From 022fc8fe9a340d611902eedcc57ee5b98d02ff10 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?=C5=81ukasz=20Duda?= Date: Sun, 26 May 2024 11:37:28 +0200 Subject: [PATCH] [test] fuzz --- .github/workflows/build.yml | 462 --------------------------- .github/workflows/codeql.yml | 85 ----- .github/workflows/docker.yml | 107 ------- .github/workflows/fuzz.yml | 17 +- .github/workflows/makefile-check.yml | 60 ---- .github/workflows/otbr.yml | 263 --------------- .github/workflows/otci.yml | 85 ----- .github/workflows/otns.yml | 226 ------------- .github/workflows/posix.yml | 323 ------------------- .github/workflows/scorecards.yml | 100 ------ .github/workflows/simulation-1.1.yml | 431 ------------------------- .github/workflows/simulation-1.2.yml | 432 ------------------------- .github/workflows/size.yml | 70 ---- .github/workflows/toranj.yml | 214 ------------- .github/workflows/unit.yml | 131 -------- .github/workflows/version.yml | 57 ---- src/core/crypto/crypto_platform.cpp | 15 +- tests/fuzz/cli_received.cpp | 30 ++ tests/fuzz/ip6_send.cpp | 5 + tests/fuzz/ncp_hdlc_received.cpp | 5 + tests/fuzz/oss-fuzz-build | 1 + tests/fuzz/radio_receive_done.cpp | 5 + 22 files changed, 68 insertions(+), 3056 deletions(-) delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/codeql.yml delete mode 100644 .github/workflows/docker.yml delete mode 100644 .github/workflows/makefile-check.yml delete mode 100644 .github/workflows/otbr.yml delete mode 100644 .github/workflows/otci.yml delete mode 100644 .github/workflows/otns.yml delete mode 100644 .github/workflows/posix.yml delete mode 100644 .github/workflows/scorecards.yml delete mode 100644 .github/workflows/simulation-1.1.yml delete mode 100644 .github/workflows/simulation-1.2.yml delete mode 100644 .github/workflows/size.yml delete mode 100644 .github/workflows/toranj.yml delete mode 100644 .github/workflows/unit.yml delete mode 100644 .github/workflows/version.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 1f45c59fcbea..000000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,462 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Build - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - pretty: - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y clang-format-14 clang-tidy-14 shellcheck - python3 -m pip install yapf==0.31.0 - sudo snap install shfmt - npm install prettier@2.0.4 - - name: Check - run: | - script/make-pretty check - - markdown-lint-check: - runs-on: ubuntu-latest - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: gaurav-nelson/github-action-markdown-link-check@5c5dfc0ac2e225883c0e5f03a85311ec2830d368 # v1 - with: - use-verbose-mode: 'yes' - max-depth: 3 - - spell-check: - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - python -m pip install --upgrade pip - pip install --force-reinstall codespell==2.2.4 - - name: Check - run: | - script/code-spell check - - cmake-version: - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y build-essential ninja-build libreadline-dev libncurses-dev - sudo apt-get remove cmake - sudo apt-get purge --auto-remove cmake - wget http://www.cmake.org/files/v3.10/cmake-3.10.3.tar.gz - tar xf cmake-3.10.3.tar.gz - cd cmake-3.10.3 - ./configure - sudo make install - cmake --version | grep 3.10.3 - - name: Build - run: | - OT_NODE_TYPE=rcp ./script/test build - - package: - name: package-${{ matrix.compiler }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - include: - - compiler: gcc - compiler_c: gcc - compiler_cpp: g++ - - compiler: clang - compiler_c: clang - compiler_cpp: clang++ - env: - CC: ${{ matrix.compiler_c }} - CXX: ${{ matrix.compiler_cpp }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build libreadline-dev libncurses-dev - - name: Package - run: | - script/test package - - scan-build: - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y clang-tools-14 ninja-build - - name: Run - run: | - script/check-scan-build - - mbedtls2-build: - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y ninja-build libreadline-dev libncurses-dev - rm -rf third_party/mbedtls/repo - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - repository: ARMmbed/mbedtls - ref: v2.28.8 - path: third_party/mbedtls/repo - - name: Build - run: | - ./script/test build - - arm-gcc: - name: arm-gcc-${{ matrix.gcc_ver }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - include: - - gcc_ver: 4 - gcc_download_url: https://launchpad.net/gcc-arm-embedded/4.9/4.9-2015-q3-update/+download/gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-4_9-2015q3 - - gcc_ver: 5 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/5_4-2016q3/gcc-arm-none-eabi-5_4-2016q3-20160926-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-5_4-2016q3 - - gcc_ver: 6 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-6-2017-q2-update - - gcc_ver: 7 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-7-2018-q2-update - - gcc_ver: 9 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/9-2019q4/RC2.1/gcc-arm-none-eabi-9-2019-q4-major-x86_64-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-9-2019-q4-major - - gcc_ver: 10 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/10.3-2021.10/gcc-arm-none-eabi-10.3-2021.10-x86_64-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-10.3-2021.10 - - gcc_ver: 11 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/11.3.rel1/binrel/arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-eabi.tar.xz - gcc_extract_dir: arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-eabi - - gcc_ver: 12 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/12.2.rel1/binrel/arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi.tar.xz - gcc_extract_dir: arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi - - gcc_ver: 13 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/13.2.rel1/binrel/arm-gnu-toolchain-13.2.rel1-x86_64-arm-none-eabi.tar.xz - gcc_extract_dir: arm-gnu-toolchain-13.2.Rel1-x86_64-arm-none-eabi - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - cd /tmp - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y build-essential lib32z1 ninja-build gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf - wget --tries 4 --no-check-certificate --quiet ${{ matrix.gcc_download_url }} -O gcc-arm - tar xf gcc-arm - sudo apt-get remove cmake - sudo apt-get purge --auto-remove cmake - wget http://www.cmake.org/files/v3.10/cmake-3.10.3.tar.gz - tar xf cmake-3.10.3.tar.gz - cd cmake-3.10.3 - ./configure - sudo make install - cmake --version | grep 3.10.3 - - name: Build - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - export PATH=/tmp/${{ matrix.gcc_extract_dir }}/bin:$PATH - script/check-arm-build - - gcc: - name: gcc-${{ matrix.gcc_ver }} - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - matrix: - gcc_ver: [9, 10, 11, 12] - env: - CC: gcc-${{ matrix.gcc_ver }} - CXX: g++-${{ matrix.gcc_ver }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - case ${{ matrix.gcc_ver }} in - 11) - sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test - ;; - esac - sudo apt-get --no-install-recommends install -y gcc-${{ matrix.gcc_ver }} g++-${{ matrix.gcc_ver }} ninja-build libreadline-dev libncurses-dev - - name: Build - run: | - script/check-simulation-build - script/check-posix-build - - clang: - name: clang-${{ matrix.clang_ver }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - clang_ver: ["9", "10", "11", "12", "13"] - env: - CC: clang-${{ matrix.clang_ver }} - CXX: clang++-${{ matrix.clang_ver }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - - echo 'deb http://apt.llvm.org/focal/ llvm-toolchain-focal main - deb-src http://apt.llvm.org/focal/ llvm-toolchain-focal main - # 13 - deb http://apt.llvm.org/focal/ llvm-toolchain-focal-13 main - deb-src http://apt.llvm.org/focal/ llvm-toolchain-focal-13 main' | sudo tee -a /etc/apt/sources.list - sudo apt-get update - sudo apt-get --no-install-recommends install -y clang-${{ matrix.clang_ver }} clang++-${{ matrix.clang_ver }} ninja-build libreadline-dev libncurses-dev - - name: Build - run: | - script/check-simulation-build - script/check-posix-build - - clang-m32: - name: clang-m32-${{ matrix.clang_ver }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - clang_ver: ["9", "10", "11", "12", "13"] - env: - CC: clang-${{ matrix.clang_ver }} - CXX: clang++-${{ matrix.clang_ver }} - CFLAGS: -m32 -Wconversion - CXXFLAGS: -m32 -Wconversion - LDFLAGS: -m32 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo dpkg --add-architecture i386 - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - - echo 'deb http://apt.llvm.org/focal/ llvm-toolchain-focal main - deb-src http://apt.llvm.org/focal/ llvm-toolchain-focal main - # 13 - deb http://apt.llvm.org/focal/ llvm-toolchain-focal-13 main - deb-src http://apt.llvm.org/focal/ llvm-toolchain-focal-13 main' | sudo tee -a /etc/apt/sources.list - sudo apt-get update - sudo apt-get --no-install-recommends install -y clang-${{ matrix.clang_ver }} clang++-${{ matrix.clang_ver }} ninja-build - sudo apt-get --no-install-recommends install -y g++-multilib libreadline-dev:i386 libncurses-dev:i386 - - name: Build - run: | - script/check-simulation-build - script/check-posix-build - - gn: - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build - cd /tmp - wget -O gn.zip https://chrome-infra-packages.appspot.com/dl/gn/gn/linux-amd64/+/latest - unzip -o gn.zip - chmod a+x gn && mkdir -p bin && mv -f gn bin/ - - name: Build - run: | - export PATH=/tmp/bin:$PATH - script/check-gn-build - - macos: - name: macos-${{ matrix.CC }} - strategy: - fail-fast: false - matrix: - include: - - CC: clang - CXX: clang++ - - CC: gcc - CXX: g++ - runs-on: macos-12 - env: - CC: ${{ matrix.CC }} - CXX: ${{ matrix.CXX }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - brew update - wget --tries 4 https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-mac.zip - unzip ninja-mac.zip && mv ninja /usr/local/bin/. - - name: Build - run: | - script/check-posix-build - script/check-simulation-build - - android-ndk: - name: android-ndk - runs-on: ubuntu-22.04 - container: - image: openthread/environment - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Install unzip - run: apt update && apt install -y unzip - - name: Setup NDK - id: setup-ndk - uses: nttld/setup-ndk@v1 - with: - ndk-version: r25c - local-cache: true - - - name: Build - env: - NDK: ${{ steps.setup-ndk.outputs.ndk-path }} - run: | - rm -rf build/ && OT_CMAKE_NINJA_TARGET="ot-daemon ot-ctl" script/cmake-build android-ndk - rm -rf build/ && OT_CMAKE_NINJA_TARGET="ot-cli" script/cmake-build android-ndk diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 61a26952a8f8..000000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,85 +0,0 @@ -# -# Copyright (c) 2022, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: "CodeQL" - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'cpp', 'python' ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Checkout repository - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y ninja-build libreadline-dev libncurses-dev - - - name: Initialize CodeQL - uses: github/codeql-action/init@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - - run: | - ./script/test build - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@d39d31e687223d841ef683f52467bd88e9b21c14 # v3.25.3 - with: - category: "/language:${{matrix.language}}" diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index c4274cd1ec5e..000000000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,107 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Docker - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - buildx: - name: buildx-${{ matrix.docker_name }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - include: - - docker_name: environment - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - - name: Prepare - id: prepare - run: | - DOCKER_IMAGE=openthread/${{ matrix.docker_name }} - DOCKER_FILE=etc/docker/${{ matrix.docker_name }}/Dockerfile - DOCKER_PLATFORMS=linux/amd64 - VERSION=latest - - TAGS="--tag ${DOCKER_IMAGE}:${VERSION}" - - echo "docker_image=${DOCKER_IMAGE}" >> $GITHUB_OUTPUT - echo "version=${VERSION}" >> $GITHUB_OUTPUT - echo "buildx_args=--platform ${DOCKER_PLATFORMS} \ - --build-arg OT_GIT_REF=${{ github.sha }} \ - --build-arg VERSION=${VERSION} \ - --build-arg BUILD_DATE=$(date -u +'%Y-%m-%dT%H:%M:%SZ') \ - --build-arg VCS_REF=${GITHUB_SHA::8} \ - ${TAGS} --file ${DOCKER_FILE} ." >> $GITHUB_OUTPUT - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@d70bba72b1f3fd22344832f00baa16ece964efeb # v3.3.0 - - - name: Docker Buildx (build) - run: | - docker buildx build --output "type=image,push=false" ${{ steps.prepare.outputs.buildx_args }} - - - name: Login to DockerHub - if: success() && github.repository == 'openthread/openthread' && github.event_name != 'pull_request' - uses: docker/login-action@e92390c5fb421da1463c202d546fed0ec5c39f20 # v3.1.