From 44ff23956a286c1e9714aabedcdba4950b5df3ac Mon Sep 17 00:00:00 2001
From: Dana Robinson <43805+derobins@users.noreply.github.com>
Date: Thu, 27 Jul 2023 09:15:07 -0700
Subject: Sync .github directory (#3277)

---
 .github/CODEOWNERS            |  2 +-
 .github/workflows/hdfeos5.yml |  2 +-
 .github/workflows/main.yml    | 94 +++++++++++++++++++++++++++++++++++--------
 .github/workflows/netcdf.yml  | 56 ++++++++++++++++++++++++++
 SECURITY.md                   | 13 ++++++
 5 files changed, 148 insertions(+), 19 deletions(-)
 create mode 100644 .github/workflows/netcdf.yml
 create mode 100644 SECURITY.md

diff --git a/.github/CODEOWNERS b/.github/CODEOWNERS
index 714ae8a..6647098 100644
--- a/.github/CODEOWNERS
+++ b/.github/CODEOWNERS
@@ -2,7 +2,7 @@
 # Each line is a file pattern followed by one or more owners.
 
 # These owners will be the default owners for everything in the repo.
-* @lrknox @derobins @byrnHDF @fortnern @jhendersonHDF @qkoziol @vchoi-hdfgroup @bmribler @glennsong09 @mattjala @brtnfld
+* @lrknox @derobins @byrnHDF @fortnern @jhendersonHDF @qkoziol @vchoi-hdfgroup @bmribler @glennsong09 @mattjala @brtnfld @mkitti
 
 # Order is important. The last matching pattern has the most precedence.
 # So if a pull request only touches javascript files, only these owners
diff --git a/.github/workflows/hdfeos5.yml b/.github/workflows/hdfeos5.yml
index 1df76a1..5b071b1 100644
--- a/.github/workflows/hdfeos5.yml
+++ b/.github/workflows/hdfeos5.yml
@@ -36,7 +36,7 @@ jobs:
       - name: Install HDF5
         run: |
           ./autogen.sh
-          ./configure --prefix=/usr/local  --with-default-api-version=v16
+          ./configure --prefix=/usr/local --disable-tests --with-default-api-version=v16
           make
           sudo make install
       - name: Install HDF-EOS5
diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml
index 6ee12cb..4093551 100644
--- a/.github/workflows/main.yml
+++ b/.github/workflows/main.yml
@@ -321,7 +321,7 @@ jobs:
             os: ubuntu-latest
             cpp: enable
             fortran: disable
-            java: disable
+            java: enable
             docs: disable
             parallel: disable
             mirror_vfd: disable
@@ -347,7 +347,7 @@ jobs:
             os: ubuntu-latest
             cpp: enable
             fortran: disable
-            java: disable
+            java: enable
             docs: disable
             parallel: disable
             mirror_vfd: disable
@@ -438,30 +438,31 @@ jobs:
       - name: Dump matrix context
         run: echo '${{ toJSON(matrix) }}'
 
-      - name: Install CMake Dependencies (Linux)
-        run: sudo apt-get install ninja-build doxygen graphviz
-        if: matrix.os == 'ubuntu-latest'
-
-      - name: Install Autotools Dependencies (Linux, serial)
+      # Only CMake need ninja-build, but we just install it unilaterally
+      # libssl, etc. are needed for the ros3 VFD
+      - name: Install Linux Dependencies
         run: |
            sudo apt update
-           sudo apt install automake autoconf libtool libtool-bin
-           sudo apt install gcc-12 g++-12 gfortran-12
+           sudo apt-get install ninja-build doxygen graphviz
            sudo apt install libssl3 libssl-dev libcurl4 libcurl4-openssl-dev
+           sudo apt install gcc-12 g++-12 gfortran-12
            echo "CC=gcc-12" >> $GITHUB_ENV
            echo "CXX=g++-12" >> $GITHUB_ENV
            echo "FC=gfortran-12" >> $GITHUB_ENV
+        if: matrix.os == 'ubuntu-latest'
+
+      # CMake gets libaec from fetchcontent
+      - name: Install Autotools Dependencies (Linux)
+        run: |
+           sudo apt install automake autoconf libtool libtool-bin
            sudo apt install libaec0 libaec-dev
-        if: (matrix.generator == 'autogen') && (matrix.parallel != 'enable')
+        if: (matrix.generator == 'autogen')
 
       - name: Install Autotools Dependencies (Linux, parallel)
         run: |
-           sudo apt update
-           sudo apt install automake autoconf libtool libtool-bin
            sudo apt install openmpi-bin openmpi-common mpi-default-dev
            echo "CC=mpicc" >> $GITHUB_ENV
            echo "FC=mpif90" >> $GITHUB_ENV
-           sudo apt install libaec0 libaec-dev
         if: (matrix.generator == 'autogen') && (matrix.parallel == 'enable')
 
