Run Facebook Infer on PRs with GitHub Actions
parent
e25d43d0b7
commit
3e08fd8558
|
@ -0,0 +1,126 @@
|
|||
name: Common Linux test logic
|
||||
|
||||
on:
|
||||
workflow_call:
|
||||
inputs:
|
||||
os:
|
||||
required: true
|
||||
type: string
|
||||
jdk_distro:
|
||||
required: true
|
||||
type: string
|
||||
jdk_version:
|
||||
required: true
|
||||
type: string
|
||||
wolfssl_configure:
|
||||
required: true
|
||||
type: string
|
||||
|
||||
jobs:
|
||||
build_wolfcryptjni:
|
||||
runs-on: ${{ inputs.os }}
|
||||
steps:
|
||||
- uses: actions/checkout@v4
|
||||
|
||||
# Download Facebook Infer
|
||||
- name: Download Infer
|
||||
run: wget https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz
|
||||
- name: Extract Infer
|
||||
run: tar -xvf infer-linux64-v1.1.0.tar.xz
|
||||
- name: Symlink Infer
|
||||
run: ln -s "$GITHUB_WORKSPACE/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer
|
||||
- name: Test Infer get version
|
||||
run: infer --version
|
||||
|
||||
# Download Junit JARs
|
||||
- name: Download junit-4.13.2.jar
|
||||
run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
|
||||
- name: Download hamcrest-all-1.3.jar
|
||||
run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar
|
||||
|
||||
# Build native wolfSSL
|
||||
- name: Build native wolfSSL
|
||||
uses: wolfSSL/actions-build-autotools-project@v1
|
||||
with:
|
||||
repository: wolfSSL/wolfssl
|
||||
ref: master
|
||||
path: wolfssl
|
||||
configure: ${{ inputs.wolfssl_configure }}
|
||||
check: false
|
||||
install: true
|
||||
|
||||
# Setup Java
|
||||
- name: Setup java
|
||||
uses: actions/setup-java@v4
|
||||
with:
|
||||
distribution: ${{ inputs.jdk_distro }}
|
||||
java-version: ${{ inputs.jdk_version }}
|
||||
|
||||
- name: Set JUNIT_HOME
|
||||
run: |
|
||||
echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV"
|
||||
- name: Set LD_LIBRARY_PATH
|
||||
run: |
|
||||
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV"
|
||||
|
||||
# Only copy appropriate makefile for platform currently being tested
|
||||
- name: Copy makefile
|
||||
run: |
|
||||
if [ "$RUNNER_OS" == "Linux" ]; then
|
||||
cp makefile.linux makefile
|
||||
elif [ "$RUNNER_OS" == "macOS" ]; then
|
||||
cp makefile.macosx makefile
|
||||
else
|
||||
echo "$RUNNER_OS not supported"
|
||||
exit 1
|
||||
fi
|
||||
shell: bash
|
||||
|
||||
- name: Build JNI library
|
||||
run: PREFIX=$GITHUB_WORKSPACE/build-dir make
|
||||
|
||||
# ant build-jni-debug
|
||||
- name: Build jce-debug JAR (ant build-jni-debug)
|
||||
run: ant build-jni-debug
|
||||
- name: Run Java tests (ant test)
|
||||
run: ant test
|
||||
- name: Clean JAR
|
||||
run: ant clean
|
||||
|
||||
# ant build-jni-release
|
||||
- name: Build jce-debug JAR (ant build-jni-release)
|
||||
run: ant build-jni-release
|
||||
- name: Run Java tests (ant test)
|
||||
run: ant test
|
||||
- name: Clean JAR
|
||||
run: ant clean
|
||||
|
||||
# ant build-jce-debug
|
||||
- name: Build jce-debug JAR (ant build-jce-debug)
|
||||
run: ant build-jce-debug
|
||||
- name: Run Java tests (ant test)
|
||||
run: ant test
|
||||
- name: Clean JAR
|
||||
run: ant clean
|
||||
|
||||
# ant build-jce-release
|
||||
- name: Build jce-debug JAR (ant build-jce-release)
|
||||
run: ant build-jce-release
|
||||
- name: Run Java tests (ant test)
|
||||
run: ant test
|
||||
- name: Clean JAR
|
||||
run: ant clean
|
||||
|
||||
- name: Show logs on failure
|
||||
if: failure() || cancelled()
|
||||
run: |
|
||||
cat build/reports/*.txt
|
||||
|
||||
# Run Facebook Infer
|
||||
- name: Run Facebook Infer
|
||||
run: ./scripts/infer.sh
|
||||
|
||||
- name: Shows Infer report on failure
|
||||
if: failure()
|
||||
run: cat infer-out/report.txt
|
||||
|
|
@ -100,3 +100,21 @@ jobs:
|
|||
jdk_distro: "zulu"
