Skip to content

Force use of TLS 1.3 in OpenSSL demos #2185

Force use of TLS 1.3 in OpenSSL demos

Force use of TLS 1.3 in OpenSSL demos #2185

Workflow file for this run

name: CI Checks
on:
push:
branches: ["**"]
pull_request:
branches: [main]
workflow_dispatch:
jobs:
build-check-demos:
runs-on: ubuntu-20.04
steps:
- name: Clone This Repo
uses: actions/checkout@v2
with:
submodules: recursive
- name: Configure CMake build
run: |
sudo apt-get install -y libmosquitto-dev
curl https://cmake.org/files/v3.2/cmake-3.2.0-Linux-x86_64.tar.gz -o cmake.tar.gz
tar -xf cmake.tar.gz
mkdir build && cd build
../cmake-3.2.0-Linux-x86_64/bin/cmake .. \
-G "Unix Makefiles" \
-DBUILD_DEMOS=1 \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_FLAGS='-Wall -Wextra -Werror' \
-DAWS_IOT_ENDPOINT="aws-iot-endpoint" \
-DBROKER_ENDPOINT="broker-endpoint" \
-DCLIENT_CERT_PATH="cert/path" \
-DROOT_CA_CERT_PATH="cert/path" \
-DCLIENT_PRIVATE_KEY_PATH="key/path" \
-DCLIENT_IDENTIFIER="ci-identifier" \
-DTHING_NAME="thing-name" \
-DS3_PRESIGNED_GET_URL="get-url" \
-DS3_PRESIGNED_PUT_URL="put-url" \
-DCLAIM_CERT_PATH="cert/path" \
-DCLAIM_PRIVATE_KEY_PATH="key/path" \
-DPROVISIONING_TEMPLATE_NAME="template-name" \
-DDEVICE_SERIAL_NUMBER="00000" \
-DCSR_SUBJECT_NAME="CN=Fleet Provisioning Demo" \
-DGREENGRASS_ADDRESS="greengrass-address"
- name: Build Demos
run: |
make -C build/ help | grep demo | tr -d '. ' | xargs make -C build/
make -C demos/jobs/jobs_demo_mosquitto
build-check-demos-cpp:
runs-on: ubuntu-20.04
steps:
- name: Clone This Repo
uses: actions/checkout@v2
with:
submodules: recursive
- name: Rename source files
run: |
for demo in mqtt http shadow defender pkcs11 fleet_provisioning
do
for source in demos/$demo/*/*.c
do
mv -- "$source" "${source%.c}.cpp"
done
done
- name: Configure CMake build
run: |
sudo apt-get install -y libmosquitto-dev
curl https://cmake.org/files/v3.2/cmake-3.2.0-Linux-x86_64.tar.gz -o cmake.tar.gz
tar -xf cmake.tar.gz
mkdir build && cd build
../cmake-3.2.0-Linux-x86_64/bin/cmake .. \
-G "Unix Makefiles" \
-DBUILD_DEMOS=1 \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_FLAGS='-Wall -Wextra' \
-DAWS_IOT_ENDPOINT="aws-iot-endpoint" \
-DBROKER_ENDPOINT="broker-endpoint" \
-DCLIENT_CERT_PATH="cert/path" \
-DROOT_CA_CERT_PATH="cert/path" \
-DCLIENT_PRIVATE_KEY_PATH="key/path" \
-DCLIENT_IDENTIFIER="ci-identifier" \
-DTHING_NAME="thing-name" \
-DS3_PRESIGNED_GET_URL="get-url" \
-DS3_PRESIGNED_PUT_URL="put-url" \
-DCLAIM_CERT_PATH="cert/path" \
-DCLAIM_PRIVATE_KEY_PATH="key/path" \
-DPROVISIONING_TEMPLATE_NAME="template-name" \
-DDEVICE_SERIAL_NUMBER="00000" \
-DCSR_SUBJECT_NAME="CN=Fleet Provisioning Demo" \
-DGREENGRASS_ADDRESS="greengrass-address"
- name: Build Demos
run: |
make -C build/ help | grep demo | tr -d '. ' | xargs make -C build/
build-check-install:
runs-on: ubuntu-20.04
steps:
- name: Clone This Repo
uses: actions/checkout@v2
with:
submodules: recursive
- name: Configure CMake for installation of shared libraries at custom location
run: |
curl https://cmake.org/files/v3.2/cmake-3.2.0-Linux-x86_64.tar.gz -o cmake.tar.gz
tar -xf cmake.tar.gz
mkdir build && cd build
../cmake-3.2.0-Linux-x86_64/bin/cmake .. \
-DBUILD_DEMOS=0 \
-DCSDK_HEADER_INSTALL_PATH="$PWD/../shared-libs-headers-install-dir" -DCSDK_LIB_INSTALL_PATH="$PWD/../shared-libs-install-dir"
- name: Install shared libraries and verify custom install location
run: |
cd build && sudo make install
while IFS="" read -r p || [ -n "$p" ]
do
if [[ $p != "$PWD/../shared-libs-headers-install-dir"* ]] && [[ $p != "$PWD/../shared-libs-install-dir"* ]]; then
exit 1
fi
# Each line of install_manifest.txt contains the location of an installed library or header
done <install_manifest.txt
# Uninstall and reset build.
sudo xargs rm < install_manifest.txt || echo "transport_interface.h is installed twice because of duplicate copies in spoke repos."
rm -rf *
- name: Configure CMake for installation of static libraries at custom location
run: |
cd build
../cmake-3.2.0-Linux-x86_64/bin/cmake .. \
-DBUILD_SHARED_LIBRARIES=OFF \
-DBUILD_DEMOS=0 \
-DCSDK_HEADER_INSTALL_PATH="$PWD/../static-libs-headers-install-dir" -DCSDK_LIB_INSTALL_PATH="$PWD/../static-libs-install-dir"
- name: Install static libraries and verify custom install location
run: |
cd build && sudo make install
while IFS="" read -r p || [ -n "$p" ]
do
if [[ $p != "$PWD/../static-libs-headers-install-dir"* ]] && [[ $p != "$PWD/../static-libs-install-dir"* ]]; then
exit 1
fi
# Each line of install_manifest.txt contains the location of an installed library or header
done <install_manifest.txt
