update workflow files from latest master

Author: gojimmypi

.github/workflows/cppcheck.yml

@@ -0,0 +1,44 @@
+name: Cppcheck Test
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+jobs:
+  run_cppcheck:
+    name: Cppcheck
+    runs-on: ubuntu-24.04
+    steps:
+      - uses: actions/checkout@v4
+
+      - name: Install cppcheck
+        if: always()
+        run: sudo apt-get install cppcheck
+
+      - name: Run CppCheck
+        id: cpp_check_run
+        if: always()
+        run: >
+          cppcheck
+          -UWSCPFILEHDR -UXSNPRINTF
+          -DLIBWOLFSSH_VERSION_STRING='""'
+          --enable='warning,portability'
+          --std=c99
+          --force
+          --check-level=exhaustive
+          --error-exitcode=2
+          --library=std.cfg
+          --inline-suppr
+          -j4
+          -q
+          .
+          3>&1 1>&2 2>&3 | tee cppcheck.txt
+
+      - name: Upload cppcheck results as artifact
+        if: always()
+        uses: actions/upload-artifact@v4
+        with:
+          name: wolfssh-${{ github.sha }}-cppcheck_results.txt
+          path: cppcheck.txt

.github/workflows/os-check.yml

@@ -10,15 +10,28 @@ concurrency:
   group: ${{ github.workflow }}-${{ github.ref }}
   cancel-in-progress: true
 
-env:
-  WOLFSSL_REF: v5.7.0-stable
-
 jobs:
+  create_matrix:
+    runs-on: ubuntu-latest
+    outputs:
+        versions: ${{ steps.json.outputs.versions }}
+    steps:
+      - name: Create wolfSSL version matrix
+        id: json
+        run: |
+          current=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -1`
+          last=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -2 | tail -1`
+          VERSIONS=$(echo "[ \"master\", \"$current\", \"$last\" ]")
+          echo "wolfSSL versions found: $VERSIONS"
+          echo "versions=$VERSIONS" >> $GITHUB_OUTPUT
+
   build_wolfssl:
+    needs: create_matrix
     strategy:
       fail-fast: false
       matrix:
         os: [ ubuntu-latest, macos-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
     name: Build wolfssl
     runs-on: ${{ matrix.os }}
     timeout-minutes: 4
@@ -28,25 +41,32 @@ jobs:
         id: cache-wolfssl
         with:
           path: build-dir/
-          key: wolfssh-os-check-wolfssl-${{ env.WOLFSSL_REF }}-${{ matrix.os }}
+          key: wolfssh-os-check-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
           lookup-only: true
 
+      - name: debug
+        run: echo wolfssl version ${{ matrix.wolfssl }}
+
       - name: Checkout, build, and install wolfssl
         if: steps.cache-wolfssl.outputs.cache-hit != 'true'
         uses: wolfSSL/actions-build-autotools-project@v1
         with:
           repository: wolfssl/wolfssl
-          ref: ${{ env.WOLFSSL_REF }}
+          ref: ${{ matrix.wolfssl }}
           path: wolfssl
           configure: --enable-all
           check: false
           install: true
 
   build_wolfssh:
+    needs:
+      - build_wolfssl
+      - create_matrix
     strategy:
       fail-fast: false
       matrix:
         os: [ ubuntu-latest, macos-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
         config: [
           '',
           '--enable-all',
@@ -57,13 +77,12 @@ jobs:
     name: Build wolfssh
     runs-on: ${{ matrix.os }}
     timeout-minutes: 4
-    needs: build_wolfssl
     steps:
       - name: Checking cache for wolfssl
         uses: actions/cache@v4
         with:
           path: build-dir/
-          key: wolfssh-os-check-wolfssl-${{ env.WOLFSSL_REF }}-${{ matrix.os }}
+          key: wolfssh-os-check-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
           fail-on-cache-miss: true
 
