Skip to content

Follow Security Guide to update release.yml #1606

Follow Security Guide to update release.yml

Follow Security Guide to update release.yml #1606

Workflow file for this run

name: "CI Checks"
env:
bashPass: \033[32;1mPASSED -
bashInfo: \033[33;1mINFO -
bashFail: \033[31;1mFAILED -
bashEnd: \033[0m
on:
push:
branches: ["**"]
pull_request:
branches: [main]
workflow_dispatch:
jobs:
unittest:
runs-on: ubuntu-latest
steps:
- name: Clone This Repo
uses: actions/checkout@v3
- env:
stepName: Build CoreMQTT
run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
sudo apt-get install -y lcov
cmake -S test -B build/ \
-G "Unix Makefiles" \
-DCMAKE_BUILD_TYPE=Debug \
-DBUILD_CLONE_SUBMODULES=ON \
-DUNITTEST=1 \
-DCMAKE_C_FLAGS='--coverage -Wall -Wextra -Wsign-compare -Werror -DNDEBUG -DLIBRARY_LOG_LEVEL=LOG_DEBUG'
make -C build/ all
echo "::endgroup::"
echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}"
- name: Run System Tests
run: ctest --test-dir build -E system --output-on-failure
- env:
stepName: Line and Branch Coverage Build
run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} Build Coverage Target ${{ env.bashEnd }}"
# Build the coverage target
make -C build/ coverage
echo -e "::group::${{ env.bashInfo }} Generate Coverage Report ${{ env.bashEnd }}"
# Generate coverage report, excluding extra directories
lcov --rc lcov_branch_coverage=1 -r build/coverage.info -o build/coverage.info '*test*' '*CMakeCCompilerId*' '*mocks*'
echo "::endgroup::"
lcov --rc lcov_branch_coverage=1 --list build/coverage.info
echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}"
- name: Check Coverage
uses: FreeRTOS/CI-CD-Github-Actions/coverage-cop@main
with:
coverage-file: ./build/coverage.info
complexity:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check complexity
uses: FreeRTOS/CI-CD-Github-Actions/complexity@main
with:
path: ./
horrid_threshold: 12
doxygen:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Run doxygen build
uses: FreeRTOS/CI-CD-Github-Actions/doxygen@main
with:
path: ./
spell-check:
runs-on: ubuntu-latest
steps:
- name: Clone This Repo
uses: actions/checkout@v3
- name: Run spellings check
uses: FreeRTOS/CI-CD-Github-Actions/spellings@main
with:
path: ./
formatting:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v3
- name: Check formatting
uses: FreeRTOS/CI-CD-Github-Actions/formatting@main
with:
path: ./
git-secrets:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Checkout awslabs/git-secrets
uses: actions/checkout@v3
with:
repository: awslabs/git-secrets
ref: master
path: git-secrets
- name: Install git-secrets
run: cd git-secrets && sudo make install && cd ..
- name: Run git-secrets
run: |
git-secrets --register-aws
git-secrets --scan
custom-standard-c-headers:
runs-on: ubuntu-latest
steps:
- name: Clone This Repo
uses: actions/checkout@v3
- env:
stepName: Build With Custom Headers
run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
# Copy the custom headers into the build directory
mkdir -p override-include
cp source/include/stdbool.readme override-include/stdbool.h
cp source/include/stdint.readme override-include/stdint.h
# Build using the custom headers
cmake -S test -B build/ \
-G "Unix Makefiles" \
-DBUILD_CLONE_SUBMODULES=ON \
-DCMAKE_C_FLAGS='-Wall -Wextra -I../override-include'
make -C build/ coverity_analysis
echo "::endgroup::"
echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
memory_statistics:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: 'recursive'
- name: Install Python3
uses: actions/setup-python@v3
with:
python-version: '3.11.0'
- name: Measure sizes
uses: FreeRTOS/CI-CD-Github-Actions/memory_statistics@main
with:
config: .github/memory_statistics_config.json
check_against: docs/doxygen/include/size_table.md
link-verifier:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- name: Check Links
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: FreeRTOS/CI-CD-Github-Actions/link-verifier@main
with:
path: ./
verify-manifest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
with:
submodules: true
fetch-depth: 0
- name: Run manifest verifier
uses: FreeRTOS/CI-CD-GitHub-Actions/manifest-verifier@main
with:
path: ./
fail-on-incorrect-version: true
proof_ci:
if: ${{ github.event.pull_request }}
runs-on: cbmc_ubuntu-latest_64-core
steps:
- name: Set up CBMC runner
uses: FreeRTOS/CI-CD-Github-Actions/set_up_cbmc_runner@main
with:
cbmc_version: "6.3.1"
- name: Run CBMC
uses: FreeRTOS/CI-CD-Github-Actions/run_cbmc@main
with:
proofs_dir: test/cbmc/proofs