Merge branch 'Ultimaker:main' into master

.clang-tidy

@@ -12,7 +12,8 @@ Checks: >
   -fuchsia-overloaded-operator,
   -cppcoreguidelines-avoid-capturing-lambda-coroutines,
   -llvm-header-guard,
-  -bugprone-easily-swappable-parameters
+  -bugprone-easily-swappable-parameters,
+  -*-default-arguments-declarations
 WarningsAsErrors: '-*'
 HeaderFilterRegex: ''
 FormatStyle: none
@@ -52,4 +53,4 @@ CheckOptions:
   - key: readability-identifier-length.IgnoredVariableNames
     value: '_p|p0|p1|i|j|k|x|X|y|Y|z|Z|a|A|b|B|c|C|d|D|ab|AB|ba|BA|bc|BC|cb|CB|cd|CD|dc|DC|ad|AD|da|DA|ip|os'
   - key: readability-identifier-length.IgnoredLoopCounterNames
-    value: '_p|p0|p1|i|j|k|x|X|y|Y|z|Z|a|A|b|B|c|C|d|D|ab|AB|ba|BA|bc|BC|cb|CB|cd|CD|dc|DC|ad|AD|da|DA|ip|os'
+    value: '_p|p0|p1|i|j|k|x|X|y|Y|z|Z|a|A|b|B|c|C|d|D|ab|AB|ba|BA|bc|BC|cb|CB|cd|CD|dc|DC|ad|AD|da|DA|ip|os'

.github/workflows/benchmark.yml

@@ -21,6 +21,7 @@ on:
       - main
       - 'CURA-*'
       - 'PP-*'
+      - 'NP-*'
       - '[0-9]+.[0-9]+'
 
 permissions:
@@ -55,6 +56,6 @@ jobs:
       output_file_path: "build/Release/benchmark_result.json"
       data_dir: "dev/bench"
       tool: "googlecpp"
-      alert_threshold: "125%"
+      alert_threshold: "150%"
       alert_comment_cc_users: "@nallath, @jellespijker, @wawanbreton, @casperlamboo, @saumyaj3, @HellAholic"
     secrets: inherit

.github/workflows/conan-package.yml

@@ -14,11 +14,29 @@ on:
       - main
       - 'CURA-*'
       - 'PP-*'
+      - 'NP-*'
       - '[0-9].[0-9]*'
       - '[0-9].[0-9][0-9]*'
     tags:
       - '[0-9]+.[0-9]+.[0-9]*'
       - '[0-9]+.[0-9]+.[0-9]'
+  pull_request:
+    types: [opened, reopened, synchronize]
+    paths:
+      - 'include/**'
+      - 'src/**'
+      - 'test_package/**'
+      - 'conanfile.py'
+      - 'conandata.yml'
+      - 'CMakeLists.txt'
+      - '.github/workflows/conan-package.yml'
+    branches:
+      - main
+      - 'CURA-*'
+      - 'PP-*'
+      - 'NP-*'
+      - '[0-9].[0-9]*'
+      - '[0-9].[0-9][0-9]*'
 
 jobs:
   conan-recipe-version:
@@ -36,24 +54,32 @@ jobs:
 
   conan-package-create-macos:
     needs: [ conan-recipe-version, conan-package-export ]
-    if: ${{ (github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'master' || needs.conan-recipe-version.outputs.is_release_branch == 'true')) }}
+    if: ${{ ((github.event_name == 'push' && (github.ref_name == 'main' || needs.conan-recipe-version.outputs.is_release_branch == 'true')) || github.event_name == 'pull_request') }}
     uses: ultimaker/cura-workflows/.github/workflows/conan-package-create-macos.yml@main
     with:
       recipe_id_full: ${{ needs.conan-recipe-version.outputs.recipe_id_full }}
     secrets: inherit
 
   conan-package-create-windows:
     needs: [ conan-recipe-version, conan-package-export ]
-    if: ${{ (github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'master' || needs.conan-recipe-version.outputs.is_release_branch == 'true')) }}
+    if: ${{ ((github.event_name == 'push' && (github.ref_name == 'main' || needs.conan-recipe-version.outputs.is_release_branch == 'true')) || github.event_name == 'pull_request') }}
     uses: ultimaker/cura-workflows/.github/workflows/conan-package-create-windows.yml@main
     with:
       recipe_id_full: ${{ needs.conan-recipe-version.outputs.recipe_id_full }}
     secrets: inherit
 