       - name: Install Dependencies (Windows)
@@ -492,7 +493,19 @@ jobs:
           sh ./autogen.sh
           mkdir "${{ runner.workspace }}/build"
           cd "${{ runner.workspace }}/build"
-          ${{ matrix.flags }} $GITHUB_WORKSPACE/configure --enable-build-mode=${{ matrix.build_mode.autotools }} --${{ matrix.deprec_sym }}-deprecated-symbols --with-default-api-version=${{ matrix.default_api }} --enable-shared --${{ matrix.parallel }}-parallel --${{ matrix.cpp }}-cxx --${{ matrix.fortran }}-fortran --${{ matrix.java }}-java --${{ matrix.mirror_vfd }}-mirror-vfd --${{ matrix.direct_vfd }}-direct-vfd --${{ matrix.ros3_vfd }}-ros3-vfd --with-szlib=${{ matrix.szip }}
+          ${{ matrix.flags }} $GITHUB_WORKSPACE/configure \
+            --enable-build-mode=${{ matrix.build_mode.autotools }} \
+            --${{ matrix.deprec_sym }}-deprecated-symbols \
+            --with-default-api-version=${{ matrix.default_api }} \
+            --enable-shared \
+            --${{ matrix.parallel }}-parallel \
+            --${{ matrix.cpp }}-cxx \
+            --${{ matrix.fortran }}-fortran \
+            --${{ matrix.java }}-java \
+            --${{ matrix.mirror_vfd }}-mirror-vfd \
+            --${{ matrix.direct_vfd }}-direct-vfd \
+            --${{ matrix.ros3_vfd }}-ros3-vfd \
+            --with-szlib=${{ matrix.szip }}
         shell: bash
         if: (matrix.generator == 'autogen') && ! (matrix.thread_safety.enabled)
 
@@ -501,7 +514,16 @@ jobs:
           sh ./autogen.sh
           mkdir "${{ runner.workspace }}/build"
           cd "${{ runner.workspace }}/build"
-          ${{ matrix.flags }} $GITHUB_WORKSPACE/configure --enable-build-mode=${{ matrix.build_mode.autotools }} --enable-shared --enable-threadsafe --disable-hl --${{ matrix.parallel }}-parallel --${{ matrix.mirror_vfd }}-mirror-vfd --${{ matrix.direct_vfd }}-direct-vfd --${{ matrix.ros3_vfd }}-ros3-vfd --with-szlib=${{ matrix.szip }}
+          ${{ matrix.flags }} $GITHUB_WORKSPACE/configure \
+            --enable-build-mode=${{ matrix.build_mode.autotools }} \
+            --enable-shared \
+            --enable-threadsafe \
+            --disable-hl \
+            --${{ matrix.parallel }}-parallel \
+            --${{ matrix.mirror_vfd }}-mirror-vfd \
+            --${{ matrix.direct_vfd }}-direct-vfd \
+            --${{ matrix.ros3_vfd }}-ros3-vfd \
+            --with-szlib=${{ matrix.szip }}
         shell: bash
         if: (matrix.generator == 'autogen') && (matrix.thread_safety.enabled)
 
