From 5678bc34a387f784cc2344e4f5b711b3a7cd9044 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 30 Nov 2022 12:08:46 +0100 Subject: [PATCH 01/49] workflow: Add workflow that rebases from ncs/main and creates a PR Add workflow that rebases from ncs/main and creates a PR Signed-off-by: Balaji Srinivasan --- .github/workflows/rebase_to_ncs_main.yml | 42 ++++++++++++++++++++++++ 1 file changed, 42 insertions(+) create mode 100644 .github/workflows/rebase_to_ncs_main.yml diff --git a/.github/workflows/rebase_to_ncs_main.yml b/.github/workflows/rebase_to_ncs_main.yml new file mode 100644 index 000000000000..bc4a7db734bb --- /dev/null +++ b/.github/workflows/rebase_to_ncs_main.yml @@ -0,0 +1,42 @@ +name: Rebase from ncs main + +on: + schedule: + - cron: "0 0 * * *" + workflow_dispatch: + + +jobs: + update: + runs-on: ubuntu-latest + + steps: + - uses: actions/checkout@v3 + with: + fetch-depth: 0 + + - name: Rebase from main + run: | + git config --global user.email "actions@example.com" + git config --global user.name "github-actions[bot]" + git remote add ncs https://github.com/nrfconnect/sdk-nrf + git fetch ncs + git rev-parse HEAD + git rebase --verbose ncs/main + + - name: Check if changes were made + run: | + if [[ `git diff origin/main --exit-code` ]]; then + echo "HAS_CHANGES=1" >> $GITHUB_ENV + else + echo "HAS_CHANGES=0" >> $GITHUB_ENV + fi + + - name: Create Pull Request + if: env.HAS_CHANGES == '1' + uses: peter-evans/create-pull-request@v4 + with: + token: ${{ secrets.PR_CREATOR_TOKEN }} # Personal access token of balaji-nordic with contents:write and pull requestes:write permission + title: 'Updates from upstream ncs' + assignees: balaji-nordic + reviewers: balaji-nordic From aa34339ee5258ded4e9a61ee6c1b0ebbe0ff745f Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 28 Nov 2022 10:03:34 +0100 Subject: [PATCH 02/49] workflow: Add sonarcloud workflow Add sonarcloud workflow Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 85 ++++++++++++++++++++++++++++++++ 1 file changed, 85 insertions(+) create mode 100644 .github/workflows/sonarcloud.yml diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml new file mode 100644 index 000000000000..dfe32ef910e6 --- /dev/null +++ b/.github/workflows/sonarcloud.yml @@ -0,0 +1,85 @@ +# Workflow that runs static code analysis using sonarcloud.io. +# Currently only asset tracker v2 code and its depended code is analyzed as a pilot project +name: Sonarcloud analysis +on: + push: + branches: + - main + pull_request: + types: [opened, synchronize, reopened] + workflow_dispatch: # This is added to be able to trigger this manually from github's web UI. + +jobs: + build: + name: Sonar cloud analysis + runs-on: ubuntu-latest + container: nordicplayground/nrfconnect-sdk:main + env: + SONAR_SCANNER_VERSION: 4.7.0.2747 + SONAR_SERVER_URL: "https://sonarcloud.io" + BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed + steps: + - name: Checkout the code + uses: actions/checkout@v2 + with: + path: ncs/nrf + fetch-depth: 0 + + # Install more dependencies that are not part of the docker image but are needed by the workflow + # lcov is not needed for now but needed later when we introduce code coverage analysis + - name: Install more deps + run: | + apt install -y lcov gcc-multilib curl + + # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. + # The docker image is built nightly. So it may contain slightly out of date repos. + # Hence we remove the .west folder and do a re-init + - name: West init and update + run: | + rm -rf /workdir/.west/ + west init -l ncs/nrf + cd ncs + west update --narrow -o=--depth=1 + + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: 11 + + - name: Download and set up sonar-scanner + env: + SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip + run: | + mkdir -p $HOME/.sonar + curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH + + - name: Download and set up build-wrapper + env: + BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip + run: | + curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} + unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ + echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH + + - name: Run build-wrapper + shell: bash + run: | + source ncs/zephyr/zephyr-env.sh + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -v -i -b -T ncs/nrf/applications/asset_tracker_v2/ -t ci_build -G + + - name: Run sonar-scanner + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + sonar-scanner --define sonar.projectKey=balaji-nordic_sdk-nrf \ + --define sonar.organization=balaji-nordic \ + --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ + --define sonar.exclusions="**/*.py,**twister-out**,**/*.java,**/*.html,**/*.php" \ + --define sonar.cpd.exclusions="**CMakeFiles**" \ + --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" +# Uncomment to following and add -C option for twister to get code coverage reports. +# --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ +# --define sonar.cfamily.gcov.reportsPath="twister-out" From 8bc927aefe778447b7e7c8c40b196f33abe82234 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 8 Dec 2022 21:59:17 +0100 Subject: [PATCH 03/49] workflow: sonarcloud: Add code coverage option The workflow now invokes sonarcloud with coverage option. This will make sonarcloud UI show code coverage data. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 24 +++++++++++++++++------- 1 file changed, 17 insertions(+), 7 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index dfe32ef910e6..752753f44a1d 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -26,7 +26,6 @@ jobs: fetch-depth: 0 # Install more dependencies that are not part of the docker image but are needed by the workflow - # lcov is not needed for now but needed later when we introduce code coverage analysis - name: Install more deps run: | apt install -y lcov gcc-multilib curl @@ -41,6 +40,12 @@ jobs: cd ncs west update --narrow -o=--depth=1 + - name: Run native_posix tests without sonar cloud build wrapper (with code coverage enabled) + shell: bash + run: | + source ncs/zephyr/zephyr-env.sh + ncs/zephyr/scripts/twister -v -i -C -T ncs/nrf/applications/asset_tracker_v2/tests/ -p native_posix + - name: Set up JDK 11 uses: actions/setup-java@v1 with: @@ -63,23 +68,28 @@ jobs: unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - - name: Run build-wrapper + - name: Build native_posix tests with sonarcloud build wrapper + shell: bash + run: | + source ncs/zephyr/zephyr-env.sh + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -v -i -T ncs/nrf/applications/asset_tracker_v2/ -p native_posix + + - name: Build asset tracker v2 configurations with sonarcloud build wrapper shell: bash run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -v -i -b -T ncs/nrf/applications/asset_tracker_v2/ -t ci_build -G + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -v -i -T ncs/nrf/applications/asset_tracker_v2/ -t ci_build -G - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} +# Use the older run's twister output folder in reportsPath because thats the one that has coverage data run: | sonar-scanner --define sonar.projectKey=balaji-nordic_sdk-nrf \ --define sonar.organization=balaji-nordic \ --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ --define sonar.exclusions="**/*.py,**twister-out**,**/*.java,**/*.html,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ - --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" -# Uncomment to following and add -C option for twister to get code coverage reports. -# --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ -# --define sonar.cfamily.gcov.reportsPath="twister-out" + --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ + --define sonar.cfamily.gcov.reportsPath="twister-out.1" \ No newline at end of file From 52b012db1a4c7d6bc599c65ba4efa6dec3ab171a Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 9 Dec 2022 12:45:46 +0100 Subject: [PATCH 04/49] workflow: sonarcloud: Fix code coverage report generation for atv2 Removed building of atv2 on all integration platforms because I am not sure if invoking build wrapper twice, once for building atv2 for integration platforms and once again for native_posix will work. Run tests separately after building. Running the tests under build wrapper fails mysterously for certain tests (lwm2m_* tests). Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 25 ++++++++++++------------- 1 file changed, 12 insertions(+), 13 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 752753f44a1d..17c2556fa397 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -40,12 +40,6 @@ jobs: cd ncs west update --narrow -o=--depth=1 - - name: Run native_posix tests without sonar cloud build wrapper (with code coverage enabled) - shell: bash - run: | - source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister -v -i -C -T ncs/nrf/applications/asset_tracker_v2/tests/ -p native_posix - - name: Set up JDK 11 uses: actions/setup-java@v1 with: @@ -68,28 +62,33 @@ jobs: unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - - name: Build native_posix tests with sonarcloud build wrapper + - name: Build native_posix tests with coverage enabled (via sonarcloud build wrapper) shell: bash run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -v -i -T ncs/nrf/applications/asset_tracker_v2/ -p native_posix + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/applications/asset_tracker_v2/ -p native_posix --coverage-tool gcovr - - name: Build asset tracker v2 configurations with sonarcloud build wrapper + - name: Run native_posix tests shell: bash run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -v -i -T ncs/nrf/applications/asset_tracker_v2/ -t ci_build -G + ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/applications/asset_tracker_v2/ -p native_posix + + - name: Collect coverage into one XML report + shell: bash + run: | + gcovr --exclude=twister-out --exclude=tests/unity --sonarqube coverage.xml + cat coverage.xml - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} -# Use the older run's twister output folder in reportsPath because thats the one that has coverage data run: | sonar-scanner --define sonar.projectKey=balaji-nordic_sdk-nrf \ --define sonar.organization=balaji-nordic \ --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ - --define sonar.exclusions="**/*.py,**twister-out**,**/*.java,**/*.html,**/*.php" \ + --define sonar.exclusions="**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ - --define sonar.cfamily.gcov.reportsPath="twister-out.1" \ No newline at end of file + --define sonar.coverageReportPaths=coverage.xml From 258a9d0ee6b09d8ffd9c268a9c5ea6425701ef45 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 14 Dec 2022 13:07:18 +0100 Subject: [PATCH 05/49] workflow: rebase_to_ncs_main work flow will now create draft PRs This avoids code owners (with access to my fork) getting PR requests. Signed-off-by: Balaji Srinivasan --- .github/workflows/rebase_to_ncs_main.yml | 1 + 1 file changed, 1 insertion(+) diff --git a/.github/workflows/rebase_to_ncs_main.yml b/.github/workflows/rebase_to_ncs_main.yml index bc4a7db734bb..668d3a9dcb48 100644 --- a/.github/workflows/rebase_to_ncs_main.yml +++ b/.github/workflows/rebase_to_ncs_main.yml @@ -40,3 +40,4 @@ jobs: title: 'Updates from upstream ncs' assignees: balaji-nordic reviewers: balaji-nordic + draft: true From 71da2b40cbda43aee4271eae7c6150ceeba6f94e Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 14 Dec 2022 21:05:34 +0100 Subject: [PATCH 06/49] workflow: sonarcloud: Run all native_posix tests in sdk-nrf repo Run all native_posix tests in sdk-nrf repo. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 21 +++++++++++++++++---- 1 file changed, 17 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 17c2556fa397..655226d16b98 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -66,18 +66,30 @@ jobs: shell: bash run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/applications/asset_tracker_v2/ -p native_posix --coverage-tool gcovr + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --coverage-tool gcovr - name: Run native_posix tests shell: bash run: | source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/applications/asset_tracker_v2/ -p native_posix + ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/ -p native_posix + # Exclude twister-out because we dont need coverage reports for mocks and generated files. + # Exclude tests/unity because it is not interesting + # Exclude folders that contain source code with multiple definitions of the same function + # depending on preprocessor macros. gcovr misbehaves due to this. + # Issue: https://github.com/gcovr/gcovr/issues/586 - name: Collect coverage into one XML report shell: bash run: | - gcovr --exclude=twister-out --exclude=tests/unity --sonarqube coverage.xml + gcovr twister-out \ + --exclude=twister-out \ + --exclude=tests/unity \ + --exclude=ncs/zephyr/include/ \ + --exclude=ncs/zephyr/subsys/net/ip/ \ + --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/ \ + --exclude=ncs/nrf/lib/hw_id/ \ + --sonarqube coverage.xml cat coverage.xml - name: Run sonar-scanner @@ -90,5 +102,6 @@ jobs: --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ --define sonar.exclusions="**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ + --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ - --define sonar.coverageReportPaths=coverage.xml + --define sonar.cfamily.cache.enabled=false From db9908c84e5d937602e5b58c504420dc3cb5d763 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Sat, 14 Jan 2023 10:21:50 +0100 Subject: [PATCH 07/49] workflow: sonarcloud: Exclude modules Exclude modules from analysis. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 655226d16b98..6fbbb13b06a9 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -100,7 +100,7 @@ jobs: sonar-scanner --define sonar.projectKey=balaji-nordic_sdk-nrf \ --define sonar.organization=balaji-nordic \ --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ - --define sonar.exclusions="**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ + --define sonar.exclusions="ncs/modules/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ From a30c42677f87a455b84f7296973481c3a405a3ee Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 18 Jan 2023 12:47:25 +0100 Subject: [PATCH 08/49] workflow: Expand the scope of sonarcloud to include integration tests Expand the scope of sonarcloud to include integration tests. This has to be run on self-hosted setup because github actions does not have the resources to handle large twister runs. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 20 ++++++++++---------- 1 file changed, 10 insertions(+), 10 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 6fbbb13b06a9..367bd46bce9a 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -12,7 +12,7 @@ on: jobs: build: name: Sonar cloud analysis - runs-on: ubuntu-latest + runs-on: self-hosted container: nordicplayground/nrfconnect-sdk:main env: SONAR_SCANNER_VERSION: 4.7.0.2747 @@ -62,17 +62,11 @@ jobs: unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - - name: Build native_posix tests with coverage enabled (via sonarcloud build wrapper) - shell: bash - run: | - source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --coverage-tool gcovr - - name: Run native_posix tests shell: bash run: | source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/ -p native_posix + ncs/zephyr/scripts/twister -v -i -C -T ncs/nrf/ -p native_posix --coverage-tool gcovr # Exclude twister-out because we dont need coverage reports for mocks and generated files. # Exclude tests/unity because it is not interesting @@ -90,7 +84,13 @@ jobs: --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/ \ --exclude=ncs/nrf/lib/hw_id/ \ --sonarqube coverage.xml - cat coverage.xml + + - name: Invoke build wrapper with twister command to build with integrations scope + shell: bash + continue-on-error: true # Some samples fail to compile due to missing tools in the docker image. + run: | + source ncs/zephyr/zephyr-env.sh + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister --ninja --integration --board-root ncs/nrf/boards --quarantine-list ncs/nrf/scripts/quarantine.yaml --clobber-output --build-only -v -T ncs/nrf - name: Run sonar-scanner env: @@ -100,7 +100,7 @@ jobs: sonar-scanner --define sonar.projectKey=balaji-nordic_sdk-nrf \ --define sonar.organization=balaji-nordic \ --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ - --define sonar.exclusions="ncs/modules/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ + --define sonar.exclusions="ncs/modules/**,ncs/nrf/ext/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ From 271891e959d865065ac0f9629ebafb4593799084 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 25 Jan 2023 13:09:55 +0100 Subject: [PATCH 09/49] workflow: sonarcloud: Exclude zephyr folder We dont want to analyse zephyr repo Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 367bd46bce9a..942825260375 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -100,7 +100,7 @@ jobs: sonar-scanner --define sonar.projectKey=balaji-nordic_sdk-nrf \ --define sonar.organization=balaji-nordic \ --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ - --define sonar.exclusions="ncs/modules/**,ncs/nrf/ext/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ + --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ From bedd1e7fcc59d25a4717be0ba8c2f707491fca69 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 25 Jan 2023 14:00:26 +0100 Subject: [PATCH 10/49] workflow: sonarcloud: Remove native_posix tests and code cov And also the code coverage Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 24 ------------------------ 1 file changed, 24 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 942825260375..7e7c5438178d 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -62,29 +62,6 @@ jobs: unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - - name: Run native_posix tests - shell: bash - run: | - source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister -v -i -C -T ncs/nrf/ -p native_posix --coverage-tool gcovr - - # Exclude twister-out because we dont need coverage reports for mocks and generated files. - # Exclude tests/unity because it is not interesting - # Exclude folders that contain source code with multiple definitions of the same function - # depending on preprocessor macros. gcovr misbehaves due to this. - # Issue: https://github.com/gcovr/gcovr/issues/586 - - name: Collect coverage into one XML report - shell: bash - run: | - gcovr twister-out \ - --exclude=twister-out \ - --exclude=tests/unity \ - --exclude=ncs/zephyr/include/ \ - --exclude=ncs/zephyr/subsys/net/ip/ \ - --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/ \ - --exclude=ncs/nrf/lib/hw_id/ \ - --sonarqube coverage.xml - - name: Invoke build wrapper with twister command to build with integrations scope shell: bash continue-on-error: true # Some samples fail to compile due to missing tools in the docker image. @@ -102,6 +79,5 @@ jobs: --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ - --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ --define sonar.cfamily.cache.enabled=false From 3c1a5e2ca5e2ec7a8feca512c3f41ce928448bec Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 26 Jan 2023 10:12:19 +0100 Subject: [PATCH 11/49] workflow: Revert "workflow: sonarcloud: Remove native_posix tests" This reverts commit beb643f58933b0dfdb1ba6c109c03a70239c8c95. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 24 ++++++++++++++++++++++++ 1 file changed, 24 insertions(+) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 7e7c5438178d..942825260375 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -62,6 +62,29 @@ jobs: unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH + - name: Run native_posix tests + shell: bash + run: | + source ncs/zephyr/zephyr-env.sh + ncs/zephyr/scripts/twister -v -i -C -T ncs/nrf/ -p native_posix --coverage-tool gcovr + + # Exclude twister-out because we dont need coverage reports for mocks and generated files. + # Exclude tests/unity because it is not interesting + # Exclude folders that contain source code with multiple definitions of the same function + # depending on preprocessor macros. gcovr misbehaves due to this. + # Issue: https://github.com/gcovr/gcovr/issues/586 + - name: Collect coverage into one XML report + shell: bash + run: | + gcovr twister-out \ + --exclude=twister-out \ + --exclude=tests/unity \ + --exclude=ncs/zephyr/include/ \ + --exclude=ncs/zephyr/subsys/net/ip/ \ + --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/ \ + --exclude=ncs/nrf/lib/hw_id/ \ + --sonarqube coverage.xml + - name: Invoke build wrapper with twister command to build with integrations scope shell: bash continue-on-error: true # Some samples fail to compile due to missing tools in the docker image. @@ -79,5 +102,6 @@ jobs: --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ + --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ --define sonar.cfamily.cache.enabled=false From 68f7373e344f661b29f8a96c9ca13855de1226d2 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 26 Jan 2023 10:13:46 +0100 Subject: [PATCH 12/49] workflow: sonarcloud: Enable -X when calling sonarscanner This is to make it produce debug output Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 942825260375..9d986119ff75 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -97,7 +97,8 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | - sonar-scanner --define sonar.projectKey=balaji-nordic_sdk-nrf \ + sonar-scanner -X \ + --define sonar.projectKey=balaji-nordic_sdk-nrf \ --define sonar.organization=balaji-nordic \ --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ From 6099f161c9e92635a7ffc8cbe07ad46c55b7beeb Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 26 Jan 2023 10:14:37 +0100 Subject: [PATCH 13/49] workflow: sonarcloud: Ignore vsdx files Ignore vsdx files Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 9d986119ff75..530786fa08f7 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -101,7 +101,7 @@ jobs: --define sonar.projectKey=balaji-nordic_sdk-nrf \ --define sonar.organization=balaji-nordic \ --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ - --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ + --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ --define sonar.cpd.exclusions="**CMakeFiles**" \ --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ From f1aeae436ec1a617e95aace7b2b08b8b7f42b90e Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 26 Jan 2023 10:16:39 +0100 Subject: [PATCH 14/49] workflow: sonarcloud: Clobber output when running unit tests Clobber output when running unit tests Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 530786fa08f7..8e2347d5e131 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -66,7 +66,7 @@ jobs: shell: bash run: | source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister -v -i -C -T ncs/nrf/ -p native_posix --coverage-tool gcovr + ncs/zephyr/scripts/twister --clobber-output -v -i -C -T ncs/nrf/ -p native_posix --coverage-tool gcovr # Exclude twister-out because we dont need coverage reports for mocks and generated files. # Exclude tests/unity because it is not interesting From 173743cccaeb9bb21ebe765739e45b18c5ba2b82 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 26 Jan 2023 10:17:27 +0100 Subject: [PATCH 15/49] workflow: sonarcloud: Invoke twister with -i This is to make it print failures inline Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 8e2347d5e131..61797fd7f5fc 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -90,7 +90,7 @@ jobs: continue-on-error: true # Some samples fail to compile due to missing tools in the docker image. run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister --ninja --integration --board-root ncs/nrf/boards --quarantine-list ncs/nrf/scripts/quarantine.yaml --clobber-output --build-only -v -T ncs/nrf + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister --ninja --integration --board-root ncs/nrf/boards --quarantine-list ncs/nrf/scripts/quarantine.yaml --clobber-output --build-only -v -i -T ncs/nrf - name: Run sonar-scanner env: From ad630cd86e92dc3c8d52fab93b835d0313f802dd Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 1 Feb 2023 21:28:52 +0100 Subject: [PATCH 16/49] workflow: Trigger sonarcloud only on native_posix tests on PR Created a new workflow file that runs sonarcloud by only invoking twister for native_posix tests. The sonarcloud analysis on main branch will run twister with integration scope and will take longer time to complete. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-pr.yml | 99 +++++++++++++++++++++++++++++ .github/workflows/sonarcloud.yml | 3 - 2 files changed, 99 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/sonarcloud-pr.yml diff --git a/.github/workflows/sonarcloud-pr.yml b/.github/workflows/sonarcloud-pr.yml new file mode 100644 index 000000000000..a52c73ec6f8f --- /dev/null +++ b/.github/workflows/sonarcloud-pr.yml @@ -0,0 +1,99 @@ +name: Sonarcloud analysis (Pull Request) +on: pull_request + +jobs: + build: + name: Sonar cloud analysis + runs-on: ubuntu-latest + container: nordicplayground/nrfconnect-sdk:main + env: + SONAR_SCANNER_VERSION: 4.7.0.2747 + SONAR_SERVER_URL: "https://sonarcloud.io" + BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed + steps: + - name: Checkout the code + uses: actions/checkout@v2 + with: + path: ncs/nrf + fetch-depth: 0 + + # Install more dependencies that are not part of the docker image but are needed by the workflow + - name: Install more deps + run: | + apt install -y lcov gcc-multilib curl + + # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. + # The docker image is built nightly. So it may contain slightly out of date repos. + # Hence we remove the .west folder and do a re-init + - name: West init and update + run: | + rm -rf /workdir/.west/ + west init -l ncs/nrf + cd ncs + west update --narrow -o=--depth=1 + + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: 11 + + - name: Download and set up sonar-scanner + env: + SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip + run: | + mkdir -p $HOME/.sonar + curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH + + - name: Download and set up build-wrapper + env: + BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip + run: | + curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} + unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ + echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH + + - name: Build native_posix tests with coverage enabled (via sonarcloud build wrapper) + shell: bash + run: | + source ncs/zephyr/zephyr-env.sh + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --coverage-tool gcovr + + - name: Run native_posix tests + shell: bash + run: | + source ncs/zephyr/zephyr-env.sh + ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/ -p native_posix + + # Exclude twister-out because we dont need coverage reports for mocks and generated files. + # Exclude tests/unity because it is not interesting + # Exclude folders that contain source code with multiple definitions of the same function + # depending on preprocessor macros. gcovr misbehaves due to this. + # Issue: https://github.com/gcovr/gcovr/issues/586 + - name: Collect coverage into one XML report + shell: bash + run: | + gcovr twister-out \ + --exclude=twister-out \ + --exclude=tests/unity \ + --exclude=ncs/zephyr/include/ \ + --exclude=ncs/zephyr/subsys/net/ip/ \ + --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/ \ + --exclude=ncs/nrf/lib/hw_id/ \ + --sonarqube coverage.xml + + - name: Run sonar-scanner + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + sonar-scanner -X \ + --define sonar.projectKey=balaji-nordic_sdk-nrf \ + --define sonar.organization=balaji-nordic \ + --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ + --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ + --define sonar.cpd.exclusions="**CMakeFiles**" \ + --define sonar.coverageReportPaths=coverage.xml \ + --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ + --define sonar.cfamily.cache.enabled=false diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 61797fd7f5fc..327b3eac882f 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -1,12 +1,9 @@ # Workflow that runs static code analysis using sonarcloud.io. -# Currently only asset tracker v2 code and its depended code is analyzed as a pilot project name: Sonarcloud analysis on: push: branches: - main - pull_request: - types: [opened, synchronize, reopened] workflow_dispatch: # This is added to be able to trigger this manually from github's web UI. jobs: From cbc06d5996beffb1406032ebac49ac11d0e7351c Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 3 Feb 2023 12:03:24 +0100 Subject: [PATCH 17/49] workflow: sonarcloud-pr: Add quarantine-list parameter This is mainly to exclude any failing unit tests Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-pr.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud-pr.yml b/.github/workflows/sonarcloud-pr.yml index a52c73ec6f8f..927a77abacba 100644 --- a/.github/workflows/sonarcloud-pr.yml +++ b/.github/workflows/sonarcloud-pr.yml @@ -58,7 +58,7 @@ jobs: shell: bash run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --coverage-tool gcovr + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine.yaml --coverage-tool gcovr - name: Run native_posix tests shell: bash From 0feb8c396dd098a7d148c1abed1551f31d6e1091 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 6 Feb 2023 09:48:52 +0100 Subject: [PATCH 18/49] workflow: Run native_posix build also on main Run native_posix tests on main so that sonarcloud gets some info about main branch. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-pr.yml | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud-pr.yml b/.github/workflows/sonarcloud-pr.yml index 927a77abacba..4d12a79d3362 100644 --- a/.github/workflows/sonarcloud-pr.yml +++ b/.github/workflows/sonarcloud-pr.yml @@ -1,5 +1,10 @@ -name: Sonarcloud analysis (Pull Request) -on: pull_request +name: Sonarcloud analysis (native_posix only) +on: + pull_request: + + push: + branches: + - main jobs: build: From 5e39acdb8c4f3d1dc9eb611ed6c7432d4b06f955 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 6 Feb 2023 09:50:00 +0100 Subject: [PATCH 19/49] workflow: Rename sonarcloud-pr to sonarcloud-native-posix Renamed to reflect what it does Signed-off-by: Balaji Srinivasan --- .../workflows/{sonarcloud-pr.yml => sonarcloud-native-posix.yml} | 0 1 file changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{sonarcloud-pr.yml => sonarcloud-native-posix.yml} (100%) diff --git a/.github/workflows/sonarcloud-pr.yml b/.github/workflows/sonarcloud-native-posix.yml similarity index 100% rename from .github/workflows/sonarcloud-pr.yml rename to .github/workflows/sonarcloud-native-posix.yml From 54e3bcd29032ac7882781e16f9b5f6356be5ca27 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 8 Feb 2023 12:12:45 +0100 Subject: [PATCH 20/49] workflow: Do not include quarentined tests This was done in sonarcloud for PR. Doing this in main sonarcloud now. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 327b3eac882f..8f2591730548 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -63,7 +63,7 @@ jobs: shell: bash run: | source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister --clobber-output -v -i -C -T ncs/nrf/ -p native_posix --coverage-tool gcovr + ncs/zephyr/scripts/twister --clobber-output -v -i -C -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine.yaml --coverage-tool gcovr # Exclude twister-out because we dont need coverage reports for mocks and generated files. # Exclude tests/unity because it is not interesting From 225da34443061dd37256057b06d0eb219bc3a315 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 10 Feb 2023 09:15:25 +0100 Subject: [PATCH 21/49] workflow: Dont run native_posix analysis on push to main We have another workflow that runs sonarcloud on integration scope on pushes to main Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 4 ---- 1 file changed, 4 deletions(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 4d12a79d3362..556bec36f081 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -2,10 +2,6 @@ name: Sonarcloud analysis (native_posix only) on: pull_request: - push: - branches: - - main - jobs: build: name: Sonar cloud analysis From f5ed5e6e5e347424842e1615cfa7ab93d0e7ea83 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 13 Feb 2023 09:57:33 +0100 Subject: [PATCH 22/49] workflow: Exclude zephyr from code coverage collection Exclude zephyr from code coverage collection Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 8f2591730548..f6aec6dcfe52 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -67,6 +67,7 @@ jobs: # Exclude twister-out because we dont need coverage reports for mocks and generated files. # Exclude tests/unity because it is not interesting + # Exclude zephyr folder because we are not interested in code coverage for that. # Exclude folders that contain source code with multiple definitions of the same function # depending on preprocessor macros. gcovr misbehaves due to this. # Issue: https://github.com/gcovr/gcovr/issues/586 @@ -76,8 +77,7 @@ jobs: gcovr twister-out \ --exclude=twister-out \ --exclude=tests/unity \ - --exclude=ncs/zephyr/include/ \ - --exclude=ncs/zephyr/subsys/net/ip/ \ + --exclude=ncs/zephyr/ \ --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/ \ --exclude=ncs/nrf/lib/hw_id/ \ --sonarqube coverage.xml From 6fd760d3e08ffbc431b0cee672468905edacc1df Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 13 Feb 2023 12:12:49 +0100 Subject: [PATCH 23/49] workflow: Make gcov output verbose output This is to debug any possible future failures Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 9 ++++----- .github/workflows/sonarcloud.yml | 6 +++--- 2 files changed, 7 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 556bec36f081..89820bae1d3d 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -75,13 +75,12 @@ jobs: - name: Collect coverage into one XML report shell: bash run: | - gcovr twister-out \ + gcovr twister-out -v \ --exclude=twister-out \ --exclude=tests/unity \ - --exclude=ncs/zephyr/include/ \ - --exclude=ncs/zephyr/subsys/net/ip/ \ - --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/ \ - --exclude=ncs/nrf/lib/hw_id/ \ + --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/src/main.c \ + --exclude=ncs/zephyr/subsys/net/ip \ + --exclude=ncs/nrf/lib/hw_id/hw_id.c \ --sonarqube coverage.xml - name: Run sonar-scanner diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index f6aec6dcfe52..b78d6545f59c 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -74,12 +74,12 @@ jobs: - name: Collect coverage into one XML report shell: bash run: | - gcovr twister-out \ + gcovr twister-out -v \ --exclude=twister-out \ --exclude=tests/unity \ --exclude=ncs/zephyr/ \ - --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/ \ - --exclude=ncs/nrf/lib/hw_id/ \ + --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/src/main.c \ + --exclude=ncs/nrf/lib/hw_id/hw_id.c \ --sonarqube coverage.xml - name: Invoke build wrapper with twister command to build with integrations scope From a5f3fde64a43451aafb207da25b070632e5bb680 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 13 Feb 2023 20:11:58 +0100 Subject: [PATCH 24/49] coverage: add sockets_tls.c to ignore list This was causing gcovr to fail with an assert. Its a known issue Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 1 + .github/workflows/sonarcloud.yml | 3 ++- 2 files changed, 3 insertions(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 89820bae1d3d..d03bafd6bffd 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -81,6 +81,7 @@ jobs: --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/src/main.c \ --exclude=ncs/zephyr/subsys/net/ip \ --exclude=ncs/nrf/lib/hw_id/hw_id.c \ + --exclude=ncs/zephyr/subsys/net/lib/sockets/sockets_tls.c \ --sonarqube coverage.xml - name: Run sonar-scanner diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index b78d6545f59c..f89390638aa0 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -77,9 +77,10 @@ jobs: gcovr twister-out -v \ --exclude=twister-out \ --exclude=tests/unity \ - --exclude=ncs/zephyr/ \ --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/src/main.c \ + --exclude=ncs/zephyr/subsys/net/ip \ --exclude=ncs/nrf/lib/hw_id/hw_id.c \ + --exclude=ncs/zephyr/subsys/net/lib/sockets/sockets_tls.c \ --sonarqube coverage.xml - name: Invoke build wrapper with twister command to build with integrations scope From 6f31b4ed4b273917b3ac256f5f8be5bf4235c00d Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Tue, 7 Mar 2023 10:07:50 +0100 Subject: [PATCH 25/49] workflow: Move common parts of sonarcloud and sonarcloud-native-posix They are now moved to sonar-project.properties file Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 13 +++---------- .github/workflows/sonarcloud.yml | 13 +++---------- sonar-project.properties | 6 ++++++ 3 files changed, 12 insertions(+), 20 deletions(-) create mode 100644 sonar-project.properties diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index d03bafd6bffd..acdc0543cf64 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -9,7 +9,7 @@ jobs: container: nordicplayground/nrfconnect-sdk:main env: SONAR_SCANNER_VERSION: 4.7.0.2747 - SONAR_SERVER_URL: "https://sonarcloud.io" + BUILD_WRAPPER_DOWNLOAD_URL: https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed steps: - name: Checkout the code @@ -48,8 +48,6 @@ jobs: echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH - name: Download and set up build-wrapper - env: - BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip run: | curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ @@ -90,11 +88,6 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | sonar-scanner -X \ - --define sonar.projectKey=balaji-nordic_sdk-nrf \ - --define sonar.organization=balaji-nordic \ - --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ - --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ - --define sonar.cpd.exclusions="**CMakeFiles**" \ + --define project.settings=ncs/nrf/sonar-project.properties \ --define sonar.coverageReportPaths=coverage.xml \ - --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ - --define sonar.cfamily.cache.enabled=false + --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index f89390638aa0..5e7967567889 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -13,7 +13,7 @@ jobs: container: nordicplayground/nrfconnect-sdk:main env: SONAR_SCANNER_VERSION: 4.7.0.2747 - SONAR_SERVER_URL: "https://sonarcloud.io" + BUILD_WRAPPER_DOWNLOAD_URL: https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed steps: - name: Checkout the code @@ -52,8 +52,6 @@ jobs: echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH - name: Download and set up build-wrapper - env: - BUILD_WRAPPER_DOWNLOAD_URL: ${{ env.SONAR_SERVER_URL }}/static/cpp/build-wrapper-linux-x86.zip run: | curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ @@ -96,11 +94,6 @@ jobs: SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | sonar-scanner -X \ - --define sonar.projectKey=balaji-nordic_sdk-nrf \ - --define sonar.organization=balaji-nordic \ - --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" \ - --define sonar.exclusions="ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php" \ - --define sonar.cpd.exclusions="**CMakeFiles**" \ + --define project.settings=ncs/nrf/sonar-project.properties \ --define sonar.coverageReportPaths=coverage.xml \ - --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ - --define sonar.cfamily.cache.enabled=false + --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" diff --git a/sonar-project.properties b/sonar-project.properties new file mode 100644 index 000000000000..7ed9a048724a --- /dev/null +++ b/sonar-project.properties @@ -0,0 +1,6 @@ +sonar.organization=balaji-nordic +sonar.projectKey=balaji-nordic_sdk-nrf +sonar.host.url=https://sonarcloud.io +sonar.exclusions=ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php +sonar.cpd.exclusions=**CMakeFiles** +sonar.cfamily.cache.enabled=false From 607c6beb23ecf335632ba35dacf6a36fff5fca98 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 23 Mar 2023 12:11:03 +0100 Subject: [PATCH 26/49] workflow: Add chatgpt review workflow Add chatgpt review workflow Signed-off-by: Balaji Srinivasan --- .github/workflows/chatgpt-review.yml | 16 ++++++++++++++++ 1 file changed, 16 insertions(+) create mode 100644 .github/workflows/chatgpt-review.yml diff --git a/.github/workflows/chatgpt-review.yml b/.github/workflows/chatgpt-review.yml new file mode 100644 index 000000000000..014df483dd2a --- /dev/null +++ b/.github/workflows/chatgpt-review.yml @@ -0,0 +1,16 @@ +name: ChatGPT Review +on: + pull_request: + +jobs: + chat_gpt_review: + runs-on: ubuntu-latest + steps: + - name: OpenAI ChatGPT Code Review + uses: adshao/chatgpt-code-review-action@v0.2.5 + with: + PROGRAMMING_LANGUAGE: "C" + REVIEW_COMMENT_PREFIX: "chatgpt:" + FULL_REVIEW_COMMENT: "chatgpt" + OPENAI_TOKEN: ${{ secrets.OPENAI_API_KEY }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From 9af09be4923e84ae494c1f48566cfd9010ac3507 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 24 Mar 2023 14:28:19 +0100 Subject: [PATCH 27/49] workflow: Include python code in the sonarcloud analysis Include python code in the sonarcloud analysis Signed-off-by: Balaji Srinivasan --- sonar-project.properties | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sonar-project.properties b/sonar-project.properties index 7ed9a048724a..4eb63a07c653 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,6 +1,6 @@ sonar.organization=balaji-nordic sonar.projectKey=balaji-nordic_sdk-nrf sonar.host.url=https://sonarcloud.io -sonar.exclusions=ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.py,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php +sonar.exclusions=ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php sonar.cpd.exclusions=**CMakeFiles** sonar.cfamily.cache.enabled=false From d21c273e0af2a8d86e3bf5e8c7320d1868eb7997 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Tue, 28 Mar 2023 10:01:49 +0200 Subject: [PATCH 28/49] workflow: Create separate quarentine file for downsream This is to avoid conflicts due to changes in upstream Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 2 +- .github/workflows/sonarcloud.yml | 2 +- scripts/quarantine_downstream.yaml | 59 +++++++++++++++++++ 3 files changed, 61 insertions(+), 2 deletions(-) create mode 100644 scripts/quarantine_downstream.yaml diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index acdc0543cf64..40999380436e 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -57,7 +57,7 @@ jobs: shell: bash run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine.yaml --coverage-tool gcovr + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine_downstream.yaml --coverage-tool gcovr - name: Run native_posix tests shell: bash diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 5e7967567889..5789b2824c72 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -61,7 +61,7 @@ jobs: shell: bash run: | source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister --clobber-output -v -i -C -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine.yaml --coverage-tool gcovr + ncs/zephyr/scripts/twister --clobber-output -v -i -C -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine_downstream.yaml --coverage-tool gcovr # Exclude twister-out because we dont need coverage reports for mocks and generated files. # Exclude tests/unity because it is not interesting diff --git a/scripts/quarantine_downstream.yaml b/scripts/quarantine_downstream.yaml new file mode 100644 index 000000000000..cef8a97dd947 --- /dev/null +++ b/scripts/quarantine_downstream.yaml @@ -0,0 +1,59 @@ +# The configurations resulting as a product of scenarios and platforms +# will be skipped if quarantine is used. More details here: +# https://docs.zephyrproject.org/latest/guides/test/twister.html#quarantine +# To have an empty list use: +# - scenarios: +# - None +# platforms: +# - all + +- scenarios: + - sample.tfm.psa_test_crypto + - sample.tfm.psa_test_initial_attestation + - sample.tfm.psa_test_internal_trusted_storage + - sample.tfm.psa_test_protected_storage + - sample.tfm.psa_test_storage + - sample.tfm.regression_ipc_lvl1 + - sample.tfm.regression_ipc_lvl2 + - sample.tfm.regression_lib_mode + platforms: + - all + comment: "Disable zephyr Regression and PSA Arch tests, we maintain copies of these in sdk-nrf" + +- scenarios: + - sample.matter.lock.debug + - sample.matter.lock.release + - sample.matter.lock.smp_dfu + - sample.matter.lock.no_dfu + - sample.matter.lock.release.ffs + - sample.matter.lock.debug.ffs + - sample.matter.lock.release.smp_dfu_ffs + - sample.matter.light_bulb.debug + - sample.matter.light_bulb.release + - sample.matter.light_bulb.smp_dfu + - sample.matter.light_bulb.ffs + - sample.matter.light_bulb.no_dfu + - applications.matter_weather_station.debug + - applications.matter_weather_station.release + - sample.matter.light_switch.debug + - sample.matter.light_switch.release + - sample.matter.light_switch.smp_dfu + - sample.matter.light_switch.no_dfu + - sample.matter.template.debug + - sample.matter.template.release + - sample.matter.template.no_dfu + - sample.matter.window_cover.debug + - sample.matter.window_cover.release + - sample.matter.window_cover.smp_dfu + platforms: + - all + comment: "Disable building selected Matter samples to limit resources usage" + +- scenarios: + - applications.asset_tracker_v2.nrf7002ek_wifi-debug + - applications.asset_tracker_v2.nrf7002ek_wifi-release + - asset_tracker_v2.lwm2m_codec + - bluetooth.mesh.scheduler_model.message_validity + platforms: + - all + comment: "Temporary disable till the issue is fixed" From 5c9c19a612eeb32d8365c21d07954d60bfe2d706 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 27 Mar 2023 10:47:02 +0200 Subject: [PATCH 29/49] workflow: Create codeql.yml for security analysis of c and python code Create codeql.yml for security analysis of c and python code Signed-off-by: Balaji Srinivasan --- .github/workflows/codeql.yml | 65 ++++++++++++++++++++++++++++++++++++ 1 file changed, 65 insertions(+) create mode 100644 .github/workflows/codeql.yml diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml new file mode 100644 index 000000000000..2eeeb8dff6da --- /dev/null +++ b/.github/workflows/codeql.yml @@ -0,0 +1,65 @@ +name: "CodeQL" + +on: + push: + branches: [ "main" ] + pull_request: + branches: [ "main" ] + paths-ignore: + - '**/*.md' + - '**/*.rst' + - '**/*.txt' + schedule: + - cron: '18 3 * * 3' + +jobs: + analyze: + name: Analyze + runs-on: ubuntu-latest + container: nordicplayground/nrfconnect-sdk:main + permissions: + actions: read + contents: read + security-events: write + + steps: + - name: Checkout the code + uses: actions/checkout@v2 + with: + path: ncs/nrf + fetch-depth: 0 + + # Initializes the CodeQL tools for scanning. + - name: Initialize CodeQL + uses: github/codeql-action/init@v2 + with: + languages: 'c' + + # Install more dependencies that are not part of the docker image but are needed by the workflow + - name: Install more deps + shell: bash + run: | + apt install -y gcc-multilib + + # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. + # The docker image is built nightly. So it may contain slightly out of date repos. + # Hence we remove the .west folder and do a re-init + - name: West init and update + shell: bash + run: | + rm -rf /workdir/.west/ + west init -l ncs/nrf + cd ncs + west update --narrow -o=--depth=1 + + - name: Build with twister + shell: bash + run: | + source ncs/zephyr/zephyr-env.sh + echo "Run, Build Application using script" + ncs/zephyr/scripts/twister -b -v -i -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine_downstream.yaml + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v2 + with: + category: "/language:c" From ee66556b72de9591362a284eb75d814e59e7219f Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 30 Mar 2023 09:03:36 +0200 Subject: [PATCH 30/49] quarentine_downstream: Remove mesh test from quarentine It has been fixed in ncs/main Signed-off-by: Balaji Srinivasan --- scripts/quarantine_downstream.yaml | 1 - 1 file changed, 1 deletion(-) diff --git a/scripts/quarantine_downstream.yaml b/scripts/quarantine_downstream.yaml index cef8a97dd947..54c4aa28c7c6 100644 --- a/scripts/quarantine_downstream.yaml +++ b/scripts/quarantine_downstream.yaml @@ -53,7 +53,6 @@ - applications.asset_tracker_v2.nrf7002ek_wifi-debug - applications.asset_tracker_v2.nrf7002ek_wifi-release - asset_tracker_v2.lwm2m_codec - - bluetooth.mesh.scheduler_model.message_validity platforms: - all comment: "Temporary disable till the issue is fixed" From 72b3337394afeff40bd24fd4e9b77d2719712525 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 30 Mar 2023 09:07:54 +0200 Subject: [PATCH 31/49] workflows: Make codeql run every day at 12am Make codeql run every day at 12am Signed-off-by: Balaji Srinivasan --- .github/workflows/codeql.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 2eeeb8dff6da..058080fa8496 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -10,7 +10,7 @@ on: - '**/*.rst' - '**/*.txt' schedule: - - cron: '18 3 * * 3' + - cron: '0 0 * * *' jobs: analyze: From 5f1bc4d024e268960cb9faedd05b30022a6a897f Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 3 May 2023 15:06:10 +0200 Subject: [PATCH 32/49] workflows: Remove chatgpt review workflow The usage limit for the API expired for my acc. So removing this. Signed-off-by: Balaji Srinivasan --- .github/workflows/chatgpt-review.yml | 16 ---------------- 1 file changed, 16 deletions(-) delete mode 100644 .github/workflows/chatgpt-review.yml diff --git a/.github/workflows/chatgpt-review.yml b/.github/workflows/chatgpt-review.yml deleted file mode 100644 index 014df483dd2a..000000000000 --- a/.github/workflows/chatgpt-review.yml +++ /dev/null @@ -1,16 +0,0 @@ -name: ChatGPT Review -on: - pull_request: - -jobs: - chat_gpt_review: - runs-on: ubuntu-latest - steps: - - name: OpenAI ChatGPT Code Review - uses: adshao/chatgpt-code-review-action@v0.2.5 - with: - PROGRAMMING_LANGUAGE: "C" - REVIEW_COMMENT_PREFIX: "chatgpt:" - FULL_REVIEW_COMMENT: "chatgpt" - OPENAI_TOKEN: ${{ secrets.OPENAI_API_KEY }} - GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} From dfe9b4b7a257f542cd7044df93ef2d3baa412ee4 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 5 May 2023 22:27:46 +0200 Subject: [PATCH 33/49] quarentine: Remove a test and add another lwm2m_code test was fixed long time back. Removing from quarentine. But the download_client test started failing on docker on github actions (passes locally even in docker). My guess is that the failure is because of ioctl call return 2 because docker was not run in privilaged mode by github actions. Disabling now. Signed-off-by: Balaji Srinivasan --- scripts/quarantine_downstream.yaml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/scripts/quarantine_downstream.yaml b/scripts/quarantine_downstream.yaml index 54c4aa28c7c6..e51fbc4a54b2 100644 --- a/scripts/quarantine_downstream.yaml +++ b/scripts/quarantine_downstream.yaml @@ -52,7 +52,7 @@ - scenarios: - applications.asset_tracker_v2.nrf7002ek_wifi-debug - applications.asset_tracker_v2.nrf7002ek_wifi-release - - asset_tracker_v2.lwm2m_codec + - net.lib.download_client platforms: - all - comment: "Temporary disable till the issue is fixed" + comment: "Temporary disable till the issue is fixed. net.lib.download_client is disabled as it started failing on native_posix because of ioctl call returning 2. This happened after https://github.com/nrfconnect/sdk-nrf/pull/10876 was merged." From fe6cae3e0f132139aa3ee38959ea9c44c69c4f13 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 12 May 2023 14:59:04 +0200 Subject: [PATCH 34/49] workflow: Allow sonarcloud-native-posix to run on PRs from forks Changed pull_request to pull_request_target Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 40999380436e..541e9316b323 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -1,6 +1,6 @@ name: Sonarcloud analysis (native_posix only) on: - pull_request: + pull_request_target: jobs: build: From 6b8d05a820a768d6a650f368a33cc9fbd707eb70 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 12 May 2023 15:14:28 +0200 Subject: [PATCH 35/49] workflow: Run sonarcloud-native_posix also on push to main This is done because I have not disabled the sonarcloud (all platforms) workflow on main. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 3 +++ 1 file changed, 3 insertions(+) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 541e9316b323..9b4112b83e8e 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -1,5 +1,8 @@ name: Sonarcloud analysis (native_posix only) on: + push: + branches: + - main pull_request_target: jobs: From c00d7600c6e3baaa616c6f4f871a5e546190c2b1 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 15 May 2023 10:46:57 +0200 Subject: [PATCH 36/49] workflow: sonarcloud: Fix sonarcloud run on PRs from fork - Use PR's head sha when checking out code when triggered from PR. - Provided the PR number, head ref, sha to sonarcloud so that it consideres the run as a PR run. It would not treat pull_request_target events as a PR and hence wont do PR decoration if not done this way - Also when building/running unit tests on PRs, we should not use quarentine_downstream.yaml file as it is not available on the PR's branch. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 39 +++++++++++++++++++ 1 file changed, 39 insertions(+) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 9b4112b83e8e..adf93ea5106d 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -17,6 +17,15 @@ jobs: steps: - name: Checkout the code uses: actions/checkout@v2 + if : github.event_name == 'pull_request_target' + with: + ref: ${{ github.event.pull_request.head.sha }} # Checkout the PR's head sha instead of the target branch's sha + path: ncs/nrf + fetch-depth: 0 + + - name: Checkout the code + uses: actions/checkout@v2 + if : github.event_name != 'pull_request_target' with: path: ncs/nrf fetch-depth: 0 @@ -58,10 +67,20 @@ jobs: - name: Build native_posix tests with coverage enabled (via sonarcloud build wrapper) shell: bash + if : github.event_name != 'pull_request_target' run: | source ncs/zephyr/zephyr-env.sh build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine_downstream.yaml --coverage-tool gcovr + - name: Build native_posix tests on PR with coverage enabled (via sonarcloud build wrapper) + shell: bash + continue-on-error: true # Continue on error when running on PRs because the PR branch will not have the quarantine_downstream.yaml file. So we need to accept any failures. + if : github.event_name == 'pull_request_target' # The PR branch will not have the quarantine_downstream.yaml file. So we need to skip the quarantine list. + run: | + source ncs/zephyr/zephyr-env.sh + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --coverage-tool gcovr + + - name: Run native_posix tests shell: bash run: | @@ -86,6 +105,7 @@ jobs: --sonarqube coverage.xml - name: Run sonar-scanner + if : github.event_name != 'pull_request_target' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -94,3 +114,22 @@ jobs: --define project.settings=ncs/nrf/sonar-project.properties \ --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" + + - name: Run sonar-scanner on PR + if : github.event_name == 'pull_request_target' + env : + PR_NUMBER: ${{ github.event.pull_request.number }} + PR_BRANCH: ${{ github.event.pull_request.head.ref }} + BASE_REF: ${{ github.event.pull_request.base.ref }} + HEAD_SHA: ${{ github.event.pull_request.head.sha }} + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + sonar-scanner -X \ + --define project.settings=ncs/nrf/sonar-project.properties \ + --define sonar.coverageReportPaths=coverage.xml \ + --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \ + --define sonar.scm.revision=${{ env.HEAD_SHA }} \ + --define sonar.pullrequest.key=${{ env.PR_NUMBER }} \ + --define sonar.pullrequest.branch=${{ env.PR_BRANCH }} \ + --define sonar.pullrequest.base=${{ env.BASE_REF }} From fd4f2f951d4e0d2c88b880fa1869aa7103a7cbc3 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 15 May 2023 12:43:14 +0200 Subject: [PATCH 37/49] workflows: sonarcloud: Ignore test run failure on PRs. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 9 +++++++++ 1 file changed, 9 insertions(+) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index adf93ea5106d..ba17ce99eea6 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -81,8 +81,17 @@ jobs: build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --coverage-tool gcovr + - name: Run native_posix tests on PR + shell: bash + continue-on-error: true # Continue on error when running on PRs because the PR branch will not have the quarantine_downstream.yaml file. So we need to accept any failures. + if : github.event_name == 'pull_request_target' # The PR branch will not have the quarantine_downstream.yaml file. So we need to skip the quarantine list. + run: | + source ncs/zephyr/zephyr-env.sh + ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/ -p native_posix + - name: Run native_posix tests shell: bash + if : github.event_name != 'pull_request_target' run: | source ncs/zephyr/zephyr-env.sh ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/ -p native_posix From 256299d9b8b735e8f7f343bba3c85fce9de2dc11 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 15 May 2023 13:57:19 +0200 Subject: [PATCH 38/49] fixup: download sonar-project props and quarentine Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 28 ++++++------------- 1 file changed, 8 insertions(+), 20 deletions(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index ba17ce99eea6..8bf771a0a977 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -65,33 +65,20 @@ jobs: unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - - name: Build native_posix tests with coverage enabled (via sonarcloud build wrapper) - shell: bash - if : github.event_name != 'pull_request_target' - run: | - source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine_downstream.yaml --coverage-tool gcovr - - - name: Build native_posix tests on PR with coverage enabled (via sonarcloud build wrapper) - shell: bash - continue-on-error: true # Continue on error when running on PRs because the PR branch will not have the quarantine_downstream.yaml file. So we need to accept any failures. - if : github.event_name == 'pull_request_target' # The PR branch will not have the quarantine_downstream.yaml file. So we need to skip the quarantine list. + # Download the quarantine file base branch. This is needed to build and run the tests. + - name: Download quarentine file from nrf (PR only) + if : github.event_name == 'pull_request_target' run: | - source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --coverage-tool gcovr + wget https://raw.githubusercontent.com/balaji-nordic/sdk-nrf/master/scripts/quarantine_downstream.yaml -P ncs/nrf/scripts/ - - - name: Run native_posix tests on PR + - name: Build native_posix tests with coverage enabled (via sonarcloud build wrapper) shell: bash - continue-on-error: true # Continue on error when running on PRs because the PR branch will not have the quarantine_downstream.yaml file. So we need to accept any failures. - if : github.event_name == 'pull_request_target' # The PR branch will not have the quarantine_downstream.yaml file. So we need to skip the quarantine list. run: | source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/ -p native_posix + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister -b -C -v -i -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine_downstream.yaml --coverage-tool gcovr - name: Run native_posix tests shell: bash - if : github.event_name != 'pull_request_target' run: | source ncs/zephyr/zephyr-env.sh ncs/zephyr/scripts/twister --test-only -v -i -C -T ncs/nrf/ -p native_posix @@ -113,7 +100,7 @@ jobs: --exclude=ncs/zephyr/subsys/net/lib/sockets/sockets_tls.c \ --sonarqube coverage.xml - - name: Run sonar-scanner + - name: Run sonar-scanner on main if : github.event_name != 'pull_request_target' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} @@ -134,6 +121,7 @@ jobs: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | + wget https://raw.githubusercontent.com/balaji-nordic/sdk-nrf/main/sonar-project.properties -P ncs/nrf sonar-scanner -X \ --define project.settings=ncs/nrf/sonar-project.properties \ --define sonar.coverageReportPaths=coverage.xml \ From ab20b9169e5d5c550a62fcac23e263b4e192c0e3 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Mon, 5 Jun 2023 15:44:01 +0200 Subject: [PATCH 39/49] workflow: Remove gcc-multilib installation It is now included in the docker image Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 14 +++++++------- .github/workflows/sonarcloud.yml | 2 +- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 8bf771a0a977..762f164e128b 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -17,7 +17,7 @@ jobs: steps: - name: Checkout the code uses: actions/checkout@v2 - if : github.event_name == 'pull_request_target' + if: github.event_name == 'pull_request_target' with: ref: ${{ github.event.pull_request.head.sha }} # Checkout the PR's head sha instead of the target branch's sha path: ncs/nrf @@ -25,7 +25,7 @@ jobs: - name: Checkout the code uses: actions/checkout@v2 - if : github.event_name != 'pull_request_target' + if: github.event_name != 'pull_request_target' with: path: ncs/nrf fetch-depth: 0 @@ -33,7 +33,7 @@ jobs: # Install more dependencies that are not part of the docker image but are needed by the workflow - name: Install more deps run: | - apt install -y lcov gcc-multilib curl + apt install -y lcov curl # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. # The docker image is built nightly. So it may contain slightly out of date repos. @@ -67,7 +67,7 @@ jobs: # Download the quarantine file base branch. This is needed to build and run the tests. - name: Download quarentine file from nrf (PR only) - if : github.event_name == 'pull_request_target' + if: github.event_name == 'pull_request_target' run: | wget https://raw.githubusercontent.com/balaji-nordic/sdk-nrf/master/scripts/quarantine_downstream.yaml -P ncs/nrf/scripts/ @@ -101,7 +101,7 @@ jobs: --sonarqube coverage.xml - name: Run sonar-scanner on main - if : github.event_name != 'pull_request_target' + if: github.event_name != 