Fix Release workflow (#301)

* fix(workflows/release): Sync actions/upload-artifact and actions/download-artifact versions (v3)

* fix(workflows/codacy-analysis): Bump codacy/codacy-analysis-cli-action to v4 and upload-sarif to v2

* fix(workflows/integration): Remove unecessary rustup installation

* Run select Codacy tool in parallel

Author: fuzzypixelz

.github/workflows/codacy-analysis.yml

@@ -10,37 +10,50 @@ name: Codacy Security Scan
 
 on:
   push:
-    branches: [ '**' ]
+    branches: ["**"]
   pull_request:
-    branches: [ '**' ]
+    branches: ["**"]
+  workflow_dispatch:
 
 jobs:
   codacy-security-scan:
     name: Codacy Security Scan
     runs-on: ubuntu-latest
+    strategy:
+      matrix:
+        # List of Codacy-supported tools: https://docs.codacy.com/repositories-configure/codacy-configuration-file/#which-tools-can-be-configured-and-which-name-should-i-use%20%20tool-timeout:
+        tool: [
+            cppcheck, # static analysis of C/C++ code
+            flawfinder, # a static analysis tool for finding vulnerabilities in C/C++ source code
+            pmd, # includes CPD, the copy-paste-detector. CPD finds duplicated code in C/C++, etc
+            markdownlint, # A Node.js style checker and lint tool for Markdown/CommonMark files
+            shellcheck, # a static analysis tool for shell scripts
+            pylintpython3, # a static code analyser for Python 3
+          ]
     steps:
       # Checkout the repository to the GitHub Actions runner
       - name: Checkout code
         uses: actions/checkout@v4
 
       # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis
       - name: Run Codacy Analysis CLI
-        uses: codacy/codacy-analysis-cli-action@1.1.0
+        uses: codacy/codacy-analysis-cli-action@master
         with:
           # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository
           # You can also omit the token and run the tools that support default configurations
           project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}
           verbose: true
-          output: results.sarif
+          output: results-${{ matrix.tool }}.sarif
           format: sarif
           # Adjust severity of non-security issues
           gh-code-scanning-compat: true
           # Force 0 exit code to allow SARIF file generation
           # This will handover control about PR rejection to the GitHub side
           max-allowed-issues: 2147483647
+          tool: cppcheck
 
       # Upload the SARIF file generated in the previous step
       - name: Upload SARIF results file
-        uses: github/codeql-action/upload-sarif@v1
+        uses: github/codeql-action/upload-sarif@v2
         with:
-          sarif_file: results.sarif
+          sarif_file: results-${{ matrix.tool }}.sarif

.github/workflows/integration.yaml

@@ -15,31 +15,24 @@ name: integration
 
 on:
   push:
-    branches: [ '**' ]
+    branches: ["**"]
   pull_request:
-    branches: [ '**' ]
+    branches: ["**"]
   schedule:
-    - cron: '0 6 * * 1-5'
+    - cron: "0 6 * * 1-5"
 
 jobs:
   build:
-
     name: Build on ${{ matrix.os }}
     runs-on: ${{ matrix.os }}
     strategy:
       fail-fast: false
       matrix:
-        os: [ ubuntu-latest, macOS-latest ]
+        os: [ubuntu-latest, macOS-latest]
 
     steps:
-      - uses: actions/checkout@v4
-
-      - name: Install latest stable
-        uses: actions-rs/[email protected]
-        with:
-          toolchain: stable
-          override: true
-          components: rustfmt, clippy
+      - name: Clone this repository
+        uses: actions/checkout@v4
 
       - name: Compile debug
         run: make all
@@ -52,8 +45,8 @@ jobs:
       - name: Test debug
         run: make test
         env:
-          BUILD_TYPE: Debug     # Workaround for Windows as it seems the previous step is being ignored
-          BUILD_TESTING: OFF    # Workaround for Windows as it seems the previous step is being ignored
-          BUILD_MULTICAST: OFF  # Workaround for Windows as it seems the previous step is being ignored
+          BUILD_TYPE: Debug # Workaround for Windows as it seems the previous step is being ignored
+          BUILD_TESTING: OFF # Workaround for Windows as it seems the previous step is being ignored
+          BUILD_MULTICAST: OFF # Workaround for Windows as it seems the previous step is being ignored
           BUILD_INTEGRATION: ON # Workaround for Windows as it seems the previous step is being ignored
           ZENOH_BRANCH: master