@@ -513,7 +535,25 @@ jobs:
         run: |
           mkdir "${{ runner.workspace }}/build"
           cd "${{ runner.workspace }}/build"
-          cmake -C $GITHUB_WORKSPACE/config/cmake/cacheinit.cmake ${{ matrix.generator }} -DCMAKE_BUILD_TYPE=${{ matrix.build_mode.cmake }} -DCMAKE_TOOLCHAIN_FILE=${{ matrix.toolchain }} -DBUILD_SHARED_LIBS=ON -DHDF5_ENABLE_ALL_WARNINGS=ON -DHDF5_ENABLE_PARALLEL:BOOL=${{ matrix.parallel }} -DHDF5_BUILD_CPP_LIB:BOOL=${{ matrix.cpp }} -DHDF5_BUILD_FORTRAN=${{ matrix.fortran }} -DHDF5_BUILD_JAVA=${{ matrix.java }} -DHDF5_BUILD_DOC=${{ matrix.docs }} -DBUILD_SZIP_WITH_FETCHCONTENT=${{ matrix.libaecfc }} -DLIBAEC_USE_LOCALCONTENT=${{ matrix.localaec }} -DBUILD_ZLIB_WITH_FETCHCONTENT=${{ matrix.zlibfc }} -DZLIB_USE_LOCALCONTENT=${{ matrix.localzlib }} -DHDF5_ENABLE_MIRROR_VFD:BOOL=${{ matrix.mirror_vfd }} -DHDF5_ENABLE_DIRECT_VFD:BOOL=${{ matrix.direct_vfd }} -DHDF5_ENABLE_ROS3_VFD:BOOL=${{ matrix.ros3_vfd }} $GITHUB_WORKSPACE
+          cmake -C $GITHUB_WORKSPACE/config/cmake/cacheinit.cmake \
+            ${{ matrix.generator }} \
+            -DCMAKE_BUILD_TYPE=${{ matrix.build_mode.cmake }} \
+            -DCMAKE_TOOLCHAIN_FILE=${{ matrix.toolchain }} \
+            -DBUILD_SHARED_LIBS=ON \
+            -DHDF5_ENABLE_ALL_WARNINGS=ON \
+            -DHDF5_ENABLE_PARALLEL:BOOL=${{ matrix.parallel }} \
+            -DHDF5_BUILD_CPP_LIB:BOOL=${{ matrix.cpp }} \
+            -DHDF5_BUILD_FORTRAN=${{ matrix.fortran }} \
+            -DHDF5_BUILD_JAVA=${{ matrix.java }} \
+            -DHDF5_BUILD_DOC=${{ matrix.docs }} \
+            -DBUILD_SZIP_WITH_FETCHCONTENT=${{ matrix.libaecfc }} \
+            -DLIBAEC_USE_LOCALCONTENT=${{ matrix.localaec }} \
+            -DBUILD_ZLIB_WITH_FETCHCONTENT=${{ matrix.zlibfc }} \
+            -DZLIB_USE_LOCALCONTENT=${{ matrix.localzlib }} \
+            -DHDF5_ENABLE_MIRROR_VFD:BOOL=${{ matrix.mirror_vfd }} \
+            -DHDF5_ENABLE_DIRECT_VFD:BOOL=${{ matrix.direct_vfd }} \
+            -DHDF5_ENABLE_ROS3_VFD:BOOL=${{ matrix.ros3_vfd }} \
+            $GITHUB_WORKSPACE
         shell: bash
         if: (matrix.generator != 'autogen') && ! (matrix.thread_safety.enabled)
 
@@ -522,7 +562,27 @@ jobs:
         run: |
           mkdir "${{ runner.workspace }}/build"
           cd "${{ runner.workspace }}/build"
-          cmake -C $GITHUB_WORKSPACE/config/cmake/cacheinit.cmake ${{ matrix.generator }} -DCMAKE_BUILD_TYPE=${{ matrix.build_mode.cmake }} -DCMAKE_TOOLCHAIN_FILE=${{ matrix.toolchain }} -DBUILD_SHARED_LIBS=ON -DHDF5_ENABLE_ALL_WARNINGS=ON -DHDF5_ENABLE_THREADSAFE:BOOL=ON -DHDF5_ENABLE_PARALLEL:BOOL=${{ matrix.parallel }} -DHDF5_BUILD_CPP_LIB:BOOL=OFF -DHDF5_BUILD_FORTRAN:BOOL=OFF -DHDF5_BUILD_JAVA:BOOL=OFF -DHDF5_BUILD_HL_LIB:BOOL=OFF -DHDF5_BUILD_DOC=OFF -DBUILD_SZIP_WITH_FETCHCONTENT=${{ matrix.libaecfc }} -DLIBAEC_USE_LOCALCONTENT=${{ matrix.localaec }} -DBUILD_ZLIB_WITH_FETCHCONTENT=${{ matrix.zlibfc }} -DZLIB_USE_LOCALCONTENT=${{ matrix.localzlib }} -DHDF5_ENABLE_MIRROR_VFD:BOOL=${{ matrix.mirror_vfd }} -DHDF5_ENABLE_DIRECT_VFD:BOOL=${{ matrix.direct_vfd }} -DHDF5_ENABLE_ROS3_VFD:BOOL=${{ matrix.ros3_vfd }} $GITHUB_WORKSPACE
+          cmake -C $GITHUB_WORKSPACE/config/cmake/cacheinit.cmake \
+            ${{ matrix.generator }} \
+            -DCMAKE_BUILD_TYPE=${{ matrix.build_mode.cmake }} \
+            -DCMAKE_TOOLCHAIN_FILE=${{ matrix.toolchain }} \
+            -DBUILD_SHARED_LIBS=ON \
+            -DHDF5_ENABLE_ALL_WARNINGS=ON \
+            -DHDF5_ENABLE_THREADSAFE:BOOL=ON \
+            -DHDF5_ENABLE_PARALLEL:BOOL=${{ matrix.parallel }} \
+            -DHDF5_BUILD_CPP_LIB:BOOL=OFF \
+            -DHDF5_BUILD_FORTRAN:BOOL=OFF \
+            -DHDF5_BUILD_JAVA:BOOL=OFF \
+            -DHDF5_BUILD_HL_LIB:BOOL=OFF \
+            -DHDF5_BUILD_DOC=OFF \
+            -DBUILD_SZIP_WITH_FETCHCONTENT=${{ matrix.libaecfc }} \
+            -DLIBAEC_USE_LOCALCONTENT=${{ matrix.localaec }} \
+            -DBUILD_ZLIB_WITH_FETCHCONTENT=${{ matrix.zlibfc }} \
+            -DZLIB_USE_LOCALCONTENT=${{ matrix.localzlib }} \
+            -DHDF5_ENABLE_MIRROR_VFD:BOOL=${{ matrix.mirror_vfd }} \
+            -DHDF5_ENABLE_DIRECT_VFD:BOOL=${{ matrix.direct_vfd }} \
+            -DHDF5_ENABLE_ROS3_VFD:BOOL=${{ matrix.ros3_vfd }} \
+            $GITHUB_WORKSPACE
         shell: bash
         if: (matrix.generator != 'autogen') && (matrix.thread_safety.enabled)
 