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Docker Buildx (push) - if: success() && github.repository == 'openthread/openthread' && github.event_name != 'pull_request' - run: | - docker buildx build --output "type=image,push=true" ${{ steps.prepare.outputs.buildx_args }} - - - name: Inspect Image - if: always() && github.repository == 'openthread/openthread' && github.event_name != 'pull_request' - run: | - docker buildx imagetools inspect ${{ steps.prepare.outputs.docker_image }}:${{ steps.prepare.outputs.version }} diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml index da612bb365c7..17351fe61a97 100644 --- a/.github/workflows/fuzz.yml +++ b/.github/workflows/fuzz.yml @@ -29,13 +29,7 @@ name: CIFuzz on: - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true + push permissions: # added using https://github.com/step-security/secure-workflows contents: read @@ -50,19 +44,24 @@ jobs: egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - name: Build Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@c0e4bb8d15a68b7f8cc731ea75523e48a2301bcf # master + uses: LuDuda/oss-fuzz/infra/cifuzz/actions/build_fuzzers@5f740a8d5e504678f37ffc34d5d78a1c50293240 # master with: oss-fuzz-project-name: 'openthread' dry-run: false + env: + GITHUB_REPOSITORY: LuDuda/openthread - name: Run Fuzzers - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@c0e4bb8d15a68b7f8cc731ea75523e48a2301bcf # master + uses: LuDuda/oss-fuzz/infra/cifuzz/actions/run_fuzzers@5f740a8d5e504678f37ffc34d5d78a1c50293240 # master with: oss-fuzz-project-name: 'openthread' fuzz-seconds: 1800 dry-run: false + env: + GITHUB_REPOSITORY: LuDuda/openthread - name: Upload Crash uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 if: failure() with: name: artifacts path: ./out/artifacts + diff --git a/.github/workflows/makefile-check.yml b/.github/workflows/makefile-check.yml deleted file mode 100644 index 1d7fa5518760..000000000000 --- a/.github/workflows/makefile-check.yml +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (c) 2021, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Makefile Check - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - makefile-check: - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Check - run: | - script/check-core-makefiles diff --git a/.github/workflows/otbr.yml b/.github/workflows/otbr.yml deleted file mode 100644 index 2730614f7133..000000000000 --- a/.github/workflows/otbr.yml +++ /dev/null @@ -1,263 +0,0 @@ -# -# Copyright (c) 2021, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Border Router - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - backbone-router: - runs-on: ubuntu-20.04 - env: - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 0 - PACKET_VERIFICATION: 1 - THREAD_VERSION: 1.3 - INTER_OP: 1 - COVERAGE: 1 - MULTIPLY: 1 - PYTHONUNBUFFERED: 1 - VERBOSE: 1 - # The Border Routing and DUA feature can coexist, but current wireshark - # packet verification can't handle it because of the order of context ID - # of OMR prefix and Domain prefix is not deterministic. - BORDER_ROUTING: 0 - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Build OTBR Docker - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - ./script/test build_otbr_docker - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y python3-setuptools python3-wheel ninja-build socat lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - export CI_ENV="$(bash <(curl -s https://codecov.io/env)) -e GITHUB_ACTIONS -e COVERAGE" - echo "CI_ENV=${CI_ENV}" - sudo -E ./script/test cert_suite ./tests/scripts/thread-cert/backbone/*.py || (sudo chmod a+r *.log *.json *.pcap && false) - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-thread-1-3-backbone-docker - path: /tmp/coverage/ - retention-days: 1 - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: thread-1-3-backbone-results - path: | - *.pcap - *.json - *.log - coredump_* - otbr-agent_* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-thread-1-3-backbone - path: tmp/coverage.info - retention-days: 1 - - thread-border-router: - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - include: - - otbr_mdns: "mDNSResponder" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 1 - nat64: 0 - description: "" - - otbr_mdns: "mDNSResponder" - otbr_trel: 1 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 2 - nat64: 0 - description: "" - - otbr_mdns: "mDNSResponder" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/MATN/*.py - packet_verification: 1 - nat64: 0 - description: "MATN" - - otbr_mdns: "mDNSResponder" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/LowPower/*.py - packet_verification: 1 - nat64: 0 - description: "LowPower" - - otbr_mdns: "mDNSResponder" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/nat64/*.py - packet_verification: 1 - nat64: 1 - description: "nat64" - - otbr_mdns: "avahi" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 1 - nat64: 0 - description: "" - - otbr_mdns: "avahi" - otbr_trel: 1 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 2 - nat64: 0 - description: "" - - otbr_mdns: "avahi" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 1 - nat64: 0 - use_core_firewall: 1 - description: "core-firewall" - name: BR ${{ matrix.description }} (${{ matrix.otbr_mdns }}, TREL=${{matrix.otbr_trel}}) - env: - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 0 - PACKET_VERIFICATION: ${{ matrix.packet_verification }} - THREAD_VERSION: 1.3 - INTER_OP: 1 - COVERAGE: 1 - MULTIPLY: 1 - OTBR_MDNS: ${{ matrix.otbr_mdns }} - PYTHONUNBUFFERED: 1 - VERBOSE: 1 - BORDER_ROUTING: 1 - NAT64: ${{ matrix.nat64 }} - MAX_JOBS: 3 - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Set firewall environment variables - if: ${{ matrix.use_core_firewall }} - run: | - echo "FIREWALL=0" >> $GITHUB_ENV - - name: Build OTBR Docker - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - TREL: ${{ matrix.otbr_trel }} - run: | - ./script/test build_otbr_docker - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y python3-setuptools python3-wheel ninja-build socat lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - export CI_ENV="$(bash <(curl -s https://codecov.io/env)) -e GITHUB_ACTIONS -e COVERAGE" - echo "CI_ENV=${CI_ENV}" - sudo -E ./script/test cert_suite ${{ matrix.cert_scripts }} || (sudo chmod a+r *.log *.json *.pcap && false) - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-br-docker-${{ matrix.description }}-${{ matrix.otbr_mdns }}-${{matrix.otbr_trel}} - path: /tmp/coverage/ - retention-days: 1 - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: br-results-${{ matrix.description }}-${{ matrix.otbr_mdns }}-${{matrix.otbr_trel}} - path: | - *.pcap - *.json - *.log - coredump_* - otbr-agent_* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-br-${{ matrix.description }}-${{ matrix.otbr_mdns }}-${{matrix.otbr_trel}} - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - backbone-router - - thread-border-router - runs-on: ubuntu-20.04 - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - continue-on-error: true - run: | - script/test combine_coverage - - name: Upload Coverage - continue-on-error: true - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/otci.yml b/.github/workflows/otci.yml deleted file mode 100644 index d22c227b9839..000000000000 --- a/.github/workflows/otci.yml +++ /dev/null @@ -1,85 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: OTCI - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - cli-sim: - name: cli-sim VIRTUAL_TIME=${{ matrix.virtual_time }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - virtual_time: [0, 1] - env: - VIRTUAL_TIME: ${{ matrix.virtual_time }} - REAL_DEVICE: 0 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib ninja-build python3-setuptools python3-wheel - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - python3 -m pip install pytype adb-shell - - name: Style check - run: | - PYTHONPATH=./tests/scripts/thread-cert pytype tools/otci - - name: Build - run: | - ./script/cmake-build simulation -DOT_THREAD_VERSION=1.3 -DOT_DUA=ON -DOT_MLR=ON -DOT_BACKBONE_ROUTER=ON \ - -DOT_CSL_RECEIVER=ON -DOT_SIMULATION_VIRTUAL_TIME=${VIRTUAL_TIME} - - name: Install OTCI Python Library - run: | - (cd tools/otci && python3 -m pip install .) - - name: Run - run: | - export PYTHONPATH=./tests/scripts/thread-cert/ - export OT_CLI=./build/simulation/examples/apps/cli/ot-cli-ftd - python3 tools/otci/tests/test_otci.py diff --git a/.github/workflows/otns.yml b/.github/workflows/otns.yml deleted file mode 100644 index ac90a37f20b7..000000000000 --- a/.github/workflows/otns.yml +++ /dev/null @@ -1,226 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: OTNS - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -env: - COVERAGE: 1 - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 1 - VIRTUAL_TIME_UART: 1 - MAX_NETWORK_SIZE: 999 - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - unittests: - name: Unittests - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.20" - - name: Set up Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - with: - python-version: "3.9" - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib lcov ninja-build - - name: Run - run: | - export OT_DIR=$PWD - ./script/git-tool clone --depth 1 https://github.com/openthread/ot-ns.git /tmp/otns - ( - cd /tmp/otns - ./script/test py-unittests - ) - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: unittests-pcaps - path: | - ./output/*/bin/*.pcap - ./output/*/bin/*.replay - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-otns-unittests - path: tmp/coverage.info - retention-days: 1 - - examples: - name: Examples - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.20" - - name: Set up Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - with: - python-version: "3.9" - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib lcov ninja-build - - name: Run - run: | - export OT_DIR=$PWD - ./script/git-tool clone --depth 1 https://github.com/openthread/ot-ns.git /tmp/otns - ( - cd /tmp/otns - ./script/test py-examples - ) - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: examples-pcaps - path: | - ./output/*/bin/*.pcap - ./output/*/bin/*.replay - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-otns-examples - path: tmp/coverage.info - - stress-tests: - name: Stress ${{ matrix.suite }} - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - matrix: - include: - - suite: "network-forming" - stress_level: 8 - - suite: "commissioning" - stress_level: 14 - - suite: "connectivity" - stress_level: 6 - - suite: "network-latency" - stress_level: 10 - - suite: "multicast-performance" - stress_level: 10 - - suite: "otns-performance" - stress_level: 10 - env: - STRESS_LEVEL: ${{ matrix.stress_level }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - uses: actions/setup-go@0c52d547c9bc32b1aa3301fd7a9cb496313a4491 # v5.0.0 - with: - go-version: "1.20" - - name: Set up Python - uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0 - with: - python-version: "3.9" - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib lcov ninja-build - - name: Run - run: | - export OT_DIR=$PWD - ./script/git-tool clone --depth 1 https://github.com/openthread/ot-ns.git /tmp/otns - ( - cd /tmp/otns - ./script/test stress-tests ${{ matrix.suite }} - ) - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: stress-tests-${{ matrix.suite }}-pcaps - path: | - ./output/*/bin/*.pcap - ./output/*/bin/*.replay - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-otns-stress-tests-${{ matrix.suite }} - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - unittests - - examples - - stress-tests - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Upload Coverage - run: | - script/test upload_codecov diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml deleted file mode 100644 index c06ed69abd5b..000000000000 --- a/.github/workflows/posix.yml +++ /dev/null @@ -1,323 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: POSIX - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - expects-linux: - runs-on: ubuntu-20.04 - env: - CFLAGS: -DCLI_COAP_SECURE_USE_COAP_DEFAULT_HANDLER=1 -DOPENTHREAD_CONFIG_MLE_MAX_CHILDREN=15 - CXXFLAGS: -DCLI_COAP_SECURE_USE_COAP_DEFAULT_HANDLER=1 -DOPENTHREAD_CONFIG_MLE_MAX_CHILDREN=15 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov socat - pip install bleak - - name: Run RCP Mode - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - OT_OPTIONS='-DOT_READLINE=OFF -DOT_FULL_LOGS=ON -DOT_LOG_OUTPUT=PLATFORM_DEFINED' VIRTUAL_TIME=0 OT_NODE_TYPE=rcp ./script/test build expect - - name: Run ot-fct - run: | - OT_CMAKE_NINJA_TARGET="ot-fct" script/cmake-build posix - tests/scripts/expect/ot-fct.exp - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED_RCP=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() && env.CRASHED_RCP == '1' }} - with: - name: core-expect-rcp - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-expects-linux-1 - path: tmp/coverage.info - retention-days: 1 - - name: Run TUN Mode - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - echo 0 | sudo tee /proc/sys/net/ipv6/conf/all/disable_ipv6 - sudo apt-get install --no-install-recommends -y bind9-host ntp socat - sudo systemctl restart ntp - sudo socat 'UDP6-LISTEN:53,fork,reuseaddr,bind=[::1]' UDP:127.0.0.53:53 & - socat 'TCP6-LISTEN:2000,fork,reuseaddr' TCP:127.0.0.53:53 & - host ipv6.google.com 127.0.0.53 - host ipv6.google.com ::1 - ulimit -c unlimited - ./script/test prepare_coredump_upload - OT_OPTIONS='-DOT_READLINE=OFF -DOT_FULL_LOGS=ON -DOT_LOG_OUTPUT=PLATFORM_DEFINED' OT_NATIVE_IP=1 VIRTUAL_TIME=0 OT_NODE_TYPE=rcp ./script/test clean build expect - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED_TUN=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() && env.CRASHED_TUN == '1' }} - with: - name: core-expect-linux - path: | - ./ot-core-dump/* - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: syslog-expect-linux - path: /var/log/syslog - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-expects-linux-2 - path: tmp/coverage.info - retention-days: 1 - - thread-cert: - runs-on: ubuntu-20.04 - env: - COVERAGE: 1 - PYTHONUNBUFFERED: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build python3-setuptools python3-wheel - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - OT_NODE_TYPE=rcp ./script/test build - - name: Run - run: | - MAX_JOBS=$(getconf _NPROCESSORS_ONLN) ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: thread-cert - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-thread-cert - path: tmp/coverage.info - - pty-linux: - name: pty-linux OT_DAEMON=${{ matrix.OT_DAEMON }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - OT_DAEMON: ['off', 'on'] - env: - COVERAGE: 1 - OT_DAEMON: ${{ matrix.OT_DAEMON }} - OT_READLINE: 'readline' - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y socat expect lcov net-tools ninja-build - cd /tmp - wget https://github.com/obgm/libcoap/archive/bsd-licensed.tar.gz - tar xvf bsd-licensed.tar.gz - cd libcoap-bsd-licensed - ./autogen.sh - ./configure --prefix= --exec-prefix=/usr --with-boost=internal --disable-tests --disable-documentation - make -j2 - sudo make install - - name: Build - run: | - script/check-posix-pty build - - name: Run - run: | - script/check-posix-pty check - - name: Run (OT_DAEMON_ALLOW_ALL) - if: matrix.OT_DAEMON == 'on' - env: - OT_DAEMON_ALLOW_ALL: 1 - run: | - script/check-posix-pty check - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-pty-linux-${{ matrix.OT_DAEMON }} - path: tmp/coverage.info - retention-days: 1 - - pty-macos: - name: pty-macos OT_DAEMON=${{ matrix.OT_DAEMON }} - runs-on: macos-12 - strategy: - fail-fast: false - matrix: - OT_DAEMON: ['off', 'on'] - env: - OT_DAEMON: ${{ matrix.OT_DAEMON }} - OT_READLINE: 'off' - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Bootstrap - run: | - rm -f /usr/local/bin/2to3 - rm -f /usr/local/bin/2to3-3.11 - rm -f /usr/local/bin/idle3 - rm -f /usr/local/bin/idle3.11 - rm -f /usr/local/bin/pydoc3 - rm -f /usr/local/bin/pydoc3.11 - rm -f /usr/local/bin/python3 - rm -f /usr/local/bin/python3.11 - rm -f /usr/local/bin/python3-config - rm -f /usr/local/bin/python3.11-config - brew update - brew install ninja socat - - name: Build - run: | - script/check-posix-pty build - - name: Run - run: | - script/check-posix-pty check - - rcp-stack-reset: - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Bootstrap - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov socat - sudo python3 -m pip install git+https://github.com/openthread/pyspinel - - name: Build - run: | - script/cmake-build simulation -DOT_CSL_RECEIVER=ON -DOT_FULL_LOGS=ON -DOT_LOG_OUTPUT=PLATFORM_DEFINED - - name: Run - run: | - python3 tests/scripts/misc/test_rcp_reset.py build/simulation/examples/apps/ncp/ot-rcp - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-rcp-stack-reset - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - expects-linux - - pty-linux - - thread-cert - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml deleted file mode 100644 index 529769f002e2..000000000000 --- a/.github/workflows/scorecards.yml +++ /dev/null @@ -1,100 +0,0 @@ -# -# Copyright (c) 2022, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecards supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '33 12 * * 0' - push: - branches: [ "main" ] - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - - steps: - - name: "Checkout code" - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@dc50aa9510b46c811795eb24b2f1ba02a914e534 # v2.3.3 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v3.1.0 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@d39d31e687223d841ef683f52467bd88e9b21c14 # v2.1.27 - with: - sarif_file: results.sarif diff --git a/.github/workflows/simulation-1.1.yml b/.github/workflows/simulation-1.1.yml deleted file mode 100644 index f8b595eaa83f..000000000000 --- a/.github/workflows/simulation-1.1.yml +++ /dev/null @@ -1,431 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Simulation 1.1 - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - packet-verification: - runs-on: ubuntu-20.04 - env: - PACKET_VERIFICATION: 1 - REFERENCE_DEVICE: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - MULTIPLY: 3 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib python3-setuptools python3-wheel ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: packet-verification-pcaps - path: | - *.pcap - *.json - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-packet-verification - path: tmp/coverage.info - retention-days: 1 - - cli-ftd: - runs-on: ubuntu-20.04 - env: - CFLAGS: -m32 - CXXFLAGS: -m32 - LDFLAGS: -m32 - COVERAGE: 1 - REFERENCE_DEVICE: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build g++-multilib python3-setuptools python3-wheel - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: cli-ftd-thread-cert - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-cli-ftd - path: tmp/coverage.info - retention-days: 1 - - cli-mtd: - name: cli-mtd MESSAGE_USE_HEAP=${{ matrix.message_use_heap }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - message_use_heap: [0, 1] - env: - CFLAGS: -m32 - CXXFLAGS: -m32 - LDFLAGS: -m32 - COVERAGE: 1 - REFERENCE_DEVICE: 1 - THREAD_VERSION: 1.1 - USE_MTD: 1 - VIRTUAL_TIME: 1 - MESSAGE_USE_HEAP: ${{ matrix.message_use_heap }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build g++-multilib python3-setuptools python3-wheel - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: cli-mtd-thread-cert - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-cli-mtd-${{ matrix.message_use_heap }} - path: tmp/coverage.info - retention-days: 1 - - cli-time-sync: - runs-on: ubuntu-20.04 - env: - CFLAGS: -m32 - CXXFLAGS: -m32 - LDFLAGS: -m32 - COVERAGE: 1 - REFERENCE_DEVICE: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib lcov ninja-build python3-setuptools python3-wheel - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - OT_OPTIONS="-DOT_TIME_SYNC=ON" ./script/test build - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: cli-time-sync-thread-cert - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-cli-time-sync - path: tmp/coverage.info - retention-days: 1 - - expects: - runs-on: ubuntu-20.04 - env: - CFLAGS: -DCLI_COAP_SECURE_USE_COAP_DEFAULT_HANDLER=1 -DOPENTHREAD_CONFIG_MLE_MAX_CHILDREN=15 - CXXFLAGS: -DCLI_COAP_SECURE_USE_COAP_DEFAULT_HANDLER=1 -DOPENTHREAD_CONFIG_MLE_MAX_CHILDREN=15 - THREAD_VERSION: 1.1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov socat - pip install bleak - - name: Run - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - OT_OPTIONS='-DOT_TIME_SYNC=ON -DOT_FULL_LOGS=ON -DOT_LOG_OUTPUT=PLATFORM_DEFINED' VIRTUAL_TIME=0 ./script/test build expect - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED_CLI=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() && env.CRASHED_CLI == '1' }} - with: - name: core-expect-cli - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-expects - path: tmp/coverage.info - retention-days: 1 - - ot-commissioner: - runs-on: ubuntu-22.04 - env: - THREAD_VERSION: 1.1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - sudo rm /etc/apt/sources.list.d/* - sudo apt-get update - sudo apt-get install -y avahi-daemon avahi-utils lcov - script/git-tool clone https://github.com/openthread/ot-commissioner.git /tmp/ot-commissioner --depth 1 --branch main - - name: Build - run: | - cd /tmp/ot-commissioner - script/bootstrap.sh - cmake -GNinja \ - -DCMAKE_CXX_STANDARD=11 \ - -DCMAKE_CXX_STANDARD_REQUIRED=ON \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_INSTALL_PREFIX=/usr/local \ - -DOT_COMM_COVERAGE=ON \ - -DOT_COMM_CCM=OFF \ - -S . -B build - cmake --build build - sudo cmake --install build - - name: Run - run: | - export OT_COMM_OPENTHREAD="$(pwd)" - cd /tmp/ot-commissioner/tests/integration - ./bootstrap.sh - ./run_tests.sh - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-ot-commissioner - path: tmp/coverage.info - retention-days: 1 - - multiple-instance: - runs-on: ubuntu-20.04 - env: - COVERAGE: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - CXXFLAGS: "-DOPENTHREAD_CONFIG_LOG_PREPEND_UPTIME=0" - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov ninja-build python3-setuptools python3-wheel - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - OT_OPTIONS="-DOT_MULTIPLE_INSTANCE=ON" ./script/test build - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: ot_testing - path: build/simulation/tests/scripts/thread-cert - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-multiple-instance - path: tmp/coverage.info - retention-days: 1 - - simulation-local-host: - runs-on: ubuntu-20.04 - env: - COVERAGE: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov - - name: Run - run: | - ./script/check-simulation-local-host - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-simulation-local-host - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - packet-verification - - cli-ftd - - cli-mtd - - cli-time-sync - - expects - - ot-commissioner - - multiple-instance - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/simulation-1.2.yml b/.github/workflows/simulation-1.2.yml deleted file mode 100644 index 2e037451aaa0..000000000000 --- a/.github/workflows/simulation-1.2.yml +++ /dev/null @@ -1,432 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Simulation 1.3 - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - thread-1-3: - name: thread-1-3-${{ matrix.compiler.c }}-${{ matrix.arch }} - runs-on: ubuntu-20.04 - env: - CFLAGS: -${{ matrix.arch }} - CXXFLAGS: -${{ matrix.arch }} - LDFLAGS: -${{ matrix.arch }} - COVERAGE: 1 - THREAD_VERSION: 1.3 - VIRTUAL_TIME: 1 - INTER_OP: 1 - INTER_OP_BBR: 1 - CC: ${{ matrix.compiler.c }} - CXX: ${{ matrix.compiler.cxx }} - strategy: - fail-fast: false - matrix: - compiler: [{c: "gcc", cxx: "g++", gcov: "gcc"}, { c: "clang-10", cxx: "clang++-10", gcov: "llvm"}] - arch: ["m32", "m64"] - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo dpkg --add-architecture i386 - sudo apt-get update - sudo apt-get --no-install-recommends install -y clang-10 clang++-10 ninja-build python3-setuptools python3-wheel llvm lcov - sudo apt-get --no-install-recommends install -y g++-multilib libreadline-dev:i386 libncurses-dev:i386 - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Run - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - ./script/test unit - ./script/test cert_suite tests/scripts/thread-cert/v1_2_* - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: thread-1-3-${{ matrix.compiler.c }}-${{ matrix.arch }}-pcaps - path: "*.pcap" - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() && env.CRASHED == '1' }} - with: - name: core-packet-verification-thread-1-3 - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage "${{ matrix.compiler.gcov }}" - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-thread-1-3-${{ matrix.compiler.c }}-${{ matrix.arch }} - path: tmp/coverage.info - retention-days: 1 - - packet-verification-low-power: - runs-on: ubuntu-20.04 - env: - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 1 - COVERAGE: 1 - PACKET_VERIFICATION: 1 - THREAD_VERSION: 1.3 - MAC_FILTER: 1 - INTER_OP: 1 - INTER_OP_BBR: 0 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib python3-setuptools python3-wheel ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Build with OT_CSL_RECEIVER_LOCAL_TIME_SYNC - run: | - OT_BUILDDIR="${PWD}/build_csl_receiver_local_time_sync" OT_OPTIONS="-DOT_CSL_RECEIVER_LOCAL_TIME_SYNC=ON" ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - for i in {1..10} - do - ./script/test cert_suite ./tests/scripts/thread-cert/v1_2_LowPower*.py - done - - name: Run with OT_CSL_RECEIVER_LOCAL_TIME_SYNC - run: | - OT_BUILDDIR="${PWD}/build_csl_receiver_local_time_sync" ./script/test cert_suite ./tests/scripts/thread-cert/v1_2_LowPower*.py - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: packet-verification-low-power-pcaps - path: | - *.pcap - *.json - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() && env.CRASHED == '1' }} - with: - name: core-packet-verification-low-power - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-packet-verification-low-power - path: tmp/coverage.info - retention-days: 1 - - packet-verification-1-1-on-1-3: - runs-on: ubuntu-20.04 - env: - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 1 - PACKET_VERIFICATION: 1 - THREAD_VERSION: 1.3 - INTER_OP_BBR: 1 - MULTIPLY: 3 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib python3-setuptools python3-wheel ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: packet-verification-1.1-on-1.3-pcaps - path: | - *.pcap - *.json - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-packet-verification-1-1-on-1-3 - path: tmp/coverage.info - retention-days: 1 - - channel-manager-csl: - runs-on: ubuntu-20.04 - env: - CFLAGS: -m32 - CXXFLAGS: -m32 - LDFLAGS: -m32 - COVERAGE: 1 - THREAD_VERSION: 1.3 - VIRTUAL_TIME: 1 - INTER_OP: 1 - INTER_OP_BBR: 1 - ADDON_FEAT_1_2: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib lcov ninja-build python3-setuptools python3-wheel - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - OT_OPTIONS="-DOT_CHANNEL_MANAGER_CSL=ON" ./script/test build - - name: Run - run: | - ulimit -c unlimited - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py - ./script/test cert_suite ./tests/scripts/thread-cert/test_*.py - ./script/test cert_suite ./tests/scripts/thread-cert/v1_2_*.py - ./script/test cert_suite ./tests/scripts/thread-cert/addon_test_channel_manager_autocsl*.py - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: channel-manager-csl - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-channel-manager-csl - path: tmp/coverage.info - retention-days: 1 - - expects: - runs-on: ubuntu-20.04 - env: - COVERAGE: 1 - THREAD_VERSION: 1.3 - VIRTUAL_TIME: 0 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov socat - pip install bleak - - name: Run RCP Mode - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - OT_OPTIONS=-DOT_READLINE=OFF OT_NODE_TYPE=rcp ./script/test build expect - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() && env.CRASHED == '1' }} - with: - name: core-expect-1-3 - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-expects - path: tmp/coverage.info - retention-days: 1 - - thread-1-3-posix: - runs-on: ubuntu-20.04 - env: - COVERAGE: 1 - PYTHONUNBUFFERED: 1 - READLINE: readline - THREAD_VERSION: 1.3 - OT_NODE_TYPE: rcp - USE_MTD: 1 - VIRTUAL_TIME: 1 - INTER_OP: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y libreadline6-dev g++-multilib ninja-build python3-setuptools python3-wheel llvm lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Run - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - ./script/test cert tests/scripts/thread-cert/v1_2_LowPower_5_3_01_SSEDAttachment.py - ./script/test cert tests/scripts/thread-cert/v1_2_LowPower_6_1_07_PreferringARouterOverAReed.py - ./script/test cert tests/scripts/thread-cert/v1_2_router_5_1_1.py - ./script/test cert tests/scripts/thread-cert/v1_2_test_csl_transmission.py - ./script/test cert tests/scripts/thread-cert/v1_2_test_enhanced_frame_pending.py - ./script/test cert tests/scripts/thread-cert/v1_2_test_parent_selection.py - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() }} - with: - name: thread-1-3-posix-pcaps - path: "*.pcap" - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: ${{ failure() && env.CRASHED == '1' }} - with: - name: core-thread-1-3-posix - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-thread-1-3-posix - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - thread-1-3 - - packet-verification-low-power - - packet-verification-1-1-on-1-3 - - expects - - thread-1-3-posix - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/size.yml b/.github/workflows/size.yml deleted file mode 100644 index 98de9d756881..000000000000 --- a/.github/workflows/size.yml +++ /dev/null @@ -1,70 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Size - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - size-report: - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - - name: Run - env: - OT_BASE_BRANCH: "${{ github.base_ref }}" - SIZE_REPORT_URL: "https://openthread-size-report.glitch.me/size-report/1354027" - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - export PATH=$PATH:$HOME/.local/bin - if [ ${{ github.event_name }} == pull_request ]; then - curl -s --retry 5 "${SIZE_REPORT_URL}/bash" >size-report - chmod a+x size-report - export OT_SIZE_REPORTER=./size-report - fi - ./script/check-size - cat /tmp/ot-size-report/report_pr >> $GITHUB_STEP_SUMMARY diff --git a/.github/workflows/toranj.yml b/.github/workflows/toranj.yml deleted file mode 100644 index 1b6fd7204279..000000000000 --- a/.github/workflows/toranj.yml +++ /dev/null @@ -1,214 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Toranj - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - toranj-ncp: - name: toranj-ncp-${{ matrix.TORANJ_RADIO }} - runs-on: ubuntu-20.04 - strategy: - fail-fast: false - matrix: - TORANJ_RADIO: ['15.4'] - env: - COVERAGE: 1 - TORANJ_RADIO : ${{ matrix.TORANJ_RADIO }} - TORANJ_NCP : 1 - TORANJ_EVENT_NAME: ${{ github.event_name }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build & Run - run: | - top_builddir=$(pwd)/build/toranj ./tests/toranj/start.sh - - - toranj-cli: - name: toranj-cli-${{ matrix.TORANJ_RADIO }} - runs-on: ubuntu-20.04 - strategy: - matrix: - TORANJ_RADIO: ['15.4', 'trel', 'multi'] - env: - COVERAGE: 1 - TORANJ_RADIO : ${{ matrix.TORANJ_RADIO }} - TORANJ_CLI: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build & Run - run: | - top_builddir=$(pwd)/build/toranj ./tests/toranj/start.sh - - name: Generate Coverage - if: "matrix.TORANJ_RADIO != 'multi'" - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - if: "matrix.TORANJ_RADIO != 'multi'" - with: - name: cov-toranj-cli-${{ matrix.TORANJ_RADIO }} - path: tmp/coverage.info - retention-days: 1 - - toranj-unittest: - name: toranj-unittest - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - sudo dpkg --add-architecture i386 - sudo apt-get update - sudo apt-get --no-install-recommends install -y clang-10 clang++-10 ninja-build python3-setuptools python3-wheel llvm lcov - sudo apt-get --no-install-recommends install -y g++-multilib libreadline-dev:i386 libncurses-dev:i386 - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build & Run - run: | - ./tests/toranj/build.sh all - ninja test - # Validate posix builds with different radio configs - git clean -dfx - ./tests/toranj/build.sh ncp-15.4 - git clean -dfx - ./tests/toranj/build.sh ncp-trel - git clean -dfx - ./tests/toranj/build.sh ncp-15.4+trel - git clean -dfx - ./tests/toranj/build.sh posix-15.4 - git clean -dfx - ./tests/toranj/build.sh