From 46788faf6e45f8d07113af80dd1fa4f3f8b2fb27 Mon Sep 17 00:00:00 2001 From: Yakun Xu Date: Wed, 16 Jul 2025 09:32:45 +0800 Subject: [PATCH 1/3] [git-tool] do not use GITHUB_TOKEN This commit stops using GITHUB_TOKEN in git-tool for better security. --- .github/workflows/build.yml | 2 +- .github/workflows/otbr.yml | 4 ++-- .github/workflows/otns.yml | 2 +- .github/workflows/posix.yml | 2 +- .github/workflows/simulation-1.1.yml | 2 +- .github/workflows/toranj.yml | 10 ++++----- script/git-tool | 33 +++------------------------- 7 files changed, 14 insertions(+), 41 deletions(-) diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index 77082de9033..9c9513c0c29 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -268,7 +268,7 @@ jobs: tar xf gcc-arm - name: Build env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | export PATH=/tmp/${{ matrix.gcc_extract_dir }}/bin:$PATH script/check-arm-build diff --git a/.github/workflows/otbr.yml b/.github/workflows/otbr.yml index 13865bf3c28..a977723a391 100644 --- a/.github/workflows/otbr.yml +++ b/.github/workflows/otbr.yml @@ -67,7 +67,7 @@ jobs: submodules: true - name: Build OTBR Docker env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | ./script/test build_otbr_docker - name: Bootstrap @@ -183,7 +183,7 @@ jobs: echo "FIREWALL=0" >> $GITHUB_ENV - name: Build OTBR Docker env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" TREL: ${{ matrix.otbr_trel }} run: | ./script/test build_otbr_docker diff --git a/.github/workflows/otns.yml b/.github/workflows/otns.yml index c86a0625cef..5d9fad78747 100644 --- a/.github/workflows/otns.yml +++ b/.github/workflows/otns.yml @@ -46,7 +46,7 @@ env: VIRTUAL_TIME: 1 VIRTUAL_TIME_UART: 1 MAX_NETWORK_SIZE: 999 - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" permissions: # added using https://github.com/step-security/secure-workflows contents: read diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml index 792f7c0bde2..943922a96e7 100644 --- a/.github/workflows/posix.yml +++ b/.github/workflows/posix.yml @@ -282,7 +282,7 @@ jobs: - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - name: Bootstrap env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | sudo apt-get --no-install-recommends install -y expect ninja-build lcov sudo bash script/install_socat diff --git a/.github/workflows/simulation-1.1.yml b/.github/workflows/simulation-1.1.yml index 2dfb4ef1626..fce9ef2b07a 100644 --- a/.github/workflows/simulation-1.1.yml +++ b/.github/workflows/simulation-1.1.yml @@ -318,7 +318,7 @@ jobs: cache: pip - name: Bootstrap env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | sudo apt-get update sudo apt-get install -y avahi-daemon avahi-utils lcov diff --git a/.github/workflows/toranj.yml b/.github/workflows/toranj.yml index ea98c4e8608..b29d4fcc6f6 100644 --- a/.github/workflows/toranj.yml +++ b/.github/workflows/toranj.yml @@ -72,7 +72,7 @@ jobs: cache: pip - name: Bootstrap env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | sudo apt-get update sudo apt-get --no-install-recommends install -y ninja-build lcov @@ -107,7 +107,7 @@ jobs: cache: pip - name: Bootstrap env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | sudo apt-get update sudo apt-get --no-install-recommends install -y ninja-build lcov @@ -144,7 +144,7 @@ jobs: cache: pip - name: Bootstrap env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | sudo apt-get update sudo apt-get --no-install-recommends install -y ninja-build @@ -182,7 +182,7 @@ jobs: submodules: true - name: Bootstrap env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | brew update brew install ninja @@ -204,7 +204,7 @@ jobs: submodules: true - name: Bootstrap env: - GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}" + PR_BODY: "${{ github.event.pull_request.body }}" run: | sudo apt-get update sudo apt-get --no-install-recommends install -y ninja-build lcov diff --git a/script/git-tool b/script/git-tool index 560e8f3c3c0..6698e3e11fc 100755 --- a/script/git-tool +++ b/script/git-tool @@ -47,41 +47,14 @@ apply_dependencies() depends_on_pr="$(echo "${dependency}" | tr -d '\r\n' | cut -d# -f2)" echo "pr: #${depends_on_pr}" git pull --no-edit --no-rebase origin "pull/${depends_on_pr}/merge" - done < <(grep -E "^Depends-On: *${project_name}" || true) -} - -get_pr_body() -{ - local pr - - if [[ -z ${PR_BODY+x} ]]; then - echo 'PR_BODY is not set' >&2 - else - echo 'PR_BODY is set' >&2 - echo "${PR_BODY}" - return 0 - fi - - [[ ${GITHUB_ACTIONS+x} && ${GITHUB_REF-} =~ ^refs/pull/[0-9]+/merge ]] || { - echo 'Not a pull request.' >&2 - return 0 - } - - pr="$(echo "${GITHUB_REF}" | cut -d/ -f3)" - - # do not print GITHUB_TOKEN - set +x - curl -H "authorization: Bearer ${GITHUB_TOKEN}" -H 'content-type: application/json' \ - "https://api.github.com/repos/${GITHUB_REPOSITORY}/pulls/${pr}" \ - | jq -r .body - set -x + done < <(grep -E "^Depends-On: *${project_name}" <<<"${PR_BODY:-}" || true) } try_update() { cd "$1" - get_pr_body | apply_dependencies + apply_dependencies } try_clone() @@ -95,7 +68,7 @@ try_clone() dest_dir="$(git clone "$@" 2>&1 | tee | cut -d\' -f2)" cd "${dest_dir}" - get_pr_body | apply_dependencies + apply_dependencies fi } From 1bdcaa1d9978a86e008663565fa0a7e561d484f5 Mon Sep 17 00:00:00 2001 From: Yakun Xu Date: Wed, 16 Jul 2025 10:06:44 +0800 Subject: [PATCH 2/3] ok --- script/git-tool | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/script/git-tool b/script/git-tool index 6698e3e11fc..4ee08d8a352 100755 --- a/script/git-tool +++ b/script/git-tool @@ -42,12 +42,14 @@ apply_dependencies() git config user.name || git config user.name 'OpenThread Git' git config user.email || git config user.email 'git@openthread' + # example while read -r dependency; do echo "${dependency}" depends_on_pr="$(echo "${dependency}" | tr -d '\r\n' | cut -d# -f2)" echo "pr: #${depends_on_pr}" git pull --no-edit --no-rebase origin "pull/${depends_on_pr}/merge" - done < <(grep -E "^Depends-On: *${project_name}" <<<"${PR_BODY:-}" || true) + done < <(sed -E 's@^Depends-On: *https://github.com/(.+)/(.+)/pull/([0-9]+) *$@Depends-On: \1/\2#\3@g" <<<"${PR_BODY:-}" \ + | sed -n -E "/^Depends-On: *${project_name}#[0-9]+ *$/p") } try_update() From bccb3ddfd9b2b9f960d16e2504aabc375a3c478c Mon Sep 17 00:00:00 2001 From: Yakun Xu Date: Tue, 15 Jul 2025 16:01:02 +0800 Subject: [PATCH 3/3] increase child size --- .github/workflows/build.yml | 425 ------------------------ .github/workflows/codeql.yml | 85 ----- .github/workflows/docker.yml | 166 ---------- .github/workflows/fuzz.yml | 89 ----- .github/workflows/makefile-check.yml | 60 ---- .github/workflows/otbr.yml | 259 --------------- .github/workflows/otci.yml | 90 ------ .github/workflows/otns.yml | 226 ------------- .github/workflows/posix.yml | 337 ------------------- .github/workflows/scorecards.yml | 100 ------ .github/workflows/simulation-1.1.yml | 465 --------------------------- .github/workflows/simulation-1.4.yml | 456 -------------------------- .github/workflows/toranj.yml | 249 -------------- .github/workflows/unit.yml | 136 -------- .github/workflows/version.yml | 57 ---- src/core/thread/mle.hpp | 1 + 16 files changed, 1 insertion(+), 3200 deletions(-) delete mode 100644 .github/workflows/build.yml delete mode 100644 .github/workflows/codeql.yml delete mode 100644 .github/workflows/docker.yml delete mode 100644 .github/workflows/fuzz.yml delete mode 100644 .github/workflows/makefile-check.yml delete mode 100644 .github/workflows/otbr.yml delete mode 100644 .github/workflows/otci.yml delete mode 100644 .github/workflows/otns.yml delete mode 100644 .github/workflows/posix.yml delete mode 100644 .github/workflows/scorecards.yml delete mode 100644 .github/workflows/simulation-1.1.yml delete mode 100644 .github/workflows/simulation-1.4.yml delete mode 100644 .github/workflows/toranj.yml delete mode 100644 .github/workflows/unit.yml delete mode 100644 .github/workflows/version.yml diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml deleted file mode 100644 index 9c9513c0c29..00000000000 --- a/.github/workflows/build.yml +++ /dev/null @@ -1,425 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Build - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - pretty: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y clang-format-16 clang-tidy-16 shellcheck iwyu - python3 -m pip install yapf==0.31.0 - sudo snap install shfmt - npm install prettier@2.0.4 - - name: Check - run: | - script/make-pretty check - script/check-iwyu-public-header - - markdown-lint-check: - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Run linkspector - uses: umbrelladocs/action-linkspector@a0567ce1c7c13de4a2358587492ed43cab5d0102 # v1.3.4 - with: - github_token: ${{ secrets.GITHUB_TOKEN }} - reporter: github-pr-review - fail_on_error: true - - spell-check: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - python -m pip install --upgrade pip - pip install --force-reinstall codespell==2.2.4 - - name: Check - run: | - script/code-spell check - - cmake-version: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y build-essential ninja-build libreadline-dev libncurses-dev - sudo apt-get remove cmake - sudo apt-get purge --auto-remove cmake - wget http://www.cmake.org/files/v3.10/cmake-3.10.3.tar.gz - tar xf cmake-3.10.3.tar.gz - cd cmake-3.10.3 - ./configure - sudo make install - cmake --version | grep 3.10.3 - - name: Build - run: | - OT_NODE_TYPE=rcp ./script/test build - - package: - name: package-${{ matrix.compiler }} - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - include: - - compiler: gcc - compiler_c: gcc - compiler_cpp: g++ - - compiler: clang - compiler_c: clang - compiler_cpp: clang++ - env: - CC: ${{ matrix.compiler_c }} - CXX: ${{ matrix.compiler_cpp }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build libreadline-dev libncurses-dev - - name: Package - run: | - script/test package - - scan-build: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y clang-tools-14 ninja-build - - name: Run - run: | - script/check-scan-build - - mbedtls2-build: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y ninja-build libreadline-dev libncurses-dev - rm -rf third_party/mbedtls/repo - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - repository: ARMmbed/mbedtls - ref: v2.28.8 - path: third_party/mbedtls/repo - - name: Build - run: | - OT_OPTIONS='-DCMAKE_POLICY_VERSION_MINIMUM=3.5' ./script/test build - - arm-gcc: - name: arm-gcc-${{ matrix.gcc_ver }} - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - include: - - gcc_ver: 4 - gcc_download_url: https://launchpad.net/gcc-arm-embedded/4.9/4.9-2015-q3-update/+download/gcc-arm-none-eabi-4_9-2015q3-20150921-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-4_9-2015q3 - - gcc_ver: 5 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/5_4-2016q3/gcc-arm-none-eabi-5_4-2016q3-20160926-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-5_4-2016q3 - - gcc_ver: 6 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/6-2017q2/gcc-arm-none-eabi-6-2017-q2-update-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-6-2017-q2-update - - gcc_ver: 7 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/7-2018q2/gcc-arm-none-eabi-7-2018-q2-update-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-7-2018-q2-update - - gcc_ver: 9 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/9-2019q4/RC2.1/gcc-arm-none-eabi-9-2019-q4-major-x86_64-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-9-2019-q4-major - - gcc_ver: 10 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu-rm/10.3-2021.10/gcc-arm-none-eabi-10.3-2021.10-x86_64-linux.tar.bz2 - gcc_extract_dir: gcc-arm-none-eabi-10.3-2021.10 - - gcc_ver: 11 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/11.3.rel1/binrel/arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-eabi.tar.xz - gcc_extract_dir: arm-gnu-toolchain-11.3.rel1-x86_64-arm-none-eabi - - gcc_ver: 12 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/12.2.rel1/binrel/arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi.tar.xz - gcc_extract_dir: arm-gnu-toolchain-12.2.rel1-x86_64-arm-none-eabi - - gcc_ver: 13 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/13.3.rel1/binrel/arm-gnu-toolchain-13.3.rel1-x86_64-arm-none-eabi.tar.xz - gcc_extract_dir: arm-gnu-toolchain-13.3.rel1-x86_64-arm-none-eabi - - gcc_ver: 14 - gcc_download_url: https://developer.arm.com/-/media/Files/downloads/gnu/14.2.rel1/binrel/arm-gnu-toolchain-14.2.rel1-x86_64-arm-none-eabi.tar.xz - gcc_extract_dir: arm-gnu-toolchain-14.2.rel1-x86_64-arm-none-eabi - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - cd /tmp - sudo apt-get update - sudo apt-get --no-install-recommends install -y build-essential lib32z1 ninja-build gcc-arm-linux-gnueabihf g++-arm-linux-gnueabihf - wget --tries 4 --no-check-certificate --quiet ${{ matrix.gcc_download_url }} -O gcc-arm - tar xf gcc-arm - - name: Build - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - export PATH=/tmp/${{ matrix.gcc_extract_dir }}/bin:$PATH - script/check-arm-build - - gcc: - name: gcc-${{ matrix.gcc_ver }} - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - gcc_ver: [9, 10, 11, 12] - env: - CC: gcc-${{ matrix.gcc_ver }} - CXX: g++-${{ matrix.gcc_ver }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get update - case ${{ matrix.gcc_ver }} in - 11) - sudo add-apt-repository -y ppa:ubuntu-toolchain-r/test - ;; - esac - sudo apt-get --no-install-recommends install -y gcc-${{ matrix.gcc_ver }} g++-${{ matrix.gcc_ver }} ninja-build libreadline-dev libncurses-dev - - name: Build - run: | - script/check-simulation-build - script/check-posix-build - - clang: - name: clang-${{ matrix.clang_ver }} - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - clang_ver: ["17", "18", "19"] - env: - CC: clang-${{ matrix.clang_ver }} - CXX: clang++-${{ matrix.clang_ver }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - wget https://apt.llvm.org/llvm.sh - chmod +x llvm.sh - sudo ./llvm.sh ${{ matrix.clang_ver }} - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build libreadline-dev libncurses-dev - - name: Build - run: | - script/check-simulation-build - script/check-posix-build - - gn: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build - cd /tmp - wget -O gn.zip https://chrome-infra-packages.appspot.com/dl/gn/gn/linux-amd64/+/latest - unzip -o gn.zip - chmod a+x gn && mkdir -p bin && mv -f gn bin/ - - name: Build - run: | - export PATH=/tmp/bin:$PATH - script/check-gn-build - - macos: - name: macos-${{ matrix.CC }} - strategy: - fail-fast: false - matrix: - include: - - CC: clang - CXX: clang++ - - CC: gcc - CXX: g++ - runs-on: macos-14 - env: - CC: ${{ matrix.CC }} - CXX: ${{ matrix.CXX }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - brew update - wget --tries 4 https://github.com/ninja-build/ninja/releases/download/v1.11.1/ninja-mac.zip - unzip ninja-mac.zip && mv ninja /usr/local/bin/. - - name: Build - run: | - script/check-posix-build - script/check-simulation-build - - android-ndk: - name: android-ndk - runs-on: ubuntu-24.04 - container: - image: openthread/environment - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Install unzip - run: apt update && apt install -y