Follow Security Guide to update release.yml #1607
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "CI Checks" | |
env: | |
bashPass: \033[32;1mPASSED - | |
bashInfo: \033[33;1mINFO - | |
bashFail: \033[31;1mFAILED - | |
bashEnd: \033[0m | |
on: | |
push: | |
branches: ["**"] | |
pull_request: | |
branches: [main] | |
workflow_dispatch: | |
jobs: | |
unittest: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone This Repo | |
uses: actions/checkout@v3 | |
- env: | |
stepName: Build CoreMQTT | |
run: | | |
# ${{ env.stepName }} | |
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" | |
sudo apt-get install -y lcov | |
cmake -S test -B build/ \ | |
-G "Unix Makefiles" \ | |
-DCMAKE_BUILD_TYPE=Debug \ | |
-DBUILD_CLONE_SUBMODULES=ON \ | |
-DUNITTEST=1 \ | |
-DCMAKE_C_FLAGS='--coverage -Wall -Wextra -Wsign-compare -Werror -DNDEBUG -DLIBRARY_LOG_LEVEL=LOG_DEBUG' | |
make -C build/ all | |
echo "::endgroup::" | |
echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}" | |
- name: Run System Tests | |
run: ctest --test-dir build -E system --output-on-failure | |
- env: | |
stepName: Line and Branch Coverage Build | |
run: | | |
# ${{ env.stepName }} | |
echo -e "::group::${{ env.bashInfo }} Build Coverage Target ${{ env.bashEnd }}" | |
# Build the coverage target | |
make -C build/ coverage | |
echo -e "::group::${{ env.bashInfo }} Generate Coverage Report ${{ env.bashEnd }}" | |
# Generate coverage report, excluding extra directories | |
lcov --rc lcov_branch_coverage=1 -r build/coverage.info -o build/coverage.info '*test*' '*CMakeCCompilerId*' '*mocks*' | |
echo "::endgroup::" | |
lcov --rc lcov_branch_coverage=1 --list build/coverage.info | |
echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}" | |
- name: Check Coverage | |
uses: FreeRTOS/CI-CD-Github-Actions/coverage-cop@main | |
with: | |
coverage-file: ./build/coverage.info | |
complexity: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check complexity | |
uses: FreeRTOS/CI-CD-Github-Actions/complexity@main | |
with: | |
path: ./ | |
horrid_threshold: 12 | |
doxygen: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Run doxygen build | |
uses: FreeRTOS/CI-CD-Github-Actions/doxygen@main | |
with: | |
path: ./ | |
spell-check: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone This Repo | |
uses: actions/checkout@v3 | |
- name: Run spellings check | |
uses: FreeRTOS/CI-CD-Github-Actions/spellings@main | |
with: | |
path: ./ | |
formatting: | |
runs-on: ubuntu-20.04 | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check formatting | |
uses: FreeRTOS/CI-CD-Github-Actions/formatting@main | |
with: | |
path: ./ | |
git-secrets: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Checkout awslabs/git-secrets | |
uses: actions/checkout@v3 | |
with: | |
repository: awslabs/git-secrets | |
ref: master | |
path: git-secrets | |
- name: Install git-secrets | |
run: cd git-secrets && sudo make install && cd .. | |
- name: Run git-secrets | |
run: | | |
git-secrets --register-aws | |
git-secrets --scan | |
custom-standard-c-headers: | |
runs-on: ubuntu-latest | |
steps: | |
- name: Clone This Repo | |
uses: actions/checkout@v3 | |
- env: | |
stepName: Build With Custom Headers | |
run: | | |
# ${{ env.stepName }} | |
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" | |
# Copy the custom headers into the build directory | |
mkdir -p override-include | |
cp source/include/stdbool.readme override-include/stdbool.h | |
cp source/include/stdint.readme override-include/stdint.h | |
# Build using the custom headers | |
cmake -S test -B build/ \ | |
-G "Unix Makefiles" \ | |
-DBUILD_CLONE_SUBMODULES=ON \ | |
-DCMAKE_C_FLAGS='-Wall -Wextra -I../override-include' | |
make -C build/ coverity_analysis | |
echo "::endgroup::" | |
echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}" | |
memory_statistics: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: 'recursive' | |
- name: Install Python3 | |
uses: actions/setup-python@v3 | |
with: | |
python-version: '3.11.0' | |
- name: Measure sizes | |
uses: FreeRTOS/CI-CD-Github-Actions/memory_statistics@main | |
with: | |
config: .github/memory_statistics_config.json | |
check_against: docs/doxygen/include/size_table.md | |
link-verifier: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
- name: Check Links | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
uses: FreeRTOS/CI-CD-Github-Actions/link-verifier@main | |
with: | |
path: ./ | |
verify-manifest: | |
runs-on: ubuntu-latest | |
steps: | |
- uses: actions/checkout@v3 | |
with: | |
submodules: true | |
fetch-depth: 0 | |
- name: Run manifest verifier | |
uses: FreeRTOS/CI-CD-GitHub-Actions/manifest-verifier@main | |
with: | |
path: ./ | |
fail-on-incorrect-version: true | |
proof_ci: | |
if: ${{ github.event.pull_request }} | |
runs-on: cbmc_ubuntu-latest_64-core | |
steps: | |
- name: Set up CBMC runner | |
uses: FreeRTOS/CI-CD-Github-Actions/set_up_cbmc_runner@main | |
with: | |
cbmc_version: "6.3.1" | |
- name: Run CBMC | |
uses: FreeRTOS/CI-CD-Github-Actions/run_cbmc@main | |
with: | |
proofs_dir: test/cbmc/proofs |