Update the CI pipeline.

.github/scripts/get_sonarcloud.sh

@@ -0,0 +1,24 @@
+#!/bin/bash
+# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+curl -s -L -O https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
+unzip -q -o build-wrapper-linux-x86.zip
+
+
+SONAR_VERSION=`curl -s https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/ |grep -o "sonar-scanner-cli-[0-9.]*-linux.zip"|sort -r|uniq|head -n 1`
+curl -s -L -O https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/$SONAR_VERSION
+curl -s -L -O https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/$SONAR_VERSION.sha256
+echo "  $SONAR_VERSION" >> $SONAR_VERSION.sha256
+sha256sum -c $SONAR_VERSION.sha256
+if [[ $? -ne 0 ]]
+then
+    exit 1
+fi
+unzip -q $SONAR_VERSION
+
+output=`ls | grep -o "sonar-scanner-[0-9.]*-linux"`
+
+echo "Using $output"
+
+mv $output sonar-scanner

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,50 @@
+# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+name: LGTM Analysis
+
+on:
+  create:
+  pull_request:
+  push:
+    branches:
+      - main
+  schedule:
+    - cron: '12 9 * * 3'
+
+jobs:
+  codeql:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Checkout repository
+      uses: actions/checkout@v2
+      # Install the dependent packages
+    - name: Install packages
+      run: |
+        sudo apt update
+        sudo apt-get -y install valgrind libcunit1 libcunit1-doc libcunit1-dev libmsgpack-dev gcovr libtool
+ 
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v1
+      with:
+        languages: cpp
+        queries: security-extended
+
+    # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
+    # If this step fails, then you should remove it and run the build manually (see below)
+    - name: Autobuild
+      uses: github/codeql-action/autobuild@v1
+
+    # ℹ️ Command-line programs to run using the OS shell.
+    # 📚 https://git.io/JvXDl
+
+    # ✏️ If the Autobuild fails above, remove it and uncomment the following three lines
+    #    and modify them (or add more) to build your code if your project
+    #    uses a compiled language
+
+    #- run: |
+    #   make bootstrap
+    #   make release
+
+    - name: Perform CodeQL Analysis
+      uses: github/codeql-action/analyze@v1

.github/workflows/push.yml

@@ -0,0 +1,72 @@
+# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+name: CI
+
+on:
+  pull_request:
+  push:
+    paths-ignore:
+      - 'AUTHORS'
+      - 'LICENSE'
+      - 'NOTICE'
+      - '**.md'
+      - '.gitignore'
+    tags-ignore:
+      - 'v[0-9]+.[0-9]+.[0-9]+'
+    branches:
+      - main
+      - master
+
+jobs:
+  test:
+    name: Unit Tests
+    runs-on: [ ubuntu-latest ]
+    steps:
+      # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+
+      # Install the dependent packages
+      - name: Install packages
+        run: |
+          sudo apt update
+          sudo apt-get -y install valgrind libcunit1 libcunit1-doc libcunit1-dev libmsgpack-dev gcovr libtool
+          pip install codecov
+
+      - name: Make Build Directory
+        run: mkdir build
+
+      - name: Get Sonarcloud Binaries
+        working-directory: build
+        run: |
+          ../.github/scripts/get_sonarcloud.sh
+
+      - name: CMake
+        working-directory: build
+        run: |
+          cmake .. -DINTEGRATION_TESTING:BOOL=false -DDISABLE_VALGRIND:BOOL=${DISABLE_VALGRIND} -DENABLE_SESHAT:BOOL=true -DFEATURE_DNS_QUERY:BOOL=true
+
+
+      - name: Build
+        working-directory: build
+        run: |
+          build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir bw-output make all test
+
+      - name: Merge GCOV Reports for Sonarcloud
+        working-directory: build
+        run: |
+          gcovr --sonarqube coverage.xml -r ..
+
+      - name: Upload SonarCloud
+        run: |
+          build/sonar-scanner/bin/sonar-scanner -Dsonar.host.url=https://sonarcloud.io -Dproject.settings=.sonar-project.properties -Dsonar.login=${{ secrets.SONAR_TOKEN }}
+        env:
+          GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
+
+      - name: Upload Codecov.io
+        uses: codecov/codecov-action@v1
+        with:
+          directory: .
+          fail_ci_if_error: true

