From 0034974958d906db142011b6b94a1f861f43f6f4 Mon Sep 17 00:00:00 2001 From: Mahmoud Mazouz Date: Mon, 18 Dec 2023 17:02:13 +0100 Subject: [PATCH 1/4] fix(workflows/release): Sync actions/upload-artifact and actions/download-artifact versions (v3) --- .github/workflows/release.yml | 48 ++++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml index cb9276179..f633f9d71 100644 --- a/.github/workflows/release.yml +++ b/.github/workflows/release.yml @@ -25,7 +25,9 @@ jobs: name: Preparation runs-on: ubuntu-latest steps: - - uses: actions/checkout@v4 + - name: Clone this repository + uses: actions/checkout@v4 + - name: Environment setup id: env shell: bash @@ -34,18 +36,18 @@ jobs: echo "GITHUB_SHA=${GITHUB_SHA:0:8}" GIT_BRANCH=`[[ $GITHUB_REF =~ ^refs/heads/.* ]] && echo ${GITHUB_REF/refs\/heads\//} || true` echo "GIT_BRANCH=${GIT_BRANCH}" - echo ::set-output name=GIT_BRANCH::"${GIT_BRANCH}" + echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_OUTPUT GIT_TAG=`[[ $GITHUB_REF =~ ^refs/tags/.* ]] && echo ${GITHUB_REF/refs\/tags\//} || true` echo "GIT_TAG=${GIT_TAG}" - echo ::set-output name=GIT_TAG::"${GIT_TAG}" + echo "GIT_TAG=${GIT_TAG}" >> $GITHUB_OUTPUT ZENOH_VERSION=$(sed -n 's/^project(libzenohpico VERSION \(.*\) LANGUAGES C)/\1/p' CMakeLists.txt | head -n1) echo "ZENOH_VERSION=${ZENOH_VERSION}" - echo ::set-output name=ZENOH_VERSION::"${ZENOH_VERSION}" + echo "ZENOH_VERSION=${ZENOH_VERSION}" >> $GITHUB_OUTPUT if [ -n "${GIT_TAG}" ]; then IS_RELEASE="true" echo "IS_RELEASE=${IS_RELEASE}" - echo ::set-output name=IS_RELEASE::"${IS_RELEASE}" + echo "IS_RELEASE=${IS_RELEASE}" >> $GITHUB_OUTPUT PKG_VERSION=${GIT_TAG} elif [ -n "${GIT_BRANCH}" ]; then PKG_VERSION=${GIT_BRANCH}-${GITHUB_SHA:0:8} @@ -53,13 +55,13 @@ jobs: PKG_VERSION=${ZENOH_VERSION}-${GITHUB_SHA:0:8} fi echo "PKG_VERSION=${PKG_VERSION}" - echo ::set-output name=PKG_VERSION::"${PKG_VERSION}" + echo "PKG_VERSION=${PKG_VERSION}" >> $GITHUB_OUTPUT CROSSBUILD_TARGETS=$(sed -n 's/^CROSSBUILD_TARGETS=\(.*\)/\1/p' GNUmakefile | head -n1) echo "CROSSBUILD_TARGETS=$CROSSBUILD_TARGETS" TARGET_MATRIX="{\"target\": [\"${CROSSBUILD_TARGETS// /\",\"}\"]}" echo "TARGET_MATRIX=$TARGET_MATRIX" - echo ::set-output name=TARGET_MATRIX::"${TARGET_MATRIX}" + echo "TARGET_MATRIX=$TARGET_MATRIX" >> $GITHUB_OUTPUT outputs: GIT_BRANCH: ${{ steps.env.outputs.GIT_BRANCH }} GIT_TAG: ${{ steps.env.outputs.GIT_TAG }} @@ -73,11 +75,14 @@ jobs: needs: preps runs-on: macos-latest steps: - - uses: actions/checkout@v4 + - name: Clone this repository + uses: actions/checkout@v4 + - name: MacOS build run: make env: BUILD_TYPE: RELEASE + - name: Packaging id: package shell: bash @@ -86,14 +91,15 @@ jobs: echo "Packaging ${LIB_PKG_NAME}:" cd build && zip -r ${LIB_PKG_NAME} lib && cd - zip -r ${LIB_PKG_NAME} include - echo ::set-output name=LIB_PKG_NAME::"${LIB_PKG_NAME}" + echo "LIB_PKG_NAME=${LIB_PKG_NAME}" >> $GITHUB_OUTPUT EXP_PKG_NAME=${PWD}/zenoh-pico-${{ needs.preps.outputs.PKG_VERSION }}-macos-x64-examples.zip echo "Packaging ${EXP_PKG_NAME}:" cd build/examples && zip ${EXP_PKG_NAME} * && cd - - echo ::set-output name=EXP_PKG_NAME::"${EXP_PKG_NAME}" + echo "EXP_PKG_NAME=${EXP_PKG_NAME}" >> $GITHUB_OUTPUT + - name: "Upload x86_64 macos package" - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v3 with: name: macos-x64 path: | @@ -108,11 +114,14 @@ jobs: fail-fast: false matrix: ${{fromJson(needs.preps.outputs.TARGET_MATRIX)}} steps: - - uses: actions/checkout@v4 + - name: Clone this repository + uses: actions/checkout@v4 + - name: make for ${{ matrix.target }} env: BUILD_TYPE: RELEASE run: make ${{ matrix.target }} + - name: Packaging id: package shell: bash @@ -126,22 +135,23 @@ jobs: echo "Packaging ${LIB_PKG_NAME}:" cd crossbuilds/${TARGET} && zip -r ${LIB_PKG_NAME} lib && cd - zip -r ${LIB_PKG_NAME} include - echo ::set-output name=LIB_PKG_NAME::"${LIB_PKG_NAME}" + echo "LIB_PKG_NAME=${LIB_PKG_NAME}" >> $GITHUB_OUTPUT cd crossbuilds/${TARGET}/packages echo "Packaging ${DEB_PKG_NAME}:" zip ${DEB_PKG_NAME} *.deb - echo ::set-output name=DEB_PKG_NAME::"${DEB_PKG_NAME}" + echo "DEB_PKG_NAME=${DEB_PKG_NAME}" >> $GITHUB_OUTPUT echo "Packaging ${RPM_PKG_NAME}:" zip ${RPM_PKG_NAME} *.rpm - echo ::set-output name=RPM_PKG_NAME::"${RPM_PKG_NAME}" + echo "RPM_PKG_NAME=${RPM_PKG_NAME}" >> $GITHUB_OUTPUT cd - echo "Packaging ${EXP_PKG_NAME}:" cd crossbuilds/${TARGET}/examples && zip ${EXP_PKG_NAME} * && cd - - echo ::set-output name=EXP_PKG_NAME::"${EXP_PKG_NAME}" + echo "EXP_PKG_NAME=${EXP_PKG_NAME}" >> $GITHUB_OUTPUT + - name: "Upload packages" - uses: actions/upload-artifact@master + uses: actions/upload-artifact@v3 with: name: ${{ matrix.target }} path: | @@ -157,13 +167,15 @@ jobs: runs-on: ubuntu-latest steps: - name: Download result of previous builds - uses: actions/download-artifact@v2 + uses: actions/download-artifact@v3 with: path: ARTIFACTS + - name: Publish as github release uses: softprops/action-gh-release@v1 with: files: ARTIFACTS/*/*.* + - name: Publish to download.eclipse.org/zenoh env: SSH_TARGET: genie.zenoh@projects-storage.eclipse.org From 8d400c35db487e18d7ef04cdb9cbf07fb58ba6b3 Mon Sep 17 00:00:00 2001 From: Mahmoud Mazouz Date: Mon, 18 Dec 2023 17:09:25 +0100 Subject: [PATCH 2/4] fix(workflows/codacy-analysis): Bump codacy/codacy-analysis-cli-action to v4 and upload-sarif to v2 --- .github/workflows/codacy-analysis.yml | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml index 056e81353..6d01e7ffb 100644 --- a/.github/workflows/codacy-analysis.yml +++ b/.github/workflows/codacy-analysis.yml @@ -10,9 +10,9 @@ name: Codacy Security Scan on: push: - branches: [ '**' ] + branches: ["**"] pull_request: - branches: [ '**' ] + branches: ["**"] jobs: codacy-security-scan: @@ -25,7 +25,7 @@ jobs: # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@1.1.0 + uses: codacy/codacy-analysis-cli-action@releases/v4 with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations @@ -41,6 +41,6 @@ jobs: # Upload the SARIF file generated in the previous step - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v1 + uses: github/codeql-action/upload-sarif@v2 with: sarif_file: results.sarif From 0cfe0063ab35ae9dde62de3814090838e313fcc1 Mon Sep 17 00:00:00 2001 From: Mahmoud Mazouz Date: Mon, 18 Dec 2023 17:19:25 +0100 Subject: [PATCH 3/4] fix(workflows/integration): Remove unecessary rustup installation --- .github/workflows/integration.yaml | 25 +++++++++---------------- tests/api.sh | 1 + tests/routed.sh | 1 + 3 files changed, 11 insertions(+), 16 deletions(-) diff --git a/.github/workflows/integration.yaml b/.github/workflows/integration.yaml index d6b3a0205..c7cda8855 100644 --- a/.github/workflows/integration.yaml +++ b/.github/workflows/integration.yaml @@ -15,31 +15,24 @@ name: integration on: push: - branches: [ '**' ] + branches: ["**"] pull_request: - branches: [ '**' ] + branches: ["**"] schedule: - - cron: '0 6 * * 1-5' + - cron: "0 6 * * 1-5" jobs: build: - name: Build on ${{ matrix.os }} runs-on: ${{ matrix.os }} strategy: fail-fast: false matrix: - os: [ ubuntu-latest, macOS-latest ] + os: [ubuntu-latest, macOS-latest] steps: - - uses: actions/checkout@v4 - - - name: Install latest stable - uses: actions-rs/toolchain@v1.0.7 - with: - toolchain: stable - override: true - components: rustfmt, clippy + - name: Clone this repository + uses: actions/checkout@v4 - name: Compile debug run: make all @@ -52,8 +45,8 @@ jobs: - name: Test debug run: make test env: - BUILD_TYPE: Debug # Workaround for Windows as it seems the previous step is being ignored - BUILD_TESTING: OFF # Workaround for Windows as it seems the previous step is being ignored - BUILD_MULTICAST: OFF # Workaround for Windows as it seems the previous step is being ignored + BUILD_TYPE: Debug # Workaround for Windows as it seems the previous step is being ignored + BUILD_TESTING: OFF # Workaround for Windows as it seems the previous step is being ignored + BUILD_MULTICAST: OFF # Workaround for Windows as it seems the previous step is being ignored BUILD_INTEGRATION: ON # Workaround for Windows as it seems the previous step is being ignored ZENOH_BRANCH: master diff --git a/tests/api.sh b/tests/api.sh index 7be9183b3..01f37c499 100644 --- a/tests/api.sh +++ b/tests/api.sh @@ -34,6 +34,7 @@ if [ ! -f zenohd ]; then if [ -n "$ZENOH_BRANCH" ]; then git switch "$ZENOH_BRANCH" fi + rustup show cargo build --lib --bin zenohd cp ./target/debug/zenohd "$TESTDIR"/ cd "$TESTDIR"|| exit diff --git a/tests/routed.sh b/tests/routed.sh index 72659e075..9a89057a0 100644 --- a/tests/routed.sh +++ b/tests/routed.sh @@ -34,6 +34,7 @@ if [ ! -f zenohd ]; then if [ -n "$ZENOH_BRANCH" ]; then git switch "$ZENOH_BRANCH" fi + rustup show cargo build --lib --bin zenohd cp ./target/debug/zenohd "$TESTDIR"/ cd "$TESTDIR" || exit From 9a75796b99f89f6ec2632a1bbe66e06bd6df7894 Mon Sep 17 00:00:00 2001 From: Mahmoud Mazouz Date: Tue, 19 Dec 2023 09:45:00 +0100 Subject: [PATCH 4/4] Run select Codacy tool in parallel --- .github/workflows/codacy-analysis.yml | 19 ++++++++++++++++--- 1 file changed, 16 insertions(+), 3 deletions(-) diff --git a/.github/workflows/codacy-analysis.yml b/.github/workflows/codacy-analysis.yml index 6d01e7ffb..7a0647fdf 100644 --- a/.github/workflows/codacy-analysis.yml +++ b/.github/workflows/codacy-analysis.yml @@ -13,11 +13,23 @@ on: branches: ["**"] pull_request: branches: ["**"] + workflow_dispatch: jobs: codacy-security-scan: name: Codacy Security Scan runs-on: ubuntu-latest + strategy: + matrix: + # List of Codacy-supported tools: https://docs.codacy.com/repositories-configure/codacy-configuration-file/#which-tools-can-be-configured-and-which-name-should-i-use%20%20tool-timeout: + tool: [ + cppcheck, # static analysis of C/C++ code + flawfinder, # a static analysis tool for finding vulnerabilities in C/C++ source code + pmd, # includes CPD, the copy-paste-detector. CPD finds duplicated code in C/C++, etc + markdownlint, # A Node.js style checker and lint tool for Markdown/CommonMark files + shellcheck, # a static analysis tool for shell scripts + pylintpython3, # a static code analyser for Python 3 + ] steps: # Checkout the repository to the GitHub Actions runner - name: Checkout code @@ -25,22 +37,23 @@ jobs: # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI - uses: codacy/codacy-analysis-cli-action@releases/v4 + uses: codacy/codacy-analysis-cli-action@master with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations project-token: ${{ secrets.CODACY_PROJECT_TOKEN }} verbose: true - output: results.sarif + output: results-${{ matrix.tool }}.sarif format: sarif # Adjust severity of non-security issues gh-code-scanning-compat: true # Force 0 exit code to allow SARIF file generation # This will handover control about PR rejection to the GitHub side max-allowed-issues: 2147483647 + tool: cppcheck # Upload the SARIF file generated in the previous step - name: Upload SARIF results file uses: github/codeql-action/upload-sarif@v2 with: - sarif_file: results.sarif + sarif_file: results-${{ matrix.tool }}.sarif