CI-CD Updates (#180)

* Use new version of CI-CD Actions,  checkout@v3 instead of checkout@v2 on all jobs
* Use cSpell spell check, and use ubuntu-20.04 for formatting check
* Add in bot formatting action

Author: Skptak

.github/.cSpellWords.txt

@@ -0,0 +1,85 @@
+ABEF
+AESCMAC
+AESNI
+BBOOL
+Bgkqhki
+Bhargavan
+CBMC
+CBOR
+CMAC
+CMOCK
+CMock
+CSRS
+Chth
+Cmock
+Coverity
+DNDEBUG
+DSYSTEM
+DUNIT
+DUNITY
+Drbg
+ECKEY
+FAAOCAQE
+Fithb
+Gaëtan
+Gcbs
+HAVEGE
+HKDF
+JITP
+JITR
+Karthikeyan
+LPDWORD
+LPWORD
+MBED
+MBEDTLSSL
+MISRA
+MQTT
+Merkle
+Misra
+NISTP
+OPTIM
+Optiga
+PAKE
+RCVT
+RSAES
+RSASSA
+SCSV
+SECP
+SSLV
+UDBL
+Wunused
+XTEA
+ZEROIZE
+abcdefghbcdefghicdefghijdefghijkefghijklfghijklmghijklmnhijklmnoijklmnopjklmnopqklmnopqrlmnopqrsmnopqrstnopqrstu
+aesni
+cbmc
+cbor
+cmac
+cmock
+coverity
+ctest
+dgst
+ecdh
+ecjpake
+ggdb
+havege
+hkdf
+lcov
+mbed
+mbedcrypto
+misra
+osal
+pcertificate
+pkparse
+pkwrite
+ppublic
+ppuc
+scsv
+sinclude
+unhashed
+utest
+xfindobjectwithlabelandclass
+xgetslotlist
+xinitializepkcs
+xtea
+zeroize

CONTRIBUTING.md renamed to .github/CONTRIBUTING.md

@@ -56,6 +56,6 @@ If you discover a potential security issue in this project we ask that you notif
 
 ## Licensing
 
-See the [LICENSE](LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
+See the [LICENSE](../LICENSE) file for our project's licensing. We will ask you to confirm the licensing of your contribution.
 
 We may ask you to sign a [Contributor License Agreement (CLA)](http://en.wikipedia.org/wiki/Contributor_License_Agreement) for larger changes.

.github/workflows/ci.yml

@@ -1,5 +1,11 @@
 name: CI Checks
 
+env:
+  bashPass: \033[32;1mPASSED -
+  bashInfo: \033[33;1mINFO -
+  bashFail: \033[31;1mFAILED -
+  bashEnd:  \033[0m
+
 on:
   push:
     branches: ["**"]
@@ -24,25 +30,30 @@ jobs:
           -DUNIT_TESTS=0 \
           -DCMAKE_C_FLAGS="${CFLAGS}"
           make -C build/ all
+
       - name: Integration Tests
-        run: |
-          cd build/
-          ctest --output-on-failure | tee -a $GITHUB_STEP_SUMMARY
+        run:  ctest --test-dir build --output-on-failure | tee -a $GITHUB_STEP_SUMMARY
+
       - name: Archive Test Results
         if: success() || failure()
         uses: actions/upload-artifact@v3
         with:
-            name: system_test_results
-            path: |
-              build/Testing/Temporary/LastTest.log
+          name: system_test_results
+          path: |
+            build/Testing/Temporary/LastTest.log
 
   unit-tests-with-sanitizer:
     runs-on: ubuntu-latest
     steps:
       - name: Clone This Repo
         uses: actions/checkout@v3
-      - name: Build
+
+      - env:
+          stepName: Build corePKCS11 Sanitizer Unit Tests
         run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
           CFLAGS="-Wall -Wextra -DNDEBUG"
           CFLAGS+=" -fsanitize=address,undefined"
           cmake -S test -B build/ \
@@ -52,18 +63,25 @@ jobs:
           -DSYSTEM_TESTS=0 \
           -DCMAKE_C_FLAGS="${CFLAGS}"
           make -C build/ all
-      - name: Unit Tests
-        run: |
-          cd build/
-          ctest --output-on-failure | tee -a $GITHUB_STEP_SUMMARY
+          echo "::endgroup::"
+
+          echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}"
+
+      - name: Run Unit Tests
+        run: ctest --test-dir build --output-on-failure | tee -a $GITHUB_STEP_SUMMARY
 