posix-15.4+trel - git clean -dfx - ./tests/toranj/build.sh posix-trel - git clean -dfx - ./tests/toranj/build.sh --enable-plat-key-ref all - - toranj-macos: - name: toranj-macos - runs-on: macos-14 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" - run: | - brew update - brew install ninja - - name: Build & Run - run: | - ./tests/toranj/build.sh posix-15.4 - - upload-coverage: - needs: - - toranj-cli - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml deleted file mode 100644 index 4185237c8038..000000000000 --- a/.github/workflows/unit.yml +++ /dev/null @@ -1,131 +0,0 @@ -# -# Copyright (c) 2023, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Unit - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - tcplp-buffering: - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Build - run: make -C third_party/tcplp/lib/test/ - - name: Run - run: third_party/tcplp/lib/test/test_all - - unit-tests: - runs-on: ubuntu-20.04 - env: - COVERAGE: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - - name: Build Simulation - run: ./script/cmake-build simulation - - name: Test Simulation - run: cd build/simulation && ninja test - - name: Build Multipan Simulation - run: ./script/cmake-build simulation -DOT_MULTIPAN_TEST=ON - - name: Test Multipan Simulation - run: cd build/simulation && ninja test - - name: Build POSIX - run: ./script/cmake-build posix - - name: Test POSIX - run: cd build/posix && ninja test - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 - with: - name: cov-unit-tests - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: unit-tests - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@c850b930e6ba138125429b7e5c93fc707a7f8427 # v4.1.4 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@5ecb98a3c6b747ed38dc09f787459979aebb39be # v4.3.1 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml deleted file mode 100644 index 16dc6370be4e..000000000000 --- a/.github/workflows/version.yml +++ /dev/null @@ -1,57 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: API Version - -on: - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - api-version: - runs-on: ubuntu-20.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@63c24ba6bd7ba022e95695ff85de572c04a18142 # v2.7.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@9bb56186c3b09b4f86b1c65136769dd318469633 # v4.1.2 - with: - submodules: true - - name: Check - run: | - script/check-api-version diff --git a/src/core/crypto/crypto_platform.cpp b/src/core/crypto/crypto_platform.cpp index 4865b08f1a5c..5eb066bf1c15 100644 --- a/src/core/crypto/crypto_platform.cpp +++ b/src/core/crypto/crypto_platform.cpp @@ -155,6 +155,7 @@ OT_TOOL_WEAK otError otPlatCryptoHmacSha256Init(otCryptoContext *aContext) Error error = kErrorNone; const mbedtls_md_info_t *mdInfo = nullptr; mbedtls_md_context_t *context; + int res = 0; VerifyOrExit(aContext != nullptr, error = kErrorInvalidArgs); VerifyOrExit(aContext->mContextSize >= sizeof(mbedtls_md_context_t), error = kErrorFailed); @@ -162,8 +163,20 @@ OT_TOOL_WEAK otError otPlatCryptoHmacSha256Init(otCryptoContext *aContext) context = static_cast(aContext->mContext); mbedtls_md_init(context); mdInfo = mbedtls_md_info_from_type(MBEDTLS_MD_SHA256); - VerifyOrExit((mbedtls_md_setup(context, mdInfo, 1) == 0), error = kErrorFailed); + res = mbedtls_md_setup(context, mdInfo, 1); + + if (res == MBEDTLS_ERR_MD_ALLOC_FAILED) + { + OT_ASSERT(false); + } + + if (res == MBEDTLS_ERR_MD_BAD_INPUT_DATA) + { + OT_ASSERT(false); + } + + VerifyOrExit(res == 0, error = kErrorFailed); exit: return error; } diff --git a/tests/fuzz/cli_received.cpp b/tests/fuzz/cli_received.cpp index a8a2a10e3f69..aeb3750ecfb7 100644 --- a/tests/fuzz/cli_received.cpp +++ b/tests/fuzz/cli_received.cpp @@ -30,6 +30,7 @@ #include #include #include +#include #include #include @@ -44,6 +45,11 @@ #include "common/code_utils.hpp" #include "common/time.hpp" +int gAlloc = 0; + +extern "C" void *otPlatCAlloc(size_t aNum, size_t aSize) { gAlloc++; return calloc(aNum, aSize); } +extern "C" void otPlatFree(void *aPtr) { gAlloc--; free(aPtr); } + static int CliOutput(void *aContext, const char *aFormat, va_list aArguments) { OT_UNUSED_VARIABLE(aContext); @@ -110,5 +116,29 @@ extern "C" int LLVMFuzzerTestOneInput(const uint8_t *data, size_t size) otInstanceFinalize(instance); } + if (gAlloc) + { + if (gAlloc == 4) + { + assert(false); + } + else if (gAlloc == 3) + { + assert(false); + } + else if (gAlloc == 2) + { + assert (false); + } + else if (gAlloc == 1) + { + assert(false); + } + else + { + assert(false); + } + } + return 0; } diff --git a/tests/fuzz/ip6_send.cpp b/tests/fuzz/ip6_send.cpp index ef366a0a5eda..e84d92a31b53 100644 --- a/tests/fuzz/ip6_send.cpp +++ b/tests/fuzz/ip6_send.cpp @@ -42,6 +42,11 @@ #include "common/code_utils.hpp" #include "common/time.hpp" + +extern "C" void *otPlatCAlloc(size_t aNum, size_t aSize) { return calloc(aNum, aSize); } +extern "C" void otPlatFree(void *aPtr) { free(aPtr); } + + void AdvanceTime(otInstance *aInstance, uint32_t aDuration) { uint32_t time = otPlatAlarmMilliGetNow() + aDuration; diff --git a/tests/fuzz/ncp_hdlc_received.cpp b/tests/fuzz/ncp_hdlc_received.cpp index 8afb417eaaff..fa097636d405 100644 --- a/tests/fuzz/ncp_hdlc_received.cpp +++ b/tests/fuzz/ncp_hdlc_received.cpp @@ -43,6 +43,11 @@ #include "common/code_utils.hpp" #include "common/time.hpp" + +extern "C" void *otPlatCAlloc(size_t aNum, size_t aSize) { return calloc(aNum, aSize); } +extern "C" void otPlatFree(void *aPtr) { free(aPtr); } + + static int HdlcSend(const uint8_t *aBuf, uint16_t aBufLength) { OT_UNUSED_VARIABLE(aBuf); diff --git a/tests/fuzz/oss-fuzz-build b/tests/fuzz/oss-fuzz-build index 9a511b5ba464..ff39dd5de358 100755 --- a/tests/fuzz/oss-fuzz-build +++ b/tests/fuzz/oss-fuzz-build @@ -56,6 +56,7 @@ set -euxo pipefail -DOT_DHCP6_SERVER=ON \ -DOT_DNS_CLIENT=ON \ -DOT_ECDSA=ON \ + -DOT_EXTERNAL_HEAP=ON \ -DOT_HISTORY_TRACKER=ON \ -DOT_IP6_FRAGM=ON \ -DOT_JAM_DETECTION=ON \ diff --git a/tests/fuzz/radio_receive_done.cpp b/tests/fuzz/radio_receive_done.cpp index 04399cd6f9fb..9b2030e0f1a9 100644 --- a/tests/fuzz/radio_receive_done.cpp +++ b/tests/fuzz/radio_receive_done.cpp @@ -42,6 +42,11 @@ #include "common/code_utils.hpp" #include "common/time.hpp" + +extern "C" void *otPlatCAlloc(size_t aNum, size_t aSize) { return calloc(aNum, aSize); } +extern "C" void otPlatFree(void *aPtr) { free(aPtr); } + + void AdvanceTime(otInstance *aInstance, uint32_t aDuration) { uint32_t time = otPlatAlarmMilliGetNow() + aDuration;