Run Facebook Infer on PRs with GitHub Actions

.github/workflows/infer.yml

@@ -0,0 +1,90 @@
+name: Facebook Infer static analysis
+
+on:
+  workflow_call:
+    inputs:
+      os:
+        required: true
+        type: string
+      jdk_distro:
+        required: true
+        type: string
+      jdk_version:
+        required: true
+        type: string
+      wolfssl_configure:
+        required: true
+        type: string
+
+jobs:
+  build_wolfssljni:
+    runs-on: ${{ inputs.os }}
+    steps:
+      - uses: actions/checkout@v4
+
+      # Download Facebook Infer
+      - name: Download Infer
+        run: wget https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz
+      - name: Extract Infer
+        run: tar -xvf infer-linux64-v1.1.0.tar.xz
+      - name: Symlink Infer
+        run: ln -s "$GITHUB_WORKSPACE/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer
+      - name: Test Infer get version
+        run: infer --version
+
+      # Download Junit JARs
+      - name: Download junit-4.13.2.jar
+        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
+      - name: Download hamcrest-all-1.3.jar
+        run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar
+
+      # Build native wolfSSL
+      - name: Build native wolfSSL
+        uses: wolfSSL/actions-build-autotools-project@v1
+        with:
+          repository: wolfSSL/wolfssl
+          ref: master
+          path: wolfssl
+          configure: ${{ inputs.wolfssl_configure }}
+          check: false
+          install: true
+
+      # Setup Java
+      - name: Setup java
+        uses: actions/setup-java@v4
+        with:
+          distribution: ${{ inputs.jdk_distro }}
+          java-version: ${{ inputs.jdk_version }}
+
+      - name: Set JUNIT_HOME
+        run: |
+          echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV"
+      - name: Set LD_LIBRARY_PATH
+        run: |
+          echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV"
+
+      # Build wolfssljni JNI library (libwolfssljni.so)
+      - name: Build JNI library
+        run: ./java.sh $GITHUB_WORKSPACE/build-dir
+
+      # Build wolfssljni JAR (wolfssljni.jar)
+      - name: Build JAR (ant)
+        run: ant
+
+      # Run ant tests
+      - name: Run Java tests (ant test)
+        run: ant test
+
+      - name: Show logs on failure
+        if: failure() || cancelled()
+        run: |
+          cat build/reports/*.txt
+
+      # Run Facebook Infer
+      - name: Run Facebook Infer
+        run: ./scripts/infer.sh
+
+      - name: Shows Infer report on failure
+        if: failure()
+        run: cat infer-out/report.txt
+

.github/workflows/main.yml

@@ -2,99 +2,117 @@ name: CI
 
 on:
   push:
-    branches: [ 'master', 'main', 'release/**' ]
+    branches: [ 'master', 'main', 'release/**', 'inferAction' ]
   pull_request:
     branches: [ 'master' ]
 
 jobs:
-  # Oracle JDK (Linux, Mac)
+  # # Oracle JDK (Linux, Mac)
-  linux-oracle:
+  # linux-oracle:
-    strategy:
+  #   strategy:
-      matrix:
+  #     matrix:
-        os: [ 'ubuntu-latest', 'macos-latest' ]
+  #       os: [ 'ubuntu-latest', 'macos-latest' ]
-        jdk_version: [ '17', '21' ]
+  #       jdk_version: [ '17', '21' ]
-        wolfssl_configure: [ '--enable-jni' ]
+  #       wolfssl_configure: [ '--enable-jni' ]
-    name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+  #   name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
-    uses: ./.github/workflows/linux-common.yml
+  #   uses: ./.github/workflows/linux-common.yml
-    with:
+  #   with:
-      os: ${{ matrix.os }}
+  #     os: ${{ matrix.os }}
-      jdk_distro: "oracle"
+  #     jdk_distro: "oracle"
-      jdk_version: ${{ matrix.jdk_version }}
+  #     jdk_version: ${{ matrix.jdk_version }}
-      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+  #     wolfssl_configure: ${{ matrix.wolfssl_configure }}
 
