merge to main (#153)

Author: nam20485

Diff for: .github/workflows/cmake-multi-platform.yml

@@ -103,7 +103,7 @@ jobs:
     #   os == windows-2022
     #
     - name: Setup VC Tools
-      uses: ilammy/msvc-dev-cmd@cec98b9d092141f74527d0afa6feb2af698cfe89 # v1.12.1
+      uses: ilammy/msvc-dev-cmd@0b201ec74fa43914dc39ae48a89fd1d8cb592756 # v1.13.0
       if: matrix.os == 'windows-2022'
 
     - name: Patch vcpkg
@@ -190,7 +190,7 @@ jobs:
         Compress-Archive -Path "${{env.ARTIFACTS_DIR_WIN}}\*.dll","${{env.ARTIFACTS_DIR_WIN}}\*.exe"  -DestinationPath "${{env.ARTIFACTS_DIR_WIN}}\artifacts-${{matrix.os}}.zip" -Verbose -Force
 
     - name: Upload Artifacts
-      uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+      uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
       with:
         name: ${{ matrix.os }}-artifacts
         path: ${{ env.ARTIFACTS_DIR }}/artifacts-${{matrix.os}}.zip
@@ -216,7 +216,7 @@ jobs:
 
       # download the artifacts
       - name: "Download artifacts"
-        uses: "actions/download-artifact@9bc31d5ccc31df68ecc42ccf4149144866c47d8a" # v3.0.2
+        uses: "actions/download-artifact@f44cd7b40bfd40b6aa1cc1b9b5b7bf03d3c67110" # v4.1.0
         with:
           path: ${{ github.workspace }}/artifacts     
 
@@ -235,7 +235,7 @@ jobs:
           sha256sum OdbDesign-MacOS-x64.zip > OdbDesign-MacOS-x64.zip.sha256sum          
 
       - name: Import GPG Key
-        uses: crazy-max/ghaction-import-gpg@82a020f1f7f605c65dd2449b392a52c3fcfef7ef # v6.0.0
+        uses: crazy-max/ghaction-import-gpg@01dd5d3ca463c7f10f7f4f7b4f177225ac661ee4 # v6.1.0
         with:
           gpg_private_key: ${{ secrets.GPG_PRIVATE_KEY }}
           passphrase: ${{ secrets.PASSPHRASE }}

Diff for: .github/workflows/codeql.yml

@@ -47,7 +47,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+      uses: github/codeql-action/init@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
       with:        
         languages: ${{ matrix.language }}
         config-file: ${{ github.workspace }}/.github/codeql-config.yml        
@@ -78,6 +78,6 @@ jobs:
       run: cmake --build --preset linux-release
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+      uses: github/codeql-action/analyze@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
       with:
         category: "/language:${{matrix.language}}"

Diff for: .github/workflows/dependency-review.yml

@@ -12,18 +12,19 @@ on:
     branches: [ "main", "release", "development", "nam20485" ]
 
 permissions:
-  contents: read
+  contents: read  
 
 jobs:
   dependency-review:
     runs-on: ubuntu-latest
     permissions: 
       contents: write
+      pull-requests: write
 
     steps:
       - name: 'Checkout Repository'
         uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@7bbfa034e752445ea40215fff1c3bf9597993d3f # v3.1.3
+        uses: actions/dependency-review-action@01bc87099ba56df1e897b6874784491ea6309bc4 # v3.1.4
         with:
           comment-summary-in-pr: true

Diff for: .github/workflows/docker-publish.yml

@@ -51,11 +51,11 @@ jobs:
 
       - name: cosign-installer
         if: github.event_name != 'pull_request'
-        uses: sigstore/cosign-installer@1fc5bd396d372bee37d608f955b336615edf79c8 # v3.2.0
+        uses: sigstore/cosign-installer@9614fae9e5c5eddabb09f90a270fcb487c9f7149 # v3.3.0
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+        uses: docker/setup-buildx-action@edfb0fe6204400c56fbfd3feba3fe9ad1adfa345
 