'pull_request_target' env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} @@ -112,8 +112,8 @@ jobs: --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" - name: Run sonar-scanner on PR - if : github.event_name == 'pull_request_target' - env : + if: github.event_name == 'pull_request_target' + env: PR_NUMBER: ${{ github.event.pull_request.number }} PR_BRANCH: ${{ github.event.pull_request.head.ref }} BASE_REF: ${{ github.event.pull_request.base.ref }} diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 5789b2824c72..9ccb058fe093 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -25,7 +25,7 @@ jobs: # Install more dependencies that are not part of the docker image but are needed by the workflow - name: Install more deps run: | - apt install -y lcov gcc-multilib curl + apt install -y lcov curl # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. # The docker image is built nightly. So it may contain slightly out of date repos. From cddae3831ac41359e3a2f2914462ef26f59147f4 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 22 Jun 2023 15:43:16 +0200 Subject: [PATCH 40/49] workflow: Use sonarcloud-github-c-cpp action Saves a lot of manual steps in the workflow Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 23 +++---------------- .github/workflows/sonarcloud.yml | 23 +++---------------- 2 files changed, 6 insertions(+), 40 deletions(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 762f164e128b..2144cb9b83db 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -35,6 +35,9 @@ jobs: run: | apt install -y lcov curl + - name: Install sonar-scanner and build-wrapper + uses: sonarsource/sonarcloud-github-c-cpp@v1.3.2 + # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. # The docker image is built nightly. So it may contain slightly out of date repos. # Hence we remove the .west folder and do a re-init @@ -45,26 +48,6 @@ jobs: cd ncs west update --narrow -o=--depth=1 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 11 - - - name: Download and set up sonar-scanner - env: - SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip - run: | - mkdir -p $HOME/.sonar - curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} - unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ - echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH - - - name: Download and set up build-wrapper - run: | - curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} - unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ - echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - # Download the quarantine file base branch. This is needed to build and run the tests. - name: Download quarentine file from nrf (PR only) if: github.event_name == 'pull_request_target' diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 9ccb058fe093..73cc12291df4 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -27,6 +27,9 @@ jobs: run: | apt install -y lcov curl + - name: Install sonar-scanner and build-wrapper + uses: sonarsource/sonarcloud-github-c-cpp@v1.3.2 + # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. # The docker image is built nightly. So it may contain slightly out of date repos. # Hence we remove the .west folder and do a re-init @@ -37,26 +40,6 @@ jobs: cd ncs west update --narrow -o=--depth=1 - - name: Set up JDK 11 - uses: actions/setup-java@v1 - with: - java-version: 11 - - - name: Download and set up sonar-scanner - env: - SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip - run: | - mkdir -p $HOME/.sonar - curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} - unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ - echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH - - - name: Download and set up build-wrapper - run: | - curl -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip ${{ env.BUILD_WRAPPER_DOWNLOAD_URL }} - unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ - echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH - - name: Run native_posix tests shell: bash run: | From edc0d5a2dc22f138ca0c27b5d2b513530bb7dab4 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Tue, 27 Jun 2023 10:48:14 +0200 Subject: [PATCH 41/49] Workflow: sonarcloud: Remove unused env variables Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 2 -- .github/workflows/sonarcloud.yml | 2 -- 2 files changed, 4 deletions(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 2144cb9b83db..6f15f2cf8c91 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -11,8 +11,6 @@ jobs: runs-on: ubuntu-latest container: nordicplayground/nrfconnect-sdk:main env: - SONAR_SCANNER_VERSION: 4.7.0.2747 - BUILD_WRAPPER_DOWNLOAD_URL: https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed steps: - name: Checkout the code diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 73cc12291df4..59a1c1bbf448 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -12,8 +12,6 @@ jobs: runs-on: self-hosted container: nordicplayground/nrfconnect-sdk:main env: - SONAR_SCANNER_VERSION: 4.7.0.2747 - BUILD_WRAPPER_DOWNLOAD_URL: https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed steps: - name: Checkout the code From e4205d5364ae36b5257c04e7e556c83a12238a7f Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 16 Aug 2023 21:15:50 +0200 Subject: [PATCH 42/49] Workflow: Use zephyr's official docker image The nrf-docker image build broke after it started to inclde the ncs toolchain manager. We had to run builds by calling docker directly and without using the container keyword in github actions. Hence I moved to official zephyr image Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 7 +++++-- .github/workflows/sonarcloud.yml | 7 +++++-- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 6f15f2cf8c91..16a830d8940c 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -9,9 +9,10 @@ jobs: build: name: Sonar cloud analysis runs-on: ubuntu-latest - container: nordicplayground/nrfconnect-sdk:main + container: zephyrprojectrtos/ci:v0.26.4 env: BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed + CMAKE_PREFIX_PATH: /opt/toolchains steps: - name: Checkout the code uses: actions/checkout@v2 @@ -31,7 +32,9 @@ jobs: # Install more dependencies that are not part of the docker image but are needed by the workflow - name: Install more deps run: | - apt install -y lcov curl + apt-get update + apt install -y lcov curl ruby-full + pip3 install zcbor==0.5.1 - name: Install sonar-scanner and build-wrapper uses: sonarsource/sonarcloud-github-c-cpp@v1.3.2 diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 59a1c1bbf448..b8344ccb9ffb 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -10,9 +10,10 @@ jobs: build: name: Sonar cloud analysis runs-on: self-hosted - container: nordicplayground/nrfconnect-sdk:main + container: zephyrprojectrtos/ci:v0.26.4 env: BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed + CMAKE_PREFIX_PATH: /opt/toolchains steps: - name: Checkout the code uses: actions/checkout@v2 @@ -23,7 +24,9 @@ jobs: # Install more dependencies that are not part of the docker image but are needed by the workflow - name: Install more deps run: | - apt install -y lcov curl + apt-get update + apt install -y lcov curl ruby-full + pip3 install zcbor==0.5.1 - name: Install sonar-scanner and build-wrapper uses: sonarsource/sonarcloud-github-c-cpp@v1.3.2 From b5b80ff728a032f36323a50da3531868d3d5c227 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Wed, 16 Aug 2023 15:17:17 +0200 Subject: [PATCH 43/49] workflow: Add clang-tidy review workflow Add clang-tidy review workflow Signed-off-by: Balaji Srinivasan --- .github/workflows/clang-tidy-review.yml | 110 ++++++++++++++++++++++++ 1 file changed, 110 insertions(+) create mode 100644 .github/workflows/clang-tidy-review.yml diff --git a/.github/workflows/clang-tidy-review.yml b/.github/workflows/clang-tidy-review.yml new file mode 100644 index 000000000000..a4b19a93f1ca --- /dev/null +++ b/.github/workflows/clang-tidy-review.yml @@ -0,0 +1,110 @@ +name: Clang-tidy review +on: + pull_request: + +jobs: + build: + name: Clang tidy review + runs-on: ubuntu-latest + container: zephyrprojectrtos/ci-base:v0.26.4 + env: + CMAKE_PREFIX_PATH: /opt/toolchains + steps: + - name: Checkout the code + uses: actions/checkout@v2 + with: + path: nrf + fetch-depth: 0 + + - name: Install deps + run: | + apt-get update + apt-get install -y jq clang clang-tidy ruby-full + + - name: West init and update + working-directory: nrf + run: | + west init -l . + west update --narrow -o=--depth=1 + + - name: Build for native_posix + shell: bash + working-directory: nrf + continue-on-error: true # The llvm build fails with a non-zero exit code due to link stage error. But we still want to run clang-tidy. The clang-tidy will catch compile errors anyway. The point here is to get the compile_commands.json file and all the necessary headerfiles generated with clang as the compiler. + run: | + export ZEPHYR_TOOLCHAIN_VARIANT=llvm + ../zephyr/scripts/twister -b -v -i -T ./ -p native_posix --quarantine-list scripts/quarantine_downstream.yaml + + - name: Use jq to combine compile_commands.json files + shell: bash + working-directory: nrf + run: | + jq -s 'map(.