Merge branch 'master' into rjosefsen/soil-measurement-server-impl

Author: ReneJosefsen

.github/actions/perform-codeql-analysis/action.yaml

@@ -8,7 +8,7 @@ runs:
   using: "composite"
   steps:
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:${{ inputs.language }}"
         upload: False
@@ -19,11 +19,18 @@ runs:
         patterns: |
           -**/third_party/**
           -**/scripts/**
+          -**/tests/**
+
+        # Disabling checks that are not too important, and that result in many hundreds of alerts due to generated code
+        # Disable checks: No trivial switch statements
+          -**/*.cpp:cpp/trivial-switch
+        # Disable check: Empty branch of conditional
+          -**/*.cpp:cpp/empty-block
         input: "sarif-results/${{ inputs.language }}.sarif"
         output: "sarif-results/${{ inputs.language }}.sarif"
 
     - name: Upload SARIF
-      uses: github/codeql-action/upload-sarif@v2
+      uses: github/codeql-action/upload-sarif@v3
       with:
         sarif_file: "sarif-results/${{ inputs.language }}.sarif"
     - name: Upload loc as a Build Artifact

.github/workflows/build.yaml

@@ -75,27 +75,49 @@ jobs:
               uses: github/codeql-action/init@v3
               with:
                   languages: "cpp"
+                  queries: security-extended, security-and-quality
             - name: Setup Build
               run: scripts/build/gn_gen.sh --args="chip_config_memory_debug_checks=true chip_config_memory_debug_dmalloc=false"
             - name: Run Build
               run: scripts/run_in_build_env.sh "ninja -C ./out"
             - name: Run Tests
               run: scripts/tests/gn_tests.sh
+            - name: Clean out build output
+              run: rm -rf ./out
+
+            # Do not run below steps with CodeQL since we are getting "Out of runner space issues" with CodeQL and their added coverage is limited
             - name: Set up Build Without Detail Logging
+              if: inputs.run-codeql != true
               run: scripts/build/gn_gen.sh --args="chip_detail_logging=false"
             - name: Run Build Without Detail Logging
+              if: inputs.run-codeql != true
               run: scripts/run_in_build_env.sh "ninja -C ./out"
+            - name: Cleanout build output
+              if: inputs.run-codeql != true
+              run: rm -rf ./out
             - name: Set up Build Without Progress Logging
+              if: inputs.run-codeql != true
               run: scripts/build/gn_gen.sh --args="chip_detail_logging=false chip_progress_logging=false"
             - name: Run Build Without Progress Logging
+              if: inputs.run-codeql != true
               run: scripts/run_in_build_env.sh "ninja -C ./out"
+            - name: Clean out build output
+              if: inputs.run-codeql != true
+              run: rm -rf ./out
             - name: Set up Build Without Error Logging
+              if: inputs.run-codeql != true
               run: scripts/build/gn_gen.sh --args="chip_detail_logging=false chip_progress_logging=false chip_error_logging=false"
             - name: Run Build Without Error Logging
+              if: inputs.run-codeql != true
               run: scripts/run_in_build_env.sh "ninja -C ./out"
+            - name: Clean out build output
+              if: inputs.run-codeql != true
+              run: rm -rf ./out
             - name: Set up Build Without Logging
+              if: inputs.run-codeql != true
               run: scripts/build/gn_gen.sh --args="chip_logging=false"
             - name: Run Build Without Logging
+              if: inputs.run-codeql != true
               run: scripts/run_in_build_env.sh "ninja -C ./out"
             - name: Uploading core files
               uses: actions/upload-artifact@v4
@@ -128,7 +150,7 @@ jobs:
         name: Build on Linux (fake, gcc_release, clang, simulated)
 
         runs-on: ubuntu-latest
-        if: github.actor != 'restyled-io[bot]'
+        if: github.actor != 'restyled-io[bot]' && inputs.run-codeql != true
 
         container:
             image: ghcr.io/project-chip/chip-build:125
@@ -161,11 +183,13 @@ jobs:
               uses: ./.github/actions/checkout-submodules-and-bootstrap
               with:
                 platform: linux
-            - name: Initialize CodeQL
-              if: ${{ inputs.run-codeql  }}
-              uses: github/codeql-action/init@v3
-              with:
-                  languages: "cpp"
+            # CodeQL + this job is consistently failing (in the step "Run Tests with sanitizers")
+            # deactivate until a better workaround is found
+            # - name: Initialize CodeQL
+            #   if: ${{ inputs.run-codeql  }}
+            #   uses: github/codeql-action/init@v3
+            #   with:
+            #       languages: "cpp"
             - name: Setup and Build Simulated Device
               run: |
                   BUILD_TYPE=simulated
@@ -270,11 +294,13 @@ jobs:
               run: |
                   ./scripts/run_in_build_env.sh \
                     "./scripts/build/build_examples.py --target linux-fake-tests build"
-            - name: Perform CodeQL Analysis
-              if: ${{ inputs.run-codeql  }}
-              uses: ./.github/actions/perform-codeql-analysis
-              with:
-                language: cpp
+            # CodeQL + this job is consistently failing (in the step "Run Tests with sanitizers")
+            # deactivate until a better solution is found
+            # - name: Perform CodeQL Analysis
+            #   if: ${{ inputs.run-codeql  }}
+            #   uses: ./.github/actions/perform-codeql-analysis
+            #   with:
+            #     language: cpp
 
