From b5688e499dbd84d506a5edf925d550621725afd9 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Thu, 11 Dec 2025 10:03:06 +0000 Subject: [PATCH 01/25] add codeql test and reverted integration_test.sh --- .../workflows/codeql-multiple-repo-scan.yml | 132 ++++++++++++++++++ integration_test.sh | 91 +++++++++++- 2 files changed, 220 insertions(+), 3 deletions(-) create mode 100644 .github/workflows/codeql-multiple-repo-scan.yml diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml new file mode 100644 index 0000000000..478833a554 --- /dev/null +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -0,0 +1,132 @@ +# ******************************************************************************* +# Copyright (c) 2025 Contributors to the Eclipse Foundation +# +# See the NOTICE file(s) distributed with this work for additional +# information regarding copyright ownership. +# +# This program and the accompanying materials are made available under the +# terms of the Apache License Version 2.0 which is available at +# https://www.apache.org/licenses/LICENSE-2.0 +# +# SPDX-License-Identifier: Apache-2.0 +# ******************************************************************************* + +name: "CodeQL - Multi-Repo Source Scan" + +on: + pull_request: + types: [opened, reopened, synchronize] + merge_group: + types: [checks_requested] + +permissions: + contents: write + +jobs: + analyze-repos: + name: Analyze Multiple Repositories + runs-on: ubuntu-latest + permissions: + contents: read + security-events: write + + steps: + - name: Checkout central repository + uses: actions/checkout@v4 + with: + path: central-repo + + - name: Parse pinned repository versions + id: parse-repos + run: | + + sudo apt-get update && sudo apt-get install -y jq + JSON_FILE="known_good.json" + + # Check if the file exists + if [ ! -f "$JSON_FILE" ]; then + echo "Fehler: Die Datei '$JSON_FILE' wurde nicht gefunden." + exit 1 + fi + + + echo "MODULE_COUNT=$(jq '.modules | length' "$JSON_FILE")" >> $GITHUB_OUTPUT + + + jq -c '.modules | to_entries[]' "$JSON_FILE" | while read -r module_entry; do + module_name=$(echo "$module_entry" | jq -r '.key') + repo_url=$(echo "$module_entry" | jq -r '.value.repo // empty') + version=$(echo "$module_entry" | jq -r '.value.version // empty') + branch=$(echo "$module_entry" | jq -r '.value.branch // empty') + hash=$(echo "$module_entry" | jq -r '.value.hash // empty') + + echo "${module_name}_url=$repo_url" >> $GITHUB_OUTPUT + + if [ -n "$version" ]; then + echo "${module_name}_version=$version" >> $GITHUB_OUTPUT + fi + + if [ -n "$branch" ]; then + echo "${module_name}_branch=$branch" >> $GITHUB_OUTPUT + fi + + if [ -n "$hash" ]; then + echo "${module_name}_hash=$hash" >> $GITHUB_OUTPUT + fi + done + + - name: Checkout all pinned repositories + id: checkout-repos + run: | + # Install jq for JSON parsing + sudo apt-get install -y jq + + # Read repositories from JSON file + repos=$(cat repos.json) + repo_count=$(echo $repos | jq length) + + for i in $(seq 0 $((repo_count-1))); do + name=$(echo $repos | jq -r ".[$i].name") + url=$(echo $repos | jq -r ".[$i].url") + version=$(echo $repos | jq -r ".[$i].version") + path=$(echo $repos | jq -r ".[$i].path") + + echo "Checking out $name ($version) to $path" + + # Checkout the specific version/branch + git clone --depth 1 --branch $version $url $path + + # Store paths for later use + echo "$path" >> repo-paths.txt + done + + # Output all paths as a single variable + echo "repo_paths=$(cat repo-paths.txt | tr '\n' ',')" >> $GITHUB_OUTPUT + + - name: Initialize CodeQL for all repositories + uses: github/codeql-action/init@v4 + with: + languages: cpp, python, javascript + build-mode: none + # Configure which paths to analyze + config: | + paths: + - 'repos/**' # Analyze all repositories in repos/ directory + paths-ignore: + - '**/third_party/**' + - '**/tests/**' + - '**/*.test.*' + - 'central-repo/**' # Don't analyze the central repo itself + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v4 + with: + upload-database: false # Don't upload databases for each repo + output: sarif-results/ + category: "multi-repo-scan" + + - name: Upload SARIF results as artifact + uses: actions/upload-artifact@v4 + with: + name: codeql-sarif-results + path: sarif-results/ \ No newline at end of file diff --git a/integration_test.sh b/integration_test.sh index f7aa9e6ea9..cc1942b651 100755 --- a/integration_test.sh +++ b/integration_test.sh @@ -12,17 +12,32 @@ LOG_DIR=${LOG_DIR:-_logs/logs} SUMMARY_FILE=${SUMMARY_FILE:-_logs/build_summary.md} KNOWN_GOOD_FILE="" +# Codeql + +CODEQL_WORK_DIR="./codeql_analysis_results" +CODEQL_DATABASES_DIR="${CODEQL_WORK_DIR}/databases" +CODEQL_SARIF_DIR="${CODEQL_WORK_DIR}/sarif" +CODEQL_LANGUAGE="cpp" +CODEQL_QUERY_PACKS="codeql/cpp-queries,codeql/misra-cpp-coding-standards" # Add more packs as needed +CODEQL_CLI_VERSION="v2.23.6" # Use the latest stable version +CODEQL_PLATFORM="linux64" # e.g., linux64, macos, win64 +CODEQL_BUNDLE="codeql-${CODEQL_PLATFORM}.zip" +CODEQL_URL="https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_CLI_VERSION}/${CODEQL_BUNDLE}" +#https://github.com/github/codeql-cli-binaries/releases/download/v2.23.6/codeql-linux64.zip + # maybe move this to known_good.json or a config file later declare -A BUILD_TARGET_GROUPS=( [score_baselibs]="@score_baselibs//score/..." [score_communication]="@score_communication//score/mw/com:com" [score_persistency]="@score_persistency//src/cpp/src/... @score_persistency//src/rust/..." - #[score_logging]="@score_logging//src/..." + [score_logging]="@score_logging//src/..." [score_orchestrator]="@score_orchestrator//src/..." [score_test_scenarios]="@score_test_scenarios//..." [score_feo]="@score_feo//..." ) + + # Parse command line arguments while [[ $# -gt 0 ]]; do case $1 in @@ -107,11 +122,46 @@ overall_depr_total=0 # Track if any build group failed any_failed=0 +binary_path="${CODEQL_WORK_DIR}/codeql-cli/codeql/codeql" + +if [ -x "${binary_path}" ]; then + echo "Local CodeQL CLI found at ${binary_path}. Adding to PATH." + export PATH="$(pwd)/${CODEQL_WORK_DIR}/codeql-cli/codeql:${PATH}" +else + echo "CodeQL CLI not found. Downloading..." + mkdir -p "${CODEQL_WORK_DIR}/codeql-cli" + curl -L "${CODEQL_URL}" -o "${CODEQL_WORK_DIR}/${CODEQL_BUNDLE}" + unzip "${CODEQL_WORK_DIR}/${CODEQL_BUNDLE}" -d "${CODEQL_WORK_DIR}/codeql-cli" + export PATH="$(pwd)/${CODEQL_WORK_DIR}/codeql-cli/codeql:${PATH}" + echo "CodeQL CLI downloaded and added to PATH." +fi + +# Verify CodeQL CLI is now available +if ! command -v codeql &> /dev/null; then + echo "Error: CodeQL CLI could not be set up. Exiting." + exit 1 +else + echo "codeql found in path" +fi + + +mkdir -p "${CODEQL_DATABASES_DIR}" +mkdir -p "${CODEQL_SARIF_DIR}" for group in "${!BUILD_TARGET_GROUPS[@]}"; do targets="${BUILD_TARGET_GROUPS[$group]}" log_file="${LOG_DIR}/${group}.log" - + + db_path="${CODEQL_DATABASES_DIR}/${group}_db" + sarif_output="${CODEQL_SARIF_DIR}/${group}.sarif" + current_bazel_output_base="/tmp/codeql_bazel_output_${group}_$(date +%s%N)" # Add timestamp for extra uniqueness + + + # 1. Clean Bazel to ensure a fresh build for CodeQL tracing + echo "Running 'bazel clean --expunge' and 'bazel shutdown'..." + bazel --output_base="${current_bazel_output_base}" clean --expunge || { echo "Bazel clean failed for ${group}"; exit 1; } + bazel --output_base="${current_bazel_output_base}" shutdown || { echo "Bazel shutdown failed for ${group}"; exit 1; } + # Log build group banner only to stdout/stderr (not into summary table file) echo "--- Building group: ${group} ---" start_ts=$(date +%s) @@ -119,7 +169,24 @@ for group in "${!BUILD_TARGET_GROUPS[@]}"; do # GitHub Actions log grouping start echo "::group::Bazel build (${group})" set +e - bazel build --config "${CONFIG}" ${targets} --verbose_failures 2>&1 | tee "$log_file" + + build_command="bazel --output_base=\\\"${current_bazel_output_base}\\\" build \ + ${targets} \ + --verbose_failures \ + --spawn_strategy=standalone \ + --nouse_action_cache \ + --noremote_accept_cached \ + --noremote_upload_local_results \ + --disk_cache= ${targets}" + + codeql database create "${db_path}" \ + --language="${CODEQL_LANGUAGE}" \ + --build-mode=none \ + #--command="${build_command}" \ + --overwrite \ + || { echo "CodeQL database creation failed for ${group}"; exit 1; } + + build_status=${PIPESTATUS[0]} # Track if any build group failed if [[ ${build_status} -ne 0 ]]; then @@ -133,6 +200,24 @@ for group in "${!BUILD_TARGET_GROUPS[@]}"; do d_count=$(depr_count "$log_file") overall_warn_total=$(( overall_warn_total + w_count )) overall_depr_total=$(( overall_depr_total + d_count )) + + # Shutdown Bazel again after the traced build + echo "Running 'bazel shutdown' after CodeQL database creation..." + bazel shutdown || { echo "Bazel shutdown failed after tracing for ${group}"; exit 1; } + + # 4. Analyze the created database + echo "Analyzing CodeQL database for ${group}..." + codeql database analyze "${DB_PATH}" \ + --format=sarifv2.1.0 \ + --output="${SARIF_OUTPUT}" \ + --sarif-category="${group}-${CODEQL_LANGUAGE}" \ + --packs "${CODEQL_QUERY_PACKS}" \ + || { echo "CodeQL analysis failed for ${group}"; exit 1; } + + echo "CodeQL analysis for ${group} complete. Results saved to: ${SARIF_OUTPUT}" + echo "" + + # Append as a markdown table row (duration without trailing 's') if [[ ${build_status} -eq 0 ]]; then status_symbol="✅" From 1ce2e65404b9045720c4d4fbe3a96f510f93d035 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Thu, 11 Dec 2025 11:35:03 +0000 Subject: [PATCH 02/25] switched dir --- .../workflows/codeql-multiple-repo-scan.yml | 2 +- qnx_qemu/BUILD | 135 ------------------ 2 files changed, 1 insertion(+), 136 deletions(-) delete mode 100644 qnx_qemu/BUILD diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 478833a554..7a7b714bc6 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -41,7 +41,7 @@ jobs: run: | sudo apt-get update && sudo apt-get install -y jq - JSON_FILE="known_good.json" + JSON_FILE="./known_good.json" # Check if the file exists if [ ! -f "$JSON_FILE" ]; then diff --git a/qnx_qemu/BUILD b/qnx_qemu/BUILD deleted file mode 100644 index 0ee32b983b..0000000000 --- a/qnx_qemu/BUILD +++ /dev/null @@ -1,135 +0,0 @@ -# ******************************************************************************* -# Copyright (c) 2025 Contributors to the Eclipse Foundation -# -# See the NOTICE file(s) distributed with this work for additional -# information regarding copyright ownership. -# -# This program and the accompanying materials are made available under the -# terms of the Apache License Version 2.0 which is available at -# https://www.apache.org/licenses/LICENSE-2.0 -# -# SPDX-License-Identifier: Apache-2.0 -# ******************************************************************************* -load("@rules_shell//shell:sh_binary.bzl", "sh_binary") -load("@score_itf//:defs.bzl", "py_itf_test") - - -sh_binary( - name = "run_qemu", - srcs = ["scripts/run_qemu.sh"], - args = [ - "$(location @toolchains_qnx_sdp//:host_dir)", - "$(location //build:init)", - ], - data = [ - "//build:init", - "@toolchains_qnx_sdp//:host_all", - "@toolchains_qnx_sdp//:host_dir", - ], -) - -sh_binary( - name = "run_qemu_portforward", - srcs = ["scripts/run_qemu_portforward.sh"], - args = [ - "$(location @toolchains_qnx_sdp//:host_dir)", - "$(location //build:init)", - ], - data = [ - "//build:init", - "@toolchains_qnx_sdp//:host_all", - "@toolchains_qnx_sdp//:host_dir", - ], -) - - -sh_binary( - name = "test_qemu_bridge", - srcs = ["test/test_qnx_qemu_bridge.sh"], - args = [ - "$(location @toolchains_qnx_sdp//:host_dir)", - "$(location //build:init)", - "--timeout=90", - "--ssh-port=2222", - "--boot-wait=15", - ], - data = [ - "//build:init", - "@toolchains_qnx_sdp//:host_all", - "@toolchains_qnx_sdp//:host_dir", - ], -) - -sh_binary( - name = "test_qemu_portforward", - srcs = ["test/test_qnx_qemu_portforward.sh"], - args = [ - "$(location @toolchains_qnx_sdp//:host_dir)", - "$(location //build:init)", - "--timeout=90", - "--ssh-port=2222", - "--boot-wait=15", - ], - data = [ - "//build:init", - "@toolchains_qnx_sdp//:host_all", - "@toolchains_qnx_sdp//:host_dir", - ], -) - -py_itf_test( - name = "test_ssh_qemu", - srcs = [ - "test/itf/test_ssh.py", - ], - args = [ - "--target_config=$(location target_config.json)", - "--ecu=s_core_ecu_qemu", - "--qemu_image=$(location //build:init)", - ], - plugins = [ - "itf.plugins.base.base_plugin", - ], - data = [ - "//build:init", - "target_config.json", - ], -) - -py_itf_test( - name = "test_scrample_qemu", - srcs = [ - "test/itf/test_scrample.py", - ], - args = [ - "--target_config=$(location target_config.json)", - "--ecu=s_core_ecu_qemu", - "--qemu_image=$(location //build:init)", - ], - plugins = [ - "itf.plugins.base.base_plugin", - ], - data = [ - "//build:init", - "target_config.json", - ], -) - -py_itf_test( - name = "test_persistency_qemu", - srcs = [ - "test/itf/test_persistency.py", - ], - args = [ - "--target_config=$(location target_config.json)", - "--ecu=s_core_ecu_qemu", - "--qemu_image=$(location //build:init)", - ], - plugins = [ - "itf.plugins.base.base_plugin", - ], - data = [ - "//build:init", - "target_config.json", - ], -) From 29360062a75bfa0c126840bf16a46eb9a9163690 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Thu, 11 Dec 2025 11:39:01 +0000 Subject: [PATCH 03/25] fixed dir --- .github/workflows/codeql-multiple-repo-scan.