Skip to content

Commit

Permalink
Run Facebook Infer on PRs with GitHub Actions
Browse files Browse the repository at this point in the history
  • Loading branch information
@cconlon
cconlon committed Apr 22, 2024
1 parent e25d43d commit 3e08fd8
Show file tree
Hide file tree
Showing 4 changed files with 174 additions and 3 deletions.
126 changes: 126 additions & 0 deletions .github/workflows/infer.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,126 @@
name: Common Linux test logic

on:
workflow_call:
inputs:
os:
required: true
type: string
jdk_distro:
required: true
type: string
jdk_version:
required: true
type: string
wolfssl_configure:
required: true
type: string

jobs:
build_wolfcryptjni:
runs-on: ${{ inputs.os }}
steps:
- uses: actions/checkout@v4

# Download Facebook Infer
- name: Download Infer
run: wget https://github.com/facebook/infer/releases/download/v1.1.0/infer-linux64-v1.1.0.tar.xz
- name: Extract Infer
run: tar -xvf infer-linux64-v1.1.0.tar.xz
- name: Symlink Infer
run: ln -s "$GITHUB_WORKSPACE/infer-linux64-v1.1.0/bin/infer" /usr/local/bin/infer
- name: Test Infer get version
run: infer --version

# Download Junit JARs
- name: Download junit-4.13.2.jar
run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
- name: Download hamcrest-all-1.3.jar
run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar

# Build native wolfSSL
- name: Build native wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: wolfSSL/wolfssl
ref: master
path: wolfssl
configure: ${{ inputs.wolfssl_configure }}
check: false
install: true

# Setup Java
- name: Setup java
uses: actions/setup-java@v4
with:
distribution: ${{ inputs.jdk_distro }}
java-version: ${{ inputs.jdk_version }}

- name: Set JUNIT_HOME
run: |
echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV"
- name: Set LD_LIBRARY_PATH
run: |
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV"
# Only copy appropriate makefile for platform currently being tested
- name: Copy makefile
run: |
if [ "$RUNNER_OS" == "Linux" ]; then
cp makefile.linux makefile
elif [ "$RUNNER_OS" == "macOS" ]; then
cp makefile.macosx makefile
else
echo "$RUNNER_OS not supported"
exit 1
fi
shell: bash

- name: Build JNI library
run: PREFIX=$GITHUB_WORKSPACE/build-dir make

# ant build-jni-debug
- name: Build jce-debug JAR (ant build-jni-debug)
run: ant build-jni-debug
- name: Run Java tests (ant test)
run: ant test
- name: Clean JAR
run: ant clean

# ant build-jni-release
- name: Build jce-debug JAR (ant build-jni-release)
run: ant build-jni-release
- name: Run Java tests (ant test)
run: ant test
- name: Clean JAR
run: ant clean

# ant build-jce-debug
- name: Build jce-debug JAR (ant build-jce-debug)
run: ant build-jce-debug
- name: Run Java tests (ant test)
run: ant test
- name: Clean JAR
run: ant clean

# ant build-jce-release
- name: Build jce-debug JAR (ant build-jce-release)
run: ant build-jce-release
- name: Run Java tests (ant test)
run: ant test
- name: Clean JAR
run: ant clean

- name: Show logs on failure
if: failure() || cancelled()
run: |
cat build/reports/*.txt
# Run Facebook Infer
- name: Run Facebook Infer
run: ./scripts/infer.sh

- name: Shows Infer report on failure
if: failure()
run: cat infer-out/report.txt

18 changes: 18 additions & 0 deletions .github/workflows/main.yml
View file
Original file line number Diff line number Diff line change
Expand Up @@ -100,3 +100,21 @@ jobs:
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# ------------------ Facebook Infer static analysis -------------------
# Run Facebook infer over PR code, only running on Linux with one
# JDK/version for now.
fb-infer:
strategy:
matrix:
os: [ 'ubuntu-latest' ]
jdk_version: [ '11' ]
wolfssl_configure: [ '--enable-jni --enable-all' ]
name: Facebook Infer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure }})
uses: ./.github/workflows/infer.yml
with:
os: ${{ matrix.os }}
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

3 changes: 3 additions & 0 deletions .gitignore
View file
Original file line number Diff line number Diff line change
Expand Up @@ -25,6 +25,9 @@ IDE/WIN/DLL Debug FIPS
IDE/WIN/DLL Release
IDE/WIN/DLL Release FIPS

# infer RacerD
infer-out/

# Maven output directory
target/

30 changes: 27 additions & 3 deletions scripts/infer.sh
View file
Original file line number Diff line number Diff line change
Expand Up @@ -13,10 +13,25 @@
# $ cd wolfcryptjni
# $ ./scripts/infer.sh
#
# wolfSSL Inc, May 2023
# By default the generated output and logs from Infer will be deleted. To keep
# them, pass 'keep' to the script:
#
# $ ./scripts/infer.sh keep
#
# wolfSSL Inc, April 2024


# These variables may be overridden on the command line.
KEEP="${KEEP:-no}"

infer run -- javac \
while [ "$1" ]; do
if [ "$1" = 'keep' ]; then
KEEP='yes';
fi
shift
done

infer --fail-on-issue run -- javac \
src/main/java/com/wolfssl/wolfcrypt/Aes.java \
src/main/java/com/wolfssl/wolfcrypt/AesGcm.java \
src/main/java/com/wolfssl/wolfcrypt/Asn.java \
Expand Down Expand Up @@ -64,9 +79,18 @@ infer run -- javac \
src/main/java/com/wolfssl/provider/jce/WolfCryptSecretKeyFactory.java \
src/main/java/com/wolfssl/provider/jce/WolfCryptSignature.java

RETVAL=$?

# remove compiled class files
rm -r ./com

# remove infer out directory (comment this out to inspect logs if needed)
rm -r ./infer-out
if [ "$RETVAL" == '0' ] && [ "$KEEP" == 'no' ]; then
rm -r ./infer-out
fi

if [ "$RETVAL" == '2' ]; then
# GitHub Actions expects return of 1 to mark step as failure
exit 1
fi

0 comments on commit 3e08fd8

Please sign in to comment.