cicd: add github configuration to run continuous integration

[andrea-iob]

Continuous integration is now handled by github actions and runs on non-cloud machines (Ubuntu 20.4).

CI works in the same way as before, there are just some differences in the tests being run (we don't test anymore the compilation using older gcc versions).

The results of the tests are available at the follwing link: "https://github.com/optimad/bitpit/actions/workflows/continuous_integration.yml". Here an example of how the test results look like:

[andrea-iob]

I forgot to say that Travis will still be used for submitting Coverity analysis. It is possible to use github actions also for that task, but I will do the porting sometime in the (hopefully near) future.

[katemay]

One thing just came to mind. Since this is open source, would it make sense to run this pipeline on github cloud instead of on bob? I read that github advises not using self-hosted runners for public repos to protect against pull requests from forks running potentially damaging code. Beyond that, isn't it free to use github cloud on an open source project? If bitpit is in the cloud, that's more resources for the other projects.

[edoardolombardi]

One thing just came to mind. Since this is open source, would it make sense to run this pipeline on github cloud instead of on bob? I read that github advises not using self-hosted runners for public repos to protect against pull requests from forks running potentially damaging code. Beyond that, isn't it free to use github cloud on an open source project? If bitpit is in the cloud, that's more resources for the other projects.

I completely agree

[andrea-iob]

Here there are some suggestions on how to safely enable self-hosted runners for public repositories. These are the two proposed solutions:

• "The best (and most cumbersome) way to prevent this is to check Require approval for all outside collaborators in the repo settings as explained here. Then you have to manually approve workflows running on each PR, after you have first checked the PR for any changes to workflow files."
• "Another way to mitigate the risk would be to have a private “companion” repo to your public repo that the self-hosted runner is assigned to as explained here but I haven’t tried this myself."

The first solution seems the fine for us.

[katemay]

Is there a reason why we shouldn't use github's cloud though? From what they say here it's free for open source projects. Is there a reason why it's better to use bob for bitpit rather than the cloud?

[katemay]

Would the workflow_dispatch be available to anyone on the internet since this is open source? It would probably be a bad idea to allow anyone in the world to run a job on bob.

[andrea-iob]

We can remove it, however I think that running a github action requires some kind of permission on the repository.