             - name: Uploading core files
               uses: actions/upload-artifact@v4
@@ -302,7 +328,7 @@ jobs:
         name: Build on Linux (python_lib)
 
         runs-on: ubuntu-latest
-        if: github.actor != 'restyled-io[bot]'
+        if: github.actor != 'restyled-io[bot]' && inputs.run-codeql != true
 
         container:
             image: ghcr.io/project-chip/chip-build:125
@@ -367,7 +393,7 @@ jobs:
         name: Build on Linux (python lighting-app)
 
         runs-on: ubuntu-latest
-        if: github.actor != 'restyled-io[bot]'
+        if: github.actor != 'restyled-io[bot]' && inputs.run-codeql != true
 
         container:
             image: ghcr.io/project-chip/chip-build:125
@@ -400,7 +426,7 @@ jobs:
     build_darwin:
         name: Build on Darwin (clang, simulated)
         runs-on: macos-13
-        if: github.actor != 'restyled-io[bot]'
+        if: github.actor != 'restyled-io[bot]'  && inputs.run-codeql != true
 
         steps:
             - name: Checkout
@@ -415,11 +441,12 @@ jobs:
             - name: Try to ensure the directory for diagnostic log collection exists
               run: |
                   mkdir -p ~/Library/Logs/DiagnosticReports || true
-            - name: Initialize CodeQL
-              if: ${{ inputs.run-codeql  }}
-              uses: github/codeql-action/init@v3
-              with:
-                  languages: "cpp"
+            #  Build on Darwin + CodeQL often takes 6 hours (which is more than the maximum allowed by GitHub Runners), Deactivate it until we can investigate this
+            # - name: Initialize CodeQL
+            #   if: ${{ inputs.run-codeql  }}
+            #   uses: github/codeql-action/init@v3
+            #   with:
+            #       languages: "cpp"
 
             - name: Setup and Build Simulated Device
               run: |
@@ -473,11 +500,12 @@ jobs:
                   name: crash-log-darwin
                   path: ~/Library/Logs/DiagnosticReports/
 
-            - name: Perform CodeQL Analysis
-              if: ${{ inputs.run-codeql  }}
-              uses: ./.github/actions/perform-codeql-analysis
-              with:
-                language: cpp
+            #  Build on Darwin + CodeQL often takes 6 hours (which is more than the maximum allowed by GitHub Runners), Deactivate it until we can investigate this
+            # - name: Perform CodeQL Analysis
+            #   if: ${{ inputs.run-codeql  }}
+            #   uses: ./.github/actions/perform-codeql-analysis
+            #   with:
+            #     language: cpp
 
             # TODO Log Upload https://github.com/project-chip/connectedhomeip/issues/2227
             # TODO https://github.com/project-chip/connectedhomeip/issues/1512
@@ -488,7 +516,7 @@ jobs:
         env:
             TSAN_OPTIONS: "halt_on_error=1 suppressions=scripts/tests/chiptest/tsan-linux-suppressions.txt"
 
-        if: github.actor != 'restyled-io[bot]'
+        if: github.actor != 'restyled-io[bot]' && inputs.run-codeql != true
         runs-on: ubuntu-latest
 
         container:

.github/workflows/examples-esp32.yaml

@@ -117,7 +117,7 @@ jobs:
               run: scripts/examples/esp_example.sh lighting-app sdkconfig.defaults esp32h2
 
             - name: Build example Lighting App (Target:ESP32C6)
-              run: scripts/examples/esp_example.sh lighting-app sdkconfig.defaults esp32c6
+              run: scripts/examples/esp_example.sh lighting-app sdkconfig.wifi_thread.defaults esp32c6
 
             - name: Uploading Size Reports
               uses: ./.github/actions/upload-size-reports

.github/workflows/tests.yaml

@@ -501,6 +501,7 @@ jobs:
                   ./scripts/run_in_build_env.sh \
                    "./scripts/build/build_examples.py \
                       --target linux-x64-all-clusters-ipv6only-no-ble-no-wifi-tsan-clang-test \
+                      --target linux-x64-bridge-ipv6only-no-ble-no-wifi-tsan-clang-test \
                       --target linux-x64-lock-ipv6only-no-ble-no-wifi-tsan-clang-test \
                       --target linux-x64-lit-icd-ipv6only-no-ble-no-wifi-tsan-clang-test \
                       --target linux-x64-air-purifier-ipv6only-no-ble-no-wifi-tsan-clang-test \
@@ -523,6 +524,7 @@ jobs:
               run: |
                   echo -n "" >/tmp/test_env.yaml
                   echo "ALL_CLUSTERS_APP: out/linux-x64-all-clusters-ipv6only-no-ble-no-wifi-tsan-clang-test/chip-all-clusters-app" >> /tmp/test_env.yaml
+                  echo "BRIDGE_APP: out/linux-x64-bridge-ipv6only-no-ble-no-wifi-tsan-clang-test/chip-bridge-app" >> /tmp/test_env.yaml
                   echo "CHIP_LOCK_APP: out/linux-x64-lock-ipv6only-no-ble-no-wifi-tsan-clang-test/chip-lock-app" >> /tmp/test_env.yaml
                   echo "CAMERA_APP: out/linux-x64-camera/chip-camera-app" >> /tmp/test_env.yaml
                   echo "ENERGY_MANAGEMENT_APP: out/linux-x64-energy-management-ipv6only-no-ble-no-wifi-tsan-clang-test/chip-energy-management-app" >> /tmp/test_env.yaml