.github/workflows/release.yml

@@ -0,0 +1,49 @@
+# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+name: release
+
+on:
+  push:
+    tags:
+      # Push events to matching v#.#.#*, ex: v1.2.3, v.2.4.6-beta
+      - 'v[0-9]+.[0-9]+.[0-9]+*'
+
+jobs:
+  release:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          fetch-depth: 0
+      - name: Determine repo name
+        run: |
+          echo "repo_name=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV
+          echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV
+          echo "release_slug=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')-${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV
+        shell: bash
+      - name: Create tarball and sha256
+        run: |
+          git archive --format=tar.gz -o ${release_slug}.tar.gz --prefix=${release_slug}/ ${version}
+          git archive --format=zip -o ${release_slug}.zip --prefix=${release_slug}/ ${version}
+          sha256sum ${release_slug}.tar.gz ${release_slug}.zip > ${release_slug}-sha256sums.txt
+          mkdir artifacts
+          cp ${release_slug}* artifacts/.
+      - name: Prepare Release Body
+        id: prep
+        run: |
+          export version=${GITHUB_REF#refs/tags/}
+          export NOTES=$(cat CHANGELOG.md | perl -0777 -ne 'print "$1\n" if /.*## \[${version}\]\s(.*?)\s+## \[(v\d+.\d+.\d+)\].*/s')
+          export TODAY=`date +'%m/%d/%Y'`
+          echo ::set-output name=rname::$(echo ${version} ${TODAY})
+          echo ::set-output name=body::${NOTES}
+      - name: create release
+        id: create_release
+        uses: ncipollo/release-action@v1
+        with:
+          name: ${{ steps.prep.outputs.rname }}
+          draft: false
+          prerelease: false
+          bodyFile: ${{ steps.prep.outputs.body }}
+          artifacts: "artifacts/*"
+          token: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token

.github/workflows/tag.yml

@@ -0,0 +1,33 @@
+# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+
+name: tag
+
+on:
+  push:
+    paths:
+      - "CHANGELOG.md" # only try to tag if the CHANGELOG has been updated.
+    branches:
+      - main
+
+jobs:
+  build:
+    runs-on: [ ubuntu-latest ]
+    steps:
+      - uses: actions/checkout@v2
+        with:
+          token: '${{ secrets.PERSONAL_ACCESS_TOKEN }}'
+          fetch-depth: 0
+      - name: set up bot
+        run: |
+          git config --global user.name "xmidt-bot"
+          git config --global user.email "$BOT_EMAIL"
+      - name: export variables and tag commit
+        run: |
+          export OLD_VERSION=$(git describe --tags `git rev-list --tags --max-count=1` | tail -1)
+          export TAG=$(cat CHANGELOG.md | perl -0777 -ne 'print "$1" if /.*## \[Unreleased\]\s+## \[(v\d+.\d+.\d+)\].*/s')
+          export BINVER=$(cat CMakeLists.txt | perl -0777 -ne 'print "v$1" if /.*project\s*\(.*\s*VERSION\s*(\d+.\d+.\d+).*\s*\)/s')
+          export TODAY=`date +'%m/%d/%Y'`
+          export NOTES=$(cat CHANGELOG.md | perl -0777 -ne 'print "$ENV{TODAY}\n\n$1\n" if /.*## \[$ENV{TAG}\]\s(.*?)\s+## \[(v\d+.\d+.\d+)\].*/s')
+          if [[ "$TAG" != "" && "$TAG" != "$BINVER" ]]; then echo "CHANGELOG.md($TAG) and CMakeLists.txt VERSION($BINVER) do not match"; fi
+          if [[ "$TAG" != "" && "$TAG" != "$OLD_VERSION" && "$TAG" == "$BINVER" ]]; then git tag -a "$TAG" -m "$NOTES"; git push origin --tags; echo $?; fi

