-
Notifications
You must be signed in to change notification settings - Fork 66
146 lines (130 loc) · 7.67 KB
/
sonar-cloud-analysis.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: SonarCloud scan
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref_name != 'master' }}
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
unit-tests:
strategy:
fail-fast: false
matrix:
include:
# cloud (ipv4+tcp) on, collection create on, push on, rfotm on, device provisioning on
- build_args: "-DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_TEST_PROPERTIES_ENABLED=ON"
# security off, ipv4 on, collection create on, push on, max num concurrent requests=1
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_IPV4_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
# ipv6 dns on, oscore off, rep realloc on, json encoder on, introspection IDD off
- build_args: "-DOC_DNS_LOOKUP_IPV6_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_JSON_ENCODER_ENABLED=ON -DOC_IDD_API_ENABLED=OFF"
# cloud (ipv4+tcp) on, dynamic allocation off, rfotm on, push off (because it forces dynamic allocation)
- build_args: "-DOC_CLOUD_ENABLED=ON -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON"
# security off, dynamic allocation off, push off (because it forces dynamic allocation), json encoder on
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_JSON_ENCODER_ENABLED=ON"
# security off, cloud (ipv4+tcp), dynamic allocation off, push off (because it forces dynamic allocation)
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_CLOUD_ENABLED=ON -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_PUSH_ENABLED=OFF"
uses: ./.github/workflows/unit-test-with-cfg.yml
with:
build_args: "-DOC_MNT_ENABLED=ON -DOC_WKCORE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON -DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON ${{ matrix.build_args }}"
build_type: Debug
coverage: true
plgd-device-tests:
strategy:
fail-fast: false
matrix:
include:
- name: cloud-server
build_args: ""
- name: cloud-server-access-in-RFOTM-concurrent-requests-1
build_args: "-DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
- name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
# try with SHA384
cert_signature_algorithm: ECDSA-SHA384
cert_elliptic_curve: P384
uses: ./.github/workflows/plgd-device-test-with-cfg.yml
with:
name: ${{ matrix.name }}
build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}"
build_type: Debug
cert_signature_algorithm: ${{ matrix.cert_signature_algorithm }}
cert_elliptic_curve: ${{ matrix.cert_elliptic_curve }}
coverage: true
plgd-hub-tests:
strategy:
fail-fast: false
matrix:
include:
- name: cloud-server-discovery-resource-observable-access-in-RFOTM
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON"
- name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc-concurrent-requests-1
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
- name: dtls-cloud-server-rep-realloc
build_args: "-DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
hub_args: "-e COAP_GATEWAY_UDP_ENABLED=true"
uses: ./.github/workflows/plgd-hub-test-with-cfg.yml
with:
name: ${{ matrix.name }}
build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}"
build_type: Debug
coverage: true
hub_args: ${{ matrix.hub_args }}
plgd-dps-tests:
uses: ./.github/workflows/plgd-dps-test-with-cfg.yml
with:
coverage: true
sonar-cloud-scan:
# don't run for forks
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
name: Sonar Cloud scan
runs-on: ubuntu-22.04
env:
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
needs: [unit-tests, plgd-device-tests, plgd-hub-tests, plgd-dps-tests]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: "true"
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of SonarCloud analysis
- name: Install sonar-scanner and build-wrapper
uses: SonarSource/sonarcloud-github-c-cpp@v2
- name: Run build-wrapper
run: |
mkdir build && cd build
# sonar-scanner currently cannot handle multi configuration configuration (ie. compilation of the same file with different defines),
# so we enable as many features as possible so we get max. amount of code analysis
cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_VERBOSE_MAKEFILE=ON -DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_WKCORE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON -DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_JSON_ENCODER_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_ENABLED=ON -DBUILD_TESTING=ON ..
cd ..
# for files defined in multiple cmake targets, sonar-scanner seems to take the configuration from the first compilation of the file,
# so we force client-server target to be compiled first so we get analysis of code with both OC_CLIENT and OC_SERVER enabled
build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build build --verbose --target client-server-static --target all
- name: Get coverage from all tests job
uses: actions/download-artifact@v4
with:
merge-multiple: true
path: tools/coverage/
- name: Install gcovr
run: |
sudo apt-get update -y
sudo apt-get install -y gcovr
- name: Create single coverage file in sonarqube format
run: |
cd tools
# ls -lR .
gcovr --add-tracefile "coverage/*coverage*.json" --sonarqube --output "coverage.xml" --verbose
- name: Run sonar-scanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"