From a278a7017da3400e65a1005a08e31f6674eb26d2 Mon Sep 17 00:00:00 2001 From: Weston Schmidt Date: Wed, 2 Jun 2021 18:17:54 -0700 Subject: [PATCH] Update the CI pipeline. --- .github/scripts/get_sonarcloud.sh | 24 ++++ .github/workflows/codeql-analysis.yml | 50 ++++++++ .github/workflows/push.yml | 72 +++++++++++ .github/workflows/release.yml | 49 ++++++++ .github/workflows/tag.yml | 33 +++++ .sonar-project.properties | 13 +- .travis.yml | 167 -------------------------- CHANGELOG.md | 57 ++++++--- CMakeLists.txt | 1 + 9 files changed, 275 insertions(+), 191 deletions(-) create mode 100755 .github/scripts/get_sonarcloud.sh create mode 100644 .github/workflows/codeql-analysis.yml create mode 100644 .github/workflows/push.yml create mode 100644 .github/workflows/release.yml create mode 100644 .github/workflows/tag.yml delete mode 100644 .travis.yml diff --git a/.github/scripts/get_sonarcloud.sh b/.github/scripts/get_sonarcloud.sh new file mode 100755 index 0000000..570761d --- /dev/null +++ b/.github/scripts/get_sonarcloud.sh @@ -0,0 +1,24 @@ +#!/bin/bash +# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC +# SPDX-License-Identifier: Apache-2.0 + +curl -s -L -O https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip +unzip -q -o build-wrapper-linux-x86.zip + + +SONAR_VERSION=`curl -s https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/ |grep -o "sonar-scanner-cli-[0-9.]*-linux.zip"|sort -r|uniq|head -n 1` +curl -s -L -O https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/$SONAR_VERSION +curl -s -L -O https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/$SONAR_VERSION.sha256 +echo " $SONAR_VERSION" >> $SONAR_VERSION.sha256 +sha256sum -c $SONAR_VERSION.sha256 +if [[ $? -ne 0 ]] +then + exit 1 +fi +unzip -q $SONAR_VERSION + +output=`ls | grep -o "sonar-scanner-[0-9.]*-linux"` + +echo "Using $output" + +mv $output sonar-scanner diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml new file mode 100644 index 0000000..c5023c1 --- /dev/null +++ b/.github/workflows/codeql-analysis.yml @@ -0,0 +1,50 @@ +# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC +# SPDX-License-Identifier: Apache-2.0 + +name: LGTM Analysis + +on: + create: + pull_request: + push: + branches: + - main + schedule: + - cron: '12 9 * * 3' + +jobs: + codeql: + runs-on: ubuntu-latest + steps: + - name: Checkout repository + uses: actions/checkout@v2 + # Install the dependent packages + - name: Install packages + run: | + sudo apt update + sudo apt-get -y install valgrind libcunit1 libcunit1-doc libcunit1-dev libmsgpack-dev gcovr libtool + + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: cpp + queries: security-extended + + # Autobuild attempts to build any compiled languages (C/C++, C#, or Java). + # If this step fails, then you should remove it and run the build manually (see below) + - name: Autobuild + uses: github/codeql-action/autobuild@v1 + + # ℹī¸ Command-line programs to run using the OS shell. + # 📚 https://git.io/JvXDl + + # ✏ī¸ If the Autobuild fails above, remove it and uncomment the following three lines + # and modify them (or add more) to build your code if your project + # uses a compiled language + + #- run: | + # make bootstrap + # make release + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/push.yml b/.github/workflows/push.yml new file mode 100644 index 0000000..53ff266 --- /dev/null +++ b/.github/workflows/push.yml @@ -0,0 +1,72 @@ +# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC +# SPDX-License-Identifier: Apache-2.0 + +name: CI + +on: + pull_request: + push: + paths-ignore: + - 'AUTHORS' + - 'LICENSE' + - 'NOTICE' + - '**.md' + - '.gitignore' + tags-ignore: + - 'v[0-9]+.[0-9]+.