       # Login against a Docker registry except on PR
       # https://github.com/docker/login-action
@@ -71,7 +71,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934
+        uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e
         with:
           images: ${{ env.REGISTRY }}/${{ env.IMAGE_NAME }}
           tags: |

Diff for: .github/workflows/docker-scout-scan.yml

@@ -59,7 +59,7 @@ jobs:
 
       # Workaround: https://github.com/docker/build-push-action/issues/461
       - name: Setup Docker buildx
-        uses: docker/setup-buildx-action@79abd3f86f79a9d68a23c75a09a9a85889262adf
+        uses: docker/setup-buildx-action@edfb0fe6204400c56fbfd3feba3fe9ad1adfa345
 
       # # Login against GHCR Docker registry except on PR
       # # https://github.com/docker/login-action
@@ -83,7 +83,7 @@ jobs:
       # https://github.com/docker/metadata-action
       - name: Extract Docker metadata
         id: meta
-        uses: docker/metadata-action@96383f45573cb7f253c731d3b3ab81c87ef81934
+        uses: docker/metadata-action@9dc751fe249ad99385a2583ee0d084c400eee04e
         with:
           images: ${{ env.IMAGE_NAME }}
           tags: |
@@ -128,7 +128,7 @@ jobs:
       - name: Analyze for critical and high CVEs
         id: docker-scout-cves       
         # if: ${{ github.event_name != 'pull_request_target' }} 
-        uses: docker/scout-action@704685e6e6dc4462258fb11d36d3a14ca7bda1e6 # v1.1.0
+        uses: docker/scout-action@b7413c99043c2a9131c0fa39cedaece80f285788 # v1.2.2
         with:
           command: cves,recommendations
           image: ${{ steps.meta.outputs.tags }}
@@ -138,14 +138,14 @@ jobs:
 
       - name: Upload SARIF result
         id: upload-sarif
-        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           sarif_file: sarif.output.json
 
       - name: Docker Scout Compare to Latest
         id: docker-scout
         if: ${{ github.event_name == 'pull_request' }}
-        uses: docker/scout-action@704685e6e6dc4462258fb11d36d3a14ca7bda1e6 # v1.1.0
+        uses: docker/scout-action@b7413c99043c2a9131c0fa39cedaece80f285788 # v1.2.2
         with:
           command: compare
           image: ${{ steps.meta.outputs.tags }}

Diff for: .github/workflows/scorecard.yml

@@ -61,14 +61,14 @@ jobs:
       # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
       # format to the repository Actions tab.
       - name: "Upload artifact"
-        uses: actions/upload-artifact@a8a3f3ad30e3422c9c7b888a15615d19a852ae32 # v3.1.3
+        uses: actions/upload-artifact@c7d193f32edcb7bfad88892161225aeda64e9392 # v4.0.0
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
       # Upload the results to GitHub's code scanning dashboard.
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@66b90a5db151a8042fa97405c6cf843bbe433f7b # v2.22.7
+        uses: github/codeql-action/upload-sarif@012739e5082ff0c22ca6d6ab32e07c36df03c4a4 # v3.22.12
         with:
           sarif_file: results.sarif

Diff for: .gitignore

@@ -33,4 +33,14 @@ testlog.txt
 testlog.txt.tmp*
 testlog.xml
 /OdbDesignTests/FileArchiveLoadTests_Local.cpp
-/OdbDesignTests/DesignNameTests.cpp
+/OdbDesignTests/CMakeLists_Local.txt
+/OdbDesignTests/DesignNameTests_Local.cpp
+/output
+OdbDesignServer/api/__pycache__/
+OdbDesignServer/api/migrations/__pycache__/
+OdbDesignServer/OdbDesignServer/__pycache__/
+OdbDesignServer/PyOdbDesignLib/__pycache__/
+OdbDesignServer/PyOdbDesignLib/PyOdbDesignLib.py
+OdbDesignServer/db.sqlite3
+OdbDesignServer/PyOdbDesignLib/_PyOdbDesignLib.pyd
+/TEST_DATA.zip

