diff --git a/.github/workflows/codechecker.yml b/.github/workflows/codechecker.yml new file mode 100644 index 00000000..f1100f01 --- /dev/null +++ b/.github/workflows/codechecker.yml @@ -0,0 +1,97 @@ +name: CodeChecker Static Analysis + +on: + push: + branches: [ 'master', 'main', 'release/**' ] + pull_request: + branches: [ '*' ] + +jobs: + codechecker: + runs-on: ubuntu-latest + steps: + - uses: actions/checkout@v4 + + # Cache Junit JARs + - name: Cache Junit JARs + uses: actions/cache@v3 + id: cache-junit + with: + path: ${{ github.workspace }}/junit + key: junit-cache-${{ runner.os }}-junit-4.13.2-hamcrest-1.3 + restore-keys: | + junit-cache-${{ runner.os }}- + + # Download Junit JARs (needed for full build) + - name: Download junit-4.13.2.jar + if: steps.cache-junit.outputs.cache-hit != 'true' + run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar + - name: Download hamcrest-all-1.3.jar + if: steps.cache-junit.outputs.cache-hit != 'true' + run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar + + # Build native wolfSSL + - name: Build native wolfSSL + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: wolfSSL/wolfssl + ref: master + path: wolfssl + configure: '--enable-jni --enable-all' + check: false + install: true + + # Setup Java + - name: Setup java + uses: actions/setup-java@v4 + with: + distribution: 'zulu' + java-version: '11' + + - name: Set JUNIT_HOME + run: | + echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV" + - name: Set LD_LIBRARY_PATH + run: | + echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV" + + # Copy appropriate makefile for Linux + - name: Copy makefile + run: cp makefile.linux makefile + + # Run CodeChecker static analysis + - name: Run CodeChecker analysis + uses: whisperity/codechecker-analysis-action@v1 + id: codechecker + with: + build-command: 'PREFIX=${{ github.workspace }}/build-dir make' + ctu: true + config: | + { + "CodeChecker": { + "analyzer": [ + "--enable=sensitive" + ] + } + } + + # Upload CodeChecker results as artifacts + - name: Upload CodeChecker results + if: always() + uses: actions/upload-artifact@v4 + with: + name: codechecker-reports + path: ${{ steps.codechecker.outputs.result-html-dir }} + + # Show CodeChecker results in logs + - name: Show CodeChecker results + if: always() + run: | + echo "=== CodeChecker analysis complete ===" + echo "Warnings found: ${{ steps.codechecker.outputs.warnings }}" + echo "CodeChecker version: ${{ steps.codechecker.outputs.codechecker-version }}" + if [ "${{ steps.codechecker.outputs.warnings }}" -eq "0" ]; then + echo "✅ No static analysis issues found" + else + echo "⚠️ Static analysis issues detected - check artifacts" + fi \ No newline at end of file diff --git a/.github/workflows/main.yml b/.github/workflows/main.yml index 48e412fc..cdc44755 100644 --- a/.github/workflows/main.yml +++ b/.github/workflows/main.yml @@ -6,184 +6,4 @@ on: branches: [ '*' ] jobs: - # Oracle JDK (Linux, Mac) - # Oracle JDK requires JAR to be signed for some classes to load/run - # properly, for example KeyAgreement. These tests are commented out - # here until we get a solution in place for CI JAR signing - #linux-oracle: - # strategy: - # matrix: - # os: [ 'ubuntu-latest', 'macos-latest' ] - # jdk_version: [ '17', '21' ] - # wolfssl_configure: [ '--enable-jni' ] - # name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - # uses: ./.github/workflows/linux-common.yml - # with: - # os: ${{ matrix.os }} - # jdk_distro: "oracle" - # jdk_version: ${{ matrix.jdk_version }} - # wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # Zulu JDK (Linux, Mac) - linux-zulu: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '8', '11', '17', '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "zulu" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # Corretto JDK (Linux, Mac) - linux-corretto: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '8', '11', '17', '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "corretto" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # Temurin JDK (Linux, Mac) - # JDK 8 seems to have been removed from Temurin macos, with 8 we see the error - # Could not find satisfied version for SemVer '8' - linux-temurin: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '11', '17', '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "temurin" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # Microsoft JDK (Linux, Mac) - linux-microsoft: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ] - wolfssl_configure: [ '--enable-jni' ] - name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "microsoft" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # -------------------- enable-all sanity checks ----------------------- - # Only check one Linux and Mac JDK version with --enable-jni --enable-all - # as sanity. Using Zulu, but this can be expanded if needed. - linux-zulu-all: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '11' ] - wolfssl_configure: [ '--enable-jni --enable-all' ] - name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "zulu" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # ------------------ RSA 1024 min size sanity check ------------------- - # Only check one Linux and Mac JDK version as a sanity check. Using Zulu, - # but this can be expanded if needed. - # wolfSSL ./configure: - # --enable-jni CFLAGS="-DRSA_MIN_SIZE=1024 - linux-zulu-rsa-min-size: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '11' ] - wolfssl_configure: [ '--enable-jni CFLAGS="-DRSA_MIN_SIZE=1024"' ] - name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}}) - uses: ./.github/workflows/linux-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "zulu" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # ------------------ Facebook Infer static analysis ------------------- - # Run Facebook infer over PR code, only running on Linux with one - # JDK/version for now. - fb-infer: - strategy: - matrix: - os: [ 'ubuntu-latest' ] - jdk_version: [ '11' ] - wolfssl_configure: [ '--enable-jni --enable-all' ] - name: Facebook Infer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure }}) - uses: ./.github/workflows/infer.yml - with: - os: ${{ matrix.os }} - jdk_distro: "zulu" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # ----------------------- Android Gradle build ------------------------ - # Run Android gradle build over PR code, only running on Linux with one - # JDK/version for now. - android-gradle: - strategy: - matrix: - os: [ 'ubuntu-latest' ] - jdk_version: [ '21' ] - name: Android Gradle (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}) - uses: ./.github/workflows/android_gradle.yml - with: - os: ${{ matrix.os }} - jdk_distro: "zulu" - jdk_version: ${{ matrix.jdk_version }} - - # --------------------- Maven build - test pom.xml -------------------- - # Run Maven build over PR code, running on Linux and Mac with only one - # JDK/version for now. - maven-build: - strategy: - matrix: - os: [ 'ubuntu-latest', 'macos-latest' ] - jdk_version: [ '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: Maven Build (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}) - uses: ./.github/workflows/maven.yml - with: - os: ${{ matrix.os }} - jdk_distro: "zulu" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }} - - # --------------- AddressSanitizer build and test ------------------ - # Run AddressSanitizer build and test on Linux only for memory error detection - address-sanitizer: - strategy: - matrix: - os: [ 'ubuntu-latest' ] - jdk_version: [ '21' ] - wolfssl_configure: [ '--enable-jni' ] - name: AddressSanitizer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}) - uses: ./.github/workflows/sanitizer-common.yml - with: - os: ${{ matrix.os }} - jdk_distro: "zulu" - jdk_version: ${{ matrix.jdk_version }} - wolfssl_configure: ${{ matrix.wolfssl_configure }}