.sonar-project.properties

@@ -1,3 +1,6 @@
+# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC
+# SPDX-License-Identifier: Apache-2.0
+
 # Reference:
 # https://github.com/SonarSource/sonarcloud_example_go-sqscanner-travis/blob/master/sonar-project.properties
 
@@ -6,19 +9,18 @@
 #   Standard properties
 # =====================================================
 
+sonar.organization=xmidt-org
 sonar.projectKey=xmidt-org_parodus
 sonar.projectName=parodus
 
 sonar.sources=src
 
-#sonar.tests=tests
-
 # =====================================================
 #   Meta-data for the project
 # =====================================================
 
 sonar.links.homepage=https://github.com/xmidt-org/parodus
-sonar.links.ci=https://travis-ci.org/xmidt-org/parodus
+sonar.links.ci=https://github.com/xmidt-org/parodus/actions
 sonar.links.scm=https://github.com/xmidt-org/parodus
 sonar.links.issue=https://github.com/xmidt-org/parodus/issues
 
@@ -26,6 +28,7 @@ sonar.links.issue=https://github.com/xmidt-org/parodus/issues
 #   Properties specific to C
 # =====================================================
 sonar.cfamily.build-wrapper-output=build/bw-output
-sonar.cfamily.gcov.reportsPath=.
-sonar.cfamily.threads=1
+sonar.cfamily.threads=2
 sonar.cfamily.cache.enabled=false
+sonar.coverageReportPaths=build/coverage.xml
+