   conan-package-create-linux:
     needs: [ conan-recipe-version, conan-package-export ]
-    if: ${{ (github.event_name == 'push' && (github.ref_name == 'main' || github.ref_name == 'master' || needs.conan-recipe-version.outputs.is_release_branch == 'true')) }}
+    if: ${{ ((github.event_name == 'push' && (github.ref_name == 'main' || needs.conan-recipe-version.outputs.is_release_branch == 'true')) || github.event_name == 'pull_request') }}
     uses: ultimaker/cura-workflows/.github/workflows/conan-package-create-linux.yml@main
     with:
       recipe_id_full: ${{ needs.conan-recipe-version.outputs.recipe_id_full }}
     secrets: inherit
+
+  conan-package-create-wasm:
+    needs: [ conan-recipe-version, conan-package-export ]
+    if: ${{ (github.event_name == 'push' && (github.ref_name == 'main' || needs.conan-recipe-version.outputs.is_release_branch == 'true')) }}
+    uses: ultimaker/cura-workflows/.github/workflows/conan-package-create-wasm.yml@main
+    with:
+      recipe_id_full: ${{ needs.conan-recipe-version.outputs.recipe_id_full }}
+    secrets: inherit

.github/workflows/gcodeanalyzer.yml

@@ -17,6 +17,7 @@ on:
       - main
       - 'CURA-*'
       - 'PP-*'
+      - 'NP-*'
       - '[0-9]+.[0-9]+'
 
 permissions:
@@ -80,28 +81,6 @@ jobs:
           fetch-depth: 1
           token: ${{ secrets.GITHUB_TOKEN }}
 
-      - name: Determine the corresponding Cura branch
-        id: curabranch
-        run: |
-          status_code=$(curl -s -o /dev/null -w "%{http_code}" "https://api.github.com/repos/ultimaker/cura/branches/${{ github.head_ref }}")
-          if [ "$status_code" -eq 200 ]; then
-            echo "The branch exists in Cura"
-            echo "branch=${{ github.head_ref }}" >> $GITHUB_OUTPUT
-          else
-            echo "branch=main" >> $GITHUB_OUTPUT
-          fi
-
-      - name: Checkout Cura
-        uses: actions/checkout@v3
-        with:
-          repository: 'Ultimaker/Cura'
-          ref: ${{ steps.curabranch.outputs.branch}}
-          path: 'Cura'
-          fetch-depth: 1
-          sparse-checkout: |
-            resources/definitions
-            resources/extruders
-
       - name: Sync pip requirements
         run: curl -O https://raw.githubusercontent.com/Ultimaker/cura-workflows/main/.github/workflows/requirements-runner.txt
         working-directory: CuraEngine/.github/workflows
@@ -158,15 +137,14 @@ jobs:
             ${{ runner.os }}-conan-downloads-
 
       - name: Install dependencies
-        run: conan install . ${{ needs.conan-recipe-version.outputs.recipe_id_full }} -s build_type=Release --build=missing --update -g GitHubActionsRunEnv -g GitHubActionsBuildEnv -c tools.build:skip_test=True
+        run: conan install . ${{ needs.conan-recipe-version.outputs.recipe_id_full }} -s build_type=Release --build=missing --update -g GitHubActionsRunEnv -g GitHubActionsBuildEnv -c tools.build:skip_test=True -o with_cura_resources=True
         working-directory: CuraEngine
 
       - name: Set Environment variables from Conan install (bash)
         if: ${{ runner.os != 'Windows' }}
         run: |
           . ./activate_github_actions_runenv.sh
           . ./activate_github_actions_buildenv.sh
-          echo "CURA_ENGINE_SEARCH_PATH=$GITHUB_WORKSPACE/Cura/resources/definitions:$GITHUB_WORKSPACE/Cura/resources/extruders" >> $GITHUB_ENV
         working-directory: CuraEngine/build/Release/generators
 
       - name: Build CuraEngine and tests
@@ -179,7 +157,7 @@ jobs:
         run: |
           for file in `ls ../NightlyTestModels/*.stl`;
           do
-              ( time ./build/Release/CuraEngine slice --force-read-parent --force-read-nondefault -v -p -j ../Cura/resources/definitions/ultimaker_s3.def.json -l $file -o ../`basename $file .stl`.gcode ) 2> $file.time
+              ( time ./build/Release/CuraEngine slice --force-read-parent --force-read-nondefault -v -p -j $CURA_RESOURCES/definitions/ultimaker_s3.def.json -l $file -o ../`basename $file .stl`.gcode ) 2> ../`basename $file .stl`.time
           done
         working-directory: CuraEngine
 
