github.workspace}}/testlog.xml -V
+    #   # let the report step fail the job if it finds failed tests
+    #   continue-on-error: true
+
+    # # report test results
+    # - name: Report Test Results
+    #   uses: dorny/[email protected]
+    #   if: ${{steps.cmake-test.outcome}} == 'success' || ${{steps.cmake-test.outcome}} == 'failure'      
+    #   with:
+    #     name: ${{ matrix.os }}_test-results
+    #     path: ${{github.workspace}}/testlog.xml
+    #     reporter: java-junit
+    #     fail-on-error: true
 
     #
     #   Artifacts
@@ -244,7 +258,7 @@ jobs:
 
       # create a release
       - name: "Create GitHub Release"
-        uses: "actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410" # v6.4.1
+        uses: "actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea" # v7.0.1
         with:
           github-token: "${{ secrets.GITHUB_TOKEN }}"
           script: |

.github/workflows/codeql.yml

@@ -13,9 +13,9 @@ name: "CodeQL Security Scan"
 
 on:
   push:
-    branches: [ "development", "main", "release" ]
+    branches: [ "development", "main", "release", "nam20485" ]
   pull_request:
-    branches: [ "development", "main", "release" ]
+    branches: [ "development", "main", "release", "nam20485" ]
 
 env:
   VCPKG_ROOT: ${{ github.workspace }}/vcpkg
@@ -47,7 +47,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+      uses: github/codeql-action/init@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
       with:        
         languages: ${{ matrix.language }}
         config-file: ${{ github.workspace }}/.github/codeql-config.yml        
@@ -62,7 +62,7 @@ jobs:
 
     # Export vcpkg Cache Variables
     - name : Export vcpkg Cache Variables
-      uses: actions/github-script@d7906e4ad0b1822421a7e6a35d5ca353c962f410 # v6.4.1
+      uses: actions/github-script@60a0d83039c74a4aee543508d2ffcb1c3799cdea # v7.0.1
       with:
         script: |
           core.exportVariable('ACTIONS_CACHE_URL', process.env.ACTIONS_CACHE_URL || '');
@@ -78,6 +78,6 @@ jobs:
       run: cmake --build --preset linux-release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+      uses: github/codeql-action/analyze@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
       with:
         category: "/language:${{matrix.language}}"

.github/workflows/dependency-review.yml

@@ -7,16 +7,23 @@
 #
 # Source repository: https://github.com/actions/dependency-review-action
 name: 'Dependency Review'
-on: [pull_request]
+on: 
+  pull_request:
+    branches: [ "main", "release", "development", "nam20485" ]
 
 permissions:
   contents: read
 
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
+    permissions: 
+      contents: write
+
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@6c5ccdad469c9f8a2996bfecaec55a631a347034 # v3.1.0
+        uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3
+        with:
+          comment-summary-in-pr: true

.github/workflows/docker-publish.yml

@@ -7,9 +7,9 @@ name: Docker Publish
 
 on:
   push:
-    branches: [ "development", "main", "release" ]
+    branches: [ "development", "main", "release", "nam20485" ]
   pull_request:
-    branches: [ "development", "main", "release" ]
+    branches: [ "development", "main", "release", "nam20485" ]
 
 env:
   # Use docker.io for Docker Hub if empty
@@ -41,13 +41,17 @@ jobs:
       - name: Add Problem Matchers
         uses: ammaraskar/gcc-problem-matcher@d1fed1fac9e94d30e23b5a82dba4e2963e71d2e7 # master
 
-      # Install the cosign tool except on PR
-      # https://github.com/sigstore/cosign-installer
-      - name: Install cosign
+      # # Install the cosign tool except on PR
+      # # https://github.com/sigstore/cosign-installer
+      # - name: Install cosign
+      #   if: github.event_name != 'pull_request'
+      #   uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
+      #   # with:
+      #   #   cosign-release: 'v1.13.1'
+
+      - name: cosign-installer
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@f3c664df7af409cb4873aa5068053ba9d61a57b6 #v2.6.0
-        with:
-          cosign-release: 'v1.13.1'
+        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
@@ -79,7 +83,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
         with:
           context: .          
           push: ${{ github.event_name != 'pull_request' }}
@@ -104,4 +108,4 @@ jobs:
           COSIGN_EXPERIMENTAL: "true"
         # This step uses the identity token to provision an ephemeral certificate
         # against the sigstore community Fulcio instance.
-        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign {}@${{ steps.build-and-push.outputs.digest }}
+        run: echo "${{ steps.meta.outputs.tags }}" | xargs -I {} cosign sign --yes {}@${{ steps.build-and-push.outputs.digest }}

.github/workflows/docker-scout-scan.yml

@@ -7,9 +7,9 @@ name: Docker Scout Scan
 
 on:
   push:
-    branches: [ "development", "main", "release" ]
+    branches: [ "development", "main", "release", "nam20485" ]
   pull_request:
-    branches: [ "development", "main", "release" ]
+    branches: [ "development", "main", "release", "nam20485" ]
 
 env:
   # Use docker.io for Docker Hub if empty
@@ -38,6 +38,9 @@ jobs:
       pull-requests: write
       security-events: write
 
+    # don't run on PRs into development from branches that aren't nam20485 (i.e. dependabot PRs)
+    if: github.event_name != 'pull_request' || github.base_ref != 'development' || github.head_ref == 'nam20485'
+
     steps:
       - name: Checkout repository
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
@@ -70,8 +73,7 @@ jobs:
 