   unit-tests:
     runs-on: ubuntu-latest
     steps:
       - name: Clone This Repo
         uses: actions/checkout@v3
-      - name: Build
+
+      - env:
+          stepName: Build corePKCS11 Unit Tests
         run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
           sudo apt-get install -y lcov
           CFLAGS="--coverage -Wall -Wextra -DNDEBUG"
           cmake -S test -B build/ \
@@ -73,30 +91,41 @@ jobs:
           -DSYSTEM_TESTS=0 \
           -DCMAKE_C_FLAGS="${CFLAGS}"
           make -C build/ all
+          echo "::endgroup::"
+
+          echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}"
+
       - name: Run Unit Tests
+        run: ctest --test-dir build --output-on-failure | tee -a $GITHUB_STEP_SUMMARY
+
+      - env:
+          stepName: Line and Branch Coverage Build
         run: |
-          cd build/
-          ctest --output-on-failure | tee -a $GITHUB_STEP_SUMMARY
-          cd ..
-      - name: Run and Collect Coverage
-        if: success() || failure()
-        run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} Build Coverage Target ${{ env.bashEnd }}"
+
+          # Build the coverage target
           make -C build/ coverage
-          lcov --rc lcov_branch_coverage=1 --remove build/coverage.info '*test*' --output-file build/coverage.info
-          lcov --rc lcov_branch_coverage=1 --remove build/coverage.info '*CMakeCCompilerId*' --output-file build/coverage.info
-          lcov --rc lcov_branch_coverage=1 --remove build/coverage.info '*mocks*' --output-file build/coverage.info
+
+          # Generate coverage report, excluding extra directories
+          lcov --rc lcov_branch_coverage=1 -r build/coverage.info -o build/coverage.info '*test*' '*CMakeCCompilerId*' '*mocks*'
+          echo "::endgroup::"
+
           lcov --list build/coverage.info
+          echo -e "${{ env.bashPass }} ${{env.stepName}} ${{ env.bashEnd }}"
+
       - name: Archive Test Results
         if: success() || failure()
         uses: actions/upload-artifact@v3
         with:
-            name: unit_test_results
-            path: |
-              build/utest_report.txt
-              build/*_out.txt
-              build/coverage.info
-              build/report.xml
-              build/Testing/Temporary/LastTest.log
+          name: unit_test_results
+          path: |
+            build/utest_report.txt
+            build/*_out.txt
+            build/coverage.info
+            build/report.xml
+            build/Testing/Temporary/LastTest.log
+
       - name: Upload coverage data to Codecov
         if: success()
         uses: codecov/codecov-action@v3
@@ -106,7 +135,6 @@ jobs:
           fail_ci_if_error: false
           verbose: false
 
-
   complexity:
     runs-on: ubuntu-latest
     steps:
@@ -129,34 +157,12 @@ jobs:
   spell-check:
     runs-on: ubuntu-latest
     steps:
-      - name: Checkout Parent Repo
-        uses: actions/checkout@v3
-        with:
-          ref: main
-          repository: aws/aws-iot-device-sdk-embedded-C
-      - run: rm -r libraries/standard/corePKCS11
       - name: Clone This Repo
         uses: actions/checkout@v3
+      - name: Run spellings check
+        uses: FreeRTOS/CI-CD-Github-Actions/spellings@main
         with:
-          path: libraries/standard/corePKCS11
-      - name: Install spell
-        run: |
-          sudo apt-get install spell
-          sudo apt-get install util-linux
-      - name: Check spelling
-        run: |
-          PATH=$PATH:$PWD/tools/spell
-          # Modifies `find` command used in spell checker to ignore the test and dependency directory
-          # The command looks like this `extract-comments `find $DIRNAME -name \*.[ch]` should the line change and the sed command will
-          # append "-not path {val added below}" for each of the directories mentioned.
-          # https://github.com/aws/aws-iot-device-sdk-embedded-C/blob/ad28ed355df4f82b77f48028e24bd6fc9e63bc54/tools/spell/find-unknown-comment-words#L86
-          sed -i 's/find $DIRNAME/find $DIRNAME -not -path '*test*' -not -path '*dependency*'/g' tools/spell/find-unknown-comment-words
-          find-unknown-comment-words --directory libraries/standard/corePKCS11
-          if [ "$?" = "0" ]; then
-            exit 0
-          else
-            exit 1
-          fi
+          path: ./
 
