Skip to content

Fix issues reported by Coverity #2836

Fix issues reported by Coverity

Fix issues reported by Coverity #2836

# This workflow uses actions that are not certified by GitHub.
# They are provided by a third-party and are governed by
# separate terms of service, privacy policy, and support
# documentation.
name: SonarCloud scan
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: ${{ github.ref_name != 'master' }}
on:
push:
branches:
- master
pull_request:
types: [opened, synchronize, reopened]
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
jobs:
unit-tests:
strategy:
fail-fast: false
matrix:
include:
# cloud (ipv4+tcp) on, collection create on, push on, rfotm on, device provisioning on
- build_args: "-DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_TEST_PROPERTIES_ENABLED=ON"
# security off, ipv4 on, collection create on, push on, max num concurrent requests=1
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_IPV4_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
# ipv6 dns on, oscore off, rep realloc on, json encoder on, introspection IDD off
- build_args: "-DOC_DNS_LOOKUP_IPV6_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_JSON_ENCODER_ENABLED=ON -DOC_IDD_API_ENABLED=OFF"
# cloud (ipv4+tcp) on, dynamic allocation off, rfotm on, push off (because it forces dynamic allocation)
- build_args: "-DOC_CLOUD_ENABLED=ON -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON"
# security off, dynamic allocation off, push off (because it forces dynamic allocation), json encoder on
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_JSON_ENCODER_ENABLED=ON"
# security off, cloud (ipv4+tcp), dynamic allocation off, push off (because it forces dynamic allocation)
- build_args: "-DOC_SECURITY_ENABLED=OFF -DOC_CLOUD_ENABLED=ON -DOC_DYNAMIC_ALLOCATION_ENABLED=OFF -DOC_PUSH_ENABLED=OFF"
uses: ./.github/workflows/unit-test-with-cfg.yml
with:
build_args: "-DOC_MNT_ENABLED=ON -DOC_WKCORE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON -DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON ${{ matrix.build_args }}"
build_type: Debug
coverage: true
plgd-device-tests:
strategy:
fail-fast: false
matrix:
include:
- name: cloud-server
build_args: ""
- name: cloud-server-access-in-RFOTM-concurrent-requests-1
build_args: "-DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
- name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
# try with SHA384
cert_signature_algorithm: ECDSA-SHA384
cert_elliptic_curve: P384
uses: ./.github/workflows/plgd-device-test-with-cfg.yml
with:
name: ${{ matrix.name }}
build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}"
build_type: Debug
cert_signature_algorithm: ${{ matrix.cert_signature_algorithm }}
cert_elliptic_curve: ${{ matrix.cert_elliptic_curve }}
coverage: true
plgd-hub-tests:
strategy:
fail-fast: false
matrix:
include:
- name: cloud-server-discovery-resource-observable-access-in-RFOTM
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON"
- name: cloud-server-discovery-resource-observable-access-in-RFOTM-rep-realloc-concurrent-requests-1
build_args: "-DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON -DOC_DEVICE_MAX_NUM_CONCURRENT_REQUESTS=1"
- name: dtls-cloud-server-rep-realloc
build_args: "-DOC_REPRESENTATION_REALLOC_ENCODING_ENABLED=ON"
hub_args: "-e COAP_GATEWAY_UDP_ENABLED=true"
uses: ./.github/workflows/plgd-hub-test-with-cfg.yml
with:
name: ${{ matrix.name }}
build_args: "-DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_OSCORE_ENABLED=OFF -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_COVERAGE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON ${{ matrix.build_args }}"
build_type: Debug
coverage: true
hub_args: ${{ matrix.hub_args }}
plgd-dps-tests:
uses: ./.github/workflows/plgd-dps-test-with-cfg.yml
with:
coverage: true
sonar-cloud-scan:
# don't run for forks
if: github.event_name == 'push' || (github.event_name == 'pull_request' && github.event.pull_request.head.repo.full_name == github.repository)
name: Sonar Cloud scan
runs-on: ubuntu-22.04
env:
BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed
needs: [unit-tests, plgd-device-tests, plgd-hub-tests, plgd-dps-tests]
steps:
- name: Checkout
uses: actions/checkout@v4
with:
submodules: "true"
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of SonarCloud analysis
- name: Install sonar-scanner and build-wrapper
uses: SonarSource/sonarcloud-github-c-cpp@v2
- name: Run build-wrapper
run: |
mkdir build && cd build
# sonar-scanner currently cannot handle multi configuration configuration (ie. compilation of the same file with different defines),
# so we enable as many features as possible so we get max. amount of code analysis
cmake -DCMAKE_BUILD_TYPE=Debug -DCMAKE_VERBOSE_MAKEFILE=ON -DOC_CLOUD_ENABLED=ON -DOC_COLLECTIONS_IF_CREATE_ENABLED=ON -DOC_MNT_ENABLED=ON -DOC_WKCORE_ENABLED=ON -DOC_SOFTWARE_UPDATE_ENABLED=ON -DOC_DISCOVERY_RESOURCE_OBSERVABLE_ENABLED=ON -DOC_PUSH_ENABLED=ON -DOC_RESOURCE_ACCESS_IN_RFOTM_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DOC_ETAG_ENABLED=ON -DOC_JSON_ENCODER_ENABLED=ON -DPLGD_DEV_TIME_ENABLED=ON -DPLGD_DEV_DEVICE_PROVISIONING_ENABLED=ON -DBUILD_TESTING=ON ..
cd ..
# for files defined in multiple cmake targets, sonar-scanner seems to take the configuration from the first compilation of the file,
# so we force client-server target to be compiled first so we get analysis of code with both OC_CLIENT and OC_SERVER enabled
build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build build --verbose --target client-server-static --target all
- name: Get coverage from all tests job
uses: actions/download-artifact@v4
with:
merge-multiple: true
path: tools/coverage/
- name: Install gcovr
run: |
sudo apt-get update -y
sudo apt-get install -y gcovr
- name: Create single coverage file in sonarqube format
run: |
cd tools
# ls -lR .
gcovr --add-tracefile "coverage/*coverage*.json" --sonarqube --output "coverage.xml" --verbose
- name: Run sonar-scanner
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner --define sonar.cfamily.compile-commands="${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json"