diff --git a/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
new file mode 100644
index 0000000000..a52f6c89de
--- /dev/null
+++ b/.github/PULL_REQUEST_TEMPLATE/pull_request_template.md
@@ -0,0 +1,47 @@
+
+
+## Description
+
+
+## Issues
+
+
+## Before and After Images
+
+
+
+
+
diff --git a/.github/dependabot.yml b/.github/dependabot.yml
new file mode 100644
index 0000000000..e98caaf1f9
--- /dev/null
+++ b/.github/dependabot.yml
@@ -0,0 +1,11 @@
+version: 2
+updates:
+ - package-ecosystem: github-actions
+ directory: /
+ schedule:
+ interval: daily
+
+ - package-ecosystem: pip
+ directory: /
+ schedule:
+ interval: daily
diff --git a/.github/workflows/CI_cleanup.yml b/.github/workflows/CI_cleanup.yml
index 6a797e7834..3d8e2edada 100644
--- a/.github/workflows/CI_cleanup.yml
+++ b/.github/workflows/CI_cleanup.yml
@@ -57,6 +57,11 @@ jobs:
env:
logdir: /tmp/log/
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: Make needed directories
run: |
mkdir -p ${{ env.logdir }}
@@ -103,7 +108,7 @@ jobs:
done
- name: Upload logs
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ github.job }}-Logs
path: |
diff --git a/.github/workflows/actions/runCPPTests/runAllTests/action.yml b/.github/workflows/actions/runCPPTests/runAllTests/action.yml
index 9ada5690c6..7eaaab59ce 100644
--- a/.github/workflows/actions/runCPPTests/runAllTests/action.yml
+++ b/.github/workflows/actions/runCPPTests/runAllTests/action.yml
@@ -117,6 +117,13 @@ runs:
testCommand: ${{ inputs.builddir }}/tests/Sketcher_tests_run --gtest_output=json:${{ inputs.reportdir }}spreadsheet_gtest_results.json
testLogFile: ${{ inputs.reportdir }}spreadsheet_gtest_test_log.txt
testName: Spreadsheet
+ - name: C++ Start tests
+ id: start
+ uses: ./.github/workflows/actions/runCPPTests/runSingleTest
+ with:
+ testCommand: ${{ inputs.builddir }}/tests/Start_tests_run --gtest_output=json:${{ inputs.reportdir }}start_gtest_results.json
+ testLogFile: ${{ inputs.reportdir }}start_gtest_test_log.txt
+ testName: Start
- name: Compose summary report based on test results
if: always()
shell: bash -l {0}
diff --git a/.github/workflows/actions/windows/getLibpack/action.yml b/.github/workflows/actions/windows/getLibpack/action.yml
index bed52624a7..297691d56a 100644
--- a/.github/workflows/actions/windows/getLibpack/action.yml
+++ b/.github/workflows/actions/windows/getLibpack/action.yml
@@ -41,11 +41,11 @@ inputs:
libpackdownloadurl:
description: "URL where to download libpack"
required: false
- default: https://github.com/FreeCAD/FreeCAD-LibPack/releases/download/3.1.0/LibPack-1.1.0-v3.1.0-Release.7z
+ default: https://github.com/FreeCAD/FreeCAD-LibPack/releases/download/3.1.1.2/LibPack-1.1.0-v3.1.1.2-Release.7z
libpackname:
description: "Libpack name (once downloaded)"
required: false
- default: LibPack-1.1.0-v3.1.0-Release
+ default: LibPack-1.1.0-v3.1.1.2-Release
runs:
using: "composite"
diff --git a/.github/workflows/auto-close_stale_issues_and_pull-requests.yml b/.github/workflows/auto-close_stale_issues_and_pull-requests.yml
index 5e853db3c6..0c65f869ba 100644
--- a/.github/workflows/auto-close_stale_issues_and_pull-requests.yml
+++ b/.github/workflows/auto-close_stale_issues_and_pull-requests.yml
@@ -20,9 +20,14 @@ jobs:
stale:
runs-on: ubuntu-latest
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: '🧹 Tag & close stale unconfirmed bugs'
id: stale_issues
- uses: actions/stale@v9.1.0
+ uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: -1
@@ -49,7 +54,7 @@ jobs:
- name: '🧹 Close stale requested feedback issues'
id: awaiting_issues
- uses: actions/stale@v9.1.0
+ uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: -1
@@ -77,7 +82,7 @@ jobs:
- name: '🧹 Tag & close inactive issues'
id: inactive_issues
- uses: actions/stale@v9.1.0
+ uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: -1
@@ -108,7 +113,7 @@ jobs:
- name: '🧹 Tag & close inactive PRs'
id: inactive_pr
- uses: actions/stale@v9.1.0
+ uses: actions/stale@5bef64f19d7facfb25b37b414482c7164d639639 # v9.1.0
with:
repo-token: ${{ secrets.GITHUB_TOKEN }}
days-before-stale: -1
diff --git a/.github/workflows/dependency-review.yml b/.github/workflows/dependency-review.yml
new file mode 100644
index 0000000000..ffa9d8f33b
--- /dev/null
+++ b/.github/workflows/dependency-review.yml
@@ -0,0 +1,27 @@
+# Dependency Review Action
+#
+# This Action will scan dependency manifest files that change as part of a Pull Request,
+# surfacing known-vulnerable versions of the packages declared or updated in the PR.
+# Once installed, if the workflow run is marked as required,
+# PRs introducing known-vulnerable packages will be blocked from merging.
+#
+# Source repository: https://github.com/actions/dependency-review-action
+name: 'Dependency Review'
+on: [pull_request]
+
+permissions:
+ contents: read
+
+jobs:
+ dependency-review:
+ runs-on: ubuntu-latest
+ steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
+ - name: 'Checkout Repository'
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ - name: 'Dependency Review'
+ uses: actions/dependency-review-action@67d4f4bd7a9b17a0db54d2a7519187c65e339de8 # v4
diff --git a/.github/workflows/issue-metrics.yml b/.github/workflows/issue-metrics.yml
index 63257e3330..e626bfbf91 100644
--- a/.github/workflows/issue-metrics.yml
+++ b/.github/workflows/issue-metrics.yml
@@ -16,6 +16,11 @@ jobs:
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: Get dates for last month
shell: bash
run: |
@@ -30,13 +35,13 @@ jobs:
echo "last_month=$first_day..$last_day" >> "$GITHUB_ENV"
- name: Run issue-metrics tool
- uses: github/issue-metrics@v3
+ uses: github/issue-metrics@ed6e4b2b46f44ec7cdd2f6c145757a67a07ecf5b # v3.18.4
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SEARCH_QUERY: 'repo:FreeCAD/FreeCAD is:issue created:${{ env.last_month }}'
- name: Create issue
- uses: peter-evans/create-issue-from-file@v4
+ uses: peter-evans/create-issue-from-file@e8ef132d6df98ed982188e460ebb3b5d4ef3a9cd # v5.0.1
with:
title: Monthly issue metrics report
token: ${{ secrets.GITHUB_TOKEN }}
diff --git a/.github/workflows/labeler.yml b/.github/workflows/labeler.yml
index 56de386954..65522eb958 100644
--- a/.github/workflows/labeler.yml
+++ b/.github/workflows/labeler.yml
@@ -9,6 +9,9 @@ on:
pull_request_target:
types: [opened, reopened]
+permissions:
+ contents: read
+
jobs:
label:
runs-on: ubuntu-latest
@@ -17,7 +20,12 @@ jobs:
pull-requests: write
steps:
- - uses: actions/labeler@v5
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
+ - uses: actions/labeler@8558fd74291d67161a8a78ce36a881fa63b766a9 # v5.0.0
with:
repo-token: "${{ secrets.GITHUB_TOKEN }}"
configuration-path: ".github/labels.yml"
diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml
new file mode 100644
index 0000000000..5e25484a79
--- /dev/null
+++ b/.github/workflows/scorecards.yml
@@ -0,0 +1,81 @@
+# This workflow uses actions that are not certified by GitHub. They are provided
+# by a third-party and are governed by separate terms of service, privacy
+# policy, and support documentation.
+
+name: Scorecard supply-chain security
+on:
+ # For Branch-Protection check. Only the default branch is supported. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection
+ branch_protection_rule:
+ # To guarantee Maintained check is occasionally updated. See
+ # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained
+ schedule:
+ - cron: '20 7 * * 2'
+ push:
+ branches: ["main"]
+
+# Declare default permissions as read only.
+permissions: read-all
+
+jobs:
+ analysis:
+ name: Scorecard analysis
+ runs-on: ubuntu-latest
+ permissions:
+ # Needed to upload the results to code-scanning dashboard.
+ security-events: write
+ # Needed to publish results and get a badge (see publish_results below).
+ id-token: write
+ contents: read
+ actions: read
+ # To allow GraphQL ListCommits to work
+ issues: read
+ pull-requests: read
+ # To detect SAST tools
+ checks: read
+
+ steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
+ - name: "Checkout code"
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ persist-credentials: false
+
+ - name: "Run analysis"
+ uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1
+ with:
+ results_file: results.sarif
+ results_format: sarif
+ # (Optional) "write" PAT token. Uncomment the `repo_token` line below if:
+ # - you want to enable the Branch-Protection check on a *public* repository, or
+ # - you are installing Scorecards on a *private* repository
+ # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat.
+ # repo_token: ${{ secrets.SCORECARD_TOKEN }}
+
+ # Public repositories:
+ # - Publish results to OpenSSF REST API for easy access by consumers
+ # - Allows the repository to include the Scorecard badge.
+ # - See https://github.com/ossf/scorecard-action#publishing-results.
+ # For private repositories:
+ # - `publish_results` will always be set to `false`, regardless
+ # of the value entered here.
+ publish_results: true
+
+ # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF
+ # format to the repository Actions tab.
+ - name: "Upload artifact"
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
+ with:
+ name: SARIF file
+ path: results.sarif
+ retention-days: 5
+
+ # Upload the results to GitHub's code scanning dashboard.
+ - name: "Upload to code-scanning"
+ uses: github/codeql-action/upload-sarif@45775bd8235c68ba998cffa5171334d58593da47 # v3.28.15
+ with:
+ sarif_file: results.sarif
diff --git a/.github/workflows/sub_buildPixi.yml b/.github/workflows/sub_buildPixi.yml
index c3c562ad06..f8dd75ec87 100644
--- a/.github/workflows/sub_buildPixi.yml
+++ b/.github/workflows/sub_buildPixi.yml
@@ -69,6 +69,11 @@ jobs:
os: [windows-latest, ubuntu-latest, macos-latest]
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: Set Platform Environment Variables
shell: bash -l {0}
env:
@@ -81,7 +86,7 @@ jobs:
fi
- name: Checkout
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- name: Add GCC Problem Matcher
if: runner.os == 'Linux'
@@ -106,13 +111,13 @@ jobs:
mkdir -p ${{ env.reportdir }}
echo "reportFile=${{ env.reportfilename }}" >> $GITHUB_OUTPUT
- - uses: prefix-dev/setup-pixi@v0.8.3
+ - uses: prefix-dev/setup-pixi@19eac09b398e3d0c747adc7921926a6d802df4da # v0.8.8
with:
- pixi-version: v0.43.3
+ pixi-version: v0.45.0
cache: false
- name: Restore Compiler Cache
- uses: actions/cache/restore@v4
+ uses: actions/cache/restore@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: ${{ env.CCACHE_DIR }}
key: FC-${{ env.cacheKey }}-${{ github.ref }}-${{ github.run_id }}
@@ -195,14 +200,14 @@ jobs:
- name: Save Compiler Cache
if: always()
- uses: actions/cache/save@v4
+ uses: actions/cache/save@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
path: ${{ env.CCACHE_DIR }}
key: FC-${{ env.cacheKey }}-${{ github.ref }}-${{ github.run_id }}
- name: Upload logs
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ inputs.artifactBasename }}-${{ matrix.os }}-Logs
path: |
@@ -211,7 +216,7 @@ jobs:
- name: Upload report
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ env.reportfilename }}
path: |
diff --git a/.github/workflows/sub_buildUbuntu.yml b/.github/workflows/sub_buildUbuntu.yml
index 4d704ac2bd..41d887964b 100644
--- a/.github/workflows/sub_buildUbuntu.yml
+++ b/.github/workflows/sub_buildUbuntu.yml
@@ -71,8 +71,13 @@ jobs:
reportFile: ${{ steps.Init.outputs.reportFile }}
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: Checking out source code
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
- name: Install FreeCAD dependencies
@@ -94,7 +99,7 @@ jobs:
compiler: ${{ env.CXX }}
qt_major_version: 5
- name: Restore Compiler Cache
- uses: actions/cache@v4
+ uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
save-always: true
path: ${{ env.CCACHE_DIR }}
@@ -107,6 +112,10 @@ jobs:
ccache -s
ccache -z
ccache -p
+ - name: Install cmake
+ uses: jwlawson/actions-setup-cmake@802fa1a2c4e212495c05bf94dba2704a92a472be # v2.0.2
+ with:
+ cmake-version: '3.31.6'
- name: CMake Configure
uses: ./.github/workflows/actions/linux/configure
with:
@@ -175,7 +184,7 @@ jobs:
reportFile: ${{env.reportdir}}${{ env.reportfilename }}
- name: Upload logs
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ inputs.artifactBasename }}-Logs
path: |
@@ -183,7 +192,7 @@ jobs:
/var/crash/*FreeCAD*
- name: Upload report
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ env.reportfilename }}
path: |
diff --git a/.github/workflows/sub_buildWindows.yml b/.github/workflows/sub_buildWindows.yml
index 2ccbd44fba..af11383bd3 100644
--- a/.github/workflows/sub_buildWindows.yml
+++ b/.github/workflows/sub_buildWindows.yml
@@ -62,8 +62,13 @@ jobs:
reportFile: ${{ steps.Init.outputs.reportFile }}
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: Checking out source code
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
- name: Make needed directories, files and initializations
@@ -85,7 +90,7 @@ jobs:
with:
libpackdir: ${{ env.libpackdir }}
- name: Restore compiler cache
- uses: actions/cache@v4
+ uses: actions/cache@5a3ec84eff668545956fd18022155c47e93e2684 # v4.2.3
with:
save-always: true
path: ${{ env.CCACHE_DIR }}
@@ -98,6 +103,10 @@ jobs:
. $env:ccachebindir\ccache -s
. $env:ccachebindir\ccache -z
. $env:ccachebindir\ccache -p
+ - name: Install cmake
+ uses: jwlawson/actions-setup-cmake@802fa1a2c4e212495c05bf94dba2704a92a472be # v2.0.2
+ with:
+ cmake-version: '3.31.6'
- name: Configuring CMake
run: >
cmake -B"${{ env.builddir }}" .
@@ -111,7 +120,7 @@ jobs:
-DFREECAD_COPY_LIBPACK_BIN_TO_BUILD=ON
-DFREECAD_COPY_PLUGINS_BIN_TO_BUILD=ON
- name: Add msbuild to PATH
- uses: microsoft/setup-msbuild@v2
+ uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2.0.0
- name: Compiling sources
run: |
cd $env:builddir
@@ -129,7 +138,7 @@ jobs:
. ${{ env.builddir }}\bin\FreeCADCmd -t 0 # 2>&1 | tee -filepath ${{ env.logdir }}\integrationTests.log
- name: Upload logs
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ inputs.artifactBasename }}-Logs
path: |
diff --git a/.github/workflows/sub_lint.yml b/.github/workflows/sub_lint.yml
index 61cdbcbde8..e320cea130 100644
--- a/.github/workflows/sub_lint.yml
+++ b/.github/workflows/sub_lint.yml
@@ -121,7 +121,7 @@ on:
type: string
required: false
spellingIgnore:
- default: ./.git,*.po,*.ts,*.svg,./ChangeLog.txt,./src/3rdParty,./src/Mod/Assembly/App/opendcm,./src/Base/swig*,./src/Mod/Robot/App/kdl_cp,./src/Mod/Import/App/SCL*,./src/WindowsInstaller,./src/Doc/FreeCAD.uml,./build/
+ default: ./.git*,*.po,*.ts,*.svg,./src/3rdParty,./src/Base/swig*,./src/Mod/Robot/App/kdl_cp,./src/Mod/Import/App/SCL*,./src/Doc/FreeCAD.uml,./build/
type: string
required: false
codespellFailSilent:
@@ -168,6 +168,9 @@ on:
reportFile:
value: ${{ jobs.Lint.outputs.reportFile }}
+permissions:
+ contents: read
+
jobs:
Lint:
@@ -185,8 +188,13 @@ jobs:
reportFile: ${{ steps.Init.outputs.reportFile }}
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: Check out code
- uses: actions/checkout@v4
+ uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
submodules: true
@@ -335,7 +343,7 @@ jobs:
- name: Upload logs and fixes
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ inputs.artifactBasename }}-Logs
path: |
@@ -344,7 +352,7 @@ jobs:
- name: Upload report
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ env.reportfilename }}
path: |
diff --git a/.github/workflows/sub_prepare.yml b/.github/workflows/sub_prepare.yml
index d0d10edf58..d715482a0d 100644
--- a/.github/workflows/sub_prepare.yml
+++ b/.github/workflows/sub_prepare.yml
@@ -71,6 +71,11 @@ jobs:
changedCppFiles: ${{ steps.Output.outputs.changedCppFiles }}
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: Make needed directories, files and initializations
id: Init
run: |
@@ -148,14 +153,14 @@ jobs:
echo "" >> $GITHUB_OUTPUT
- name: Upload logs
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ inputs.artifactBasename }}-Logs
path: |
${{ env.logdir }}
- name: Upload report
if: always()
- uses: actions/upload-artifact@v4
+ uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
with:
name: ${{ env.reportfilename }}
path: |
diff --git a/.github/workflows/sub_weeklyBuild.yml b/.github/workflows/sub_weeklyBuild.yml
new file mode 100644
index 0000000000..9763052fdc
--- /dev/null
+++ b/.github/workflows/sub_weeklyBuild.yml
@@ -0,0 +1,160 @@
+name: Weekly Build
+on:
+ schedule:
+ - cron: "42 18 * * 1"
+
+permissions:
+ contents: write
+
+jobs:
+ tag_build:
+ runs-on: ubuntu-latest
+ outputs:
+ build_tag: ${{ steps.tag_build.outputs.build_tag }}
+ steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ fetch-depth: 2
+ submodules: 'recursive'
+
+ - name: Tag Build
+ id: tag_build
+ shell: bash -l {0}
+ run: |
+ export BUILD_TAG=weekly-$(date "+%Y.%m.%d")
+ echo "BUILD_TAG=${BUILD_TAG}" >> "$GITHUB_ENV"
+ echo "build_tag=${BUILD_TAG}" >> "$GITHUB_OUTPUT"
+
+ - name: Upload Source
+ env:
+ GH_TOKEN: ${{ github.token }}
+ run: |
+ python3 package/rattler-build/scripts/make_version_file.py ../freecad_version.txt
+ git config user.email '41898282+github-actions[bot]@users.noreply.github.com'
+ git config user.name 'github-actions[bot]'
+ git apply package/rattler-build/scripts/disable_git_info.patch
+ git commit -a -m "Disable git info write to Version.h"
+ git archive HEAD -o freecad_source_${BUILD_TAG}.tar
+ git submodule foreach --recursive \
+ "git archive HEAD --prefix=\$path/ -o \$sha1.tar && \
+ tar -A -f \$toplevel/freecad_source_${BUILD_TAG}.tar \$sha1.tar && \
+ rm \$sha1.tar"
+ gzip freecad_source_${BUILD_TAG}.tar
+ sha256sum freecad_source_${BUILD_TAG}.tar.gz > freecad_source_${BUILD_TAG}.tar.gz-SHA256.txt
+ gh release create ${BUILD_TAG} --title "Weekly Build ${BUILD_TAG}" --notes "Weekly Build ${BUILD_TAG}" --prerelease || true
+ gh release upload --clobber ${BUILD_TAG} "freecad_source_${BUILD_TAG}.tar.gz" "freecad_source_${BUILD_TAG}.tar.gz-SHA256.txt"
+
+ build:
+ needs: tag_build
+ strategy:
+ matrix:
+ include:
+ - { target: linux-64, os: ubuntu-22.04 }
+ - { target: linux-arm64, os: ubuntu-22.04-arm }
+ - { target: osx-64, os: macos-13 }
+ - { target: osx-arm64, os: macos-latest }
+ - { target: win-64, os: windows-latest }
+ fail-fast: false
+
+ runs-on: ${{ matrix.os }}
+ environment: weekly-build
+ steps:
+ # prevent running out of disk space on Ubuntu runners.
+ - name: Maximize build space
+ if: runner.os == 'Linux'
+ uses: AdityaGarg8/remove-unwanted-software@v5
+ with:
+ verbose: 'true'
+ remove-android: 'true' # (frees ~9 GB)
+ remove-cached-tools: 'true' # (frees ~8.3 GB)
+
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
+ - name: Set Platform Environment Variables
+ shell: bash -l {0}
+ env:
+ BUILD_TAG: ${{ needs.tag_build.outputs.build_tag }}
+ OPERATING_SYSTEM: ${{ runner.os }}
+ run: |
+ echo "BUILD_TAG=${BUILD_TAG}" >> "$GITHUB_ENV"
+ if [[ $OPERATING_SYSTEM == 'Windows' ]]; then
+ echo 'PIXI_CACHE_DIR=D:\rattler' >> "$GITHUB_ENV"
+ echo 'RATTLER_CACHE_DIR=D:\rattler' >> "$GITHUB_ENV"
+ fi
+
+ - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+ with:
+ fetch-depth: 0
+ fetch-tags: true
+ submodules: 'recursive'
+
+ - uses: prefix-dev/setup-pixi@19eac09b398e3d0c747adc7921926a6d802df4da # v0.8.8
+ with:
+ pixi-version: v0.42.1
+ cache: false
+
+ - name: Install the Apple certificate and provisioning profile
+ if: runner.os == 'macOS'
+ env:
+ APP_SPECIFIC_PASSWORD: ${{ secrets.APP_SPECIFIC_PASSWORD }}
+ APPLE_ID: ${{ secrets.APPLE_ID }}
+ BUILD_CERTIFICATE_BASE64: ${{ secrets.BUILD_CERTIFICATE_BASE64 }}
+ BUILD_PROVISION_PROFILE_BASE64: ${{ secrets.BUILD_PROVISION_PROFILE_BASE64 }}
+ DEVELOPER_TEAM_ID: ${{ secrets.DEVELOPER_TEAM_ID }}
+ KEYCHAIN_PASSWORD: ${{ secrets.KEYCHAIN_PASSWORD }}
+ P12_PASSWORD: ${{ secrets.P12_PASSWORD }}
+ run: |
+ # create variables
+ CERTIFICATE_PATH=$RUNNER_TEMP/build_certificate.p12
+ PP_PATH=$RUNNER_TEMP/FreeCAD_Weekly.provisionprofile
+ KEYCHAIN_PATH=$RUNNER_TEMP/app-signing.keychain-db
+
+ export KEYCHAIN_PASSWORD=$(openssl rand -base64 8)
+
+ # import certificate and provisioning profile from secrets
+ echo -n "$BUILD_CERTIFICATE_BASE64" | base64 --decode -o $CERTIFICATE_PATH
+ echo -n "$BUILD_PROVISION_PROFILE_BASE64" | base64 --decode -o $PP_PATH
+
+ # create temporary keychain
+ security create-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+ security set-keychain-settings -lut 21600 $KEYCHAIN_PATH
+ security unlock-keychain -p "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+
+ # import certificate to keychain
+ security import $CERTIFICATE_PATH -P "$P12_PASSWORD" -A -t cert -f pkcs12 -k $KEYCHAIN_PATH
+ security set-key-partition-list -S apple-tool:,apple: -k "$KEYCHAIN_PASSWORD" $KEYCHAIN_PATH
+ security list-keychain -d user -s $KEYCHAIN_PATH
+
+ # apply provisioning profile
+ mkdir -p ~/Library/Provisioning\ Profiles
+ cp $PP_PATH ~/Library/Provisioning\ Profiles
+
+ xcrun notarytool store-credentials "FreeCAD" --keychain "$KEYCHAIN_PATH" --apple-id "${APPLE_ID}" --password "${APP_SPECIFIC_PASSWORD}" --team-id "${DEVELOPER_TEAM_ID}"
+
+ - name: Build and Release Packages
+ shell: bash
+ env:
+ GH_TOKEN: ${{ github.token }}
+ SIGNING_KEY_ID: ${{ secrets.SIGNING_KEY_ID }}
+ SIGN_RELEASE: "true"
+ TARGET_PLATFORM: ${{ matrix.target }}
+ UPLOAD_RELEASE: "true"
+ run: |
+ cd package/rattler-build
+ pixi install
+ pixi run -e package create_bundle
+
+ ## Needed if running on a self-hosted runner:
+ # - name: Clean up keychain and provisioning profile
+ # if: ${{ always() }}
+ # run: |
+ # security delete-keychain $RUNNER_TEMP/app-signing.keychain-db
+ # rm ~/Library/MobileDevice/Provisioning\ Profiles/build_pp.mobileprovision
diff --git a/.github/workflows/sub_wrapup.yml b/.github/workflows/sub_wrapup.yml
index 5d55edf169..f4984b9f0c 100644
--- a/.github/workflows/sub_wrapup.yml
+++ b/.github/workflows/sub_wrapup.yml
@@ -39,6 +39,9 @@ on:
type: string
required: true
+permissions:
+ contents: read
+
jobs:
WrapUp:
@@ -50,11 +53,16 @@ jobs:
shell: bash
steps:
+ - name: Harden the runner (Audit all outbound calls)
+ uses: step-security/harden-runner@c6295a65d1254861815972266d5933fd6e532bdf # v2.11.1
+ with:
+ egress-policy: audit
+
- name: Make needed directories, files and initializations
run: |
mkdir -p ${{ env.artifactsDownloadDir }}
- name: Download artifacts
- uses: actions/download-artifact@v4
+ uses: actions/download-artifact@95815c38cf2ff2164869cbab79da8d1f422bc89e # v4.2.1
with:
path: ${{ env.artifactsDownloadDir }}
- name: Save input data to file
@@ -111,7 +119,7 @@ jobs:
cat report.md >> $GITHUB_STEP_SUMMARY
- name: Delete used artifacts
continue-on-error: true
- uses: geekyeggo/delete-artifact@v5
+ uses: geekyeggo/delete-artifact@f275313e70c08f6120db482d7a6b98377786765b # v5.1.0
with:
name: |
${{ env.usedArtifacts }}
diff --git a/.gitmodules b/.gitmodules
index b6bc63efd4..e6a738fdf5 100644
--- a/.gitmodules
+++ b/.gitmodules
@@ -7,3 +7,6 @@
[submodule "src/3rdParty/GSL"]
path = src/3rdParty/GSL
url = https://github.com/microsoft/GSL
+[submodule "src/Mod/AddonManager"]
+ path = src/Mod/AddonManager
+ url = https://github.com/FreeCAD/AddonManager.git
diff --git a/.pre-commit-config.yaml b/.pre-commit-config.yaml
index 22f43d741a..36430fd6c0 100644
--- a/.pre-commit-config.yaml
+++ b/.pre-commit-config.yaml
@@ -9,7 +9,6 @@ files: |
src/Main|
src/Tools|
tests/src|
- src/Mod/AddonManager|
src/Mod/Assembly|
src/Mod/CAM|
src/Mod/Cloud|
diff --git a/CMakePresets.json b/CMakePresets.json
index f5eadf1063..5773f91d59 100644
--- a/CMakePresets.json
+++ b/CMakePresets.json
@@ -13,6 +13,18 @@
"CMAKE_EXPORT_COMPILE_COMMANDS": {
"type": "BOOL",
"value": "ON"
+ },
+ "CMAKE_JOB_POOL_COMPILE": {
+ "type": "STRING",
+ "value": "compile_jobs"
+ },
+ "CMAKE_JOB_POOL_LINK": {
+ "type": "STRING",
+ "value": "link_jobs"
+ },
+ "CMAKE_POLICY_VERSION_MINIMUM": {
+ "type": "STRING",
+ "value": "3.5"
}
}
},
@@ -59,6 +71,10 @@
"type": "BOOL",
"value": "ON"
},
+ "BUILD_REVERSEENGINEERING": {
+ "type": "BOOL",
+ "value": "OFF"
+ },
"ENABLE_DEVELOPER_TESTS": {
"type": "BOOL",
"value": "ON"
@@ -87,6 +103,10 @@
"type": "BOOL",
"value": "ON"
},
+ "FREECAD_QT_VERSION": {
+ "type": "STRING",
+ "value": "6"
+ },
"OCCT_CMAKE_FALLBACK": {
"type": "BOOL",
"value": "ON"
@@ -107,26 +127,30 @@
},
"cmakeExecutable": "${sourceDir}/conda/cmake.sh",
"cacheVariables": {
- "CMAKE_INCLUDE_PATH": {
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/include"
+ "CMAKE_C_COMPILER": {
+ "type": "STRING",
+ "value": "clang"
},
- "CMAKE_INSTALL_LIBDIR": {
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/lib"
+ "CMAKE_CXX_COMPILER": {
+ "type": "STRING",
+ "value": "clang++"
+ },
+ "CMAKE_EXE_LINKER_FLAGS": {
+ "type": "STRING",
+ "value": "-fuse-ld=mold"
},
"CMAKE_INSTALL_PREFIX": {
"type": "FILEPATH",
"value": "$env{CONDA_PREFIX}"
},
- "CMAKE_LIBRARY_PATH":{
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/lib"
- },
"CMAKE_PREFIX_PATH": {
"type": "FILEPATH",
"value": "$env{CONDA_PREFIX}"
},
+ "CMAKE_SHARED_LINKER_FLAGS": {
+ "type": "STRING",
+ "value": "-fuse-ld=mold"
+ },
"OCC_INCLUDE_DIR": {
"type": "FILEPATH",
"value": "$env{CONDA_PREFIX}/include/opencascade"
@@ -147,22 +171,10 @@
"type": "STRING",
"value": "/opt/homebrew;/usr/local/homebrew"
},
- "CMAKE_INCLUDE_PATH": {
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/include"
- },
- "CMAKE_INSTALL_LIBDIR": {
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/lib"
- },
"CMAKE_INSTALL_PREFIX": {
"type": "FILEPATH",
"value": "$env{CONDA_PREFIX}"
},
- "CMAKE_LIBRARY_PATH":{
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/lib"
- },
"CMAKE_PREFIX_PATH": {
"type": "FILEPATH",
"value": "$env{CONDA_PREFIX}"
@@ -183,22 +195,10 @@
},
"cmakeExecutable": "${sourceDir}/conda/cmake.cmd",
"cacheVariables": {
- "CMAKE_INCLUDE_PATH": {
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/Library/include"
- },
- "CMAKE_INSTALL_LIBDIR": {
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/Library/lib"
- },
"CMAKE_INSTALL_PREFIX": {
"type": "FILEPATH",
"value": "$env{CONDA_PREFIX}/Library"
},
- "CMAKE_LIBRARY_PATH":{
- "type": "FILEPATH",
- "value": "$env{CONDA_PREFIX}/Library/lib"
- },
"CMAKE_PREFIX_PATH": {
"type": "FILEPATH",
"value": "$env{CONDA_PREFIX}/Library"
diff --git a/cMake/FindOCC.cmake b/cMake/FindOCC.cmake
index 6a91e6871b..2b084e3a56 100644
--- a/cMake/FindOCC.cmake
+++ b/cMake/FindOCC.cmake
@@ -130,7 +130,7 @@ if (OCC_FOUND)
else ()
list(APPEND OCC_LIBRARIES TKDESTEP TKDEIGES TKDEGLTF TKDESTL)
endif ()
- message(STATUS "-- Found OpenCASCADE version: ${OCC_VERSION_STRING}")
- message(STATUS "-- OpenCASCADE include directory: ${OCC_INCLUDE_DIR}")
- message(STATUS "-- OpenCASCADE shared libraries directory: ${OCC_LIBRARY_DIR}")
+ message(STATUS "Found OpenCASCADE version: ${OCC_VERSION_STRING}")
+ message(STATUS " OpenCASCADE include directory: ${OCC_INCLUDE_DIR}")
+ message(STATUS " OpenCASCADE shared libraries directory: ${OCC_LIBRARY_DIR}")
endif ()
diff --git a/cMake/FreeCAD_Helpers/CheckInterModuleDependencies.cmake b/cMake/FreeCAD_Helpers/CheckInterModuleDependencies.cmake
index fae2b80f4f..a684a3d3e4 100644
--- a/cMake/FreeCAD_Helpers/CheckInterModuleDependencies.cmake
+++ b/cMake/FreeCAD_Helpers/CheckInterModuleDependencies.cmake
@@ -28,6 +28,7 @@ macro(CheckInterModuleDependencies)
REQUIRES_MODS(BUILD_MESH_PART BUILD_PART BUILD_MESH)
REQUIRES_MODS(BUILD_FLAT_MESH BUILD_MESH_PART)
REQUIRES_MODS(BUILD_OPENSCAD BUILD_MESH_PART BUILD_DRAFT)
+ REQUIRES_MODS(BUILD_MATERIAL_EXTERNAL BUILD_MATERIAL)
REQUIRES_MODS(BUILD_PART BUILD_MATERIAL)
REQUIRES_MODS(BUILD_PART_DESIGN BUILD_SKETCHER)
# REQUIRES_MODS(BUILD_CAM BUILD_PART BUILD_MESH BUILD_ROBOT)
diff --git a/cMake/FreeCAD_Helpers/CompilerChecksAndSetups.cmake b/cMake/FreeCAD_Helpers/CompilerChecksAndSetups.cmake
index 7dda6ad4d7..89e239a9b2 100644
--- a/cMake/FreeCAD_Helpers/CompilerChecksAndSetups.cmake
+++ b/cMake/FreeCAD_Helpers/CompilerChecksAndSetups.cmake
@@ -9,6 +9,13 @@ macro(CompilerChecksAndSetups)
# ================================================================================
+ # Use a heuristic of 1 GiB of RAM needed per compiler job and limit to
+ # a single link job. Modern linkers are multithreaded and running them concurrently
+ # can exhaust resources.
+ cmake_host_system_information(RESULT avail_mem_MiB QUERY TOTAL_PHYSICAL_MEMORY)
+ math(EXPR max_compile_procs "${avail_mem_MiB} / 1024")
+ set_property(GLOBAL PROPERTY JOB_POOLS compile_jobs=${max_compile_procs} link_jobs=1)
+
# Allow developers to use Boost < 1.74
if (NOT BOOST_MIN_VERSION)
set(BOOST_MIN_VERSION 1.74)
diff --git a/cMake/FreeCAD_Helpers/InitializeFreeCADBuildOptions.cmake b/cMake/FreeCAD_Helpers/InitializeFreeCADBuildOptions.cmake
index ebe6938865..dfb29f1e56 100644
--- a/cMake/FreeCAD_Helpers/InitializeFreeCADBuildOptions.cmake
+++ b/cMake/FreeCAD_Helpers/InitializeFreeCADBuildOptions.cmake
@@ -10,6 +10,7 @@ macro(InitializeFreeCADBuildOptions)
option(FREECAD_USE_EXTERNAL_KDL "Use system installed orocos-kdl instead of the bundled." OFF)
option(FREECAD_USE_EXTERNAL_FMT "Use system installed fmt library if available instead of fetching the source." ON)
option(FREECAD_USE_EXTERNAL_ONDSELSOLVER "Use system installed OndselSolver instead of git submodule." OFF)
+ option(FREECAD_USE_EXTERNAL_E57FORMAT "Use system installed libE57Format instead of the bundled." OFF)
option(FREECAD_USE_FREETYPE "Builds the features using FreeType libs" ON)
option(FREECAD_BUILD_DEBIAN "Prepare for a build of a Debian package" OFF)
option(FREECAD_CHECK_PIVY "Check for pivy version using Python at build time" ON)
@@ -120,6 +121,7 @@ macro(InitializeFreeCADBuildOptions)
option(BUILD_INSPECTION "Build the FreeCAD inspection module" ON)
option(BUILD_JTREADER "Build the FreeCAD jt reader module" OFF)
option(BUILD_MATERIAL "Build the FreeCAD material module" ON)
+ option(BUILD_MATERIAL_EXTERNAL "Build the FreeCAD material external interface module" OFF)
option(BUILD_MESH "Build the FreeCAD mesh module" ON)
option(BUILD_MESH_PART "Build the FreeCAD mesh part module" ON)
option(BUILD_FLAT_MESH "Build the FreeCAD flat mesh module" ON)
diff --git a/cMake/FreeCAD_Helpers/PrintFinalReport.cmake b/cMake/FreeCAD_Helpers/PrintFinalReport.cmake
index 25bb8e7b3a..be1078cc4c 100644
--- a/cMake/FreeCAD_Helpers/PrintFinalReport.cmake
+++ b/cMake/FreeCAD_Helpers/PrintFinalReport.cmake
@@ -104,6 +104,7 @@ macro(PrintFinalReport)
value(BUILD_INSPECTION)
value(BUILD_JTREADER)
value(BUILD_MATERIAL)
+ value(BUILD_MATERIAL_EXTERNAL)
value(BUILD_MESH)
value(BUILD_MESH_PART)
value(BUILD_OPENSCAD)
diff --git a/cMake/FreeCAD_Helpers/SetGlobalCompilerAndLinkerSettings.cmake b/cMake/FreeCAD_Helpers/SetGlobalCompilerAndLinkerSettings.cmake
index 7710219fe0..7e3d4958fd 100644
--- a/cMake/FreeCAD_Helpers/SetGlobalCompilerAndLinkerSettings.cmake
+++ b/cMake/FreeCAD_Helpers/SetGlobalCompilerAndLinkerSettings.cmake
@@ -19,18 +19,29 @@ macro(SetGlobalCompilerAndLinkerSettings)
set(CMAKE_CXX_FLAGS "${CMAKE_CXX_FLAGS} -mxgot")
endif()
+ if (CMAKE_CXX_COMPILER_ID MATCHES "Clang|GNU")
+ # Only add -Og if no -O* optimization flag exists
+ if (NOT "${CMAKE_C_FLAGS_DEBUG}" MATCHES "-O[a-z0-9]+")
+ set(CMAKE_C_FLAGS_DEBUG "${CMAKE_C_FLAGS_DEBUG} -Og")
+ endif()
+ if (NOT "${CMAKE_CXX_FLAGS_DEBUG}" MATCHES "-O[a-z0-9]+")
+ set(CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -Og")
+ endif()
+ endif()
if(MSVC)
# set default compiler settings
add_definitions(-D_DISABLE_CONSTEXPR_MUTEX_CONSTRUCTOR -DNOMINMAX)
add_compile_options(/Zm150 /bigobj)
set (CMAKE_CXX_FLAGS_DEBUG "${CMAKE_CXX_FLAGS_DEBUG} -DFC_DEBUG")
- # set default libs
- set (CMAKE_C_STANDARD_LIBRARIES "kernel32.lib user32.lib gdi32.lib winspool.lib SHFolder.lib shell32.lib ole32.lib oleaut32.lib uuid.lib comdlg32.lib advapi32.lib winmm.lib comsupp.lib Ws2_32.lib dbghelp.lib ")
- set (CMAKE_CXX_STANDARD_LIBRARIES "${CMAKE_C_STANDARD_LIBRARIES}")
- # set linker flag /nodefaultlib
- set (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /NODEFAULTLIB")
- set (CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} /NODEFAULTLIB")
- set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /NODEFAULTLIB")
+ if (MSVC_VERSION LESS 1930) # Anything before VS 2022
+ # set default libs
+ set (CMAKE_C_STANDARD_LIBRARIES "kernel32.lib user32.lib gdi32.lib winspool.lib SHFolder.lib shell32.lib ole32.lib oleaut32.lib uuid.lib comdlg32.lib advapi32.lib winmm.lib comsupp.lib Ws2_32.lib dbghelp.lib ")
+ set (CMAKE_CXX_STANDARD_LIBRARIES "${CMAKE_C_STANDARD_LIBRARIES}")
+ # set linker flag /nodefaultlib
+ set (CMAKE_SHARED_LINKER_FLAGS "${CMAKE_SHARED_LINKER_FLAGS} /NODEFAULTLIB")
+ set (CMAKE_MODULE_LINKER_FLAGS "${CMAKE_MODULE_LINKER_FLAGS} /NODEFAULTLIB")
+ set (CMAKE_EXE_LINKER_FLAGS "${CMAKE_EXE_LINKER_FLAGS} /NODEFAULTLIB")
+ endif()
if(FREECAD_RELEASE_PDB)
set (CMAKE_CXX_FLAGS_RELEASE "${CMAKE_CXX_FLAGS_RELEASE} /Zi")
set (CMAKE_SHARED_LINKER_FLAGS_RELEASE "${CMAKE_SHARED_LINKER_FLAGS_RELEASE} /DEBUG")
diff --git a/cMake/FreeCAD_Helpers/SetupLibFmt.cmake b/cMake/FreeCAD_Helpers/SetupLibFmt.cmake
index 53fce7836b..52b986fe46 100644
--- a/cMake/FreeCAD_Helpers/SetupLibFmt.cmake
+++ b/cMake/FreeCAD_Helpers/SetupLibFmt.cmake
@@ -34,8 +34,8 @@ macro(SetupLibFmt)
cmake_policy(SET CMP0135 NEW)
endif()
FetchContent_Declare(fmt
- URL https://github.com/fmtlib/fmt/archive/refs/tags/9.1.0.zip
- URL_MD5 e6754011ff56bfc37631fcc90961e377
+ URL https://github.com/fmtlib/fmt/archive/refs/tags/11.1.4.zip
+ URL_MD5 90667b07f34d91554cf8285ae234ff66
)
FetchContent_MakeAvailable(fmt)
set_target_properties(fmt PROPERTIES POSITION_INDEPENDENT_CODE ON)
diff --git a/cMake/UseLibPack3.cmake b/cMake/UseLibPack3.cmake
index e1da9548dc..f8871df5bb 100644
--- a/cMake/UseLibPack3.cmake
+++ b/cMake/UseLibPack3.cmake
@@ -27,6 +27,12 @@ endif()
find_package(XercesC REQUIRED PATHS ${FREECAD_LIBPACK_DIR}/cmake NO_DEFAULT_PATH)
message(STATUS "Found LibPack 3 XercesC ${XercesC_VERSION}")
+if(FREECAD_LIBPACK_VERSION VERSION_GREATER_EQUAL "3.1.1")
+ set(FREECAD_USE_EXTERNAL_E57FORMAT ON)
+ find_package(E57Format REQUIRED PATHS ${FREECAD_LIBPACK_DIR}/lib/cmake/e57format NO_DEFAULT_PATH)
+ message(STATUS "Found LibPack 3 e57format ${e57format_VERSION}")
+endif()
+
find_package(yaml-cpp REQUIRED PATHS ${FREECAD_LIBPACK_DIR}/lib/cmake NO_DEFAULT_PATH)
message(STATUS "Found LibPack 3 yaml-cpp ${yaml-cpp_VERSION}")
diff --git a/package/rattler-build/build.bat b/package/rattler-build/build.bat
new file mode 100644
index 0000000000..a97b6591cf
--- /dev/null
+++ b/package/rattler-build/build.bat
@@ -0,0 +1,37 @@
+@echo on
+
+@REM :: free up extra disk space, compare
+@REM :: https://github.com/conda-forge/conda-smithy/issues/1949
+@REM rmdir /s /q C:\hostedtoolcache\windows
+
+@REM set "CFLAGS= "
+@REM set "CXXFLAGS= -DBOOST_PROGRAM_OPTIONS_DYN_LINK=1"
+@REM set "LDFLAGS_SHARED= ucrt.lib"
+
+set "CMAKE_GENERATOR="
+set "CMAKE_GENERATOR_PLATFORM="
+
+cmake ^
+ --preset conda-windows-release ^
+ -D CMAKE_INCLUDE_PATH:FILEPATH="%LIBRARY_PREFIX%/include" ^
+ -D CMAKE_INSTALL_LIBDIR:FILEPATH="%LIBRARY_PREFIX%/lib" ^
+ -D CMAKE_INSTALL_PREFIX:FILEPATH="%LIBRARY_PREFIX%" ^
+ -D CMAKE_LIBRARY_PATH:FILEPATH="%LIBRARY_PREFIX%/lib" ^
+ -D CMAKE_PREFIX_PATH:FILEPATH="%LIBRARY_PREFIX%" ^
+ -D FREECAD_USE_OCC_VARIANT="Official Version" ^
+ -D INSTALL_TO_SITEPACKAGES:BOOL=ON ^
+ -D OCC_INCLUDE_DIR:FILEPATH="%LIBRARY_PREFIX%/include" ^
+ -D OCCT_CMAKE_FALLBACK:BOOL=OFF ^
+ -D Python_EXECUTABLE:FILEPATH="%PYTHON%" ^
+ -D Python3_EXECUTABLE:FILEPATH="%PYTHON%" ^
+ -B build ^
+ -S . ^
+ ${CMAKE_PLATFORM_FLAGS[@]}
+if %ERRORLEVEL% neq 0 exit 1
+
+ninja -C build install
+if %ERRORLEVEL% neq 0 exit 1
+
+rmdir /s /q "%LIBRARY_PREFIX%\doc"
+ren %LIBRARY_PREFIX%\bin\FreeCAD.exe freecad.exe
+ren %LIBRARY_PREFIX%\bin\FreeCADCmd.exe freecadcmd.exe
diff --git a/package/rattler-build/build.sh b/package/rattler-build/build.sh
new file mode 100644
index 0000000000..ebce9d2692
--- /dev/null
+++ b/package/rattler-build/build.sh
@@ -0,0 +1,47 @@
+if [[ ${HOST} =~ .*linux.* ]]; then
+ CMAKE_PRESET=conda-linux-release
+fi
+
+if [[ ${HOST} =~ .*darwin.* ]]; then
+ CMAKE_PRESET=conda-macos-release
+
+ # add hacks for osx here!
+ echo "adding hacks for osx"
+
+ # install space-mouse
+ /usr/bin/curl -o /tmp/3dFW.dmg -L 'https://download.3dconnexion.com/drivers/mac/10-7-0_B564CC6A-6E81-42b0-82EC-418EA823B81A/3DxWareMac_v10-7-0_r3411.dmg'
+ hdiutil attach -readonly /tmp/3dFW.dmg
+ sudo installer -package /Volumes/3Dconnexion\ Software/Install\ 3Dconnexion\ software.pkg -target /
+ diskutil eject /Volumes/3Dconnexion\ Software
+ CMAKE_PLATFORM_FLAGS+=(-DFREECAD_USE_3DCONNEXION:BOOL=ON)
+ CMAKE_PLATFORM_FLAGS+=(-D3DCONNEXIONCLIENT_FRAMEWORK:FILEPATH="/Library/Frameworks/3DconnexionClient.framework")
+
+ CXXFLAGS="${CXXFLAGS} -D_LIBCPP_DISABLE_AVAILABILITY"
+fi
+
+unset CMAKE_GENERATOR
+unset CMAKE_GENERATOR_PLATFORM
+
+cmake \
+ --preset ${CMAKE_PRESET} \
+ -D CMAKE_IGNORE_PREFIX_PATH="/opt/homebrew;/usr/local/homebrew" \
+ -D CMAKE_INCLUDE_PATH:FILEPATH="$PREFIX/include" \
+ -D CMAKE_INSTALL_LIBDIR:FILEPATH="$PREFIX/lib" \
+ -D CMAKE_INSTALL_PREFIX:FILEPATH="$PREFIX" \
+ -D CMAKE_LIBRARY_PATH:FILEPATH="$PREFIX/lib" \
+ -D CMAKE_PREFIX_PATH:FILEPATH="$PREFIX" \
+ -D FREECAD_USE_OCC_VARIANT="Official Version" \
+ -D INSTALL_TO_SITEPACKAGES:BOOL=ON \
+ -D OCC_INCLUDE_DIR:FILEPATH="$PREFIX/include" \
+ -D OCCT_CMAKE_FALLBACK:BOOL=OFF \
+ -D Python_EXECUTABLE:FILEPATH="$PYTHON" \
+ -D Python3_EXECUTABLE:FILEPATH="$PYTHON" \
+ -B build \
+ -S . \
+ ${CMAKE_PLATFORM_FLAGS[@]}
+
+cmake --build build
+cmake --install build
+
+mv ${PREFIX}/bin/FreeCAD ${PREFIX}/bin/freecad || true
+mv ${PREFIX}/bin/FreeCADCmd ${PREFIX}/bin/freecadcmd || true
diff --git a/package/rattler-build/conda_build_config.yaml b/package/rattler-build/conda_build_config.yaml
new file mode 100644
index 0000000000..688c3a50e4
--- /dev/null
+++ b/package/rattler-build/conda_build_config.yaml
@@ -0,0 +1,7 @@
+c_compiler: # [win]
+ - vs2022 # [win]
+cxx_compiler: # [win]
+ - vs2022 # [win]
+
+MACOSX_SDK_VERSION: # [osx]
+ - '11.0' # [osx]
diff --git a/package/rattler-build/linux/AppDir/AppRun b/package/rattler-build/linux/AppDir/AppRun
new file mode 100755
index 0000000000..2389a99b76
--- /dev/null
+++ b/package/rattler-build/linux/AppDir/AppRun
@@ -0,0 +1,31 @@
+#!/bin/bash
+HERE="$(dirname "$(readlink -f "${0}")")"
+export PREFIX=${HERE}/usr
+# export LD_LIBRARY_PATH=${HERE}/usr/lib${LD_LIBRARY_PATH:+':'}$LD_LIBRARY_PATH
+export PYTHONHOME=${HERE}/usr
+export PATH_TO_FREECAD_LIBDIR=${HERE}/usr/lib
+# export QT_QPA_PLATFORM_PLUGIN_PATH=${HERE}/usr/plugins
+# export QT_XKB_CONFIG_ROOT=${HERE}/usr/lib
+export FONTCONFIG_FILE=/etc/fonts/fonts.conf
+export FONTCONFIG_PATH=/etc/fonts
+
+# Show packages info if DEBUG env variable is set
+if [ "$DEBUG" = 1 ]; then
+ cat ${HERE}/packages.txt
+fi
+
+# SSL
+# https://forum.freecad.org/viewtopic.php?f=4&t=34873&start=20#p327416
+export SSL_CERT_FILE=$PREFIX/ssl/cacert.pem
+# https://github.com/FreeCAD/FreeCAD-AppImage/pull/20
+export GIT_SSL_CAINFO=$HERE/usr/ssl/cacert.pem
+
+# Support for launching other applications (from /usr/bin)
+# https://github.com/FreeCAD/FreeCAD-AppImage/issues/30
+if [ ! -z "$1" ] && [ -e "$HERE/usr/bin/$1" ] ; then
+ MAIN="$HERE/usr/bin/$1" ; shift
+else
+ MAIN="$HERE/usr/bin/freecad"
+fi
+
+"${MAIN}" "$@"
diff --git a/package/rattler-build/linux/create_bundle.sh b/package/rattler-build/linux/create_bundle.sh
new file mode 100755
index 0000000000..aeda9617fb
--- /dev/null
+++ b/package/rattler-build/linux/create_bundle.sh
@@ -0,0 +1,84 @@
+#!/bin/bash
+
+set -e
+set -x
+
+conda_env="AppDir/usr"
+
+mkdir -p ${conda_env}
+
+cp -a ../.pixi/envs/default/* ${conda_env}
+
+export PATH="${PWD}/${conda_env}/bin:${PATH}"
+export CONDA_PREFIX="${PWD}/${conda_env}"
+
+echo -e "\nDelete unnecessary stuff"
+rm -rf ${conda_env}/include
+find ${conda_env} -name \*.a -delete
+
+mv ${conda_env}/bin ${conda_env}/bin_tmp
+mkdir ${conda_env}/bin
+cp ${conda_env}/bin_tmp/freecad ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/freecadcmd ${conda_env}/bin
+cp ${conda_env}/bin_tmp/ccx ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/python ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/pip ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/pyside6-rcc ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/gmsh ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/dot ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/unflatten ${conda_env}/bin/
+rm -rf ${conda_env}/bin_tmp
+
+sed -i '1s|.*|#!/usr/bin/env python|' ${conda_env}/bin/pip
+
+echo -e "\nCopying Icon and Desktop file"
+cp ${conda_env}/share/applications/org.freecad.FreeCAD.desktop AppDir/
+sed -i 's/Exec=FreeCAD/Exec=AppRun/g' AppDir/org.freecad.FreeCAD.desktop
+cp ${conda_env}/share/icons/hicolor/scalable/apps/org.freecad.FreeCAD.svg AppDir/
+
+# Remove __pycache__ folders and .pyc files
+find . -path "*/__pycache__/*" -delete
+find . -name "*.pyc" -type f -delete
+
+# reduce size
+rm -rf ${conda_env}/conda-meta/
+rm -rf ${conda_env}/doc/global/
+rm -rf ${conda_env}/share/gtk-doc/
+rm -rf ${conda_env}/lib/cmake/
+
+find . -name "*.h" -type f -delete
+find . -name "*.cmake" -type f -delete
+
+python_version=$(python -c 'import platform; print("py" + platform.python_version_tuple()[0] + platform.python_version_tuple()[1])')
+version_name="FreeCAD_${BUILD_TAG}-Linux-$(uname -m)-${python_version}"
+
+echo -e "\################"
+echo -e "version_name: ${version_name}"
+echo -e "################"
+
+pixi list -e default > AppDir/packages.txt
+sed -i "1s/.*/\nLIST OF PACKAGES:/" AppDir/packages.txt
+
+export tag="weekly-builds" # should retrieve from git tag
+
+curl -LO https://github.com/AppImage/appimagetool/releases/download/continuous/appimagetool-$(uname -m).AppImage
+chmod a+x appimagetool-$(uname -m).AppImage
+
+echo -e "\nCreate the appimage"
+# export GPG_TTY=$(tty)
+chmod a+x ./AppDir/AppRun
+./appimagetool-$(uname -m).AppImage \
+ --comp zstd \
+ --mksquashfs-opt -Xcompression-level \
+ --mksquashfs-opt 22 \
+ -u "gh-releases-zsync|FreeCAD|FreeCAD-Bundle|$tag|FreeCAD*$(uname -m)*.AppImage.zsync" \
+ AppDir ${version_name}.AppImage
+ # -s --sign-key ${GPG_KEY_ID} \
+
+echo -e "\nCreate hash"
+sha256sum ${version_name}.AppImage > ${version_name}.AppImage-SHA256.txt
+
+if [ "${UPLOAD_RELEASE}" == "true" ]; then
+ gh release create ${BUILD_TAG} --title "Weekly Build ${BUILD_TAG}" --notes "Weekly Build ${BUILD_TAG}" --prerelease || true
+ gh release upload --clobber ${BUILD_TAG} "${version_name}.AppImage" "${version_name}.AppImage-SHA256.txt"
+fi
diff --git a/package/rattler-build/osx/Info.plist.template b/package/rattler-build/osx/Info.plist.template
new file mode 100644
index 0000000000..45ba0c2274
--- /dev/null
+++ b/package/rattler-build/osx/Info.plist.template
@@ -0,0 +1,90 @@
+
+
+
+
+ CFBundleDevelopmentRegion
+ English
+ CFBundleExecutable
+ FreeCAD
+ CFBundleGetInfoString
+
+ CFBundleIconFile
+ freecad.icns
+ CFBundleIdentifier
+ org.freecad.FreeCAD
+ CFBundleInfoDictionaryVersion
+ 6.0
+ CFBundleLongVersionString
+
+ CFBundleName
+ APPLICATION_MENU_NAME
+ CFBundlePackageType
+ APPL
+ CFBundleShortVersionString
+
+ CFBundleSignature
+ ????
+ CFBundleVersion
+ FREECAD_VERSION
+ CSResourcesFileMapped
+
+ NSHumanReadableCopyright
+
+ NSPrincipalClass
+ NSApplication
+ NSHighResolutionCapable
+ True
+ NSRequiresAquaSystemAppearance
+ False
+ CFBundleDocumentTypes
+
+
+ CFBundleTypeRole
+ Editor
+ CFBundleTypeExtensions
+
+ FCStd
+ FCMat
+ FCParam
+
+ CFBundleTypeIconFile
+ freecad-doc.icns
+ LSIsAppleDefaultForType
+
+
+
+ CFBundleTypeRole
+ Editor
+ CFBundleTypeExtensions
+
+ FCMacro
+ FCScript
+
+ CFBundleTypeIconFile
+ freecad-script.icns
+ LSIsAppleDefaultForType
+
+
+
+ UTExportedTypeDeclarations
+
+
+ UTTypeConformsTo
+
+ public.data
+
+ UTTypeDescription
+ FreeCAD Document
+ UTTypeIdentifier
+ org.freecad.fcstd
+ UTTypeTagSpecification
+
+ public.filename-extension
+
+ FCStd
+
+
+
+
+
+
diff --git a/package/rattler-build/osx/create_bundle.sh b/package/rattler-build/osx/create_bundle.sh
new file mode 100644
index 0000000000..cbd38d47c7
--- /dev/null
+++ b/package/rattler-build/osx/create_bundle.sh
@@ -0,0 +1,85 @@
+#!/bin/bash
+
+set -e
+set -x
+
+conda_env="FreeCAD.app/Contents/Resources"
+
+mkdir -p ${conda_env}
+
+cp -a ../.pixi/envs/default/* ${conda_env}
+
+export PATH="${PWD}/${conda_env}/bin:${PATH}"
+export CONDA_PREFIX="${PWD}/${conda_env}"
+
+# delete unnecessary stuff
+rm -rf ${conda_env}/include
+find ${conda_env} -name \*.a -delete
+
+mv ${conda_env}/bin ${conda_env}/bin_tmp
+mkdir ${conda_env}/bin
+cp ${conda_env}/bin_tmp/freecad ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/freecadcmd ${conda_env}/bin
+cp ${conda_env}/bin_tmp/ccx ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/python ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/pip ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/pyside6-rcc ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/gmsh ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/dot ${conda_env}/bin/
+cp ${conda_env}/bin_tmp/unflatten ${conda_env}/bin/
+rm -rf ${conda_env}/bin_tmp
+
+sed -i '1s|.*|#!/usr/bin/env python|' ${conda_env}/bin/pip
+
+# copy resources
+cp resources/* ${conda_env}
+
+# Remove __pycache__ folders and .pyc files
+find . -path "*/__pycache__/*" -delete
+find . -name "*.pyc" -type f -delete
+
+# fix problematic rpaths and reexport_dylibs for signing
+# see https://github.com/FreeCAD/FreeCAD/issues/10144#issuecomment-1836686775
+# and https://github.com/FreeCAD/FreeCAD-Bundle/pull/203
+python ../scripts/fix_macos_lib_paths.py ${conda_env}/lib
+
+# build and install the launcher
+cmake -B build launcher
+cmake --build build
+mkdir -p FreeCAD.app/Contents/MacOS
+cp build/FreeCAD FreeCAD.app/Contents/MacOS/FreeCAD
+
+python_version=$(python -c 'import platform; print("py" + platform.python_version_tuple()[0] + platform.python_version_tuple()[1])')
+version_name="FreeCAD_${BUILD_TAG}-macOS-$(uname -m)-${python_version}"
+application_menu_name="FreeCAD_${BUILD_TAG}"
+
+echo -e "\################"
+echo -e "version_name: ${version_name}"
+echo -e "################"
+
+cp Info.plist.template ${conda_env}/../Info.plist
+sed -i "s/FREECAD_VERSION/${version_name}/" ${conda_env}/../Info.plist
+sed -i "s/APPLICATION_MENU_NAME/${application_menu_name}/" ${conda_env}/../Info.plist
+
+pixi list -e default > FreeCAD.app/Contents/packages.txt
+sed -i '1s/.*/\nLIST OF PACKAGES:/' FreeCAD.app/Contents/packages.txt
+
+# copy the plugin into its final location
+cp -a ${conda_env}/Library ${conda_env}/..
+rm -rf ${conda_env}/Library
+
+if [[ "${SIGN_RELEASE}" == "true" ]]; then
+ # create the signed dmg
+ ./macos_sign_and_notarize.zsh -p "FreeCAD" -k ${SIGNING_KEY_ID} -o "${version_name}.dmg"
+else
+ # create the dmg
+ dmgbuild -s dmg_settings.py "FreeCAD" "${version_name}.dmg"
+fi
+
+# create hash
+sha256sum ${version_name}.dmg > ${version_name}.dmg-SHA256.txt
+
+if [[ "${UPLOAD_RELEASE}" == "true" ]]; then
+ gh release create ${BUILD_TAG} --title "Weekly Build ${BUILD_TAG}" --notes "Weekly Build ${BUILD_TAG}" --prerelease || true
+ gh release upload --clobber ${BUILD_TAG} "${version_name}.dmg" "${version_name}.dmg-SHA256.txt"
+fi
diff --git a/package/rattler-build/osx/dmg_settings.py b/package/rattler-build/osx/dmg_settings.py
new file mode 100644
index 0000000000..9e3b2decd9
--- /dev/null
+++ b/package/rattler-build/osx/dmg_settings.py
@@ -0,0 +1,12 @@
+# Ensure default values are set in defines if they are not already provided
+defines.setdefault('containing_folder', '.')
+defines.setdefault('app_name', 'FreeCAD.app')
+defines.setdefault('icon_path', 'Contents/Resources/freecad.icns')
+
+
+files = [f"{defines['containing_folder']}/{defines['app_name']}"]
+symlinks = {"Applications": "/Applications"}
+badge_icon = f"{defines['containing_folder']}/{defines['app_name']}/{defines['icon_path']}"
+window_rect = ((200, 200), (600, 400))
+icon_locations = {f"{defines['app_name']}": (180, 150), "Applications": (420, 150)}
+size = "4g"
diff --git a/package/rattler-build/osx/entitlements.plist b/package/rattler-build/osx/entitlements.plist
new file mode 100644
index 0000000000..8cc185af8d
--- /dev/null
+++ b/package/rattler-build/osx/entitlements.plist
@@ -0,0 +1,8 @@
+
+
+
+
+ com.apple.security.cs.disable-library-validation
+
+
+
diff --git a/package/rattler-build/osx/launcher/CMakeLists.txt b/package/rattler-build/osx/launcher/CMakeLists.txt
new file mode 100644
index 0000000000..222fd17559
--- /dev/null
+++ b/package/rattler-build/osx/launcher/CMakeLists.txt
@@ -0,0 +1,8 @@
+cmake_minimum_required(VERSION 3.20)
+project(freecad-launcher LANGUAGES CXX)
+
+set(CMAKE_OSX_DEPLOYMENT_TARGET "10.13" CACHE STRING "Minimum OS X deployment version" FORCE)
+set(CMAKE_CXX_STANDARD 17)
+
+add_executable(FreeCAD FreeCAD.cpp)
+target_link_libraries(FreeCAD)
diff --git a/package/rattler-build/osx/launcher/FreeCAD.cpp b/package/rattler-build/osx/launcher/FreeCAD.cpp
new file mode 100644
index 0000000000..562acac4c3
--- /dev/null
+++ b/package/rattler-build/osx/launcher/FreeCAD.cpp
@@ -0,0 +1,75 @@
+#include
+#include
+#include
+#include