[0-9]+' + branches: + - main + - master + +jobs: + test: + name: Unit Tests + runs-on: [ ubuntu-latest ] + steps: + # Checks-out your repository under $GITHUB_WORKSPACE, so your job can access it + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + + # Install the dependent packages + - name: Install packages + run: | + sudo apt update + sudo apt-get -y install valgrind libcunit1 libcunit1-doc libcunit1-dev libmsgpack-dev gcovr libtool + pip install codecov + + - name: Make Build Directory + run: mkdir build + + - name: Get Sonarcloud Binaries + working-directory: build + run: | + ../.github/scripts/get_sonarcloud.sh + + - name: CMake + working-directory: build + run: | + cmake .. -DINTEGRATION_TESTING:BOOL=false -DDISABLE_VALGRIND:BOOL=${DISABLE_VALGRIND} -DENABLE_SESHAT:BOOL=true -DFEATURE_DNS_QUERY:BOOL=true + + + - name: Build + working-directory: build + run: | + build-wrapper-linux-x86/build-wrapper-linux-x86-64 --out-dir bw-output make all test + + - name: Merge GCOV Reports for Sonarcloud + working-directory: build + run: | + gcovr --sonarqube coverage.xml -r .. + + - name: Upload SonarCloud + run: | + build/sonar-scanner/bin/sonar-scanner -Dsonar.host.url=https://sonarcloud.io -Dproject.settings=.sonar-project.properties -Dsonar.login=${{ secrets.SONAR_TOKEN }} + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + + - name: Upload Codecov.io + uses: codecov/codecov-action@v1 + with: + directory: . + fail_ci_if_error: true diff --git a/.github/workflows/release.yml b/.github/workflows/release.yml new file mode 100644 index 0000000..e770b29 --- /dev/null +++ b/.github/workflows/release.yml @@ -0,0 +1,49 @@ +# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC +# SPDX-License-Identifier: Apache-2.0 + +name: release + +on: + push: + tags: + # Push events to matching v#.#.#*, ex: v1.2.3, v.2.4.6-beta + - 'v[0-9]+.[0-9]+.[0-9]+*' + +jobs: + release: + runs-on: [ ubuntu-latest ] + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 + - name: Determine repo name + run: | + echo "repo_name=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')" >> $GITHUB_ENV + echo "version=${GITHUB_REF#refs/tags/}" >> $GITHUB_ENV + echo "release_slug=$(echo '${{ github.repository }}' | awk -F '/' '{print $2}')-${GITHUB_REF#refs/tags/v}" >> $GITHUB_ENV + shell: bash + - name: Create tarball and sha256 + run: | + git archive --format=tar.gz -o ${release_slug}.tar.gz --prefix=${release_slug}/ ${version} + git archive --format=zip -o ${release_slug}.zip --prefix=${release_slug}/ ${version} + sha256sum ${release_slug}.tar.gz ${release_slug}.zip > ${release_slug}-sha256sums.txt + mkdir artifacts + cp ${release_slug}* artifacts/. + - name: Prepare Release Body + id: prep + run: | + export version=${GITHUB_REF#refs/tags/} + export NOTES=$(cat CHANGELOG.md | perl -0777 -ne 'print "$1\n" if /.*## \[${version}\]\s(.*?)\s+## \[(v\d+.\d+.\d+)\].*/s') + export TODAY=`date +'%m/%d/%Y'` + echo ::set-output name=rname::$(echo ${version} ${TODAY}) + echo ::set-output name=body::${NOTES} + - name: create release + id: create_release + uses: ncipollo/release-action@v1 + with: + name: ${{ steps.prep.outputs.rname }} + draft: false + prerelease: false + bodyFile: ${{ steps.prep.outputs.body }} + artifacts: "artifacts/*" + token: ${{ secrets.GITHUB_TOKEN }} # This token is provided by Actions, you do not need to create your own token diff --git a/.github/workflows/tag.yml b/.github/workflows/tag.yml new file mode 100644 index 0000000..ffbbed1 --- /dev/null +++ b/.github/workflows/tag.yml @@ -0,0 +1,33 @@ +# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC +# SPDX-License-Identifier: Apache-2.0 + +name: tag + +on: + push: + paths: + - "CHANGELOG.md" # only try to tag if the CHANGELOG has been updated. + branches: + - main + +jobs: + build: + runs-on: [ ubuntu-latest ] + steps: + - uses: actions/checkout@v2 + with: + token: '${{ secrets.PERSONAL_ACCESS_TOKEN }}' + fetch-depth: 0 + - name: set up bot + run: | + git config --global user.name "xmidt-bot" + git config --global user.email "$BOT_EMAIL" + - name: export variables and tag commit + run: | + export OLD_VERSION=$(git describe --tags `git rev-list --tags --max-count=1` | tail -1) + export TAG=$(cat CHANGELOG.md | perl -0777 -ne 'print "$1" if /.