# Uninstall and reset build.
sudo xargs rm < install_manifest.txt || echo "transport_interface.h is installed twice because of duplicate copies in spoke repos."
rm -rf *
- name: Configure CMake build for system install location and selective installation
run: |
cd build
../cmake-3.2.0-Linux-x86_64/bin/cmake .. \
-DBUILD_DEMOS=0 -DBUILD_TESTS=0 -DINSTALL_TO_SYSTEM=1 \
-DINSTALL_LIBS="SHADOW;DEFENDER" -DINSTALL_PLATFORM_ABSTRACTIONS=0
- name: Install selected libraries and verify default system installation path is used
run: |
cd build && sudo make install
while IFS="" read -r p || [ -n "$p" ]
do
if [[ $p != "/usr/local/include"* ]] && [[ $p != "/usr/local/lib"* ]]; then
exit 1
fi
# Each line of install_manifest.txt contains the location of an installed library or header
done <install_manifest.txt
- name: Verify filenames from selective build
run: |
cd build
while IFS="" read -r p || [ -n "$p" ]
do
if [[ $p != *"shadow"* ]] && [[ $p != *"defender"* ]]; then
exit 1
fi
# Each line of install_manifest.txt contains the location of an installed library or header
done <install_manifest.txt
complexity:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Setup
run: sudo apt-get install complexity
- name: Check Complexity
run: |
find platform/ \( -iname '*.c' ! -wholename '*test*' \) |\
xargs complexity --scores --threshold=0 --horrid-threshold=8
spell-check:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Install spell
run: |
sudo apt-get install -y spell util-linux
- name: Check Spelling
run: |
PATH=$PATH:$PWD/tools/spell
for lexfile in `find platform/ demos/ integration-test/ docs/ -name lexicon.txt`
do dir=${lexfile%/lexicon.txt}
echo $dir
find-unknown-comment-words --directory $dir
if [ $? -ne "0" ]
then
exit 1
fi
done
formatting:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
- name: Install Uncrustify
run: sudo apt-get install uncrustify
- name: Check Formatting With Uncrustify
run: find . -iname "*.[hc]" -exec uncrustify --check -c tools/uncrustify.cfg {} +
- name: Check For Trailing Whitespace
run: |
set +e
grep --exclude="README.md" -rnI -e "[[:blank:]]$" .
if [ "$?" = "0" ]; then
echo "Files have trailing whitespace."
exit 1
else
exit 0
fi
- name: Check for CRLF
run: |
set +e
find . -path ./.git -prune -o -exec file {} + | grep "CRLF"
if [ "$?" = "0" ]; then
echo "Files have CRLF line endings."
exit 1
else
exit 0
fi
doxygen:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
with:
submodules: recursive
- name: Install Doxygen
run: |
wget -qO- "https://sourceforge.net/projects/doxygen/files/rel-1.9.6/doxygen-1.9.6.linux.bin.tar.gz/download" | sudo tar --strip-components=1 -xz -C /usr/local
sudo apt-get install -y libclang-11-dev libclang-cpp11 graphviz
- name: Install Python3
uses: actions/setup-python@v2
with:
python-version: '3.11.0'
- name: Generate doxygen output
run: |
if [[ "$GITHUB_REF" == "refs/heads/main" ]]; then
echo 'Generate ZIP artifact of doxygen output'
python3 tools/doxygen/generate_docs.py --root . --zip
else
python3 tools/doxygen/generate_docs.py --root .
fi
- name: Upload doxygen artifact if main branch
if: success() && github.ref == 'refs/heads/main'
uses: actions/upload-artifact@v4
with:
name: doxygen.zip
path: ./doxygen.zip
retention-days: 2
git-secrets:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
submodules: recursive
- name: Checkout awslabs/git-secrets
uses: actions/checkout@v2
with:
repository: awslabs/git-secrets
ref: master
path: git-secrets
- name: Install git-secrets
run: cd git-secrets && sudo make install && cd ..
- name: Run git-secrets
run: |
git-secrets --register-aws
git-secrets --scan
link-verifier:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
submodules: recursive
- name: Setup Python for link verifier action
uses: actions/setup-python@v2
with:
python-version: '3.7.10'
- name: Check Links
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
uses: FreeRTOS/CI-CD-GitHub-Actions/link-verifier@main
with:
path: ./
exclude-dirs: cmock,unity,cbmc,third-party,3rdparty,libmosquitto,libraries
include-file-types: .c,.h,.dox
allowlist-file: ./.github/links_allowlist.txt
verify-manifest:
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
with:
submodules: recursive
- name: Setup Python for manifest.yml verifier action
uses: actions/setup-python@v2
with:
python-version: '3.x'
- name: Verify manifest.yml
uses: FreeRTOS/CI-CD-GitHub-Actions/manifest-verifier@main
with:
path: ./
exclude-submodules: libraries/3rdparty/CMock,libraries/3rdparty/mbedtls,libraries/3rdparty/tinycbor,demos/jobs/jobs_demo_mosquitto/libmosquitto
fail-on-incorrect-version: true