Fix issues reported by Coverity #2836
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# This workflow uses actions that are not certified by GitHub. | |
# They are provided by a third-party and are governed by | |
# separate terms of service, privacy policy, and support | |
# documentation. | |
name: SonarCloud scan | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: ${{ github.ref_name != 'master' }} | |
on: | |
push: | |
branches: | |
- master | |
pull_request: | |
types: [opened, synchronize, reopened] | |
# Allows you to run this workflow manually from the Actions tab | |
workflow_dispatch: | |
jobs: | |
unit-tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
# cloud (ipv4+tcp) on, collection create on, push on, rfotm on, device provisioning on | |
- build_args: "-DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_TEST_PROPERTIES_ENABLED=ON" | |
# security off, ipv4 on, collection create on, push on, max num concurrent requests=1 | |
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_IPV4_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1" | |
# ipv6 dns on, oscore off, rep realloc on, json encoder on, introspection IDD off | |
- build_args: "-DOC_DNS_LOOKUP_IPV6_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_JSON_ENCODER_ENABLED=ON -DOC_IDD_API_ENABLED=OFF" | |
# cloud (ipv4+tcp) on, dynamic allocation off, rfotm on, push off (because it forces dynamic allocation) | |
- build_args: "-DOC_CLOUD_ENABLED=ON -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON" | |
# security off, dynamic allocation off, push off (because it forces dynamic allocation), json encoder on | |
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_JSON_ENCODER_ENABLED=ON" | |
# security off, cloud (ipv4+tcp), dynamic allocation off, push off (because it forces dynamic allocation) | |
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_CLOUD_ENABLED=ON -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_PUSH_ENABLED=OFF" | |
uses: ./.github/workflows/unit-test-with-cfg.yml | |
with: | |
build_args: "-DOC_MNT_ENABLED=ON -DOC_WKCORE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON -DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON ${{ matrix.build_args }}" | |
build_type: Debug | |
coverage: true | |
plgd-device-tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: cloud-server | |
build_args: "" | |
- name: cloud-server-access-in-RFOTM-concurrent-requests-1 | |
build_args: "-DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1" | |
- name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc | |
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON" | |
# try with SHA384 | |
cert_signature_algorithm: ECDSA-SHA384 | |
cert_elliptic_curve: P384 | |
uses: ./.github/workflows/plgd-device-test-with-cfg.yml | |
with: | |
name: ${{ matrix.name }} | |
build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}" | |
build_type: Debug | |
cert_signature_algorithm: ${{ matrix.cert_signature_algorithm }} | |
cert_elliptic_curve: ${{ matrix.cert_elliptic_curve }} | |
coverage: true | |
plgd-hub-tests: | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- name: cloud-server-discovery-resource-observable-access-in-RFOTM | |
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON" | |
- name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc-concurrent-requests-1 | |
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1" | |
- name: dtls-cloud-server-rep-realloc | |
build_args: "-DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON" | |
hub_args: "-e COAP_GATEWAY_UDP_ENABLED=true" | |
uses: ./.github/workflows/plgd-hub-test-with-cfg.yml | |
with: | |
name: ${{ matrix.name }} | |
build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}" | |
build_type: Debug | |
coverage: true | |
hub_args: ${{ matrix.hub_args }} | |
plgd-dps-tests: | |
uses: ./.github/workflows/plgd-dps-test-with-cfg.yml | |
with: | |
coverage: true | |
sonar-cloud-scan: | |
# don't run for forks | |
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository) | |
name: Sonar Cloud scan | |
runs-on: ubuntu-22.04 | |
env: | |
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed | |
needs: [unit-tests, plgd-device-tests, plgd-hub-tests, plgd-dps-tests] | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: "true" | |
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of SonarCloud analysis | |
- name: Install sonar-scanner and build-wrapper | |
uses: SonarSource/sonarcloud-github-c-cpp@v2 | |
- name: Run build-wrapper | |
run: | | |
mkdir build && cd build | |
# sonar-scanner currently cannot handle multi configuration configuration (ie. compilation of the same file with different defines), | |
# so we enable as many features as possible so we get max. amount of code analysis | |
cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_VERBOSE_MAKEFILE=ON -DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_WKCORE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON -DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_JSON_ENCODER_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_ENABLED=ON -DBUILD_TESTING=ON .. | |
cd .. | |
# for files defined in multiple cmake targets, sonar-scanner seems to take the configuration from the first compilation of the file, | |
# so we force client-server target to be compiled first so we get analysis of code with both OC_CLIENT and OC_SERVER enabled | |
build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build build --verbose --target client-server-static --target all | |
- name: Get coverage from all tests job | |
uses: actions/download-artifact@v4 | |
with: | |
merge-multiple: true | |
path: tools/coverage/ | |
- name: Install gcovr | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y gcovr | |
- name: Create single coverage file in sonarqube format | |
run: | | |
cd tools | |
# ls -lR . | |
gcovr --add-tracefile "coverage/*coverage*.json" --sonarqube --output "coverage.xml" --verbose | |
- name: Run sonar-scanner | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: | | |
sonar-scanner --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json" |