.github/workflows/release.yml

@@ -25,7 +25,9 @@ jobs:
     name: Preparation
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Clone this repository
+        uses: actions/checkout@v4
+
       - name: Environment setup
         id: env
         shell: bash
@@ -34,32 +36,32 @@ jobs:
           echo "GITHUB_SHA=${GITHUB_SHA:0:8}"
           GIT_BRANCH=`[[ $GITHUB_REF =~ ^refs/heads/.* ]] && echo ${GITHUB_REF/refs\/heads\//} || true`
           echo "GIT_BRANCH=${GIT_BRANCH}"
-          echo ::set-output name=GIT_BRANCH::"${GIT_BRANCH}"
+          echo "GIT_BRANCH=${GIT_BRANCH}" >> $GITHUB_OUTPUT
           GIT_TAG=`[[ $GITHUB_REF =~ ^refs/tags/.* ]] && echo ${GITHUB_REF/refs\/tags\//} || true`
           echo "GIT_TAG=${GIT_TAG}"
-          echo ::set-output name=GIT_TAG::"${GIT_TAG}"
+          echo "GIT_TAG=${GIT_TAG}" >> $GITHUB_OUTPUT
 
           ZENOH_VERSION=$(sed -n 's/^project(libzenohpico VERSION \(.*\) LANGUAGES C)/\1/p' CMakeLists.txt | head -n1)
           echo "ZENOH_VERSION=${ZENOH_VERSION}"
-          echo ::set-output name=ZENOH_VERSION::"${ZENOH_VERSION}"
+          echo "ZENOH_VERSION=${ZENOH_VERSION}" >> $GITHUB_OUTPUT
           if [ -n "${GIT_TAG}" ]; then
             IS_RELEASE="true"
             echo "IS_RELEASE=${IS_RELEASE}"
-            echo ::set-output name=IS_RELEASE::"${IS_RELEASE}"
+            echo "IS_RELEASE=${IS_RELEASE}" >> $GITHUB_OUTPUT
             PKG_VERSION=${GIT_TAG}
           elif [ -n "${GIT_BRANCH}" ]; then
             PKG_VERSION=${GIT_BRANCH}-${GITHUB_SHA:0:8}
           else
             PKG_VERSION=${ZENOH_VERSION}-${GITHUB_SHA:0:8}
           fi
           echo "PKG_VERSION=${PKG_VERSION}"
-          echo ::set-output name=PKG_VERSION::"${PKG_VERSION}"
+          echo "PKG_VERSION=${PKG_VERSION}" >> $GITHUB_OUTPUT
 
           CROSSBUILD_TARGETS=$(sed -n 's/^CROSSBUILD_TARGETS=\(.*\)/\1/p' GNUmakefile | head -n1)
           echo "CROSSBUILD_TARGETS=$CROSSBUILD_TARGETS"
           TARGET_MATRIX="{\"target\": [\"${CROSSBUILD_TARGETS// /\",\"}\"]}"
           echo "TARGET_MATRIX=$TARGET_MATRIX"
-          echo ::set-output name=TARGET_MATRIX::"${TARGET_MATRIX}"
+          echo "TARGET_MATRIX=$TARGET_MATRIX" >> $GITHUB_OUTPUT
     outputs:
       GIT_BRANCH: ${{ steps.env.outputs.GIT_BRANCH }}
       GIT_TAG: ${{ steps.env.outputs.GIT_TAG }}
@@ -73,11 +75,14 @@ jobs:
     needs: preps
     runs-on: macos-latest
     steps:
-      - uses: actions/checkout@v4
+      - name: Clone this repository
+        uses: actions/checkout@v4
+
       - name: MacOS build
         run: make
         env:
           BUILD_TYPE: RELEASE
+
       - name: Packaging
         id: package
         shell: bash
@@ -86,14 +91,15 @@ jobs:
           echo "Packaging ${LIB_PKG_NAME}:"
           cd build && zip -r ${LIB_PKG_NAME} lib && cd -
           zip -r ${LIB_PKG_NAME} include
-          echo ::set-output name=LIB_PKG_NAME::"${LIB_PKG_NAME}"
+          echo "LIB_PKG_NAME=${LIB_PKG_NAME}" >> $GITHUB_OUTPUT
 