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 7a7b714bc6..5a4ebcbe38 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -33,8 +33,6 @@ jobs: steps: - name: Checkout central repository uses: actions/checkout@v4 - with: - path: central-repo - name: Parse pinned repository versions id: parse-repos From fe6adf913efbe27a37092360c343cd046bf3866c Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Thu, 11 Dec 2025 11:44:52 +0000 Subject: [PATCH 04/25] fix parsing --- .../workflows/codeql-multiple-repo-scan.yml | 70 ++++++++++++++----- 1 file changed, 51 insertions(+), 19 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 5a4ebcbe38..4d0bdd23cf 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -34,23 +34,38 @@ jobs: - name: Checkout central repository uses: actions/checkout@v4 - - name: Parse pinned repository versions + - name: Parse known_good.json and create repos.json id: parse-repos run: | - sudo apt-get update && sudo apt-get install -y jq JSON_FILE="./known_good.json" # Check if the file exists if [ ! -f "$JSON_FILE" ]; then - echo "Fehler: Die Datei '$JSON_FILE' wurde nicht gefunden." + echo "Error file not found '$JSON_FILE' " + ls -la . exit 1 fi - + # Create repos.json from known_good.json + # This jq command transforms the 'modules' object into an array of repository objects + # with 'name', 'url', 'version' (branch/tag/hash), and 'path'. + jq '[.modules | to_entries[] | { + name: .key, + url: .value.repo, + version: (.value.branch // .value.version // .value.hash), + path: ("repos/" + .key) + }]' "$JSON_FILE" > repos.json + + echo "Generated repos.json:" + cat repos.json + echo "" # Add a newline for better readability + + # The following GITHUB_OUTPUT variables are set for each module. + # These might be useful for other steps, but are not directly used by the 'checkout-repos' step + # which now reads 'repos.json' directly. echo "MODULE_COUNT=$(jq '.modules | length' "$JSON_FILE")" >> $GITHUB_OUTPUT - jq -c '.modules | to_entries[]' "$JSON_FILE" | while read -r module_entry; do module_name=$(echo "$module_entry" | jq -r '.key') repo_url=$(echo "$module_entry" | jq -r '.value.repo // empty') @@ -76,30 +91,47 @@ jobs: - name: Checkout all pinned repositories id: checkout-repos run: | - # Install jq for JSON parsing - sudo apt-get install -y jq + # jq is already installed by the previous step. - # Read repositories from JSON file + # Read repositories from the repos.json file created by the previous step repos=$(cat repos.json) - repo_count=$(echo $repos | jq length) + repo_count=$(echo "$repos" | jq length) + # Initialize an empty string for paths to be outputted + repo_paths_output="" + for i in $(seq 0 $((repo_count-1))); do - name=$(echo $repos | jq -r ".[$i].name") - url=$(echo $repos | jq -r ".[$i].url") - version=$(echo $repos | jq -r ".[$i].version") - path=$(echo $repos | jq -r ".[$i].path") + name=$(echo "$repos" | jq -r ".[$i].name") + url=$(echo "$repos" | jq -r ".[$i].url") + ref=$(echo "$repos" | jq -r ".[$i].version") # This can be a branch, tag, or commit hash + path=$(echo "$repos" | jq -r ".[$i].path") # e.g., "repos/score_baselibs" - echo "Checking out $name ($version) to $path" + echo "Checking out $name ($ref) to $path" - # Checkout the specific version/branch - git clone --depth 1 --branch $version $url $path + # Create the parent directory if it doesn't exist + mkdir -p "$(dirname "$path")" + + # Check if 'ref' looks like a commit hash (e.g., 40 hex characters) + # This is a heuristic; a more robust check might involve fetching refs first. + if [[ "$ref" =~ ^[0-9a-fA-F]{40}$ ]]; then + echo " Detected commit hash. Cloning and then checking out." + git clone "$url" "$path" + (cd "$path" && git checkout "$ref") + else + echo " Detected branch/tag. Cloning with --branch." + git clone --depth 1 --branch "$ref" "$url" "$path" + fi - # Store paths for later use - echo "$path" >> repo-paths.txt + # Append the path to the list, separated by commas + if [ -z "$repo_paths_output" ]; then + repo_paths_output="$path" + else + repo_paths_output="$repo_paths_output,$path" + fi done # Output all paths as a single variable - echo "repo_paths=$(cat repo-paths.txt | tr '\n' ',')" >> $GITHUB_OUTPUT + echo "repo_paths=$repo_paths_output" >> $GITHUB_OUTPUT - name: Initialize CodeQL for all repositories uses: github/codeql-action/init@v4 From a97761cefe0bad599b0ade2ccebc53d8ac23b88a Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Thu, 11 Dec 2025 12:05:04 +0000 Subject: [PATCH 05/25] fixed wrong order --- .github/workflows/codeql-multiple-repo-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 4d0bdd23cf..63fe8a3d5d 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -53,7 +53,7 @@ jobs: jq '[.modules | to_entries[] | { name: .key, url: .value.repo, - version: (.value.branch // .value.version // .value.hash), + version: (.value.branch // .value.hash // .value.version), path: ("repos/" + .key) }]' "$JSON_FILE" > repos.json From f891d0643ee81763458e7ee2ff6a8cbefbbb1310 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Thu, 11 Dec 2025 13:59:09 +0100 Subject: [PATCH 06/25] added misra config and reverted int shell --- .github/workflows/codeql-multiple-repo-scan.yml | 16 +++++----------- integration_test.sh | 17 +---------------- 2 files changed, 6 insertions(+), 27 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 63fe8a3d5d..b2403a4a3c 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -27,8 +27,10 @@ jobs: name: Analyze Multiple Repositories runs-on: ubuntu-latest permissions: - contents: read security-events: write + packages: read + actions: read + contents: read steps: - name: Checkout central repository @@ -136,17 +138,9 @@ jobs: - name: Initialize CodeQL for all repositories uses: github/codeql-action/init@v4 with: - languages: cpp, python, javascript + languages: cpp build-mode: none - # Configure which paths to analyze - config: | - paths: - - 'repos/**' # Analyze all repositories in repos/ directory - paths-ignore: - - '**/third_party/**' - - '**/tests/**' - - '**/*.test.