-  # Zulu JDK (Linux, Mac)
+  # # Zulu JDK (Linux, Mac)
-  linux-zulu:
+  # linux-zulu:
-    strategy:
+  #   strategy:
-      matrix:
+  #     matrix:
-        os: [ 'ubuntu-latest', 'macos-latest' ]
+  #       os: [ 'ubuntu-latest', 'macos-latest' ]
-        jdk_version: [ '8', '11', '17', '21' ]
+  #       jdk_version: [ '8', '11', '17', '21' ]
-        wolfssl_configure: [ '--enable-jni' ]
+  #       wolfssl_configure: [ '--enable-jni' ]
-    name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+  #   name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
-    uses: ./.github/workflows/linux-common.yml
+  #   uses: ./.github/workflows/linux-common.yml
-    with:
+  #   with:
-      os: ${{ matrix.os }}
+  #     os: ${{ matrix.os }}
-      jdk_distro: "zulu"
+  #     jdk_distro: "zulu"
-      jdk_version: ${{ matrix.jdk_version }}
+  #     jdk_version: ${{ matrix.jdk_version }}
-      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+  #     wolfssl_configure: ${{ matrix.wolfssl_configure }}
 
-  # Corretto JDK (Linux, Mac)
+  # # Corretto JDK (Linux, Mac)
-  linux-corretto:
+  # linux-corretto:
-    strategy:
+  #   strategy:
-      matrix:
+  #     matrix:
-        os: [ 'ubuntu-latest', 'macos-latest' ]
+  #       os: [ 'ubuntu-latest', 'macos-latest' ]
-        jdk_version: [ '8', '11', '17', '21' ]
+  #       jdk_version: [ '8', '11', '17', '21' ]
-        wolfssl_configure: [ '--enable-jni' ]
+  #       wolfssl_configure: [ '--enable-jni' ]
-    name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+  #   name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
-    uses: ./.github/workflows/linux-common.yml
+  #   uses: ./.github/workflows/linux-common.yml
-    with:
+  #   with:
-      os: ${{ matrix.os }}
+  #     os: ${{ matrix.os }}
-      jdk_distro: "corretto"
+  #     jdk_distro: "corretto"
-      jdk_version: ${{ matrix.jdk_version }}
+  #     jdk_version: ${{ matrix.jdk_version }}
-      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+  #     wolfssl_configure: ${{ matrix.wolfssl_configure }}
 
-  # Temurin JDK (Linux, Mac)
+  # # Temurin JDK (Linux, Mac)
-  linux-temurin:
+  # linux-temurin:
-    strategy:
+  #   strategy:
-      matrix:
+  #     matrix:
-        os: [ 'ubuntu-latest', 'macos-latest' ]
+  #       os: [ 'ubuntu-latest', 'macos-latest' ]
-        jdk_version: [ '8', '11', '17', '21' ]
+  #       jdk_version: [ '8', '11', '17', '21' ]
-        wolfssl_configure: [ '--enable-jni' ]
+  #       wolfssl_configure: [ '--enable-jni' ]
-    name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+  #   name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
-    uses: ./.github/workflows/linux-common.yml
+  #   uses: ./.github/workflows/linux-common.yml
-    with:
+  #   with:
-      os: ${{ matrix.os }}
+  #     os: ${{ matrix.os }}
-      jdk_distro: "temurin"
+  #     jdk_distro: "temurin"
-      jdk_version: ${{ matrix.jdk_version }}
+  #     jdk_version: ${{ matrix.jdk_version }}
-      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+  #     wolfssl_configure: ${{ matrix.wolfssl_configure }}
 