diff --git a/.github/workflows/netcdf.yml b/.github/workflows/netcdf.yml
new file mode 100644
index 0000000..a7c9923
--- /dev/null
+++ b/.github/workflows/netcdf.yml
@@ -0,0 +1,56 @@
+name: netCDF 1.14
+
+on:
+  workflow_dispatch:
+  push:
+  pull_request:
+    branches: [ hdf5_1_14 ]
+    paths-ignore:
+      - '.github/CODEOWNERS'
+      - '.github/FUNDING.yml'
+      - 'doc/**'
+      - 'release_docs/**'
+      - 'ACKNOWLEDGEMENTS'
+      - 'COPYING**'
+      - '**.md'
+
+permissions:
+  contents: read
+
+# Using concurrency to cancel any in-progress job or run
+concurrency:
+  group: ${{ github.workflow }}-${{ github.sha || github.event.pull_request.number }}
+  cancel-in-progress: true
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install System dependencies
+      run: |
+        sudo apt update
+        sudo apt install -y libaec-dev zlib1g-dev automake autoconf libcurl4-openssl-dev libjpeg-dev wget curl bzip2 m4 flex bison cmake libzip-dev doxygen openssl libtool libtool-bin
+    - name: Checkout HDF5
+      uses: actions/checkout@v3
+    - name: Install HDF5
+      run: |
+        ./autogen.sh
+        ./configure --prefix=/usr/local --disable-tests --disable-static --enable-shared --enable-hl --with-szlib
+        make -j
+        sudo make install -j
+    - name: Checkout netCDF
+      uses: actions/checkout@v3
+      with:
+        repository: unidata/netcdf-c
+        path: netcdf-c
+    - name: Test netCDF
+      run: |
+        cd netcdf-c
+        autoreconf -if
+        CFLAGS=${CFLAGS} LDFLAGS=${LDFLAGS} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} ./configure --enable-hdf5 --enable-dap --disable-dap-remote-tests  --enable-doxygen  --enable-external-server-tests
+        cat config.log
+        cat libnetcdf.settings
+        CFLAGS=${CFLAGS} LDFLAGS=${LDFLAGS} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} make -j
+        CFLAGS=${CFLAGS} LDFLAGS=${LDFLAGS} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} make check TESTS="" -j
+        LD_LIBRARY_PATH="/home/runner/work/hdf5/hdf5/netcdf-c/liblib/.libs:/usr/local/lib:${LD_LIBRARY_PATH}"
+        CFLAGS=${CFLAGS} LDFLAGS=${LDFLAGS} LD_LIBRARY_PATH=${LD_LIBRARY_PATH} make check -j
diff --git a/SECURITY.md b/SECURITY.md
new file mode 100644
index 0000000..257b49a
--- /dev/null
+++ b/SECURITY.md
@@ -0,0 +1,13 @@
+# Security Policy
+
+## Supported Versions
+
+Security updates are applied only to the latest release.
+
+## Reporting a Vulnerability
+
+If you have discovered a security vulnerability in this project, please report it privately. **Do not disclose it as a public issue.** This gives us time to work with you to fix the issue before public exposure, reducing the chance that the exploit will be used before a patch is released.
+
+Please disclose it at [security advisory](https://github.com/HDFGroup/hdf5/security/advisories/new).
+
+This project is maintained by a team of volunteers on a reasonable-effort basis. As such, vulnerabilities will be disclosed in a best effort base.
-- 
cgit v0.12