@@ -205,9 +183,14 @@ jobs:
               if ext.lower() != ".gcode":
                   continue
               infilename = os.path.join(folder_path, filename)
-              with open(infilename + ".time", "r") as f:
-                    timer = float(re.match(r"^.*?cpu (\d+\.\d+)", f.read())[1])
-          
+              with open(infilename.rsplit(".", 1)[0] + ".time", "r") as f:
+                  content = f.read()
+                  match = re.search(r"^real\s+(\d+)m(\d+\.\d+)s", content, re.MULTILINE)
+                  if match:
+                      timer = float(match.group(1)) * 60 + float(match.group(2))
+                  else:
+                      timer = 0
+
               frame = GCodeAnalyzer.DataFrame(infilename)
           
               line_lengths = frame.gc.extrusions['length'].describe()

.github/workflows/lint-poster.yml

@@ -10,72 +10,88 @@ jobs:
     # Trigger the job only if the previous (insecure) workflow completed successfully
     if: ${{ github.event.workflow_run.conclusion == 'success' }}
     runs-on: ubuntu-latest
+    permissions:
+      pull-requests: write
     steps:
       - name: Download analysis results
-        uses: actions/github-script@v3.1.0
+        uses: actions/github-script@v7
         with:
           script: |
-            let artifacts = await github.actions.listWorkflowRunArtifacts({
+            const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 run_id: ${{github.event.workflow_run.id }},
             });
-            let matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
                 return artifact.name == "linter-result"
             })[0];
-            let download = await github.actions.downloadArtifact({
+            const download = await github.rest.actions.downloadArtifact({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 artifact_id: matchArtifact.id,
                 archive_format: "zip",
             });
-            let fs = require("fs");
+            const fs = require("fs");
             fs.writeFileSync("${{github.workspace}}/linter-result.zip", Buffer.from(download.data));
 
-      - name: Set environment variables
+      - name: Extract analysis results
         run: |
           mkdir linter-result
-          unzip linter-result.zip -d linter-result
-          echo "pr_id=$(cat linter-result/pr-id.txt)" >> $GITHUB_ENV
-          echo "pr_head_repo=$(cat linter-result/pr-head-repo.txt)" >> $GITHUB_ENV
-          echo "pr_head_ref=$(cat linter-result/pr-head-ref.txt)" >> $GITHUB_ENV
+          unzip -j linter-result.zip -d linter-result
+
+      - name: Set PR details environment variables
+        uses: actions/github-script@v7
+        with:
+          script: |
+            const assert = require("node:assert").strict;
+            const fs = require("fs");
+            function exportVar(varName, fileName, regEx) {
+                const val = fs.readFileSync("${{ github.workspace }}/linter-result/" + fileName, {
+                    encoding: "ascii"
+                }).trimEnd();
+                assert.ok(regEx.test(val), "Invalid value format for " + varName);
+                core.exportVariable(varName, val);
+            }
+            exportVar("PR_ID", "pr-id.txt", /^[0-9]+$/);
+            exportVar("PR_HEAD_REPO", "pr-head-repo.txt", /^[-./0-9A-Z_a-z]+$/);
+            exportVar("PR_HEAD_SHA", "pr-head-sha.txt", /^[0-9A-Fa-f]+$/);
 
-      - uses: actions/checkout@v3
+      - uses: actions/checkout@v4
         with:
-          repository: ${{ env.pr_head_repo }}
-          ref: ${{ env.pr_head_ref }}
+          repository: ${{ env.PR_HEAD_REPO }}
+          ref: ${{ env.PR_HEAD_SHA }}
           persist-credentials: false
 
       - name: Redownload analysis results
-        uses: actions/github-script@v3.1.0
+        uses: actions/github-script@v7
         with:
           script: |
-            let artifacts = await github.actions.listWorkflowRunArtifacts({
+            const artifacts = await github.rest.actions.listWorkflowRunArtifacts({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 run_id: ${{github.event.workflow_run.id }},
             });
-            let matchArtifact = artifacts.data.artifacts.filter((artifact) => {
+            const matchArtifact = artifacts.data.artifacts.filter((artifact) => {
                 return artifact.name == "linter-result"
             })[0];
-            let download = await github.actions.downloadArtifact({
+            const download = await github.rest.actions.downloadArtifact({
                 owner: context.repo.owner,
                 repo: context.repo.repo,
                 artifact_id: matchArtifact.id,
                 archive_format: "zip",
             });
-            let fs = require("fs");
+            const fs = require("fs");
             fs.writeFileSync("${{github.workspace}}/linter-result.zip", Buffer.from(download.data));
 
       - name: Extract analysis results
         run: |
           mkdir linter-result
-          unzip linter-result.zip -d linter-result
+          unzip -j linter-result.zip -d linter-result
 