-  # Microsoft JDK (Linux, Mac)
+  # # Microsoft JDK (Linux, Mac)
-  linux-microsoft:
+  # linux-microsoft:
-    strategy:
+  #   strategy:
-      matrix:
+  #     matrix:
-        os: [ 'ubuntu-latest', 'macos-latest' ]
+  #       os: [ 'ubuntu-latest', 'macos-latest' ]
-        jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ]
+  #       jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ]
-        wolfssl_configure: [ '--enable-jni' ]
+  #       wolfssl_configure: [ '--enable-jni' ]
-    name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+  #   name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
-    uses: ./.github/workflows/linux-common.yml
+  #   uses: ./.github/workflows/linux-common.yml
-    with:
+  #   with:
-      os: ${{ matrix.os }}
+  #     os: ${{ matrix.os }}
-      jdk_distro: "microsoft"
+  #     jdk_distro: "microsoft"
-      jdk_version: ${{ matrix.jdk_version }}
+  #     jdk_version: ${{ matrix.jdk_version }}
-      wolfssl_configure: ${{ matrix.wolfssl_configure }}
+  #     wolfssl_configure: ${{ matrix.wolfssl_configure }}
 
-  # -------------------- enable-all sanity checks -----------------------
+  # # -------------------- enable-all sanity checks -----------------------
-  # Only check one Linux and Mac JDK version with --enable-jni --enable-all
+  # # Only check one Linux and Mac JDK version with --enable-jni --enable-all
-  # as sanity. Using Zulu, but this can be expanded if needed.
+  # # as sanity. Using Zulu, but this can be expanded if needed.
-  linux-zulu-all:
+  # linux-zulu-all:
+  #   strategy:
+  #     matrix:
+  #       os: [ 'ubuntu-latest', 'macos-latest' ]
+  #       jdk_version: [ '11' ]
+  #       wolfssl_configure: [ '--enable-jni --enable-all' ]
+  #   name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+  #   uses: ./.github/workflows/linux-common.yml
+  #   with:
+  #     os: ${{ matrix.os }}
+  #     jdk_distro: "zulu"
+  #     jdk_version: ${{ matrix.jdk_version }}
+  #     wolfssl_configure: ${{ matrix.wolfssl_configure }}
+
+  # ------------------ Facebook Infer static analysis -------------------
+  # Run Facebook infer over PR code, only running on Linux with one
+  # JDK/version for now.
+  fb-infer:
     strategy:
       matrix:
-        os: [ 'ubuntu-latest', 'macos-latest' ]
+        os: [ 'ubuntu-latest' ]
         jdk_version: [ '11' ]
         wolfssl_configure: [ '--enable-jni --enable-all' ]
-    name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
+    name: Facebook Infer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure }})
-    uses: ./.github/workflows/linux-common.yml
+    uses: ./.github/workflows/infer.yml
     with:
       os: ${{ matrix.os }}
       jdk_distro: "zulu"
       jdk_version: ${{ matrix.jdk_version }}
       wolfssl_configure: ${{ matrix.wolfssl_configure }}
+

scripts/infer.sh

@@ -13,10 +13,26 @@
 #    $ cd wolfssljni
 #    $ ./scripts/infer.sh
 #
-# wolfSSL Inc, May 2023
+# By default the generated output and logs from Infer will be deleted. To keep
+# them, pass 'keep' to the script:
+#
+#    $ ./scripts/infer.sh keep
+#
+# wolfSSL Inc, April 2024
+#
 #
 
-infer run -- javac \
+# These variables may be overridden on the command line.
+KEEP="${KEEP:-no}"
+
+while [ "$1" ]; do
+  if [ "$1" = 'keep' ]; then
+      KEEP='yes';
+  fi
+  shift
+done
+
+infer --fail-on-issue run -- javac \
     src/java/com/wolfssl/WolfSSL.java \
     src/java/com/wolfssl/WolfSSLALPNSelectCallback.java \
     src/java/com/wolfssl/WolfSSLCertManager.java \
@@ -78,9 +94,18 @@ infer run -- javac \
     src/java/com/wolfssl/provider/jsse/WolfSSLX509X.java \
     src/java/com/wolfssl/provider/jsse/adapter/WolfSSLJDK8Helper.java
 
+RETVAL=$?
+
 # remove compiled class files
 rm -r ./com
 
 # remove infer out directory (comment this out to inspect logs if needed)
-rm -r ./infer-out
+if [ "$RETVAL" == '0' ] && [ "$KEEP" == 'no' ]; then
+    rm -r ./infer-out
+fi
+
+if [ "$RETVAL" == '2' ]; then
+    # GitHub Actions expects return of 1 to mark step as failure
+    exit 1
+fi