       - name: Checkout, build, and test wolfssh

.github/workflows/scp-test.yml

@@ -0,0 +1,111 @@
+name: wolfSSH SCP Test
+
+on:
+  push:
+    branches: [ '*' ]
+  pull_request:
+    branches: [ '*' ]
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  create_matrix:
+    runs-on: ubuntu-latest
+    outputs:
+        versions: ${{ steps.json.outputs.versions }}
+    steps:
+      - name: Create wolfSSL version matrix
+        id: json
+        run: |
+          current=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -1`
+          last=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -2 | tail -1`
+          VERSIONS=$(echo "[ \"master\", \"$current\", \"$last\" ]")
+          echo "wolfSSL versions found: $VERSIONS"
+          echo "versions=$VERSIONS" >> $GITHUB_OUTPUT
+
+  build_wolfssl:
+    needs: create_matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
+    name: Build wolfssl
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 4
+    steps:
+      - name: Checking cache for wolfssl
+        uses: actions/cache@v4
+        id: cache-wolfssl
+        with:
+          path: build-dir/
+          key: wolfssh-sshd-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
+          lookup-only: true
+
+      - name: Checkout, build, and install wolfssl
+        if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfssl/wolfssl
+          ref: ${{ matrix.wolfssl }}
+          path: wolfssl
+          configure: --enable-all
+          check: false
+          install: true
+
+  build_wolfssh:
+    needs:
+      - build_wolfssl
+      - create_matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
+    name: Build and test wolfsshd
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 10
+    steps:
+      - name: Checking cache for wolfssl
+        uses: actions/cache@v4
+        with:
+          path: build-dir/
+          key: wolfssh-sshd-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
+          fail-on-cache-miss: true
+
+      - uses: actions/checkout@v4
+        with:
+          path: wolfssh/
+
+      - name: autogen
+        working-directory: ./wolfssh/
+        run: ./autogen.sh
+
+      - name: configure
+        working-directory: ./wolfssh/
+        run : |
+          ./configure --enable-all LDFLAGS="-L${{ github.workspace }}/build-dir/lib" CPPFLAGS="-I${{ github.workspace }}/build-dir/include -DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DMAX_PATH_SZ=120"
+
+      - name: make
+        working-directory: ./wolfssh/
+        run: make
+
+      - name: Setup test user
+        run: sudo useradd -p password jak
+
+      # This is a regression test for a reported hang with SCP file transfer.
+      #     Verifying the error from a bad directory is propogated back, and
+      #     that the direcotry/file is not created. To account for potential
+      #     hanging of the operation, the timeout is set to 1 minute.
+      - name: Run SCP example test
+        timeout-minutes: 1
+        working-directory: ./wolfssh/
+        run: |
+          mkdir /tmp/wolfssh
+          echo "test file" > /tmp/wolfssh/test.txt
+          ./examples/scpclient/wolfscp -p 22 -u jak -P password -H 127.0.0.1  -L /tmp/wolfssh/test.txt:/tmp/non_existent_folder/ || true
+          # check that the directory and file do not exist
+          [ ! -d /tmp/non_existent_folder ]
+          [ ! -f /tmp/non_existent_folder/test.txt ]

.github/workflows/sshd-test.yml

@@ -6,27 +6,121 @@ on:
   pull_request:
     branches: [ '*' ]
 
-jobs:
-  build:
+concurrency:
+  group: ${{ github.workflow }}-${{ github.ref }}
+  cancel-in-progress: true
 
+jobs:
+  create_matrix:
     runs-on: ubuntu-latest
+    outputs:
+        versions: ${{ steps.json.outputs.versions }}
+    steps:
+      - name: Create wolfSSL version matrix
+        id: json
+        run: |
+          current=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -1`
+          last=`curl -s https://api.github.com/repos/wolfssl/wolfssl/releases | grep tag_name | cut -d : -f 2,3 | tr -d \" | tr -d , | tr -d ' ' | head -2 | tail -1`
+          VERSIONS=$(echo "[ \"master\", \"$current\", \"$last\" ]")
+          echo "wolfSSL versions found: $VERSIONS"
+          echo "versions=$VERSIONS" >> $GITHUB_OUTPUT
+
+  build_wolfssl:
+    needs: create_matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
+    name: Build wolfssl
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 4
+    steps:
+      - name: Checking cache for wolfssl
+        uses: actions/cache@v4
+        id: cache-wolfssl
+        with:
+          path: build-dir/
+          key: wolfssh-sshd-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
+          lookup-only: true
+
+      - name: Checkout, build, and install wolfssl
+        if: steps.cache-wolfssl.outputs.cache-hit != 'true'
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfssl/wolfssl
+          ref: ${{ matrix.wolfssl }}
+          path: wolfssl
+          configure: --enable-all
+          check: false
+          install: true
 