Diff for: CMakeLists.txt

@@ -11,6 +11,11 @@ set(CXX_STANDARD ${MY_CXX_STANDARD})
 set(CMAKE_CXX_STANDARD ${MY_CXX_STANDARD})
 set(CMAKE_CXX_STANDARD_REQUIRED True)
 
+# only use ccache locally, i.e. not in CI
+if (NOT DEFINED ENV{CI})
+    set(CMAKE_CXX_COMPILER_LAUNCHER "${CCACHE_EXE}")
+endif()
+
 # required for SWIG python wrapper
 #set(CMAKE_POSITION_INDEPENDENT_CODE ON)
 

Diff for: Dockerfile

@@ -1,4 +1,4 @@
-FROM debian:bookworm-20231120@sha256:133a1f2aa9e55d1c93d0ae1aaa7b94fb141265d0ee3ea677175cdb96f5f990e5 AS build
+FROM debian:bookworm-20231218@sha256:bac353db4cc04bc672b14029964e686cd7bad56fe34b51f432c1a1304b9928da AS build
 
 ARG OWNER=nam20485
 ARG GITHUB_TOKEN="PASSWORD"
@@ -66,7 +66,7 @@ RUN cmake --build --preset linux-release
 # RUN cmake --build --preset linux-debug
 
 # much smaller runtime image
-FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 AS run
+FROM debian:bookworm-20231218-slim@sha256:f80c45482c8d147da87613cb6878a7238b8642bcc24fc11bad78c7bec726f340 AS run
 LABEL org.opencontainers.image.source=https://github.com/nam20485/OdbDesign
 LABEL org.opencontainers.image.authors=https://github.com/nam20485
 LABEL org.opencontainers.image.description="The OdbDesign Docker image runs the OdbDesignServer REST API server executable, listening on port 8888."

Diff for: Dockerfile (exe)

@@ -1,4 +1,4 @@
-FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 AS build
+FROM debian:bookworm-20231218-slim@sha256:f80c45482c8d147da87613cb6878a7238b8642bcc24fc11bad78c7bec726f340 AS build
 
 # install dependencies
 RUN apt-get update && \
@@ -52,7 +52,7 @@ RUN cp /src/OdbDesign/out/build/linux-release/OdbDesignLib/libOdbDesign.so ./_Py
 #RUN python3 -m build
 
 # much smaller runtime image
-FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 AS run
+FROM debian:bookworm-20231218-slim@sha256:f80c45482c8d147da87613cb6878a7238b8642bcc24fc11bad78c7bec726f340 AS run
 
 RUN mkdir /OdbDesign
 WORKDIR /OdbDesign

Diff for: Dockerfile_PyOdbDesignServer

@@ -1,4 +1,4 @@
-FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 AS build
+FROM debian:bookworm-20231218-slim@sha256:f80c45482c8d147da87613cb6878a7238b8642bcc24fc11bad78c7bec726f340 AS build
 
 # install dependencies
 RUN apt-get update && \
@@ -44,7 +44,7 @@ RUN cmake --build --preset python-linux-release
 
 # much smaller runtime image
 #FROM python:3.11.4-bullseye AS run
-FROM debian:bookworm-20231120-slim@sha256:2bc5c236e9b262645a323e9088dfa3bb1ecb16cc75811daf40a23a824d665be9 as run
+FROM debian:bookworm-20231218-slim@sha256:f80c45482c8d147da87613cb6878a7238b8642bcc24fc11bad78c7bec726f340 as run
 
 # copy PyOdbDesignServer files
 COPY --from=build /src/OdbDesign/PyOdbDesignServer PyOdbDesignServer