       - name: Run clang-tidy-pr-comments action
-        uses: platisd/clang-tidy-pr-comments
+        uses: platisd/clang-tidy-pr-comments@v1
         with:
           github_token: ${{ secrets.GITHUB_TOKEN }}
           clang_tidy_fixes: linter-result/fixes.yml
-          pull_request_id: ${{ env.pr_id }}
+          pull_request_id: ${{ env.PR_ID }}
           request_changes: true

.github/workflows/lint-tidier.yml

@@ -91,7 +91,7 @@ jobs:
         run: |
           echo ${{ github.event.number }} > linter-result/pr-id.txt
           echo ${{ github.event.pull_request.head.repo.full_name }} > linter-result/pr-head-repo.txt
-          echo ${{ github.event.pull_request.head.ref }} > linter-result/pr-head-ref.txt
+          echo ${{ github.event.pull_request.head.sha }} > linter-result/pr-head-sha.txt
 
       - uses: actions/upload-artifact@v2
         with:

.github/workflows/scorecard.yml

@@ -1,5 +1,5 @@
 # NOTE: Best to keep all of these remarks in, they might prove useful in the future.
-#       This is basically just the standard one that is sugested on 'new workflow'.
+#       This is basically just the standard one that is suggested on 'new workflow'.
 
 name: Scorecard supply-chain security
 on:
@@ -21,51 +21,42 @@ jobs:
     name: Scorecard analysis
     runs-on: ubuntu-latest
     permissions:
-      # Needed to upload the results to code-scanning dashboard.
+      # Needed for Code scanning upload
       security-events: write
-      # Needed to publish results and get a badge (see publish_results below).
+      # Needed for GitHub OIDC token if publish_results is true
       id-token: write
-      # Uncomment the permissions below if installing in a private repository.
-      # contents: read
-      # actions: read
 
     steps:
       - name: "Checkout code"
-        uses: actions/checkout@93ea575cb5d8a053eaa0ac8fa3b40d7e05a33cc8 # v3.1.0
+        uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
         with:
           persist-credentials: false
 
       - name: "Run analysis"
-        uses: ossf/scorecard-action@e38b1902ae4f44df626f11ba0734b14fb91f8f86 # v2.1.2
+        uses: ossf/scorecard-action@0864cf19026789058feabb7e87baa5f140aac736 # v2.3.1
         with:
           results_file: results.sarif
           results_format: sarif
-          # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
-          # - you want to enable the Branch-Protection check on a *public* repository, or
-          # - you are installing Scorecard on a *private* repository
-          # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
-          # repo_token: ${{ secrets.SCORECARD_TOKEN }}
-
-          # Public repositories:
-          #   - Publish results to OpenSSF REST API for easy access by consumers
-          #   - Allows the repository to include the Scorecard badge.
-          #   - See https://github.com/ossf/scorecard-action#publishing-results.
-          # For private repositories:
-          #   - `publish_results` will always be set to `false`, regardless
-          #     of the value entered here.
+          # Scorecard team runs a weekly scan of public GitHub repos,
+          # see https://github.com/ossf/scorecard#public-data.
+          # Setting `publish_results: true` helps us scale by leveraging your workflow to
+          # extract the results instead of relying on our own infrastructure to run scans.
+          # And it's free for you!
           publish_results: true
 
-      # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
-      # format to the repository Actions tab.
+      # Upload the results as artifacts (optional). Commenting out will disable
+      # uploads of run results in SARIF format to the repository Actions tab.
+      # https://docs.github.com/en/actions/advanced-guides/storing-workflow-data-as-artifacts
       - name: "Upload artifact"
-        uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
+        uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
         with:
           name: SARIF file
           path: results.sarif
           retention-days: 5
 
-      # Upload the results to GitHub's code scanning dashboard.
+      # Upload the results to GitHub's code scanning dashboard (optional).
+      # Commenting out will disable upload of results to your repo's Code Scanning dashboard
       - name: "Upload to code-scanning"
-        uses: github/codeql-action/upload-sarif@17573ee1cc1b9d061760f3a006fc4aac4f944fd5 # v2.2.4
+        uses: github/codeql-action/upload-sarif@83a02f7883b12e0e4e1a146174f5e2292a01e601 # v2.16.4
         with:
           sarif_file: results.sarif

.github/workflows/stress_benchmark.yml

@@ -20,6 +20,7 @@ on:
       - main
       - 'CURA-*'
       - 'PP-*'
+      - 'NP-*'
       - '[0-9]+.[0-9]+'
 
 permissions:

.github/workflows/unit-test.yml

@@ -15,6 +15,7 @@ on:
       - main
       - 'CURA-*'
       - 'PP-*'
+      - 'NP-*'
       - '[0-9]+.[0-9]+'
 
   pull_request: