0033805: Configuration - Implement GitHub Actions build scripts

Build Scripts:
- Linux GCC x64 dynamic
- Linux Clang x64 dynamic
- Windows MSVC x64 dynamic
- macOS Clang x64 dynamic
Security scanning:
- CodeQL security scanning
- MSVC code scanning

.github/workflows/build-linux-clang-x64-dynamic.yml

@@ -0,0 +1,40 @@
+# This workflow will build OCCT on Ubuntu with Clang compiler
+# using the provided Docker image with Clang tools.
+#
+# Notes:
+# freetype is disabled
+# samples are not built
+
+name: Build OCCT on Linux with Clang x64 dynamic
+
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  build-linux-clang:
+    name: Build on Ubuntu with Clang
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/[email protected]
+
+    - name: Install dependencies
+      run: sudo apt-get update && sudo apt-get install -y tcl-dev tk-dev cmake clang make libbtbb-dev libx11-dev libglu1-mesa-dev
+
+    - name: Configure OCCT
+      run: |
+        mkdir -p build
+        cd build
+        cmake -G "Unix Makefiles" \
+              -D CMAKE_C_COMPILER=clang \
+              -D CMAKE_CXX_COMPILER=clang++ \
+              -D USE_FREETYPE=OFF \
+              -D CMAKE_BUILD_TYPE=Release ..
+
+    - name: Build OCCT
+      run: |
+        cd build
+        make -j$(nproc)

.github/workflows/build-linux-gcc-x64-dynamic.yml

@@ -0,0 +1,40 @@
+# This workflow will build OCCT on Linux with GCC x64 dynamic
+# using the provided Docker image with GCC tools.
+#
+# Notes:
+# freetype is disabled
+# samples are not built
+
+name: Build OCCT on Linux with GCC x64 dynamic
+
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  build-linux-gcc:
+    name: Build on Ubuntu with GCC
+    runs-on: ubuntu-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/[email protected]
+
+    - name: Install dependencies
+      run: sudo apt-get update && sudo apt-get install -y tcl-dev tk-dev cmake gcc g++ make libbtbb-dev libx11-dev libglu1-mesa-dev
+
+    - name: Configure OCCT
+      run: |
+        mkdir -p build
+        cd build
+        cmake -G "Unix Makefiles" \
+              -D CMAKE_C_COMPILER=gcc \
+              -D CMAKE_CXX_COMPILER=g++ \
+              -D USE_FREETYPE=OFF \
+              -D CMAKE_BUILD_TYPE=Release ..
+
+    - name: Build OCCT
+      run: |
+        cd build
+        make -j$(nproc)

.github/workflows/build-macos-clang-x64-dynamic.yml

@@ -0,0 +1,43 @@
+# This workflow builds OCCT on macOS with Clang x64 dynamic.
+#
+# Notes:
+# freetype is disabled
+# samples are not built
+
+name: Build OCCT on macOS with Clang x64 dynamic
+
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  build-macos-clang:
+    name: Build on macOS with Clang
+    runs-on: macos-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/[email protected]
+
+    - name: Install dependencies
+      run: |
+        brew update
+        brew install tcl-tk tbb gl2ps xerces-c \
+                     libxmu libxi libxft libxpm \
+                     glew
+
+    - name: Configure OCCT
+      run: |
+        mkdir -p build
+        cd build
+        cmake -G "Unix Makefiles" \
+              -D CMAKE_C_COMPILER=clang \
+              -D CMAKE_CXX_COMPILER=clang++ \
+              -D USE_FREETYPE=OFF \
+              -D CMAKE_BUILD_TYPE=Release ..
+
+    - name: Build OCCT
+      run: |
+        cd build
+        make -j$(sysctl -n hw.logicalcpu)

.github/workflows/build-windows-msvc-x64-dynamic.yml

@@ -0,0 +1,44 @@
+# This workflow will build OCCT on Windows with MSVC x64 in dynamic mode
+# using the provided Docker image with MSVC tools.
+#
+# Notes:
+# freetype is disabled
+# Draw module is disabled
+# samples are not built
+
+name: Build OCCT on Windows with MSVC x64 dynamic
+
+on:
+  pull_request:
+    branches:
+      - '**'
+
+jobs:
+  build-windows-msvc:
+    name: Build on Windows with MSVC
+    runs-on: windows-latest
+
+    steps:
+    - name: Checkout repository
+      uses: actions/[email protected]
+
+    - name: Set up MSVC
+      uses: ilammy/[email protected]
+      with:
+        arch: x64
+
+    - name: Install dependencies
+      run: |
+        choco install cmake --installargs 'ADD_CMAKE_TO_PATH=System' -y
+        choco install magicsplat-tcl-tk -y
+
+    - name: Configure OCCT
+      run: |
+        mkdir build
+        cd build
+        cmake -T host=x64 -D USE_FREETYPE=OFF -D BUILD_MODULE_Draw=OFF -D CMAKE_BUILD_TYPE=Release ..
+
+    - name: Build OCCT
+      run: |
+        cd build
+        cmake --build . --config Release -- /m