*## \[Unreleased\]\s+## \[(v\d+.\d+.\d+)\].*/s') + export BINVER=$(cat CMakeLists.txt | perl -0777 -ne 'print "v$1" if /.*project\s*\(.*\s*VERSION\s*(\d+.\d+.\d+).*\s*\)/s') + export TODAY=`date +'%m/%d/%Y'` + export NOTES=$(cat CHANGELOG.md | perl -0777 -ne 'print "$ENV{TODAY}\n\n$1\n" if /.*## \[$ENV{TAG}\]\s(.*?)\s+## \[(v\d+.\d+.\d+)\].*/s') + if [[ "$TAG" != "" && "$TAG" != "$BINVER" ]]; then echo "CHANGELOG.md($TAG) and CMakeLists.txt VERSION($BINVER) do not match"; fi + if [[ "$TAG" != "" && "$TAG" != "$OLD_VERSION" && "$TAG" == "$BINVER" ]]; then git tag -a "$TAG" -m "$NOTES"; git push origin --tags; echo $?; fi diff --git a/.sonar-project.properties b/.sonar-project.properties index c265ac9..a78afe8 100644 --- a/.sonar-project.properties +++ b/.sonar-project.properties @@ -1,3 +1,6 @@ +# SPDX-FileCopyrightText: 2021 Comcast Cable Communications Management, LLC +# SPDX-License-Identifier: Apache-2.0 + # Reference: # https://github.com/SonarSource/sonarcloud_example_go-sqscanner-travis/blob/master/sonar-project.properties @@ -6,19 +9,18 @@ # Standard properties # ===================================================== +sonar.organization=xmidt-org sonar.projectKey=xmidt-org_parodus sonar.projectName=parodus sonar.sources=src -#sonar.tests=tests - # ===================================================== # Meta-data for the project # ===================================================== sonar.links.homepage=https://github.com/xmidt-org/parodus -sonar.links.ci=https://travis-ci.org/xmidt-org/parodus +sonar.links.ci=https://github.com/xmidt-org/parodus/actions sonar.links.scm=https://github.com/xmidt-org/parodus sonar.links.issue=https://github.com/xmidt-org/parodus/issues @@ -26,6 +28,7 @@ sonar.links.issue=https://github.com/xmidt-org/parodus/issues # Properties specific to C # ===================================================== sonar.cfamily.build-wrapper-output=build/bw-output -sonar.cfamily.gcov.reportsPath=. -sonar.cfamily.threads=1 +sonar.cfamily.threads=2 sonar.cfamily.cache.enabled=false +sonar.coverageReportPaths=build/coverage.xml + diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 53bd8a3..0000000 --- a/.travis.yml +++ /dev/null @@ -1,167 +0,0 @@ -language: c - -branches: - only: - - master - - /^v[0-9]+\.[0-9]+\.[0-9]+$/ - -env: - global: - - DISABLE_VALGRIND="true" - - TRAVIS_REPO_OWNER=${TRAVIS_REPO_SLUG%/*} - - TRAVIS_REPO_NAME=${TRAVIS_REPO_SLUG#*/} - -before_install: - -install: - -script: - - mkdir build - - pushd build - - cmake .. -DINTEGRATION_TESTING:BOOL=false -DDISABLE_VALGRIND:BOOL=${DISABLE_VALGRIND} -DENABLE_SESHAT:BOOL=true -DFEATURE_DNS_QUERY:BOOL=true - - export ARGS="-V" - - build-wrapper-linux-x86-64 --out-dir bw-output make all test - - popd - -after_success: - - find . -type f -name '*.gcda' -exec gcov -p {} + - - sonar-scanner -Dproject.settings=.sonar-project.properties - - bash <(curl -s https://codecov.io/bash) -F unittests || echo "Codecov did not collect coverage reports" - -stages: - - test - #- coverity - - tag - - release - -jobs: - include: - - stage: test - name: "Trusty gcc build" - os: linux - dist: trusty - compiler: gcc - addons: - apt: - sources: - - ubuntu-toolchain-r-test - packages: - - libcunit1 - - libcunit1-doc - - libcunit1-dev - - libtool - - valgrind - - lcov - sonarcloud: - organization: "xmidt-org" - token: "$SONAR_TOKEN" - -# clang build is not working at the moment... disable it to get better coverage -# and analysis results -# -# - stage: test -# name: "Trusty clang build" -# os: linux -# dist: trusty -# compiler: clang -# addons: -# apt: -# sources: -# - ubuntu-toolchain-r-test -# packages: -# - libcunit1 -# - libcunit1-doc -# - libcunit1-dev -# - libtool -# - valgrind -# - lcov -# sonarcloud: -# organization: "xmidt-org" -# token: "$SONAR_TOKEN" -# after_success: skip - - # How the tag and release targets work - # - # Each time a build is run on the main branch the CHANGELOG.md file is - # checked To see if there is a new version tag with details under it. If a - # version with details is found then **tag** creates a new tag with the - # proper version. - # - # The creation of the tag branch triggers the **release** stage. - # - # The release stage builds tar.gz and zip artificts as well as creates a - # SHA256 checksum of the files. The process then pushes these files up to - # Github for hosting. - # - # Why do this? Yocto and other build systems depend on the artifacts being - # consistent each time they are downloaded, but there is an issue with the - # way Github generates the artifacts on the fly where on occasion the - # checksum changes. By explicitly producing our own artifacts we eliminate - # this issue for systems that rely on the checksum being constant - - stage: tag - name: "Tag For Release" - if: branch = master && type = push - before_script: - - echo -e "machine github.com\n login $GH_TOKEN" > ~/.netrc - script: - - export OLD_VERSION=$(git describe --tags `git rev-list --tags --max-count=1` | tail -1 | sed 's/v\(.*\)/\1/') - - git config --global user.name "xmidt-bot" - - git config --global user.email "$BOT_EMAIL" - - export TAG=$(cat CHANGELOG.md | perl -0777 -ne 'print "$1" if /.*## \[Unreleased\]\s+## \[(v\d+.\d+.\d+)\].*/s') - - export TODAY=`date +'%m/%d/%Y'` - - export NOTES=$(cat CHANGELOG.md | perl -0777 -ne 'print "$ENV{TODAY}\n\n$1\n" if /.*## \[$ENV{TAG}\]\s(.*?)\s+## \[(v\d+.\d+.\d+)\].*/s') - - if [[ "$TAG" != "" && "$TAG" != "$OLD_VERSION" ]]; then git tag -a "$TAG" -m "$NOTES"; git push origin --tags; echo $?; fi - addons: - before_install: skip - after_success: skip - - - stage: release - name: "Make a Release" - if: branch != master - script: - - export VERSION=${TRAVIS_TAG##*v} - - git archive --format=tar.gz --prefix=${TRAVIS_REPO_NAME}-${VERSION}/ -o ${TRAVIS_REPO_NAME}-${VERSION}.tar.gz ${TRAVIS_TAG} - - git archive --format=zip --prefix=${TRAVIS_REPO_NAME}-${VERSION}/ -o ${TRAVIS_REPO_NAME}-${VERSION}.zip ${TRAVIS_TAG} - - sha256sum ${TRAVIS_REPO_NAME}-${VERSION}.tar.gz ${TRAVIS_REPO_NAME}-${VERSION}.zip > sha256sum.txt - deploy: - cleanup: false - on: - all_branches: true - tags: true - provider: releases - api_key: "$GH_TOKEN" - file: - - "${TRAVIS_REPO_NAME}-${VERSION}.tar.gz" - - "${TRAVIS_REPO_NAME}-${VERSION}.zip" - - "sha256sum.txt" - addons: - before_install: skip - - - stage: coverity - name: "Coverity build" - if: branch = master - os: linux - dist: trusty - compiler: gcc - addons: - apt: - sources: - - ubuntu-toolchain-r-test - packages: - - libcunit1 - - libcunit1-doc - - libcunit1-dev - - libtool - - valgrind - - lcov - coverity_scan: - project: - name: ${TRAVIS_REPO_SLUG} - notification_email: weston_schmidt@alumni.purdue.edu - build_command_prepend: "mkdir coverity_build && cd coverity_build && cmake .." - build_command: "make" - branch_pattern: master - after_success: skip - - allow_failures: - - stage: coverity diff --git a/CHANGELOG.md b/CHANGELOG.md index 3454072..b59cc57 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -5,18 +5,17 @@ The format is based on [Keep a