unzip - - name: Setup NDK - id: setup-ndk - uses: nttld/setup-ndk@afb4c9964b521afb97c864b7d40b11e6911bd410 # v1.5.0 - with: - ndk-version: r25c - local-cache: true - - - name: Build - env: - NDK: ${{ steps.setup-ndk.outputs.ndk-path }} - run: | - rm -rf build/ && OT_CMAKE_NINJA_TARGET="ot-daemon ot-ctl" script/cmake-build android-ndk - rm -rf build/ && OT_CMAKE_NINJA_TARGET="ot-cli" script/cmake-build android-ndk diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml deleted file mode 100644 index 72084cdaaa5..00000000000 --- a/.github/workflows/codeql.yml +++ /dev/null @@ -1,85 +0,0 @@ -# -# Copyright (c) 2022, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: "CodeQL" - -on: - push: - branches: [ "main" ] - pull_request: - branches: [ "main" ] - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - analyze: - name: Analyze - runs-on: ubuntu-latest - permissions: - actions: read - contents: read - security-events: write - - strategy: - fail-fast: false - matrix: - language: [ 'cpp', 'python' ] - # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support - - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Checkout repository - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y ninja-build libreadline-dev libncurses-dev - - - name: Initialize CodeQL - uses: github/codeql-action/init@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 - with: - languages: ${{ matrix.language }} - # If you wish to specify custom queries, you can do so here or in a config file. - # By default, queries listed here will override any specified in a config file. - # Prefix the list here with "+" to use these queries and those in the config file. - - # Details on CodeQL's query packs refer to : https://docs.github.com/en/code-security/code-scanning/automatically-scanning-your-code-for-vulnerabilities-and-errors/configuring-code-scanning#using-queries-in-ql-packs - # queries: security-extended,security-and-quality - - - run: | - ./script/test build - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 - with: - category: "/language:${{matrix.language}}" diff --git a/.github/workflows/docker.yml b/.github/workflows/docker.yml deleted file mode 100644 index b0091330d4a..00000000000 --- a/.github/workflows/docker.yml +++ /dev/null @@ -1,166 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Docker - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -env: - DOCKERHUB_REPO: openthread/environment - -jobs: - build: - strategy: - fail-fast: false - matrix: - include: - - platform: linux/amd64 - runner: ubuntu-24.04 - - platform: linux/arm64 - runner: ubuntu-24.04-arm - - runs-on: ${{ matrix.runner }} - - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - - name: Prepare - run: | - platform=${{ matrix.platform }} - echo "PLATFORM_PAIR=${platform//\//-}" >> $GITHUB_ENV - - - name: Docker meta - id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - with: - images: | - ${{ env.DOCKERHUB_REPO }} - - - name: Login to Docker Hub - if: success() && github.repository == 'openthread/openthread' && github.event_name != 'pull_request' - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - - name: Build and push by digest - if: success() - id: build - uses: docker/build-push-action@263435318d21b8e681c14492fe198d362a7d2c83 # v6.18.0 - with: - file: etc/docker/environment/Dockerfile - platforms: ${{ matrix.platform }} - labels: ${{ steps.meta.outputs.labels }} - outputs: type=image,"name=${{ env.DOCKERHUB_REPO }}",push-by-digest=true,name-canonical=true - push: ${{ github.repository == 'openthread/openthread' && github.event_name != 'pull_request' }} - - - name: Export digest - if: success() && github.repository == 'openthread/openthread' && github.event_name != 'pull_request' - run: | - mkdir -p ${{ runner.temp }}/digests - digest="${{ steps.build.outputs.digest }}" - touch "${{ runner.temp }}/digests/${digest#sha256:}" - - - name: Upload digest - if: success() && github.repository == 'openthread/openthread' && github.event_name != 'pull_request' - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: digests-${{ env.PLATFORM_PAIR }} - path: ${{ runner.temp }}/digests/* - if-no-files-found: error - retention-days: 1 - - merge: - if: success() && github.repository == 'openthread/openthread' && github.event_name != 'pull_request' - runs-on: ubuntu-latest - needs: - - build - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Download digests - uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0 - with: - path: ${{ runner.temp }}/digests - pattern: digests-* - merge-multiple: true - - - name: Login to Docker Hub - uses: docker/login-action@74a5d142397b4f367a81961eba4e8cd7edddf772 # v3.4.0 - with: - username: ${{ secrets.DOCKER_USERNAME }} - password: ${{ secrets.DOCKER_PASSWORD }} - - - name: Set up Docker Buildx - uses: docker/setup-buildx-action@e468171a9de216ec08956ac3ada2f0791b6bd435 # v3.11.1 - - - name: Docker meta - id: meta - uses: docker/metadata-action@902fa8ec7d6ecbf8d84d538b9b233a880e428804 # v5.7.0 - with: - images: | - ${{ env.DOCKERHUB_REPO }} - tags: | - type=ref,event=branch - type=raw,value=latest,enable={{is_default_branch}} - - - name: Create manifest list and push - working-directory: ${{ runner.temp }}/digests - run: | - docker buildx imagetools create $(jq -cr '.tags | map("-t " + .) | join(" ")' <<< "$DOCKER_METADATA_OUTPUT_JSON") \ - $(printf '${{ env.DOCKERHUB_REPO }}@sha256:%s ' *) - - - name: Inspect image - run: | - docker buildx imagetools inspect ${{ env.DOCKERHUB_REPO }}:${{ steps.meta.outputs.version }} diff --git a/.github/workflows/fuzz.yml b/.github/workflows/fuzz.yml deleted file mode 100644 index 6042c7529ab..00000000000 --- a/.github/workflows/fuzz.yml +++ /dev/null @@ -1,89 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: CIFuzz - -on: - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: {} - -jobs: - Fuzzing: - runs-on: ubuntu-24.04 - - permissions: - security-events: write - - strategy: - fail-fast: false - matrix: - sanitizer: [address, undefined] - - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - name: Build Fuzzers (${{ matrix.sanitizer }}) - id: build - uses: google/oss-fuzz/infra/cifuzz/actions/build_fuzzers@master - with: - oss-fuzz-project-name: 'openthread' - language: 'c++' - sanitizer: ${{ matrix.sanitizer }} - - - name: Run Fuzzers (${{ matrix.sanitizer }}) - uses: google/oss-fuzz/infra/cifuzz/actions/run_fuzzers@master - with: - oss-fuzz-project-name: 'openthread' - language: 'c++' - fuzz-seconds: 1800 - sanitizer: ${{ matrix.sanitizer }} - output-sarif: true - - - name: Upload Crash - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: failure() && steps.build.outcome == 'success' - with: - name: ${{ matrix.sanitizer }}-artifacts - path: ./out/artifacts - - - name: Upload Sarif - if: always() && steps.build.outcome == 'success' - uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v3.29.2 - with: - sarif_file: cifuzz-sarif/results.sarif - checkout_path: cifuzz-sarif diff --git a/.github/workflows/makefile-check.yml b/.github/workflows/makefile-check.yml deleted file mode 100644 index 10aa0d2b8c7..00000000000 --- a/.github/workflows/makefile-check.yml +++ /dev/null @@ -1,60 +0,0 @@ -# -# Copyright (c) 2021, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Makefile Check - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - makefile-check: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Check - run: | - script/check-core-makefiles diff --git a/.github/workflows/otbr.yml b/.github/workflows/otbr.yml deleted file mode 100644 index a977723a391..00000000000 --- a/.github/workflows/otbr.yml +++ /dev/null @@ -1,259 +0,0 @@ -# -# Copyright (c) 2021, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Border Router - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - backbone-router: - runs-on: ubuntu-22.04 - env: - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 0 - PACKET_VERIFICATION: 1 - THREAD_VERSION: 1.4 - INTER_OP: 1 - COVERAGE: 1 - MULTIPLY: 1 - PYTHONUNBUFFERED: 1 - VERBOSE: 1 - # The Border Routing and DUA feature can coexist, but current wireshark - # packet verification can't handle it because of the order of context ID - # of OMR prefix and Domain prefix is not deterministic. - BORDER_ROUTING: 0 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Build OTBR Docker - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - ./script/test build_otbr_docker - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y python3-setuptools python3-wheel ninja-build lcov - sudo bash script/install_socat - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - export CI_ENV="$(bash <(curl -s https://codecov.io/env)) -e GITHUB_ACTIONS -e COVERAGE" - echo "CI_ENV=${CI_ENV}" - sudo -E ./script/test cert_suite ./tests/scripts/thread-cert/backbone/*.py || (sudo chmod a+r ot_testing/* && false) - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-thread-1-3-backbone-docker - path: /tmp/coverage/ - retention-days: 1 - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: thread-1-3-backbone-results - path: | - ot_testing/*.pcap - ot_testing/*.json - ot_testing/*.log - ot_testing/coredump_* - ot_testing/otbr-agent_* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-thread-1-3-backbone - path: tmp/coverage.info - retention-days: 1 - - thread-border-router: - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - matrix: - include: - - otbr_mdns: "mDNSResponder" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 1 - nat64: 0 - description: "" - - otbr_mdns: "mDNSResponder" - otbr_trel: 1 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 2 - nat64: 0 - description: "" - - otbr_mdns: "mDNSResponder" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/MATN/*.py - packet_verification: 1 - nat64: 0 - description: "MATN" - - otbr_mdns: "mDNSResponder" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/LowPower/*.py - packet_verification: 1 - nat64: 0 - description: "LowPower" - - otbr_mdns: "mDNSResponder" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/internet/*.py - packet_verification: 1 - nat64: 1 - description: "internet access" - - otbr_mdns: "avahi" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 1 - nat64: 0 - description: "" - - otbr_mdns: "avahi" - otbr_trel: 0 - cert_scripts: ./tests/scripts/thread-cert/border_router/*.py - packet_verification: 1 - nat64: 0 - use_core_firewall: 1 - description: "core-firewall" - name: BR ${{ matrix.description }} (${{ matrix.otbr_mdns }}, TREL=${{matrix.otbr_trel}}) - env: - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 0 - PACKET_VERIFICATION: ${{ matrix.packet_verification }} - THREAD_VERSION: 1.4 - INTER_OP: 1 - COVERAGE: 1 - MULTIPLY: 1 - OTBR_MDNS: ${{ matrix.otbr_mdns }} - PYTHONUNBUFFERED: 1 - VERBOSE: 1 - BORDER_ROUTING: 1 - NAT64: ${{ matrix.nat64 }} - MAX_JOBS: 3 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Set firewall environment variables - if: ${{ matrix.use_core_firewall }} - run: | - echo "FIREWALL=0" >> $GITHUB_ENV - - name: Build OTBR Docker - env: - PR_BODY: "${{ github.event.pull_request.body }}" - TREL: ${{ matrix.otbr_trel }} - run: | - ./script/test build_otbr_docker - - name: Bootstrap - run: | - sudo rm /etc/apt/sources.list.d/* && sudo apt-get update - sudo apt-get --no-install-recommends install -y python3-setuptools python3-wheel ninja-build lcov - sudo bash script/install_socat - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - export CI_ENV="$(bash <(curl -s https://codecov.io/env)) -e GITHUB_ACTIONS -e COVERAGE" - echo "CI_ENV=${CI_ENV}" - sudo -E ./script/test cert_suite ${{ matrix.cert_scripts }} || (sudo chmod a+r ot_testing/* && false) - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-br-docker-${{ matrix.description }}-${{ matrix.otbr_mdns }}-${{matrix.otbr_trel}} - path: /tmp/coverage/ - retention-days: 1 - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: br-results-${{ matrix.description }}-${{ matrix.otbr_mdns }}-${{matrix.otbr_trel}} - path: | - ot_testing/*.pcap - ot_testing/*.json - ot_testing/*.log - ot_testing/coredump_* - ot_testing/otbr-agent_* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-br-${{ matrix.description }}-${{ matrix.otbr_mdns }}-${{matrix.otbr_trel}} - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - backbone-router - - thread-border-router - runs-on: ubuntu-22.04 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - continue-on-error: true - run: | - script/test combine_coverage - - name: Upload Coverage - continue-on-error: true - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/otci.yml b/.github/workflows/otci.yml deleted file mode 100644 index 142142b0cd4..00000000000 --- a/.github/workflows/otci.yml +++ /dev/null @@ -1,90 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: OTCI - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - cli-sim: - name: cli-sim VIRTUAL_TIME=${{ matrix.virtual_time }} - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - virtual_time: [0, 1] - env: - VIRTUAL_TIME: ${{ matrix.virtual_time }} - OT_VT_USE_UNIX_SOCKET: ${{ matrix.virtual_time }} - REAL_DEVICE: 0 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - python3 -m pip install pytype adb-shell - - name: Style check - run: | - PYTHONPATH=./tests/scripts/thread-cert pytype tools/otci - - name: Build - run: | - ./script/cmake-build simulation -DOT_THREAD_VERSION=1.4 -DOT_DUA=ON -DOT_MLR=ON -DOT_BACKBONE_ROUTER=ON \ - -DOT_CSL_RECEIVER=ON -DOT_SIMULATION_VIRTUAL_TIME=${VIRTUAL_TIME} - - name: Install OTCI Python Library - run: | - (cd tools/otci && python3 -m pip install .) - - name: Run - run: | - export PYTHONPATH=./tests/scripts/thread-cert/ - export OT_CLI=./build/simulation/examples/apps/cli/ot-cli-ftd - python3 tools/otci/tests/test_otci.py diff --git a/.github/workflows/otns.yml b/.github/workflows/otns.yml deleted file mode 100644 index 5d9fad78747..00000000000 --- a/.github/workflows/otns.yml +++ /dev/null @@ -1,226 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: OTNS - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -env: - COVERAGE: 1 - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 1 - VIRTUAL_TIME_UART: 1 - MAX_NETWORK_SIZE: 999 - PR_BODY: "${{ github.event.pull_request.body }}" - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - unittests: - name: Unittests - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 - with: - go-version: "1.23" - - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: "3.9" - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build - - name: Run - run: | - export OT_DIR=$PWD - ./script/git-tool clone --depth 1 https://github.com/openthread/ot-ns.git /tmp/otns - ( - cd /tmp/otns - ./script/test py-unittests - ) - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: unittests-pcaps - path: | - ./output/*/bin/*.pcap - ./output/*/bin/*.replay - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-otns-unittests - path: tmp/coverage.info - retention-days: 1 - - examples: - name: Examples - runs-on: ubuntu-24.04 - steps: - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 - with: - go-version: "1.23" - - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: "3.9" - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build - - name: Run - run: | - export OT_DIR=$PWD - ./script/git-tool clone --depth 1 https://github.com/openthread/ot-ns.git /tmp/otns - ( - cd /tmp/otns - ./script/test py-examples - ) - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: examples-pcaps - path: | - ./output/*/bin/*.pcap - ./output/*/bin/*.replay - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-otns-examples - path: tmp/coverage.info - - stress-tests: - name: Stress ${{ matrix.suite }} - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - include: - - suite: "network-forming" - stress_level: 8 - - suite: "commissioning" - stress_level: 14 - - suite: "connectivity" - stress_level: 6 - - suite: "network-latency" - stress_level: 10 - - suite: "multicast-performance" - stress_level: 10 - - suite: "otns-performance" - stress_level: 10 - env: - STRESS_LEVEL: ${{ matrix.stress_level }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-go@d35c59abb061a4a6fb18e82ac0862c26744d6ab5 # v5.5.0 - with: - go-version: "1.23" - - name: Set up Python - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: "3.9" - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build - - name: Run - run: | - export OT_DIR=$PWD - ./script/git-tool clone --depth 1 https://github.com/openthread/ot-ns.git /tmp/otns - ( - cd /tmp/otns - ./script/test stress-tests ${{ matrix.suite }} - ) - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: stress-tests-${{ matrix.suite }}-pcaps - path: | - ./output/*/bin/*.pcap - ./output/*/bin/*.replay - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-otns-stress-tests-${{ matrix.suite }} - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - unittests - - examples - - stress-tests - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Upload Coverage - run: | - script/test upload_codecov diff --git a/.github/workflows/posix.yml b/.github/workflows/posix.yml deleted file mode 100644 index 943922a96e7..00000000000 --- a/.github/workflows/posix.yml +++ /dev/null @@ -1,337 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: POSIX - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - expects-linux: - runs-on: ubuntu-22.04 - env: - CFLAGS: -DCLI_COAP_SECURE_USE_COAP_DEFAULT_HANDLER=1 -DOPENTHREAD_CONFIG_MLE_MAX_CHILDREN=15 - CXXFLAGS: -DCLI_COAP_SECURE_USE_COAP_DEFAULT_HANDLER=1 -DOPENTHREAD_CONFIG_MLE_MAX_CHILDREN=15 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov - sudo bash script/install_socat - pip install bleak 'cryptography==43.0.0' - - name: Run RCP Mode - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - OT_OPTIONS='-DOT_READLINE=OFF -DOT_FULL_LOGS=ON -DOT_LOG_OUTPUT=PLATFORM_DEFINED' VIRTUAL_TIME=0 OT_NODE_TYPE=rcp ./script/test build expect - - name: Run ot-fct - run: | - OT_CMAKE_NINJA_TARGET="ot-fct" script/cmake-build posix - tests/scripts/expect/ot-fct.exp - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED_RCP=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() && env.CRASHED_RCP == '1' }} - with: - name: core-expect-rcp - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-expects-linux-1 - path: tmp/coverage.info - retention-days: 1 - - name: Run TUN Mode - run: | - sudo apt-get update - echo 0 | sudo tee /proc/sys/net/ipv6/conf/all/disable_ipv6 - sudo apt-get install --no-install-recommends -y bind9-host ntp - sudo bash script/install_socat - sudo systemctl restart ntp - sudo socat 'UDP6-LISTEN:53,fork,reuseaddr,bind=[::1]' UDP:127.0.0.53:53 & - socat 'TCP6-LISTEN:2000,fork,reuseaddr' TCP:127.0.0.53:53 & - host ipv6.google.com 127.0.0.53 - host ipv6.google.com ::1 - ulimit -c unlimited - ./script/test prepare_coredump_upload - OT_OPTIONS='-DOT_READLINE=OFF -DOT_FULL_LOGS=ON -DOT_LOG_OUTPUT=PLATFORM_DEFINED' OT_NATIVE_IP=1 VIRTUAL_TIME=0 OT_NODE_TYPE=rcp ./script/test clean build expect - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED_TUN=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() && env.CRASHED_TUN == '1' }} - with: - name: core-expect-linux - path: | - ./ot-core-dump/* - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: syslog-expect-linux - path: /var/log/syslog - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-expects-linux-2 - path: tmp/coverage.info - retention-days: 1 - - thread-cert: - runs-on: ubuntu-22.04 - env: - COVERAGE: 1 - PYTHONUNBUFFERED: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - OT_NODE_TYPE=rcp ./script/test build - - name: Run - run: | - MAX_JOBS=$(getconf _NPROCESSORS_ONLN) ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: thread-cert - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-thread-cert - path: tmp/coverage.info - - pty-linux: - name: pty-linux OT_DAEMON=${{ matrix.OT_DAEMON }} - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - OT_DAEMON: ['off', 'on'] - env: - COVERAGE: 1 - OT_DAEMON: ${{ matrix.OT_DAEMON }} - OT_READLINE: 'readline' - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y expect lcov libreadline-dev net-tools ninja-build - sudo bash script/install_socat - cd /tmp - wget https://github.com/obgm/libcoap/archive/bsd-licensed.tar.gz - tar xvf bsd-licensed.tar.gz - cd libcoap-bsd-licensed - ./autogen.sh - ./configure --prefix= --exec-prefix=/usr --with-boost=internal --disable-tests --disable-documentation - make -j2 - sudo make install - - name: Build - run: | - script/check-posix-pty build - - name: Run - run: | - script/check-posix-pty check - - name: Run (OT_DAEMON_ALLOW_ALL) - if: matrix.OT_DAEMON == 'on' - env: - OT_DAEMON_ALLOW_ALL: 1 - run: | - script/check-posix-pty check - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-pty-linux-${{ matrix.OT_DAEMON }} - path: tmp/coverage.info - retention-days: 1 - - pty-macos: - name: pty-macos OT_DAEMON=${{ matrix.OT_DAEMON }} - runs-on: macos-14 - strategy: - fail-fast: false - matrix: - OT_DAEMON: ['off', 'on'] - env: - OT_DAEMON: ${{ matrix.OT_DAEMON }} - OT_READLINE: 'off' - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Bootstrap - run: | - rm -f /usr/local/bin/2to3 - rm -f /usr/local/bin/2to3-3.11 - rm -f /usr/local/bin/idle3 - rm -f /usr/local/bin/idle3.11 - rm -f /usr/local/bin/pydoc3 - rm -f /usr/local/bin/pydoc3.11 - rm -f /usr/local/bin/python3 - rm -f /usr/local/bin/python3.11 - rm -f /usr/local/bin/python3-config - rm -f /usr/local/bin/python3.11-config - brew update - brew install ninja - sudo bash script/install_socat - - name: Build - run: | - script/check-posix-pty build - - name: Run - run: | - script/check-posix-pty check - - rcp-stack-reset: - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - name: Bootstrap - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov - sudo bash script/install_socat - sudo python3 -m pip install git+https://github.com/openthread/pyspinel - - name: Build - run: | - script/cmake-build simulation -DOT_CSL_RECEIVER=ON -DOT_FULL_LOGS=ON -DOT_LOG_OUTPUT=PLATFORM_DEFINED - - name: Run - run: | - python3 tests/scripts/misc/test_rcp_reset.py build/simulation/examples/apps/ncp/ot-rcp - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-rcp-stack-reset - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - expects-linux - - pty-linux - - thread-cert - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/scorecards.yml b/.github/workflows/scorecards.yml deleted file mode 100644 index bb493f95b17..00000000000 --- a/.github/workflows/scorecards.yml +++ /dev/null @@ -1,100 +0,0 @@ -# -# Copyright (c) 2022, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -# This workflow uses actions that are not certified by GitHub. They are provided -# by a third-party and are governed by separate terms of service, privacy -# policy, and support documentation. - -name: Scorecards supply-chain security -on: - # For Branch-Protection check. Only the default branch is supported. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#branch-protection - branch_protection_rule: - # To guarantee Maintained check is occasionally updated. See - # https://github.com/ossf/scorecard/blob/main/docs/checks.md#maintained - schedule: - - cron: '33 12 * * 0' - push: - branches: [ "main" ] - -# Declare default permissions as read only. -permissions: read-all - -jobs: - analysis: - name: Scorecards analysis - runs-on: ubuntu-latest - permissions: - # Needed to upload the results to code-scanning dashboard. - security-events: write - # Needed to publish results and get a badge (see publish_results below). - id-token: write - # Uncomment the permissions below if installing in a private repository. - # contents: read - # actions: read - - steps: - - name: "Checkout code" - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - persist-credentials: false - - - name: "Run analysis" - uses: ossf/scorecard-action@f49aabe0b5af0936a0987cfb85d86b75731b0186 # v2.4.1 - with: - results_file: results.sarif - results_format: sarif - # (Optional) "write" PAT token. Uncomment the `repo_token` line below if: - # - you want to enable the Branch-Protection check on a *public* repository, or - # - you are installing Scorecards on a *private* repository - # To create the PAT, follow the steps in https://github.com/ossf/scorecard-action#authentication-with-pat. - # repo_token: ${{ secrets.SCORECARD_TOKEN }} - - # Public repositories: - # - Publish results to OpenSSF REST API for easy access by consumers - # - Allows the repository to include the Scorecard badge. - # - See https://github.com/ossf/scorecard-action#publishing-results. - # For private repositories: - # - `publish_results` will always be set to `false`, regardless - # of the value entered here. - publish_results: true - - # Upload the results as artifacts (optional). Commenting out will disable uploads of run results in SARIF - # format to the repository Actions tab. - - name: "Upload artifact" - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v3.1.0 - with: - name: SARIF file - path: results.sarif - retention-days: 5 - - # Upload the results to GitHub's code scanning dashboard. - - name: "Upload to code-scanning" - uses: github/codeql-action/upload-sarif@181d5eefc20863364f96762470ba6f862bdef56b # v2.1.27 - with: - sarif_file: results.sarif diff --git a/.github/workflows/simulation-1.1.yml b/.github/workflows/simulation-1.1.yml deleted file mode 100644 index fce9ef2b07a..00000000000 --- a/.github/workflows/simulation-1.1.yml +++ /dev/null @@ -1,465 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Simulation 1.1 - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - packet-verification: - runs-on: ubuntu-24.04 - env: - PACKET_VERIFICATION: 1 - REFERENCE_DEVICE: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - MULTIPLY: 3 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: packet-verification-pcaps - path: | - *.pcap - *.json - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-packet-verification - path: tmp/coverage.info - retention-days: 1 - - cli-ftd: - runs-on: ubuntu-24.04 - env: - CFLAGS: -m32 - CXXFLAGS: -m32 - LDFLAGS: -m32 - COVERAGE: 1 - REFERENCE_DEVICE: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build g++-multilib - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: cli-ftd-thread-cert - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-cli-ftd - path: tmp/coverage.info - retention-days: 1 - - cli-mtd: - name: cli-mtd MESSAGE_USE_HEAP=${{ matrix.message_use_heap }} - runs-on: ubuntu-24.04 - strategy: - fail-fast: false - matrix: - message_use_heap: [0, 1] - env: - CFLAGS: -m32 - CXXFLAGS: -m32 - LDFLAGS: -m32 - COVERAGE: 1 - REFERENCE_DEVICE: 1 - THREAD_VERSION: 1.1 - USE_MTD: 1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - MESSAGE_USE_HEAP: ${{ matrix.message_use_heap }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y lcov ninja-build g++-multilib - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: cli-mtd-thread-cert - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-cli-mtd-${{ matrix.message_use_heap }} - path: tmp/coverage.info - retention-days: 1 - - cli-time-sync: - runs-on: ubuntu-24.04 - env: - CFLAGS: -m32 - CXXFLAGS: -m32 - LDFLAGS: -m32 - COVERAGE: 1 - REFERENCE_DEVICE: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib lcov ninja-build - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - OT_OPTIONS="-DOT_TIME_SYNC=ON" ./script/test build - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: cli-time-sync-thread-cert - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-cli-time-sync - path: tmp/coverage.info - retention-days: 1 - - expects: - runs-on: ubuntu-24.04 - env: - CFLAGS: -DCLI_COAP_SECURE_USE_COAP_DEFAULT_HANDLER=1 -DOPENTHREAD_CONFIG_MLE_MAX_CHILDREN=15 - CXXFLAGS: -DCLI_COAP_SECURE_USE_COAP_DEFAULT_HANDLER=1 -DOPENTHREAD_CONFIG_MLE_MAX_CHILDREN=15 - THREAD_VERSION: 1.1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov - sudo bash script/install_socat - pip install bleak 'cryptography==43.0.0' - - name: Run - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - OT_OPTIONS='-DOT_TIME_SYNC=ON -DOT_FULL_LOGS=ON -DOT_LOG_OUTPUT=PLATFORM_DEFINED' VIRTUAL_TIME=0 ./script/test build expect - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED_CLI=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() && env.CRASHED_CLI == '1' }} - with: - name: core-expect-cli - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-expects - path: tmp/coverage.info - retention-days: 1 - - ot-commissioner: - runs-on: ubuntu-24.04 - env: - THREAD_VERSION: 1.1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - sudo apt-get update - sudo apt-get install -y avahi-daemon avahi-utils lcov - script/git-tool clone https://github.com/openthread/ot-commissioner.git /tmp/ot-commissioner --depth 1 --branch main - - name: Build - run: | - cd /tmp/ot-commissioner - script/bootstrap.sh - cmake -GNinja \ - -DCMAKE_POLICY_VERSION_MINIMUM=3.5 \ - -DCMAKE_CXX_STANDARD=11 \ - -DCMAKE_CXX_STANDARD_REQUIRED=ON \ - -DCMAKE_BUILD_TYPE=Release \ - -DCMAKE_INSTALL_PREFIX=/usr/local \ - -DOT_COMM_COVERAGE=ON \ - -DOT_COMM_CCM=OFF \ - -S . -B build - cmake --build build - sudo cmake --install build - - name: Run - run: | - export OT_COMM_OPENTHREAD="$(pwd)" - cd /tmp/ot-commissioner/tests/integration - ./bootstrap.sh - ./run_tests.sh - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-ot-commissioner - path: tmp/coverage.info - retention-days: 1 - - multiple-instance: - runs-on: ubuntu-24.04 - env: - COVERAGE: 1 - THREAD_VERSION: 1.1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - CXXFLAGS: "-DOPENTHREAD_CONFIG_LOG_PREPEND_UPTIME=0" - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov ninja-build - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - OT_OPTIONS="-DOT_MULTIPLE_INSTANCE=ON" ./script/test build - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: ot_testing - path: build/simulation/tests/scripts/thread-cert - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-multiple-instance - path: tmp/coverage.info - retention-days: 1 - - simulation-local-host: - runs-on: ubuntu-24.04 - env: - COVERAGE: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov - - name: Run - run: | - ./script/check-simulation-local-host - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-simulation-local-host - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - packet-verification - - cli-ftd - - cli-mtd - - cli-time-sync - - expects - - ot-commissioner - - multiple-instance - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/simulation-1.4.yml b/.github/workflows/simulation-1.4.yml deleted file mode 100644 index 862e0b9dd8a..00000000000 --- a/.github/workflows/simulation-1.4.yml +++ /dev/null @@ -1,456 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Simulation 1.4 - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - thread-1-4: - name: thread-1-4-${{ matrix.compiler.c }}-${{ matrix.arch }} - runs-on: ubuntu-22.04 - env: - CFLAGS: -${{ matrix.arch }} - CXXFLAGS: -${{ matrix.arch }} - LDFLAGS: -${{ matrix.arch }} - COVERAGE: 1 - THREAD_VERSION: 1.4 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - INTER_OP: 1 - INTER_OP_BBR: 1 - CC: ${{ matrix.compiler.c }} - CXX: ${{ matrix.compiler.cxx }} - strategy: - fail-fast: false - matrix: - compiler: [{c: "gcc", cxx: "g++", gcov: "gcc"}, { c: "clang", cxx: "clang++", gcov: "llvm"}] - arch: ["m32", "m64"] - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo dpkg --add-architecture i386 - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build llvm lcov - sudo apt-get --no-install-recommends install -y g++-multilib libreadline-dev:i386 libncurses-dev:i386 - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Run - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - ./script/test unit - ./script/test cert_suite tests/scripts/thread-cert/v1_2_* - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: thread-1-4-${{ matrix.compiler.c }}-${{ matrix.arch }}-pcaps - path: "*.pcap" - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() && env.CRASHED == '1' }} - with: - name: core-packet-verification-thread-1-4 - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage "${{ matrix.compiler.gcov }}" - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-thread-1-4-${{ matrix.compiler.c }}-${{ matrix.arch }} - path: tmp/coverage.info - retention-days: 1 - - packet-verification-low-power: - runs-on: ubuntu-24.04 - env: - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - COVERAGE: 1 - PACKET_VERIFICATION: 1 - THREAD_VERSION: 1.4 - MAC_FILTER: 1 - INTER_OP: 1 - INTER_OP_BBR: 0 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Build with OT_CSL_RECEIVER_LOCAL_TIME_SYNC - run: | - OT_BUILDDIR="${PWD}/build_csl_receiver_local_time_sync" OT_OPTIONS="-DOT_CSL_RECEIVER_LOCAL_TIME_SYNC=ON" ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - for i in {1..10} - do - ./script/test cert_suite ./tests/scripts/thread-cert/v1_2_LowPower*.py - done - - name: Run with OT_CSL_RECEIVER_LOCAL_TIME_SYNC - run: | - OT_BUILDDIR="${PWD}/build_csl_receiver_local_time_sync" ./script/test cert_suite ./tests/scripts/thread-cert/v1_2_LowPower*.py - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: packet-verification-low-power-pcaps - path: | - *.pcap - *.json - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() && env.CRASHED == '1' }} - with: - name: core-packet-verification-low-power - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-packet-verification-low-power - path: tmp/coverage.info - retention-days: 1 - - packet-verification-1-1-on-1-4: - runs-on: ubuntu-24.04 - env: - REFERENCE_DEVICE: 1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - PACKET_VERIFICATION: 1 - THREAD_VERSION: 1.4 - INTER_OP_BBR: 1 - MULTIPLY: 3 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Get Thread-Wireshark - run: | - ./script/test get_thread_wireshark - - name: Run - run: | - ./script/test cert_suite ./tests/scripts/thread-cert/Cert_*.py ./tests/scripts/thread-cert/test_*.py - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: packet-verification-1.1-on-1.4-pcaps - path: | - *.pcap - *.json - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-packet-verification-1-1-on-1-4 - path: tmp/coverage.info - retention-days: 1 - - channel-manager-csl: - runs-on: ubuntu-24.04 - env: - CFLAGS: -m32 - CXXFLAGS: -m32 - LDFLAGS: -m32 - COVERAGE: 1 - THREAD_VERSION: 1.4 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y g++-multilib lcov ninja-build - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - OT_OPTIONS="-DOT_CHANNEL_MANAGER_CSL=ON" ./script/test build - - name: Run - run: | - ulimit -c unlimited - ./script/test cert_suite ./tests/scripts/thread-cert/addon_test_channel_manager_autocsl*.py - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: channel-manager-csl - path: ot_testing - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-channel-manager-csl - path: tmp/coverage.info - retention-days: 1 - - expects: - runs-on: ubuntu-24.04 - env: - COVERAGE: 1 - THREAD_VERSION: 1.4 - VIRTUAL_TIME: 0 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y expect ninja-build lcov - sudo bash script/install_socat - pip install bleak 'cryptography==43.0.0' - - name: Run RCP Mode - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - OT_OPTIONS=-DOT_READLINE=OFF OT_NODE_TYPE=rcp ./script/test build expect - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() && env.CRASHED == '1' }} - with: - name: core-expect-1-4 - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-expects - path: tmp/coverage.info - retention-days: 1 - - thread-1-4-posix: - runs-on: ubuntu-22.04 - env: - COVERAGE: 1 - PYTHONUNBUFFERED: 1 - READLINE: readline - THREAD_VERSION: 1.4 - OT_NODE_TYPE: rcp - USE_MTD: 1 - VIRTUAL_TIME: 1 - OT_VT_USE_UNIX_SOCKET: 1 - INTER_OP: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y libreadline6-dev ninja-build llvm lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build - run: | - ./script/test build - - name: Run - run: | - ulimit -c unlimited - ./script/test prepare_coredump_upload - ./script/test cert tests/scripts/thread-cert/v1_2_LowPower_5_3_01_SSEDAttachment.py - ./script/test cert tests/scripts/thread-cert/v1_2_LowPower_6_1_07_PreferringARouterOverAReed.py - ./script/test cert tests/scripts/thread-cert/v1_2_router_5_1_1.py - ./script/test cert tests/scripts/thread-cert/v1_2_test_csl_transmission.py - ./script/test cert tests/scripts/thread-cert/v1_2_test_enhanced_frame_pending.py - ./script/test cert tests/scripts/thread-cert/v1_2_test_parent_selection.py - - name: Check Crash - if: ${{ failure() }} - run: | - CRASHED=$(./script/test check_crash | tail -1) - [[ $CRASHED -eq "1" ]] && echo "Crashed!" || echo "Not crashed." - echo "CRASHED=$CRASHED" >> $GITHUB_ENV - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() }} - with: - name: thread-1-4-posix-pcaps - path: "*.pcap" - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: ${{ failure() && env.CRASHED == '1' }} - with: - name: core-thread-1-4-posix - path: | - ./ot-core-dump/* - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-thread-1-4-posix - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: - - thread-1-4 - - packet-verification-low-power - - packet-verification-1-1-on-1-4 - - expects - - thread-1-4-posix - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/toranj.yml b/.github/workflows/toranj.yml deleted file mode 100644 index b29d4fcc6f6..00000000000 --- a/.github/workflows/toranj.yml +++ /dev/null @@ -1,249 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Toranj - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: - contents: read - -jobs: - - toranj-ncp: - name: toranj-ncp-${{ matrix.TORANJ_RADIO }} - runs-on: ubuntu-22.04 - strategy: - fail-fast: false - matrix: - TORANJ_RADIO: ['15.4'] - env: - COVERAGE: 1 - TORANJ_RADIO : ${{ matrix.TORANJ_RADIO }} - TORANJ_NCP : 1 - TORANJ_EVENT_NAME: ${{ github.event_name }} - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build & Run - run: | - top_builddir=$(pwd)/build/toranj ./tests/toranj/start.sh - - - toranj-cli: - name: toranj-cli-${{ matrix.TORANJ_RADIO }} - runs-on: ubuntu-24.04 - strategy: - matrix: - TORANJ_RADIO: ['15.4', 'trel', 'multi'] - env: - COVERAGE: 1 - TORANJ_RADIO : ${{ matrix.TORANJ_RADIO }} - TORANJ_CLI: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - python3 -m pip install -r tests/scripts/thread-cert/requirements.txt - - name: Build & Run - run: | - top_builddir=$(pwd)/build/toranj ./tests/toranj/start.sh - - name: Generate Coverage - if: "matrix.TORANJ_RADIO != 'multi'" - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - if: "matrix.TORANJ_RADIO != 'multi'" - with: - name: cov-toranj-cli-${{ matrix.TORANJ_RADIO }} - path: tmp/coverage.info - retention-days: 1 - - toranj-unittest: - name: toranj-unittest - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - uses: actions/setup-python@a26af69be951a213d495a4c3e4e4022e16d87065 # v5.6.0 - with: - python-version: '3.12' - cache: pip - - name: Bootstrap - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build - - name: Build & Run - run: | - ./tests/toranj/build.sh all - ninja test - # Validate posix builds with different radio configs - git clean -dfx - ./tests/toranj/build.sh ncp-15.4 - git clean -dfx - ./tests/toranj/build.sh ncp-trel - git clean -dfx - ./tests/toranj/build.sh ncp-15.4+trel - git clean -dfx - ./tests/toranj/build.sh posix-15.4 - git clean -dfx - ./tests/toranj/build.sh posix-15.4+trel - git clean -dfx - ./tests/toranj/build.sh posix-trel - git clean -dfx - ./tests/toranj/build.sh --enable-plat-key-ref all - - toranj-macos: - name: toranj-macos - runs-on: macos-14 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - brew update - brew install ninja - - name: Build & Run - run: | - ./tests/toranj/build.sh posix-15.4 - - nexus: - name: nexus - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - env: - PR_BODY: "${{ github.event.pull_request.body }}" - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov - - name: Build & Run - run: | - ./tests/nexus/build.sh - ninja test - git clean -dfx - ./tests/nexus/build.sh trel - ./tests/nexus/nexus_trel - - upload-coverage: - needs: - - toranj-cli - runs-on: ubuntu-22.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/unit.yml b/.github/workflows/unit.yml deleted file mode 100644 index c0f6ebb1c72..00000000000 --- a/.github/workflows/unit.yml +++ /dev/null @@ -1,136 +0,0 @@ -# -# Copyright (c) 2023, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: Unit - -on: - push: - branches-ignore: - - 'dependabot/**' - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - - tcplp-buffering: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Build - run: make -C third_party/tcplp/lib/test/ - - name: Run - run: third_party/tcplp/lib/test/test_all - - unit-tests: - runs-on: ubuntu-22.04 - env: - COVERAGE: 1 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get update - sudo apt-get --no-install-recommends install -y ninja-build lcov libgtest-dev libgmock-dev - - name: Build Simulation - run: ./script/cmake-build simulation -DOT_BUILD_GTEST=ON -DOT_BORDER_ROUTING=ON -DOT_BORDER_ROUTING_DHCP6_PD=ON - - name: Test Simulation - run: cd build/simulation && ninja test - - name: Build Multipan Simulation - run: ./script/cmake-build simulation -DOT_BUILD_GTEST=ON -DOT_MULTIPAN_TEST=ON - - name: Test Multipan Simulation - run: cd build/simulation && ninja test - - name: Build NCP Simulation - run: ./script/cmake-build simulation -DOT_BUILD_GTEST=OFF -DOT_MTD=OFF -DOT_RCP=OFF -DOT_APP_CLI=OFF -DOT_APP_RCP=OFF \ - -DOT_BORDER_ROUTING=ON -DOT_NCP_INFRA_IF=ON -DOT_SRP_SERVER=ON -DOT_NCP_DNSSD=ON -DOT_PLATFORM_DNSSD=ON -DOT_NCP_CLI_STREAM=ON - - name: Test NCP Simulation - run: cd build/simulation && ninja test - - name: Build POSIX - run: ./script/cmake-build posix - - name: Test POSIX - run: cd build/posix && ninja test - - name: Generate Coverage - run: | - ./script/test generate_coverage gcc - - uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2 - with: - name: cov-unit-tests - path: tmp/coverage.info - retention-days: 1 - - upload-coverage: - needs: unit-tests - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Bootstrap - run: | - sudo apt-get --no-install-recommends install -y lcov - - uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8 - with: - path: coverage/ - pattern: cov-* - merge-multiple: true - - name: Combine Coverage - run: | - script/test combine_coverage - - name: Upload Coverage - uses: codecov/codecov-action@18283e04ce6e62d37312384ff67231eb8fd56d24 # v5.4.3 - env: - CODECOV_TOKEN: ${{ secrets.CODECOV_TOKEN }} - with: - files: final.info - fail_ci_if_error: true diff --git a/.github/workflows/version.yml b/.github/workflows/version.yml deleted file mode 100644 index 7b1be0644fd..00000000000 --- a/.github/workflows/version.yml +++ /dev/null @@ -1,57 +0,0 @@ -# -# Copyright (c) 2020, The OpenThread Authors. -# All rights reserved. -# -# Redistribution and use in source and binary forms, with or without -# modification, are permitted provided that the following conditions are met: -# 1. Redistributions of source code must retain the above copyright -# notice, this list of conditions and the following disclaimer. -# 2. Redistributions in binary form must reproduce the above copyright -# notice, this list of conditions and the following disclaimer in the -# documentation and/or other materials provided with the distribution. -# 3. Neither the name of the copyright holder nor the -# names of its contributors may be used to endorse or promote products -# derived from this software without specific prior written permission. -# -# THIS SOFTWARE IS PROVIDED BY THE COPYRIGHT HOLDERS AND CONTRIBUTORS "AS IS" -# AND ANY EXPRESS OR IMPLIED WARRANTIES, INCLUDING, BUT NOT LIMITED TO, THE -# IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE -# ARE DISCLAIMED. IN NO EVENT SHALL THE COPYRIGHT HOLDER OR CONTRIBUTORS BE -# LIABLE FOR ANY DIRECT, INDIRECT, INCIDENTAL, SPECIAL, EXEMPLARY, OR -# CONSEQUENTIAL DAMAGES (INCLUDING, BUT NOT LIMITED TO, PROCUREMENT OF -# SUBSTITUTE GOODS OR SERVICES; LOSS OF USE, DATA, OR PROFITS; OR BUSINESS -# INTERRUPTION) HOWEVER CAUSED AND ON ANY THEORY OF LIABILITY, WHETHER IN -# CONTRACT, STRICT LIABILITY, OR TORT (INCLUDING NEGLIGENCE OR OTHERWISE) -# ARISING IN ANY WAY OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE -# POSSIBILITY OF SUCH DAMAGE. -# - -name: API Version - -on: - pull_request: - branches: - - 'main' - -concurrency: - group: ${{ github.workflow }}-${{ github.event.pull_request.number || (github.repository == 'openthread/openthread' && github.run_id) || github.ref }} - cancel-in-progress: true - -permissions: # added using https://github.com/step-security/secure-workflows - contents: read - -jobs: - api-version: - runs-on: ubuntu-24.04 - steps: - - name: Harden Runner - uses: step-security/harden-runner@0634a2670c59f64b4a01f0f96f84700a4088b9f0 # v2.12.0 - with: - egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs - - - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 - with: - submodules: true - - name: Check - run: | - script/check-api-version diff --git a/src/core/thread/mle.hpp b/src/core/thread/mle.hpp index 89bf41cfc72..9351e045597 100644 --- a/src/core/thread/mle.hpp +++ b/src/core/thread/mle.hpp @@ -2298,6 +2298,7 @@ class Mle : public InstanceLocator, private NonCopyable RouterRoleRestorer mRouterRoleRestorer; RouterRoleTransition mRouterRoleTransition; Ip6::Netif::UnicastAddress mLeaderAloc; + char mUnused[100]; #if OPENTHREAD_CONFIG_MLE_DEVICE_PROPERTY_LEADER_WEIGHT_ENABLE DeviceProperties mDeviceProperties; #endif