   formatting:
     runs-on: ubuntu-20.04
@@ -172,16 +178,24 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - uses: actions/checkout@v3
-      - name: Setup Python for link verifier action
-        uses: actions/setup-python@v4
-        with:
-          python-version: '3.11.0'
       - name: Check Links
-        uses: FreeRTOS/CI-CD-GitHub-Actions/link-verifier@main
+        uses: FreeRTOS/CI-CD-Github-Actions/link-verifier@main
+        with:
+          path: ./
+
+  verify-manifest:
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@v3
+        with:
+          submodules: true
+          fetch-depth: 0
+
+      - name: Run manifest verifier
+        uses: FreeRTOS/CI-CD-GitHub-Actions/manifest-verifier@main
         with:
           path: ./
-          exclude-dirs: cbmc
-          include-file-types: .c,.h,.dox
+          fail-on-incorrect-version: true
 
   git-secrets:
     runs-on: ubuntu-latest
@@ -215,14 +229,15 @@ jobs:
       - name: Install Python3
         uses: actions/setup-python@v4
         with:
-          python-version: '3.11.0'
+          python-version: "3.11.0"
       - name: Measure sizes
         uses: FreeRTOS/CI-CD-Github-Actions/memory_statistics@main
         with:
-            config: .github/memory_statistics_config.json
-            check_against: docs/doxygen/include/size_table.md
+          config: .github/memory_statistics_config.json
+          check_against: docs/doxygen/include/size_table.md
 
   proof_ci:
+    if: ${{ github.event.pull_request }}
     runs-on: cbmc_ubuntu-latest_16-core
     steps:
       - name: Set up CBMC runner

.github/workflows/formatting.yml

@@ -0,0 +1,23 @@
+name: Format Pull Request Files
+
+on:
+  issue_comment:
+    types: [created]
+
+env:
+  bashPass: \033[32;1mPASSED -
+  bashInfo: \033[33;1mINFO -
+  bashFail: \033[31;1mFAILED -
+  bashEnd:  \033[0m
+
+jobs:
+  Formatting:
+    name: Run Formatting Check
+    if: ${{ github.event.issue.pull_request }} &&
+        ( ( github.event.comment.body == '/bot run uncrustify' ) ||
+          ( github.event.comment.body == '/bot run formatting' ) )
+    runs-on: ubuntu-20.04
+    steps:
+    - name: Apply Formatting Fix
+      uses: FreeRTOS/CI-CD-Github-Actions/formatting-bot@main
+      id: check-formatting

.github/workflows/release.yml

@@ -16,7 +16,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           ref: ${{ github.event.inputs.commit_id }}
       - name: Configure git identity
@@ -53,7 +53,7 @@ jobs:
       - name: Install ZIP tools
         run: sudo apt-get install zip unzip
       - name: Checkout code
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           ref: ${{ github.event.inputs.commit_id }}
           path: corePKCS11

MISRA.md

@@ -26,17 +26,17 @@ _Ref 10.5.1_
 _Ref 11.1.1_
 
 - MISRA C-2012 Rule 11.1 Doesn't allow conversions between function pointers and any other type
-    However, since we're just using this to supress the compiler warning, we're also fine with
-    supressing the MISRA violation related to this line as well.
+    However, since we're just using this to suppress the compiler warning, we're also fine with
+    suppressing the MISRA violation related to this line as well.
 
 
 #### Rule 12.1
 
 _Ref 12.1.1_
 
-- MISRA C-2012 Rule 12.1 Requires precendence of operators within an expression to be explicit.
+- MISRA C-2012 Rule 12.1 Requires precedence of operators within an expression to be explicit.
     The third party macro being used here throws a violation when used. Adding additional parens to the
-    call or to the decleration doesn't remove the violation, so we supress it.
+    call or to the decleration doesn't remove the violation, so we suppress it.
 
 #### Rule 11.5