[])' `find . -name compile_commands.json` > compile_commands.json + + - name: Analyze + shell: bash + working-directory: nrf + run: | + mkdir clang-tidy-result + git fetch origin ${{ github.event.pull_request.base.sha }} + git diff -U0 ${{ github.event.pull_request.base.sha }} | clang-tidy-diff -p1 -path . -export-fixes clang-tidy-result/fixes.yml + + - name: Print clang tidy results (yml format)) + shell: bash + working-directory: nrf + run: | + ls clang-tidy-result + cat clang-tidy-result/fixes.yml + + - name: Strip docker path so that the publisher workflow can find the files without being in a container + shell: bash + working-directory: nrf + run: | + sed -i "s/\/__w\/sdk-nrf\/sdk-nrf\/nrf\///g" clang-tidy-result/fixes.yml + + - name: Upload clang tidy result as artifact + uses: actions/upload-artifact@v2 + with: + name: clang-tidy-result + path: nrf/clang-tidy-result + + - name: Upload compile_commands.json as artifact + uses: actions/upload-artifact@v2 + with: + name: compile_commands.json + path: nrf/compile_commands.json + + publish-review: + name: Publish clang tidy review + runs-on: ubuntu-latest + needs: build + steps: + - name: Checkout the code + uses: actions/checkout@v2 + with: + fetch-depth: 0 + + - name: Download artifacts + uses: actions/download-artifact@v2 + with: + name: clang-tidy-result + path: clang-tidy-result + + - name: Debug + shell: bash + run: | + ls clang-tidy-result + cat clang-tidy-result/fixes.yml + + - name: Run clang-tidy-pr-comments action + uses: platisd/clang-tidy-pr-comments@master + with: + # The GitHub token (or a personal access token) + github_token: ${{ secrets.GITHUB_TOKEN }} + # The path to the clang-tidy fixes generated previously + clang_tidy_fixes: clang-tidy-result/fixes.yml + # Optionally set the number of comments per review + # to avoid GitHub API timeouts for heavily loaded + # pull requests + suggestions_per_comment: 10 + From 805b6e9424342ab38ff74ca2e4acff0f3d323569 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 14 Sep 2023 14:33:08 +0200 Subject: [PATCH 44/49] deps: Install latest zcbor The code changes in ncs/main need newest zcbor. Hence upgrading. See https://github.com/nrfconnect/sdk-nrf/pull/12193/ Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 16a830d8940c..60d3e1bb8171 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -34,7 +34,7 @@ jobs: run: | apt-get update apt install -y lcov curl ruby-full - pip3 install zcbor==0.5.1 + pip3 install zcbor - name: Install sonar-scanner and build-wrapper uses: sonarsource/sonarcloud-github-c-cpp@v1.3.2 From fec5384560880da5a0f211c1f6f3b2fa53a786e6 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Thu, 25 Jan 2024 12:27:24 +0100 Subject: [PATCH 45/49] workflows: Bump sonarcloud version to 2.0.2. Bump version to see if java related error goes away. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud-native-posix.yml | 2 +- .github/workflows/sonarcloud.yml | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/sonarcloud-native-posix.yml b/.github/workflows/sonarcloud-native-posix.yml index 60d3e1bb8171..26a09611f1e4 100644 --- a/.github/workflows/sonarcloud-native-posix.yml +++ b/.github/workflows/sonarcloud-native-posix.yml @@ -37,7 +37,7 @@ jobs: pip3 install zcbor - name: Install sonar-scanner and build-wrapper - uses: sonarsource/sonarcloud-github-c-cpp@v1.3.2 + uses: sonarsource/sonarcloud-github-c-cpp@v2.0.2 # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. # The docker image is built nightly. So it may contain slightly out of date repos. diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index b8344ccb9ffb..d8847a377803 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -29,7 +29,7 @@ jobs: pip3 install zcbor==0.5.1 - name: Install sonar-scanner and build-wrapper - uses: sonarsource/sonarcloud-github-c-cpp@v1.3.2 + uses: sonarsource/sonarcloud-github-c-cpp@v2.0.2 # The docker image comes pre-initialized with west dependencies. We want to do west update ourselves to to be sure that we get the latest changes in all repos. # The docker image is built nightly. So it may contain slightly out of date repos. From 2608eab820586f05a4b7e933b8fdf2a44e26c662 Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 26 Jan 2024 07:58:07 +0100 Subject: [PATCH 46/49] Workflow: Sonarcloud: Remove running of native_posix tests They fail currently due to mismatch in zcbor version. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 25 ------------------------- 1 file changed, 25 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index d8847a377803..d40ccaf91b07 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -41,30 +41,6 @@ jobs: cd ncs west update --narrow -o=--depth=1 - - name: Run native_posix tests - shell: bash - run: | - source ncs/zephyr/zephyr-env.sh - ncs/zephyr/scripts/twister --clobber-output -v -i -C -T ncs/nrf/ -p native_posix --quarantine-list ncs/nrf/scripts/quarantine_downstream.yaml --coverage-tool gcovr - - # Exclude twister-out because we dont need coverage reports for mocks and generated files. - # Exclude tests/unity because it is not interesting - # Exclude zephyr folder because we are not interested in code coverage for that. - # Exclude folders that contain source code with multiple definitions of the same function - # depending on preprocessor macros. gcovr misbehaves due to this. - # Issue: https://github.com/gcovr/gcovr/issues/586 - - name: Collect coverage into one XML report - shell: bash - run: | - gcovr twister-out -v \ - --exclude=twister-out \ - --exclude=tests/unity \ - --exclude=ncs/nrf/tests/subsys/dfu/dfu_target_stream/src/main.c \ - --exclude=ncs/zephyr/subsys/net/ip \ - --exclude=ncs/nrf/lib/hw_id/hw_id.c \ - --exclude=ncs/zephyr/subsys/net/lib/sockets/sockets_tls.c \ - --sonarqube coverage.xml - - name: Invoke build wrapper with twister command to build with integrations scope shell: bash continue-on-error: true # Some samples fail to compile due to missing tools in the docker image. @@ -79,5 +55,4 @@ jobs: run: | sonar-scanner -X \ --define project.settings=ncs/nrf/sonar-project.properties \ - --define sonar.coverageReportPaths=coverage.xml \ --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" From c6d6f936742d4aeb0b6e4da6c99ad18b7c95a83b Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 26 Jan 2024 08:01:58 +0100 Subject: [PATCH 47/49] workflow: Remove zcbor install step This is not needed because we no longer run native_posix tests in sonar_cloud action. This is why we needed zcbor in the first place. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index d40ccaf91b07..b1979144ff63 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -26,7 +26,6 @@ jobs: run: | apt-get update apt install -y lcov curl ruby-full - pip3 install zcbor==0.5.1 - name: Install sonar-scanner and build-wrapper uses: sonarsource/sonarcloud-github-c-cpp@v2.0.2 From dbd645007d41438872879fdb89fef757a9df976f Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 26 Jan 2024 08:04:56 +0100 Subject: [PATCH 48/49] workflow: sonarcloud: Remove board-root when invoking twister Due to https://github.com/zephyrproject-rtos/zephyr/pull/57484. The board-root is not needed. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index b1979144ff63..1a4ccd7f39ca 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -45,7 +45,7 @@ jobs: continue-on-error: true # Some samples fail to compile due to missing tools in the docker image. run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ncs/zephyr/scripts/twister --ninja --integration --board-root ncs/nrf/boards --quarantine-list ncs/nrf/scripts/quarantine.yaml --clobber-output --build-only -v -i -T ncs/nrf + build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} west twister --ninja --integration --quarantine-list ncs/nrf/scripts/quarantine.yaml --clobber-output --build-only -v -i -T ncs/nrf - name: Run sonar-scanner env: From 9fd69b903cbb02f1bd145bb1512df5e1b928778e Mon Sep 17 00:00:00 2001 From: Balaji Srinivasan Date: Fri, 26 Jan 2024 16:05:41 +0100 Subject: [PATCH 49/49] workflow: sonarcloud: Optimize sonarcloud scan speed This is done by stopping the twister at a stage where compilation database is generated. Signed-off-by: Balaji Srinivasan --- .github/workflows/sonarcloud.yml | 30 +++++++++++++++++++++++------- sonar-project.properties | 5 +++-- 2 files changed, 26 insertions(+), 9 deletions(-) diff --git a/.github/workflows/sonarcloud.yml b/.github/workflows/sonarcloud.yml index 1a4ccd7f39ca..18d81a0f4b79 100644 --- a/.github/workflows/sonarcloud.yml +++ b/.github/workflows/sonarcloud.yml @@ -11,8 +11,10 @@ jobs: name: Sonar cloud analysis runs-on: self-hosted container: zephyrprojectrtos/ci:v0.26.4 + concurrency: + group: ${{ github.workflow }}-${{ github.ref }} + cancel-in-progress: true env: - BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed CMAKE_PREFIX_PATH: /opt/toolchains steps: - name: Checkout the code @@ -25,7 +27,7 @@ jobs: - name: Install more deps run: | apt-get update - apt install -y lcov curl ruby-full + apt install -y curl ruby-full jq - name: Install sonar-scanner and build-wrapper uses: sonarsource/sonarcloud-github-c-cpp@v2.0.2 @@ -40,18 +42,32 @@ jobs: cd ncs west update --narrow -o=--depth=1 - - name: Invoke build wrapper with twister command to build with integrations scope + # For the sake of speed, stop the build at cmake stage. This is enough to get twister to + # generate the compilation database (compile_commands.json) for each sample/test. + # Note that the syscalls do not get generated by the build system. This will result in + # slightly incorrect analysis. But this is acceptable for the sake of speed. + - name: Invoke twister. shell: bash continue-on-error: true # Some samples fail to compile due to missing tools in the docker image. run: | source ncs/zephyr/zephyr-env.sh - build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} west twister --ninja --integration --quarantine-list ncs/nrf/scripts/quarantine.yaml --clobber-output --build-only -v -i -T ncs/nrf + west twister --ninja --integration --quarantine-list ncs/nrf/scripts/quarantine.yaml --clobber-output --cmake-only -v -i -T ncs/nrf + + # Since sonarscanner accepts just one json file for compilation database, we need to + # combine all the compile_commands.json files into one and then flatten it. + # The process of flattening is needed to avoid the error + # "Expected BEGIN_OBJECT but was BEGIN_ARRAY". + - name: Combine compilation database. + shell: bash + run: | + jq -s . `find . -name compile_commands.json` > combined_compile_commands_unflattened.json + cat combined_compile_commands_unflattened.json + jq -c '.[] | .[]' combined_compile_commands_unflattened.json | jq -s '.' > combined_compile_commands.json + cat combined_compile_commands.json - name: Run sonar-scanner env: GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} run: | - sonar-scanner -X \ - --define project.settings=ncs/nrf/sonar-project.properties \ - --define sonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" + sonar-scanner -X --define project.settings=ncs/nrf/sonar-project.properties diff --git a/sonar-project.properties b/sonar-project.properties index 4eb63a07c653..49f251e5c45e 100644 --- a/sonar-project.properties +++ b/sonar-project.properties @@ -1,6 +1,7 @@ sonar.organization=balaji-nordic sonar.projectKey=balaji-nordic_sdk-nrf sonar.host.url=https://sonarcloud.io -sonar.exclusions=ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php +sonar.exclusions=ncs/modules/**,ncs/zephyr/**,ncs/nrf/ext/**,**/*.vsdx,**twister-out**,**/*.java,**/*.html,**/*.xml,**/*.php,**/*.json sonar.cpd.exclusions=**CMakeFiles** -sonar.cfamily.cache.enabled=false +# Use compilation database for scanning. This database will be generated by the sonarcloud workflow. +sonar.cfamily.compile-commands=combined_compile_commands.json