|
||||
jdk_version: ${{ matrix.jdk_version }}
|
||||
wolfssl_configure: ${{ matrix.wolfssl_configure }}
|
||||
|
||||
# ------------------ Facebook Infer static analysis -------------------
|
||||
# Run Facebook infer over PR code, only running on Linux with one
|
||||
# JDK/version for now.
|
||||
fb-infer:
|
||||
strategy:
|
||||
matrix:
|
||||
os: [ 'ubuntu-latest' ]
|
||||
jdk_version: [ '11' ]
|
||||
wolfssl_configure: [ '--enable-jni --enable-all' ]
|
||||
name: Facebook Infer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure }})
|
||||
uses: ./.github/workflows/infer.yml
|
||||
with:
|
||||
os: ${{ matrix.os }}
|
||||
jdk_distro: "zulu"
|
||||
jdk_version: ${{ matrix.jdk_version }}
|
||||
wolfssl_configure: ${{ matrix.wolfssl_configure }}
|
||||
|
||||
|
|
|
@ -25,6 +25,9 @@ IDE/WIN/DLL Debug FIPS
|
|||
IDE/WIN/DLL Release
|
||||
IDE/WIN/DLL Release FIPS
|
||||
|
||||
# infer RacerD
|
||||
infer-out/
|
||||
|
||||
# Maven output directory
|
||||
target/
|
||||
|
||||
|
|
|
@ -13,10 +13,25 @@
|
|||
# $ cd wolfcryptjni
|
||||
# $ ./scripts/infer.sh
|
||||
#
|
||||
# wolfSSL Inc, May 2023
|
||||
# By default the generated output and logs from Infer will be deleted. To keep
|
||||
# them, pass 'keep' to the script:
|
||||
#
|
||||
# $ ./scripts/infer.sh keep
|
||||
#
|
||||
# wolfSSL Inc, April 2024
|
||||
|
||||
infer run -- javac \
|
||||
|
||||
# These variables may be overridden on the command line.
|
||||
KEEP="${KEEP:-no}"
|
||||
|
||||
while [ "$1" ]; do
|
||||
if [ "$1" = 'keep' ]; then
|
||||
KEEP='yes';
|
||||
fi
|
||||
shift
|
||||
done
|
||||
|
||||
infer --fail-on-issue run -- javac \
|
||||
src/main/java/com/wolfssl/wolfcrypt/Aes.java \
|
||||
src/main/java/com/wolfssl/wolfcrypt/AesGcm.java \
|
||||
src/main/java/com/wolfssl/wolfcrypt/Asn.java \
|
||||
|
@ -64,9 +79,18 @@ infer run -- javac \
|
|||
src/main/java/com/wolfssl/provider/jce/WolfCryptSecretKeyFactory.java \
|
||||
src/main/java/com/wolfssl/provider/jce/WolfCryptSignature.java
|
||||
|
||||
RETVAL=$?
|
||||
|
||||
# remove compiled class files
|
||||
rm -r ./com
|
||||
|
||||
# remove infer out directory (comment this out to inspect logs if needed)
|
||||
if [ "$RETVAL" == '0' ] && [ "$KEEP" == 'no' ]; then
|
||||
rm -r ./infer-out
|
||||
fi
|
||||
|
||||
if [ "$RETVAL" == '2' ]; then
|
||||
# GitHub Actions expects return of 1 to mark step as failure
|
||||
exit 1
|
||||
fi
|
||||
|
||||
|
|
Loading…
Reference in New Issue