.travis.yml

@@ -1,167 +0,0 @@
-language: c
-
-branches:
-  only:
-    - master
-    - /^v[0-9]+\.[0-9]+\.[0-9]+$/
-
-env:
-  global:
-    - DISABLE_VALGRIND="true"
-    - TRAVIS_REPO_OWNER=${TRAVIS_REPO_SLUG%/*}
-    - TRAVIS_REPO_NAME=${TRAVIS_REPO_SLUG#*/}
-
-before_install:
-
-install:
-
-script:
-    - mkdir build
-    - pushd build
-    - cmake .. -DINTEGRATION_TESTING:BOOL=false -DDISABLE_VALGRIND:BOOL=${DISABLE_VALGRIND} -DENABLE_SESHAT:BOOL=true -DFEATURE_DNS_QUERY:BOOL=true
-    - export ARGS="-V"
-    - build-wrapper-linux-x86-64 --out-dir bw-output make all test
-    - popd
-
-after_success:
-    - find . -type f -name '*.gcda' -exec gcov -p {} +
-    - sonar-scanner -Dproject.settings=.sonar-project.properties
-    - bash <(curl -s https://codecov.io/bash) -F unittests || echo "Codecov did not collect coverage reports"
-
-stages:
-  - test
-  #- coverity
-  - tag
-  - release
-
-jobs:
-  include:
-    - stage: test
-      name: "Trusty gcc build"
-      os: linux
-      dist: trusty
-      compiler: gcc
-      addons:
-        apt:
-          sources:
-            - ubuntu-toolchain-r-test
-          packages:
-            - libcunit1
-            - libcunit1-doc
-            - libcunit1-dev
-            - libtool
-            - valgrind
-            - lcov
-        sonarcloud:
-          organization: "xmidt-org"
-          token: "$SONAR_TOKEN"
-
-# clang build is not working at the moment... disable it to get better coverage
-# and analysis results
-#
-#    - stage: test
-#      name: "Trusty clang build"
-#      os: linux
-#      dist: trusty
-#      compiler: clang
-#      addons:
-#        apt:
-#          sources:
-#            - ubuntu-toolchain-r-test
-#          packages:
-#            - libcunit1
-#            - libcunit1-doc
-#            - libcunit1-dev
-#            - libtool
-#            - valgrind
-#            - lcov
-#        sonarcloud:
-#          organization: "xmidt-org"
-#          token: "$SONAR_TOKEN"
-#      after_success: skip
-
-    # How the tag and release targets work
-    #
-    # Each time a build is run on the main branch the CHANGELOG.md file is
-    # checked To see if there is a new version tag with details under it.  If a
-    # version with details is found then **tag** creates a new tag with the
-    # proper version.
-    #
-    # The creation of the tag branch triggers the **release** stage.
-    #
-    # The release stage builds tar.gz and zip artificts as well as creates a
-    # SHA256 checksum of the files.  The process then pushes these files up to
-    # Github for hosting.
-    #
-    # Why do this?  Yocto and other build systems depend on the artifacts being
-    # consistent each time they are downloaded, but there is an issue with the
-    # way Github generates the artifacts on the fly where on occasion the
-    # checksum changes.  By explicitly producing our own artifacts we eliminate
-    # this issue for systems that rely on the checksum being constant
-    - stage: tag
-      name: "Tag For Release"
-      if: branch = master && type = push
-      before_script:
-        - echo -e "machine github.com\n  login $GH_TOKEN" > ~/.netrc
-      script:
-        - export OLD_VERSION=$(git describe --tags `git rev-list --tags --max-count=1` | tail -1 | sed 's/v\(.*\)/\1/')
-        - git config --global user.name "xmidt-bot"
-        - git config --global user.email "$BOT_EMAIL"
-        - export TAG=$(cat CHANGELOG.md | perl -0777 -ne 'print "$1" if /.*## \[Unreleased\]\s+## \[(v\d+.\d+.\d+)\].*/s')
-        - export TODAY=`date +'%m/%d/%Y'`
-        - export NOTES=$(cat CHANGELOG.md | perl -0777 -ne 'print "$ENV{TODAY}\n\n$1\n" if /.*## \[$ENV{TAG}\]\s(.*?)\s+## \[(v\d+.\d+.\d+)\].*/s')
-        - if [[ "$TAG" != "" && "$TAG" != "$OLD_VERSION" ]]; then git tag -a "$TAG" -m "$NOTES"; git push origin --tags; echo $?; fi
-      addons:
-      before_install: skip
-      after_success: skip
-
-    - stage: release
-      name: "Make a Release"
-      if: branch != master
-      script:
-        - export VERSION=${TRAVIS_TAG##*v}
-        - git archive --format=tar.gz --prefix=${TRAVIS_REPO_NAME}-${VERSION}/ -o ${TRAVIS_REPO_NAME}-${VERSION}.tar.gz ${TRAVIS_TAG}
-        - git archive --format=zip    --prefix=${TRAVIS_REPO_NAME}-${VERSION}/ -o ${TRAVIS_REPO_NAME}-${VERSION}.zip    ${TRAVIS_TAG}
-        - sha256sum  ${TRAVIS_REPO_NAME}-${VERSION}.tar.gz  ${TRAVIS_REPO_NAME}-${VERSION}.zip > sha256sum.txt
-      deploy:
-        cleanup: false
-        on:
-          all_branches: true
-          tags: true
-        provider: releases
-        api_key: "$GH_TOKEN"
-        file:
-          - "${TRAVIS_REPO_NAME}-${VERSION}.tar.gz"
-          - "${TRAVIS_REPO_NAME}-${VERSION}.zip"
-          - "sha256sum.txt"
-      addons:
-      before_install: skip
-
-    - stage: coverity
-      name: "Coverity build"
-      if: branch = master
-      os: linux
-      dist: trusty
-      compiler: gcc
-      addons:
-        apt:
-          sources:
-            - ubuntu-toolchain-r-test
-          packages:
-            - libcunit1
-            - libcunit1-doc
-            - libcunit1-dev
-            - libtool
-            - valgrind
-            - lcov
-        coverity_scan:
-          project:
-            name: ${TRAVIS_REPO_SLUG}
-          notification_email: weston_schmidt@alumni.purdue.edu
-          build_command_prepend: "mkdir coverity_build && cd coverity_build && cmake .."
-          build_command: "make"
-          branch_pattern: master
-      after_success: skip
-
-  allow_failures:
-    - stage: coverity

CHANGELOG.md

@@ -5,18 +5,17 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/)
 and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html).
 
 ## [Unreleased]
-- Security: Added support to use auth token during initial connect to cloud
-- Fix re-registration fails that lose a socket
-- Fix mutex error in service alive
-- Security: Mutual Authentication (mTLS or two way TLS)
-- Rename command line options for MTLS cert and Key
-- Update to use nanomsg v. 1.1.4
-- requestNewAuthToken will clear the token if it fails.
-- request auth token on every retry, not just after 403
-- update to use nopoll v 1.0.2
-- Add pause/resume heartBeatTimer
-- parodus event handler to listen to interface_down and interface_up event
-- Pause connection retry during interface_down event
+- Add additional HTTP headers for call to Themis from Convey
+
+## [1.1.4]
+- on connect retry, requery jwt only if it failed before 
+- put two timestamps in connection health file; start conn and current
+- change health file update interval to 240sec
+- use jitter in backoff delay
+- sendMessage to check cloud status == ONLINE before sending
+- when killed with SIGTERM, close will use msg in close reason file.
+
+## [1.1.3]
 - Add callback handler for ping status change event
 - Fixed nopoll_conn_unref crash
 - Update retry timestamp in connection-health-file
@@ -24,12 +23,26 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 - provide signal handlers so we shut down properly when INCLUDE_BREAKPAD active
 - send status code and reason in websocket close message
 - dont try to install handler for signal 9
-- on connect retry, requery jwt only if it failed before 
-- put two timestamps in connection health file; start conn and current
-- change health file update interval to 240sec
-- use jitter in backoff delay
-- sendMessage to check cloud status == ONLINE before sending
-- when killed with SIGTERM, close will use msg in close reason file.
+
+## [1.1.2]
+- Add pause/resume heartBeatTimer
+- parodus event handler to listen to interface_down and interface_up event
+- Pause connection retry during interface_down event
+
+## [1.1.1]
+- Update to use nanomsg v. 1.1.4
+- requestNewAuthToken will clear the token if it fails.
+- request auth token on every retry, not just after 403
+- update to use nopoll v 1.0.2
+
+## [1.0.4]
+- Fix re-registration fails that lose a socket
+- Fix mutex error in service alive
+- Security: Mutual Authentication (mTLS or two way TLS)
+- Rename command line options for MTLS cert and Key
+
+## [1.0.3]
+- Security: Added support to use auth token during initial connect to cloud
 
 ## [1.0.2] - 2019-02-08
 - Refactored connection.c and updated corresponding unit tests
@@ -89,7 +102,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.
 ### Added
 - Initial creation
 
-[Unreleased]: https://github.com/Comcast/parodus/compare/1.0.1...HEAD
+[Unreleased]: https://github.com/Comcast/parodus/compare/1.1.4...HEAD
+[1.1.4]: https://github.com/Comcast/parodus/compare/1.1.3...1.1.4
+[1.1.3]: https://github.com/Comcast/parodus/compare/1.1.2...1.1.3
+[1.1.2]: https://github.com/Comcast/parodus/compare/1.1.1...1.1.2
+[1.1.1]: https://github.com/Comcast/parodus/compare/1.0.4...1.1.1
+[1.0.4]: https://github.com/Comcast/parodus/compare/1.0.3...1.0.4
+[1.0.3]: https://github.com/Comcast/parodus/compare/1.0.2...1.0.3
 [1.0.2]: https://github.com/Comcast/parodus/compare/1.0.1...1.0.2
 [1.0.1]: https://github.com/Comcast/parodus/compare/1.0.0...1.0.1
 [1.0.0]: https://github.com/Comcast/parodus/compare/79fa7438de2b14ae64f869d52f5c127497bf9c3f...1.0.0

CMakeLists.txt

@@ -14,6 +14,7 @@
 
 cmake_minimum_required(VERSION 2.8.7)
 
+#project(parodus VERSION 1.1.15)
 project(parodus)
 
 include(ExternalProject)