       # Login against Docker Hub to allow running Docker Scout
       # https://github.com/docker/login-action
-      - name: Log into Docker Hub registry
-        # if: github.event_name != 'pull_request'
+      - name: Log into Docker Hub registry        
         uses: docker/login-action@343f7c4344506bcbf9b4de18042ae17996df046d
         with:          
           username: ${{ secrets.DOCKERHUB_USERNAME }}
@@ -92,7 +94,7 @@ jobs:
       # https://github.com/docker/build-push-action
       - name: Build and push Docker image
         id: build-and-push
-        uses: docker/build-push-action@0565240e2d4ab88bba5387d719585280857ece09
+        uses: docker/build-push-action@4a13e500e55cf31b7a5d59a38ab2040ab0f42f56
         with:
           context: .          
           push: false
@@ -126,7 +128,7 @@ jobs:
       - name: Analyze for critical and high CVEs
         id: docker-scout-cves       
         # if: ${{ github.event_name != 'pull_request_target' }} 
-        uses: docker/scout-action@4e9ac4df44fb56797da111fce8185f7fbffd5a09 # v1.0.9
+        uses: docker/scout-action@704685e6e6dc4462258fb11d36d3a14ca7bda1e6 # v1.1.0
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}
@@ -136,14 +138,14 @@ jobs:
 
       - name: Upload SARIF result
         id: upload-sarif
-        uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
         with:
           sarif_file: sarif.output.json
 
       - name: Docker Scout Compare to Latest
         id: docker-scout
         if: ${{ github.event_name == 'pull_request' }}
-        uses: docker/scout-action@4e9ac4df44fb56797da111fce8185f7fbffd5a09 # v1.0.9
+        uses: docker/scout-action@704685e6e6dc4462258fb11d36d3a14ca7bda1e6 # v1.1.0
         with:
           command: compare
           image: ${{ steps.meta.outputs.tags }}

.github/workflows/scorecard.yml

@@ -13,6 +13,8 @@ on:
     - cron: '26 13 * * 3'
   push:
     branches: [ "development" ]
+  pull_request:
+    branches: [ "development" ]
 
 # Declare default permissions as read only.
 permissions: read-all
@@ -67,6 +69,6 @@ jobs:
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@74483a38d39275f33fcff5f35b679b5ca4a26a99 # v2.22.5
+        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
         with:
           sarif_file: results.sarif

.gitignore

@@ -24,6 +24,13 @@ build/
 /cmake-build-debug-visual-studio
 /.idea/workspace.xml
 ssl/
-Testing/Temporary/
 artifacts/
-doxygen/docs/
+doxygen/docs/
+/TEST_DATA
+OdbDesignTests/Testing/
+Testing/
+testlog.txt
+testlog.txt.tmp*
+testlog.xml
+/OdbDesignTests/FileArchiveLoadTests_Local.cpp
+/OdbDesignTests/DesignNameTests.cpp

CMakeLists.txt

@@ -14,7 +14,9 @@ set(CMAKE_CXX_STANDARD_REQUIRED True)
 # required for SWIG python wrapper
 #set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 
+#
 # GoogleTest support
+#
 include(FetchContent)
 FetchContent_Declare(
   googletest
@@ -70,8 +72,6 @@ add_subdirectory("OdbDesignTests")
 #
 # Doxygen
 #
-
-# look for Doxygen package
 find_package(Doxygen)
 
 if (DOXYGEN_FOUND)

Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bookworm-20231009@sha256:7d3e8810c96a6a278c218eb8e7f01efaec9d65f50c54aae37421dc3cbeba6535 AS build
+FROM debian:bookworm-20231120@sha256:133a1f2aa9e55d1c93d0ae1aaa7b94fb141265d0ee3ea677175cdb96f5f990e5 AS build
 
 ARG OWNER=nam20485
 ARG GITHUB_TOKEN="PASSWORD"
@@ -66,7 +66,7 @@ RUN cmake --build --preset linux-release
 # RUN cmake --build --preset linux-debug
 
 # much smaller runtime image
-FROM debian:bookworm-20231009-slim@sha256:b55e2651b71408015f8068dd74e1d04404a8fa607dd2cfe284b4824c11f4d9bd AS run
+FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 AS run
 LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign
 LABEL org.opencontainers.image.authors=https://github.com/nam20485
 LABEL org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888."

Dockerfile (exe)

@@ -1,4 +1,4 @@
-FROM debian:bookworm-20231009-slim@sha256:b55e2651b71408015f8068dd74e1d04404a8fa607dd2cfe284b4824c11f4d9bd AS build
+FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 AS build
 
 # install dependencies
 RUN apt-get update && \
@@ -52,7 +52,7 @@ RUN cp /src/OdbDesign/out/build/linux-release/OdbDesignLib/libOdbDesign.so ./_Py
 #RUN python3 -m build
 
 # much smaller runtime image
-FROM debian:bookworm-20231009-slim@sha256:b55e2651b71408015f8068dd74e1d04404a8fa607dd2cfe284b4824c11f4d9bd AS run
+FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 AS run
 
 RUN mkdir /OdbDesign
 WORKDIR /OdbDesign

Dockerfile_PyOdbDesignServer

@@ -1,4 +1,4 @@
-FROM debian:bookworm-20231009-slim@sha256:b55e2651b71408015f8068dd74e1d04404a8fa607dd2cfe284b4824c11f4d9bd AS build
+FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 AS build
 
 # install dependencies
 RUN apt-get update && \
@@ -44,7 +44,7 @@ RUN cmake --build --preset python-linux-release
 
 # much smaller runtime image
 #FROM python:3.11.4-bullseye AS run
-FROM debian:bookworm-20231009-slim@sha256:b55e2651b71408015f8068dd74e1d04404a8fa607dd2cfe284b4824c11f4d9bd as run
+FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 as run
 
 # copy PyOdbDesignServer files
 COPY --from=build /src/OdbDesign/PyOdbDesignServer PyOdbDesignServer