+  build_wolfssh:
+    needs:
+      - build_wolfssl
+      - create_matrix
+    strategy:
+      fail-fast: false
+      matrix:
+        os: [ ubuntu-latest ]
+        wolfssl: ${{ fromJson(needs.create_matrix.outputs['versions']) }}
+    name: Build and test wolfsshd
+    runs-on: ${{ matrix.os }}
+    timeout-minutes: 10
     steps:
-    - uses: actions/checkout@v2
-      with:
-          repository: wolfSSL/wolfssl.git
-          ref: master
-    - name: build wolfSSL
-      run: ./autogen.sh && ./configure --enable-all --prefix=/usr && make && sudo make install
-    - uses: actions/checkout@v2
-    - name: autogen
-      run: ./autogen.sh
-    - name: configure
-      run: ./configure --enable-all CPPFLAGS="-DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000"
-    - name: make
-      run: make
-    - name: make check
-      run: make check
-    - name: run wolfSSHd tests
-      run: sudo ./run_all_sshd_tests.sh root
-      working-directory: ./apps/wolfsshd/test
+      - name: Checking cache for wolfssl
+        uses: actions/cache@v4
+        with:
+          path: build-dir/
+          key: wolfssh-sshd-wolfssl-${{ matrix.wolfssl }}-${{ matrix.os }}
+          fail-on-cache-miss: true
+
+      - uses: actions/checkout@v4
+        with:
+          path: wolfssh/
+
+      - name: autogen
+        working-directory: ./wolfssh/
+        run: ./autogen.sh
+
+      - name: configure
+        working-directory: ./wolfssh/
+        run : |
+          ./configure --enable-all LDFLAGS="-L${{ github.workspace }}/build-dir/lib" CPPFLAGS="-I${{ github.workspace }}/build-dir/include -DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000 -DMAX_PATH_SZ=120"
+
+      - name: make check
+        working-directory: ./wolfssh/
+        run: make check
+
+      - name: Run wolfSSHd tests
+        working-directory: ./wolfssh/apps/wolfsshd/test
+        run: |
+          git log -3
+          sudo ./run_all_sshd_tests.sh
+
+      # could use optimization with caching
+      - name: Test memory after close down
+        working-directory: ./wolfssh/
+        run: |
+          sudo apt-get -y update
+          sudo apt-get -y install valgrind
+          touch sshd_config.txt
+          ./configure --enable-all LDFLAGS="-L${{ github.workspace }}/build-dir/lib" CPPFLAGS="-I${{ github.workspace }}/build-dir/include -DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000 -DMAX_PATH_SZ=120" --enable-static --disable-shared && make
+          sudo timeout --preserve-status -s 2 5 valgrind --error-exitcode=1 --leak-check=full ./apps/wolfsshd/wolfsshd -D -f sshd_config -h ./keys/server-key.pem -d -p 22222
+
+      - name: configure with debug
+        working-directory: ./wolfssh/
+        run : |
+          ./configure --enable-all --enable-debug LDFLAGS="-L${{ github.workspace }}/build-dir/lib" CPPFLAGS="-I${{ github.workspace }}/build-dir/include -DWOLFSSH_NO_FPKI -DWOLFSSH_NO_SFTP_TIMEOUT -DWOLFSSH_MAX_SFTP_RW=4000000 -DMAX_PATH_SZ=120"
+
+      - name: make
+        working-directory: ./wolfssh/
+        run: make
+
+      # ssh_kex_algos.sh requires debug output otherwise it is skipped
+      - name: Run wolfSSHd tests with debug
+        working-directory: ./wolfssh/apps/wolfsshd/test
+        run: |
+          git log -3
+          sudo ./run_all_sshd_tests.sh --match ssh_kex_algos.sh
+

.github/workflows/zephyr.yml

@@ -14,7 +14,7 @@ jobs:
         config:
           - zephyr-ref: v3.4.0
             zephyr-sdk: 0.16.1
-    runs-on: ubuntu-latest
+    runs-on: ubuntu-22.04
     # This should be a safe limit for the tests to run.
     timeout-minutes: 20
     steps:
@@ -87,7 +87,7 @@ jobs:
 
       - name: Upload failure logs
         if: ${{ failure() && steps.wolfssh-test.outcome == 'failure' }}
-        uses: actions/upload-artifact@v3
+        uses: actions/upload-artifact@v4
         with:
           name: zephyr-client-test-logs
           path: logs.zip