           EXP_PKG_NAME=${PWD}/zenoh-pico-${{ needs.preps.outputs.PKG_VERSION }}-macos-x64-examples.zip
           echo "Packaging ${EXP_PKG_NAME}:"
           cd build/examples && zip ${EXP_PKG_NAME} * && cd -
-          echo ::set-output name=EXP_PKG_NAME::"${EXP_PKG_NAME}"
+          echo "EXP_PKG_NAME=${EXP_PKG_NAME}" >> $GITHUB_OUTPUT
+
       - name: "Upload x86_64 macos package"
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@v3
         with:
           name: macos-x64
           path: |
@@ -108,11 +114,14 @@ jobs:
       fail-fast: false
       matrix: ${{fromJson(needs.preps.outputs.TARGET_MATRIX)}}
     steps:
-      - uses: actions/checkout@v4
+      - name: Clone this repository
+        uses: actions/checkout@v4
+
       - name: make for ${{ matrix.target }}
         env:
           BUILD_TYPE: RELEASE
         run: make ${{ matrix.target }}
+
       - name: Packaging
         id: package
         shell: bash
@@ -126,22 +135,23 @@ jobs:
           echo "Packaging ${LIB_PKG_NAME}:"
           cd crossbuilds/${TARGET} && zip -r ${LIB_PKG_NAME} lib && cd -
           zip -r ${LIB_PKG_NAME} include
-          echo ::set-output name=LIB_PKG_NAME::"${LIB_PKG_NAME}"
+          echo "LIB_PKG_NAME=${LIB_PKG_NAME}" >> $GITHUB_OUTPUT
 
           cd crossbuilds/${TARGET}/packages
           echo "Packaging ${DEB_PKG_NAME}:"
           zip ${DEB_PKG_NAME} *.deb
-          echo ::set-output name=DEB_PKG_NAME::"${DEB_PKG_NAME}"
+          echo "DEB_PKG_NAME=${DEB_PKG_NAME}" >> $GITHUB_OUTPUT
           echo "Packaging ${RPM_PKG_NAME}:"
           zip ${RPM_PKG_NAME} *.rpm
-          echo ::set-output name=RPM_PKG_NAME::"${RPM_PKG_NAME}"
+          echo "RPM_PKG_NAME=${RPM_PKG_NAME}" >> $GITHUB_OUTPUT
           cd -
 
           echo "Packaging ${EXP_PKG_NAME}:"
           cd crossbuilds/${TARGET}/examples && zip ${EXP_PKG_NAME} * && cd -
-          echo ::set-output name=EXP_PKG_NAME::"${EXP_PKG_NAME}"
+          echo "EXP_PKG_NAME=${EXP_PKG_NAME}" >> $GITHUB_OUTPUT
+
       - name: "Upload packages"
-        uses: actions/upload-artifact@master
+        uses: actions/upload-artifact@v3
         with:
           name: ${{ matrix.target }}
           path: |
@@ -157,13 +167,15 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Download result of previous builds
-        uses: actions/download-artifact@v2
+        uses: actions/download-artifact@v3
         with:
           path: ARTIFACTS
+
       - name: Publish as github release
         uses: softprops/action-gh-release@v1
         with:
           files: ARTIFACTS/*/*.*
+
       - name: Publish to download.eclipse.org/zenoh
         env:
           SSH_TARGET: [email protected]

tests/api.sh

@@ -34,6 +34,7 @@ if [ ! -f zenohd ]; then
     if [ -n "$ZENOH_BRANCH" ]; then
         git switch "$ZENOH_BRANCH"
     fi
+    rustup show
     cargo build --lib --bin zenohd
     cp ./target/debug/zenohd "$TESTDIR"/
     cd "$TESTDIR"|| exit

tests/routed.sh

@@ -34,6 +34,7 @@ if [ ! -f zenohd ]; then
     if [ -n "$ZENOH_BRANCH" ]; then
         git switch "$ZENOH_BRANCH"
     fi
+    rustup show
     cargo build --lib --bin zenohd
     cp ./target/debug/zenohd "$TESTDIR"/
     cd "$TESTDIR" || exit