.github/workflows/codemsvc.yml

@@ -0,0 +1,69 @@
+# Security scanning with Microsoft C++ Code Analysis.
+# Checks any master integration and publish warnings into security GitHub tab.
+#
+# Find more information at:
+# https://github.com/microsoft/msvc-code-analysis-action
+
+name: Microsoft C++ Code Analysis
+
+on:
+  push:
+    branches:
+      - 'master'
+
+env:
+  # Path to the CMake build directory.
+  build: '${{ github.workspace }}/build'
+  config: 'Debug'
+
+permissions:
+  contents: read
+
+jobs:
+  analyze:
+    permissions:
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+    name: Analyze
+    runs-on: windows-latest
+
+    steps:
+      - name: Checkout repository
+        uses: actions/[email protected]
+
+      - name: Install dependencies
+        run: |
+            choco install cmake --installargs 'ADD_CMAKE_TO_PATH=System' -y
+            choco install magicsplat-tcl-tk -y
+          
+      - name: Configure CMake
+        run: |
+          mkdir build
+          cd build
+          cmake -D USE_FREETYPE=OFF -DCMAKE_BUILD_TYPE=${{ env.config }} ..
+
+      - name: Run MSVC Code Analysis
+        uses: microsoft/[email protected]
+        # Provide a unique ID to access the sarif output path
+        id: run-analysis
+        with:
+          cmakeBuildDirectory: ${{ env.build }}
+          buildConfiguration: ${{ env.config }}
+          # Ruleset file that will determine what checks will be run
+          ruleset: NativeRecommendedRules.ruleset
+          # Paths to ignore analysis of CMake targets and includes
+          # ignoredPaths: ${{ github.workspace }}/dependencies;${{ github.workspace }}/test
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+      #- name: Upload SARIF to GitHub
+      #  uses: github/codeql-action/[email protected]
+      #  with:
+      #    sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+
+      # Upload SARIF file as an Artifact to download and view
+      - name: Upload SARIF as an Artifact
+        uses: actions/[email protected]
+        with:
+          name: sarif-file
+          path: ${{ steps.run-analysis.outputs.sarif }}

.github/workflows/codeql.yml

@@ -0,0 +1,60 @@
+# Security scanning with CodeQL.
+# Checks any master integration and publish warnings into security GitHub tab.
+#
+# Find more information at:
+# https://docs.github.com/en/github/finding-security-vulnerabilities-and-errors-in-your-code/about-code-scanning
+
+name: CodeQL Code Analysis
+
+on:
+  push:
+    branches:
+      - 'master'
+
+jobs:
+  analyze:
+    name: Analyze (${{ matrix.language }})
+    runs-on: ${{ 'ubuntu-latest' }}
+    permissions:
+      # required for all workflows
+      security-events: write
+
+      # required to fetch internal or private CodeQL packs
+      packages: read
+
+    strategy:
+      fail-fast: false
+      matrix:
+        include:
+        - language: c-cpp
+          build-mode: manual
+    steps:
+    - name: Checkout repository
+      uses: actions/[email protected]
+
+    - name: Install dependencies
+      run: sudo apt-get update && sudo apt-get install -y tcl-dev tk-dev cmake gcc g++ make libbtbb-dev libx11-dev libglu1-mesa-dev
+
+    # Initializes the CodeQL tools for scanning.
+    - name: Initialize CodeQL
+      uses: github/codeql-action/[email protected]
+      with:
+        languages: ${{ matrix.language }}
+        build-mode: ${{ matrix.build-mode }}
+
+    - if: matrix.build-mode == 'manual'
+      shell: bash
+      run: |
+        mkdir -p build
+        cd build
+        cmake -G "Unix Makefiles" \
+              -D CMAKE_C_COMPILER=gcc \
+              -D CMAKE_CXX_COMPILER=g++ \
+              -D USE_FREETYPE=OFF \
+              -D CMAKE_BUILD_TYPE=Release ..
+        make -j$(nproc)
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/[email protected]
+      with:
+        category: "/language:${{matrix.language}}"