Changelog](http://keepachangelog.com/en/1.0.0/) and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0.html). ## [Unreleased] -- Security: Added support to use auth token during initial connect to cloud -- Fix re-registration fails that lose a socket -- Fix mutex error in service alive -- Security: Mutual Authentication (mTLS or two way TLS) -- Rename command line options for MTLS cert and Key -- Update to use nanomsg v. 1.1.4 -- requestNewAuthToken will clear the token if it fails. -- request auth token on every retry, not just after 403 -- update to use nopoll v 1.0.2 -- Add pause/resume heartBeatTimer -- parodus event handler to listen to interface_down and interface_up event -- Pause connection retry during interface_down event +- Add additional HTTP headers for call to Themis from Convey + +## [1.1.4] +- on connect retry, requery jwt only if it failed before +- put two timestamps in connection health file; start conn and current +- change health file update interval to 240sec +- use jitter in backoff delay +- sendMessage to check cloud status == ONLINE before sending +- when killed with SIGTERM, close will use msg in close reason file. + +## [1.1.3] - Add callback handler for ping status change event - Fixed nopoll_conn_unref crash - Update retry timestamp in connection-health-file @@ -24,12 +23,26 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. - provide signal handlers so we shut down properly when INCLUDE_BREAKPAD active - send status code and reason in websocket close message - dont try to install handler for signal 9 -- on connect retry, requery jwt only if it failed before -- put two timestamps in connection health file; start conn and current -- change health file update interval to 240sec -- use jitter in backoff delay -- sendMessage to check cloud status == ONLINE before sending -- when killed with SIGTERM, close will use msg in close reason file. + +## [1.1.2] +- Add pause/resume heartBeatTimer +- parodus event handler to listen to interface_down and interface_up event +- Pause connection retry during interface_down event + +## [1.1.1] +- Update to use nanomsg v. 1.1.4 +- requestNewAuthToken will clear the token if it fails. +- request auth token on every retry, not just after 403 +- update to use nopoll v 1.0.2 + +## [1.0.4] +- Fix re-registration fails that lose a socket +- Fix mutex error in service alive +- Security: Mutual Authentication (mTLS or two way TLS) +- Rename command line options for MTLS cert and Key + +## [1.0.3] +- Security: Added support to use auth token during initial connect to cloud ## [1.0.2] - 2019-02-08 - Refactored connection.c and updated corresponding unit tests @@ -89,7 +102,13 @@ and this project adheres to [Semantic Versioning](http://semver.org/spec/v2.0.0. ### Added - Initial creation -[Unreleased]: https://github.com/Comcast/parodus/compare/1.0.1...HEAD +[Unreleased]: https://github.com/Comcast/parodus/compare/1.1.4...HEAD +[1.1.4]: https://github.com/Comcast/parodus/compare/1.1.3...1.1.4 +[1.1.3]: https://github.com/Comcast/parodus/compare/1.1.2...1.1.3 +[1.1.2]: https://github.com/Comcast/parodus/compare/1.1.1...1.1.2 +[1.1.1]: https://github.com/Comcast/parodus/compare/1.0.4...1.1.1 +[1.0.4]: https://github.com/Comcast/parodus/compare/1.0.3...1.0.4 +[1.0.3]: https://github.com/Comcast/parodus/compare/1.0.2...1.0.3 [1.0.2]: https://github.com/Comcast/parodus/compare/1.0.1...1.0.2 [1.0.1]: https://github.com/Comcast/parodus/compare/1.0.0...1.0.1 [1.0.0]: https://github.com/Comcast/parodus/compare/79fa7438de2b14ae64f869d52f5c127497bf9c3f...1.0.0 diff --git a/CMakeLists.txt b/CMakeLists.txt index d6d6d92..6c526e9 100644 --- a/CMakeLists.txt +++ b/CMakeLists.txt @@ -14,6 +14,7 @@ cmake_minimum_required(VERSION 2.8.7) +#project(parodus VERSION 1.1.15) project(parodus) include(ExternalProject)