*' - - 'central-repo/**' # Don't analyze the central repo itself + packs: codeql/misra-cpp-coding-standards - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 diff --git a/integration_test.sh b/integration_test.sh index 8f09542d59..08e4809a55 100755 --- a/integration_test.sh +++ b/integration_test.sh @@ -12,32 +12,17 @@ LOG_DIR=${LOG_DIR:-_logs/logs} SUMMARY_FILE=${SUMMARY_FILE:-_logs/build_summary.md} KNOWN_GOOD_FILE="" -# Codeql - -CODEQL_WORK_DIR="./codeql_analysis_results" -CODEQL_DATABASES_DIR="${CODEQL_WORK_DIR}/databases" -CODEQL_SARIF_DIR="${CODEQL_WORK_DIR}/sarif" -CODEQL_LANGUAGE="cpp" -CODEQL_QUERY_PACKS="codeql/cpp-queries,codeql/misra-cpp-coding-standards" # Add more packs as needed -CODEQL_CLI_VERSION="v2.23.6" # Use the latest stable version -CODEQL_PLATFORM="linux64" # e.g., linux64, macos, win64 -CODEQL_BUNDLE="codeql-${CODEQL_PLATFORM}.zip" -CODEQL_URL="https://github.com/github/codeql-cli-binaries/releases/download/${CODEQL_CLI_VERSION}/${CODEQL_BUNDLE}" -#https://github.com/github/codeql-cli-binaries/releases/download/v2.23.6/codeql-linux64.zip - # maybe move this to known_good.json or a config file later declare -A BUILD_TARGET_GROUPS=( [score_baselibs]="@score_baselibs//score/..." [score_communication]="@score_communication//score/mw/com:com" [score_persistency]="@score_persistency//src/cpp/src/... @score_persistency//src/rust/..." - [score_logging]="@score_logging//src/..." + #[score_logging]="@score_logging//src/..." [score_orchestrator]="@score_orchestrator//src/..." [score_test_scenarios]="@score_test_scenarios//..." [score_feo]="-- @score_feo//... -@score_feo//:docs -@score_feo//:ide_support -@score_feo//:needs_json" ) - - # Parse command line arguments while [[ $# -gt 0 ]]; do case $1 in From 7f950469ac2cce7be0d141ec32131f218d9e74e9 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Fri, 12 Dec 2025 15:19:43 +0100 Subject: [PATCH 07/25] optimized supressions --- .github/codeql/codeql-config.yml | 11 +++++++ .github/codeql/coding-standards.yml | 3 ++ .../workflows/codeql-multiple-repo-scan.yml | 30 +++++++++++++++++++ 3 files changed, 44 insertions(+) create mode 100644 .github/codeql/codeql-config.yml create mode 100644 .github/codeql/coding-standards.yml diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml new file mode 100644 index 0000000000..655376ee22 --- /dev/null +++ b/.github/codeql/codeql-config.yml @@ -0,0 +1,11 @@ +name: "Custom CodeQL Configuration for MISRA" + +queries: + - uses: codeql/cpp-queries + - uses: codeql/misra-cpp-coding-standards + +paths-ignore: + - "**/*test*" + - "**/*mock*" + - "**/test/**" + - "**/mock/**" \ No newline at end of file diff --git a/.github/codeql/coding-standards.yml b/.github/codeql/coding-standards.yml new file mode 100644 index 0000000000..8675280ae0 --- /dev/null +++ b/.github/codeql/coding-standards.yml @@ -0,0 +1,3 @@ +deviations: [] +guideline-recategorizations: [] +deviation-permits: [] diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index b2403a4a3c..9525608af7 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -36,6 +36,19 @@ jobs: - name: Checkout central repository uses: actions/checkout@v4 + - name: Checkout CodeQL Coding Standards scripts + uses: actions/checkout@v4 + with: + repository: github/codeql-coding-standards + path: codeql-coding-standards-repo # Klonen in diesen Ordner + ref: main # Oder eine spezifische Release-Version, z.B. 'v2.53.0-dev' + + # Add coding standard packages and dependencies + - name: Install Python dependencies for Coding Standards scripts + run: | + python3 -m pip install --upgrade pip + pip3 install pyyaml jsonpath-ng jsonschema jsonpatch jsonpointer pytest + - name: Parse known_good.json and create repos.json id: parse-repos run: | @@ -141,6 +154,7 @@ jobs: languages: cpp build-mode: none packs: codeql/misra-cpp-coding-standards + config-file: ./.github/codeql/codeql-config.yml - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v4 @@ -149,6 +163,22 @@ jobs: output: sarif-results/ category: "multi-repo-scan" + - name: Recategorize Guidelines + if: always() + run: | + RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py" + CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml" + mkdir -p sarif-results-recategorized + for sarif_file in sarif-results/*.sarif; do + echo "Processing $sarif_file for recategorization..." + python3.9 "$RECATEGORIZE_SCRIPT" \ + coding_standards_config_file "$CODING_STANDARDS_CONFIG" \ + sarif_in "$sarif_file" \ + sarif_out "sarif-results-recategorized/$(basename "$sarif_file")" + done + rm -rf sarif-results/* + mv sarif-results-recategorized/* sarif-results/ + - name: Upload SARIF results as artifact uses: actions/upload-artifact@v4 with: From 421cd5706445e5f2af94bf524db2ca150077455f Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 12:48:16 +0100 Subject: [PATCH 08/25] fixed new config --- .github/codeql/codeql-config.yml | 1 - .../workflows/codeql-multiple-repo-scan.yml | 2 +- integration_test.sh | 53 ------------------- 3 files changed, 1 insertion(+), 55 deletions(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index 655376ee22..5b19ccfff3 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -1,7 +1,6 @@ name: "Custom CodeQL Configuration for MISRA" queries: - - uses: codeql/cpp-queries - uses: codeql/misra-cpp-coding-standards paths-ignore: diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 9525608af7..3d3c4485a2 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -171,7 +171,7 @@ jobs: mkdir -p sarif-results-recategorized for sarif_file in sarif-results/*.sarif; do echo "Processing $sarif_file for recategorization..." - python3.9 "$RECATEGORIZE_SCRIPT" \ + python3 "$RECATEGORIZE_SCRIPT" \ coding_standards_config_file "$CODING_STANDARDS_CONFIG" \ sarif_in "$sarif_file" \ sarif_out "sarif-results-recategorized/$(basename "$sarif_file")" diff --git a/integration_test.sh b/integration_test.sh index 08e4809a55..3b1501f14c 100755 --- a/integration_test.sh +++ b/integration_test.sh @@ -107,46 +107,11 @@ overall_depr_total=0 # Track if any build group failed any_failed=0 -binary_path="${CODEQL_WORK_DIR}/codeql-cli/codeql/codeql" - -if [ -x "${binary_path}" ]; then - echo "Local CodeQL CLI found at ${binary_path}. Adding to PATH." - export PATH="$(pwd)/${CODEQL_WORK_DIR}/codeql-cli/codeql:${PATH}" -else - echo "CodeQL CLI not found. Downloading..." - mkdir -p "${CODEQL_WORK_DIR}/codeql-cli" - curl -L "${CODEQL_URL}" -o "${CODEQL_WORK_DIR}/${CODEQL_BUNDLE}" - unzip "${CODEQL_WORK_DIR}/${CODEQL_BUNDLE}" -d "${CODEQL_WORK_DIR}/codeql-cli" - export PATH="$(pwd)/${CODEQL_WORK_DIR}/codeql-cli/codeql:${PATH}" - echo "CodeQL CLI downloaded and added to PATH." -fi - -# Verify CodeQL CLI is now available -if ! command -v codeql &> /dev/null; then - echo "Error: CodeQL CLI could not be set up. Exiting." - exit 1 -else - echo "codeql found in path" -fi - - -mkdir -p "${CODEQL_DATABASES_DIR}" -mkdir -p "${CODEQL_SARIF_DIR}" for group in "${!BUILD_TARGET_GROUPS[@]}"; do targets="${BUILD_TARGET_GROUPS[$group]}" log_file="${LOG_DIR}/${group}.log" - db_path="${CODEQL_DATABASES_DIR}/${group}_db" - sarif_output="${CODEQL_SARIF_DIR}/${group}.sarif" - current_bazel_output_base="/tmp/codeql_bazel_output_${group}_$(date +%s%N)" # Add timestamp for extra uniqueness - - - # 1. Clean Bazel to ensure a fresh build for CodeQL tracing - echo "Running 'bazel clean --expunge' and 'bazel shutdown'..." - bazel --output_base="${current_bazel_output_base}" clean --expunge || { echo "Bazel clean failed for ${group}"; exit 1; } - bazel --output_base="${current_bazel_output_base}" shutdown || { echo "Bazel shutdown failed for ${group}"; exit 1; } - # Log build group banner only to stdout/stderr (not into summary table file) echo "--- Building group: ${group} ---" start_ts=$(date +%s) @@ -168,24 +133,6 @@ for group in "${!BUILD_TARGET_GROUPS[@]}"; do d_count=$(depr_count "$log_file") overall_warn_total=$(( overall_warn_total + w_count )) overall_depr_total=$(( overall_depr_total + d_count )) - - # Shutdown Bazel again after the traced build - echo "Running 'bazel shutdown' after CodeQL database creation..." - bazel shutdown || { echo "Bazel shutdown failed after tracing for ${group}"; exit 1; } - - # 4. Analyze the created database - echo "Analyzing CodeQL database for ${group}..." - codeql database analyze "${DB_PATH}" \ - --format=sarifv2.1.0 \ - --output="${SARIF_OUTPUT}" \ - --sarif-category="${group}-${CODEQL_LANGUAGE}" \ - --packs "${CODEQL_QUERY_PACKS}" \ - || { echo "CodeQL analysis failed for ${group}"; exit 1; } - - echo "CodeQL analysis for ${group} complete. Results saved to: ${SARIF_OUTPUT}" - echo "" - - # Append as a markdown table row (duration without trailing 's') if [[ ${build_status} -eq 0 ]]; then status_symbol="✅" From fb4720de3f6009cca914f2832b31947c767d06ac Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 12:55:37 +0100 Subject: [PATCH 09/25] removed queries at all --- .github/codeql/codeql-config.yml | 3 --- 1 file changed, 3 deletions(-) diff --git a/.github/codeql/codeql-config.yml b/.github/codeql/codeql-config.yml index 5b19ccfff3..2c41924f66 100644 --- a/.github/codeql/codeql-config.yml +++ b/.github/codeql/codeql-config.yml @@ -1,8 +1,5 @@ name: "Custom CodeQL Configuration for MISRA" -queries: - - uses: codeql/misra-cpp-coding-standards - paths-ignore: - "**/*test*" - "**/*mock*" From b2316a18c304c135b37eb50202dbdaff795d3906 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 14:40:48 +0100 Subject: [PATCH 10/25] fixed call to script --- .github/workflows/codeql-multiple-repo-scan.yml | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 3d3c4485a2..4580ae2511 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -163,18 +163,20 @@ jobs: output: sarif-results/ category: "multi-repo-scan" + # Post-Processing für Guideline Re-categorization - name: Recategorize Guidelines if: always() - run: | + run: | RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py" CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml" + mkdir -p sarif-results-recategorized for sarif_file in sarif-results/*.sarif; do - echo "Processing $sarif_file for recategorization..." + echo "Processing $sarif_file for recategorization..." python3 "$RECATEGORIZE_SCRIPT" \ - coding_standards_config_file "$CODING_STANDARDS_CONFIG" \ - sarif_in "$sarif_file" \ - sarif_out "sarif-results-recategorized/$(basename "$sarif_file")" + "$CODING_STANDARDS_CONFIG" \ + "$sarif_file" \ + "sarif-results-recategorized/$(basename "$sarif_file")" done rm -rf sarif-results/* mv sarif-results-recategorized/* sarif-results/ From fd6679f5831456249145376528c9bbf6bcd170dc Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 14:51:20 +0100 Subject: [PATCH 11/25] tried to fix wrong categorize path --- .../workflows/codeql-multiple-repo-scan.yml | 27 ++++++++++++++++++- 1 file changed, 26 insertions(+), 1 deletion(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 4580ae2511..eec23684f6 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -49,6 +49,14 @@ jobs: python3 -m pip install --upgrade pip pip3 install pyyaml jsonpath-ng jsonschema jsonpatch jsonpointer pytest + - name: Setup Node.js for sarif-tools + uses: actions/setup-node@v4 + with: + node-version: '20' + + - name: Install sarif-tools + run: npm install -g sarif-tools + - name: Parse known_good.json and create repos.json id: parse-repos run: | @@ -170,10 +178,16 @@ jobs: RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py" CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml" + # Pfade zu den Schema-Dateien im geklonten Repository + CODING_STANDARDS_SCHEMA="codeql-coding-standards-repo/schemas/coding-standards-schema-1.0.0.json" + SARIF_SCHEMA="codeql-coding-standards-repo/schemas/sarif-schema-2.1.0.json" + mkdir -p sarif-results-recategorized for sarif_file in sarif-results/*.sarif; do echo "Processing $sarif_file for recategorization..." python3 "$RECATEGORIZE_SCRIPT" \ + --coding-standards-schema-file "$CODING_STANDARDS_SCHEMA" \ + --sarif-schema-file "$SARIF_SCHEMA" \ "$CODING_STANDARDS_CONFIG" \ "$sarif_file" \ "sarif-results-recategorized/$(basename "$sarif_file")" @@ -181,8 +195,19 @@ jobs: rm -rf sarif-results/* mv sarif-results-recategorized/* sarif-results/ + - name: Generate HTML Report from SARIF + run: | + sarif-tools convert sarif-results/*.sarif -o codeql-report.html + - name: Upload SARIF results as artifact uses: actions/upload-artifact@v4 with: name: codeql-sarif-results - path: sarif-results/ \ No newline at end of file + path: sarif-results/ + + + - name: Upload HTML Report as artifact + uses: actions/upload-artifact@v4 + with: + name: codeql-html-report + path: codeql-report.html \ No newline at end of file From 4ff02e6b8090d9c7753e416ec872c5b5514fd392 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 15:06:06 +0100 Subject: [PATCH 12/25] added html report --- .github/workflows/codeql-multiple-repo-scan.yml | 12 ++---------- 1 file changed, 2 insertions(+), 10 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index eec23684f6..84ac0b05e4 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -47,15 +47,7 @@ jobs: - name: Install Python dependencies for Coding Standards scripts run: | python3 -m pip install --upgrade pip - pip3 install pyyaml jsonpath-ng jsonschema jsonpatch jsonpointer pytest - - - name: Setup Node.js for sarif-tools - uses: actions/setup-node@v4 - with: - node-version: '20' - - - name: Install sarif-tools - run: npm install -g sarif-tools + pip3 install pyyaml jsonpath-ng jsonschema jsonpatch jsonpointer pytest sarif-tools - name: Parse known_good.json and create repos.json id: parse-repos @@ -197,7 +189,7 @@ jobs: - name: Generate HTML Report from SARIF run: | - sarif-tools convert sarif-results/*.sarif -o codeql-report.html + sarif html sarif-results/*.sarif > codeql-report.html - name: Upload SARIF results as artifact uses: actions/upload-artifact@v4 From 996804318ba1a7205e7b568634ae7a8702ba27a8 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 15:33:17 +0100 Subject: [PATCH 13/25] added html report --- .github/workflows/codeql-multiple-repo-scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 84ac0b05e4..f4a738ab81 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -189,7 +189,7 @@ jobs: - name: Generate HTML Report from SARIF run: | - sarif html sarif-results/*.sarif > codeql-report.html + sarif html combined.sarif --output codeql-report.html - name: Upload SARIF results as artifact uses: actions/upload-artifact@v4 From f4cb38e0bf0231b350280639ca6e38ecf9c468ba Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 15:47:26 +0100 Subject: [PATCH 14/25] tryout html preview --- .../workflows/codeql-multiple-repo-scan.yml | 43 +++++++++++-------- 1 file changed, 26 insertions(+), 17 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index f4a738ab81..ed1cf57177 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -167,29 +167,38 @@ jobs: - name: Recategorize Guidelines if: always() run: | - RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py" - CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml" - - # Pfade zu den Schema-Dateien im geklonten Repository + RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py" + CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml" + CODING_STANDARDS_SCHEMA="codeql-coding-standards-repo/schemas/coding-standards-schema-1.0.0.json" SARIF_SCHEMA="codeql-coding-standards-repo/schemas/sarif-schema-2.1.0.json" - + + + SARIF_FILE="sarif-results/cpp.sarif" + mkdir -p sarif-results-recategorized - for sarif_file in sarif-results/*.sarif; do - echo "Processing $sarif_file for recategorization..." - python3 "$RECATEGORIZE_SCRIPT" \ - --coding-standards-schema-file "$CODING_STANDARDS_SCHEMA" \ - --sarif-schema-file "$SARIF_SCHEMA" \ - "$CODING_STANDARDS_CONFIG" \ - "$sarif_file" \ - "sarif-results-recategorized/$(basename "$sarif_file")" - done - rm -rf sarif-results/* - mv sarif-results-recategorized/* sarif-results/ + echo "Processing $SARIF_FILE for recategorization..." + python3 "$RECATEGORIZE_SCRIPT" \ + --coding-standards-schema-file "$CODING_STANDARDS_SCHEMA" \ + --sarif-schema-file "$SARIF_SCHEMA" \ + "$CODING_STANDARDS_CONFIG" \ + "$SARIF_FILE" \ + "sarif-results-recategorized/$(basename "$SARIF_FILE")" + + rm "$SARIF_FILE" + mv "sarif-results-recategorized/$(basename "$SARIF_FILE")" "$SARIF_FILE" - name: Generate HTML Report from SARIF run: | - sarif html combined.sarif --output codeql-report.html + SARIF_FILE="sarif-results/cpp.sarif" + sarif html "$SARIF_FILE" --output codeql-report.html + + - name: HTML Preview in Job Summary + id: html_preview + uses: pavi2410/html-preview-action@v4 + with: + html_file: 'codeql-report.html' # Dieser Pfad ist korrekt, da die Datei im Root erstellt wird + job_summary: true - name: Upload SARIF results as artifact uses: actions/upload-artifact@v4 From 857598817fbfd85b199e601f809533c9bce38c7a Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 15:59:15 +0100 Subject: [PATCH 15/25] removed comment --- .github/workflows/codeql-multiple-repo-scan.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index ed1cf57177..0ce0ce9e8e 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -163,7 +163,6 @@ jobs: output: sarif-results/ category: "multi-repo-scan" - # Post-Processing für Guideline Re-categorization - name: Recategorize Guidelines if: always() run: | From 871ac6a0aae54fa9d5daff502fcf09843920b38f Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Mon, 15 Dec 2025 16:02:41 +0100 Subject: [PATCH 16/25] fix ident --- .github/workflows/codeql-multiple-repo-scan.yml | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index 0ce0ce9e8e..aa6c127975 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -166,8 +166,8 @@ jobs: - name: Recategorize Guidelines if: always() run: | - RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py" - CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml" + RECATEGORIZE_SCRIPT="codeql-coding-standards-repo/scripts/guideline_recategorization/recategorize.py" + CODING_STANDARDS_CONFIG="./.github/codeql/coding-standards.yml" CODING_STANDARDS_SCHEMA="codeql-coding-standards-repo/schemas/coding-standards-schema-1.0.0.json" SARIF_SCHEMA="codeql-coding-standards-repo/schemas/sarif-schema-2.1.0.json" From b4501a15c02b60462371d9e9562bff86d30f81f6 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Wed, 17 Dec 2025 14:43:33 +0100 Subject: [PATCH 17/25] updated module versions --- .../workflows/codeql-multiple-repo-scan.yml | 7 ---- known_good.json | 28 +++++++------ score_modules.MODULE.bazel | 40 ++++++++++--------- score_toolchains.MODULE.bazel | 2 +- 4 files changed, 37 insertions(+), 40 deletions(-) diff --git a/.github/workflows/codeql-multiple-repo-scan.yml b/.github/workflows/codeql-multiple-repo-scan.yml index aa6c127975..aaca77bfa2 100644 --- a/.github/workflows/codeql-multiple-repo-scan.yml +++ b/.github/workflows/codeql-multiple-repo-scan.yml @@ -192,13 +192,6 @@ jobs: SARIF_FILE="sarif-results/cpp.sarif" sarif html "$SARIF_FILE" --output codeql-report.html - - name: HTML Preview in Job Summary - id: html_preview - uses: pavi2410/html-preview-action@v4 - with: - html_file: 'codeql-report.html' # Dieser Pfad ist korrekt, da die Datei im Root erstellt wird - job_summary: true - - name: Upload SARIF results as artifact uses: actions/upload-artifact@v4 with: diff --git a/known_good.json b/known_good.json index 87cfd16737..876f4aa349 100644 --- a/known_good.json +++ b/known_good.json @@ -2,7 +2,7 @@ "timestamp": "2025-08-13T12:55:10Z", "modules": { "score_baselibs": { - "version": "0.1.3", + "version": "0.2.1", "hash": "9457533471c8f0d4a1bb9435e91ff12c62d19c7c", "repo": "https://github.com/eclipse-score/baselibs.git", "branch": "s_core_release_v0_5_0" @@ -19,12 +19,13 @@ "repo": "https://github.com/eclipse-score/persistency.git" }, "score_orchestrator": { - "version": "0.0.3", - "hash": "7bb94ebae08805ea0a83dcc14f7c17da5ab927e6", + "version": "0.0.4", + "hash": "92ee5ff22e571f2180a44edddcb81474e1ec68db", "repo": "https://github.com/eclipse-score/orchestrator.git" }, "score_kyron": { - "hash": "caa9c0b367d18a09e969c1353e95a8c443ae896b", + "version": "0.0.3", + "hash": "558c5b5d8cd142baeafbfce15185c03b97e08eeb", "repo": "https://github.com/eclipse-score/kyron.git" }, "score_feo": { @@ -39,27 +40,28 @@ "repo": "https://github.com/eclipse-score/tooling.git" }, "score_platform": { - "hash": "a9cf44be1342f3c62111de2249eb3132f5ab88da", + "version": "0.5.1", + "hash": "67b76ab7343ca067d7b60a75e0748892c4647690", "repo": "https://github.com/eclipse-score/score.git" }, "score_bazel_platforms": { - "version": "0.0.2", - "hash": "0115193f958e8e592168df1e29cf86174bdba761", + "version": "0.0.3", + "hash": "c4813d5b65be9cec1d3a2b4d56cce2cf334fad27", "repo": "https://github.com/eclipse-score/bazel_platforms.git" }, "score_test_scenarios": { - "version": "0.3.0", - "hash": "a2f9cded3deb636f5dc800bf7a47131487119721", + "version": "0.3.1", + "hash": "55280e1376922aead6e09f32542f4e2d0b90cc51", "repo": "https://github.com/eclipse-score/testing_tools.git" }, "score_docs_as_code": { - "version": "2.0.1", - "hash": "bb52c96dd98799bdce68c166ad3b826f017f7cf6", + "version": "2.2.1", + "hash": "c87cd898ef63ce15daec434dc5ea161651cefe97", "repo": "https://github.com/eclipse-score/docs-as-code.git" }, "score_process": { - "version": "1.3.1", - "hash": "270e0ed0a2e560340f02b2f7046752cc937fe251", + "version": "1.4.0", + "hash": "d0570797b22649be2d2cdb603f2d70bdbff304ed", "repo": "https://github.com/eclipse-score/process_description.git" } }, diff --git a/score_modules.MODULE.bazel b/score_modules.MODULE.bazel index a63190b264..7431b0ff55 100644 --- a/score_modules.MODULE.bazel +++ b/score_modules.MODULE.bazel @@ -11,10 +11,13 @@ # SPDX-License-Identifier: Apache-2.0 # ******************************************************************************* +# Generated from known_good.json at 2025-08-13T12:55:10Z +# Do not edit manually - use tools/update_module_from_known_good.py + bazel_dep(name = "score_baselibs") single_version_override( module_name = "score_baselibs", - version = "0.1.3", + version = "0.2.1", ) bazel_dep(name = "score_communication") @@ -32,9 +35,21 @@ single_version_override( bazel_dep(name = "score_orchestrator") single_version_override( module_name = "score_orchestrator", + version = "0.0.4", +) + +bazel_dep(name = "score_kyron") +single_version_override( + module_name = "score_kyron", version = "0.0.3", ) +bazel_dep(name = "score_feo") +single_version_override( + module_name = "score_feo", + version = "1.0.2", +) + bazel_dep(name = "score_tooling") single_version_override( module_name = "score_tooling", @@ -44,42 +59,29 @@ single_version_override( bazel_dep(name = "score_platform") single_version_override( module_name = "score_platform", - version = "0.5.0", + version = "0.5.1", ) bazel_dep(name = "score_bazel_platforms") single_version_override( module_name = "score_bazel_platforms", - version = "0.0.2", + version = "0.0.3", ) bazel_dep(name = "score_test_scenarios") single_version_override( module_name = "score_test_scenarios", - version = "0.3.0", + version = "0.3.1", ) bazel_dep(name = "score_docs_as_code") single_version_override( module_name = "score_docs_as_code", - version = "2.2.0", + version = "2.2.1", ) bazel_dep(name = "score_process") single_version_override( module_name = "score_process", - version = "1.3.2", -) - -bazel_dep(name = "score_feo", version = "1.0.2") -single_version_override( - module_name = "score_feo", - version = "1.0.2", -) - -bazel_dep(name = "score_kyron") -git_override( - module_name = "score_kyron", - remote = "https://github.com/eclipse-score/kyron.git", - commit = "c5837ac6612a5ebf91cd016775f2d3ee85ed6892", + version = "1.4.0", ) diff --git a/score_toolchains.MODULE.bazel b/score_toolchains.MODULE.bazel index 2ebf510c99..57fd1db916 100644 --- a/score_toolchains.MODULE.bazel +++ b/score_toolchains.MODULE.bazel @@ -12,7 +12,7 @@ # ******************************************************************************* # QNX toolchain -bazel_dep(name = "score_toolchains_qnx", version = "0.0.2") +bazel_dep(name = "score_toolchains_qnx", version = "0.0.6") toolchains_qnx = use_extension("@score_toolchains_qnx//:extensions.bzl", "toolchains_qnx") toolchains_qnx.sdp( sha256 = "f2e0cb21c6baddbcb65f6a70610ce498e7685de8ea2e0f1648f01b327f6bac63", From 5f20fdecde6ac224078b310e8637a2a41738dffb Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Wed, 17 Dec 2025 14:52:15 +0100 Subject: [PATCH 18/25] downgrad doc-as-code --- known_good.json | 4 ++-- score_modules.MODULE.bazel | 2 +- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/known_good.json b/known_good.json index 876f4aa349..ddf44f8027 100644 --- a/known_good.json +++ b/known_good.json @@ -55,8 +55,8 @@ "repo": "https://github.com/eclipse-score/testing_tools.git" }, "score_docs_as_code": { - "version": "2.2.1", - "hash": "c87cd898ef63ce15daec434dc5ea161651cefe97", + "version": "2.2.0", + "hash": "7a600fff3477d9940e9b50d8d6ac0b827e729ff7", "repo": "https://github.com/eclipse-score/docs-as-code.git" }, "score_process": { diff --git a/score_modules.MODULE.bazel b/score_modules.MODULE.bazel index 7431b0ff55..4152636ac5 100644 --- a/score_modules.MODULE.bazel +++ b/score_modules.MODULE.bazel @@ -77,7 +77,7 @@ single_version_override( bazel_dep(name = "score_docs_as_code") single_version_override( module_name = "score_docs_as_code", - version = "2.2.1", + version = "2.2.0", ) bazel_dep(name = "score_process") From 359c04f9bc444ae8771315441159aa15d3f6b38d Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Wed, 17 Dec 2025 15:01:26 +0100 Subject: [PATCH 19/25] changed tag and decreased baselibs --- MODULE.bazel | 2 +- known_good.json | 7 +++---- score_modules.MODULE.bazel | 2 +- 3 files changed, 5 insertions(+), 6 deletions(-) diff --git a/MODULE.bazel b/MODULE.bazel index 7cce020da0..66606bcbfe 100644 --- a/MODULE.bazel +++ b/MODULE.bazel @@ -13,7 +13,7 @@ module( name = "score_reference_integration", - version = "0.5.0-alpha.1", + version = "0.5.0-beta", compatibility_level = 0, ) diff --git a/known_good.json b/known_good.json index ddf44f8027..40e59f8b38 100644 --- a/known_good.json +++ b/known_good.json @@ -2,10 +2,9 @@ "timestamp": "2025-08-13T12:55:10Z", "modules": { "score_baselibs": { - "version": "0.2.1", - "hash": "9457533471c8f0d4a1bb9435e91ff12c62d19c7c", - "repo": "https://github.com/eclipse-score/baselibs.git", - "branch": "s_core_release_v0_5_0" + "version": "0.2.0", + "hash": "b3fdde42614791f7d74ed2b8e9558ce1e0eb8c29", + "repo": "https://github.com/eclipse-score/baselibs.git" }, "score_communication": { "version": "0.1.1", diff --git a/score_modules.MODULE.bazel b/score_modules.MODULE.bazel index 4152636ac5..77acb5792b 100644 --- a/score_modules.MODULE.bazel +++ b/score_modules.MODULE.bazel @@ -17,7 +17,7 @@ bazel_dep(name = "score_baselibs") single_version_override( module_name = "score_baselibs", - version = "0.2.1", + version = "0.2.0", ) bazel_dep(name = "score_communication") From 82a436186f883cc55bc8e57a90bd4c5ea5015dfc Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Thu, 18 Dec 2025 07:49:36 +0100 Subject: [PATCH 20/25] switched baselibs to master --- known_good.json | 3 +-- score_modules.MODULE.bazel | 5 +++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/known_good.json b/known_good.json index 40e59f8b38..f56a087ff2 100644 --- a/known_good.json +++ b/known_good.json @@ -2,8 +2,7 @@ "timestamp": "2025-08-13T12:55:10Z", "modules": { "score_baselibs": { - "version": "0.2.0", - "hash": "b3fdde42614791f7d74ed2b8e9558ce1e0eb8c29", + "hash": "dd32543e546e09161a3e469a695565b8e2b38581", "repo": "https://github.com/eclipse-score/baselibs.git" }, "score_communication": { diff --git a/score_modules.MODULE.bazel b/score_modules.MODULE.bazel index 77acb5792b..2081acb510 100644 --- a/score_modules.MODULE.bazel +++ b/score_modules.MODULE.bazel @@ -15,9 +15,10 @@ # Do not edit manually - use tools/update_module_from_known_good.py bazel_dep(name = "score_baselibs") -single_version_override( +git_override( module_name = "score_baselibs", - version = "0.2.0", + remote = "https://github.com/eclipse-score/baselibs.git", + commit = "dd32543e546e09161a3e469a695565b8e2b38581", ) bazel_dep(name = "score_communication") From 4edb18e12d0b4bb5c784eae1ef4b3ab44d30dd9b Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Thu, 18 Dec 2025 07:58:08 +0100 Subject: [PATCH 21/25] removed flag --- .bazelrc | 1 - 1 file changed, 1 deletion(-) diff --git a/.bazelrc b/.bazelrc index 1b19025099..981b6ea4bb 100644 --- a/.bazelrc +++ b/.bazelrc @@ -17,7 +17,6 @@ common --registry=https://bcr.bazel.build # Flags needed by score_baselibs and communication modules. # Do not add more! -build --@score_baselibs//score/mw/log/detail/flags:KUse_Stub_Implementation_Only=False build --@score_baselibs//score/mw/log/flags:KRemote_Logging=False build --@score_baselibs//score/json:base_library=nlohmann build --@score_communication//score/mw/com/flags:tracing_library=stub From fec53d7b1ff5bb029f9ec2e53d2f292f78dabfe6 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Fri, 19 Dec 2025 09:22:48 +0100 Subject: [PATCH 22/25] updated com and baselibs to newest version --- known_good.json | 7 +++---- score_modules.MODULE.bazel | 7 ++++--- 2 files changed, 7 insertions(+), 7 deletions(-) diff --git a/known_good.json b/known_good.json index f56a087ff2..3d61a7c1cf 100644 --- a/known_good.json +++ b/known_good.json @@ -2,14 +2,13 @@ "timestamp": "2025-08-13T12:55:10Z", "modules": { "score_baselibs": { - "hash": "dd32543e546e09161a3e469a695565b8e2b38581", + "hash": "3c65b223e9f516f95935bb4cd2e83d6088ca016f", "repo": "https://github.com/eclipse-score/baselibs.git" }, "score_communication": { - "version": "0.1.1", "repo": "https://github.com/eclipse-score/communication.git", - "hash": "24d6e8916b89dbb405eae0b082348645d190dc18", - "branch": "s_core_release_v0_5_0" + "hash": "9761836735d2efeb895092bb976f09fd67260633" + }, "score_persistency": { "version": "0.2.1", diff --git a/score_modules.MODULE.bazel b/score_modules.MODULE.bazel index 2081acb510..6715049222 100644 --- a/score_modules.MODULE.bazel +++ b/score_modules.MODULE.bazel @@ -18,13 +18,14 @@ bazel_dep(name = "score_baselibs") git_override( module_name = "score_baselibs", remote = "https://github.com/eclipse-score/baselibs.git", - commit = "dd32543e546e09161a3e469a695565b8e2b38581", + commit = "3c65b223e9f516f95935bb4cd2e83d6088ca016f", ) bazel_dep(name = "score_communication") -single_version_override( +git_override( module_name = "score_communication", - version = "0.1.1", + remote = "https://github.com/eclipse-score/communication.git", + commit = "9761836735d2efeb895092bb976f09fd67260633", ) bazel_dep(name = "score_persistency") From 2bf2ceac9f82296e3ae7ced2f9313cb0d1cf2e23 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Fri, 19 Dec 2025 10:50:33 +0100 Subject: [PATCH 23/25] updated persistency to master --- known_good.json | 3 +-- score_modules.MODULE.bazel | 5 +++-- 2 files changed, 4 insertions(+), 4 deletions(-) diff --git a/known_good.json b/known_good.json index 3d61a7c1cf..abb1e9b75d 100644 --- a/known_good.json +++ b/known_good.json @@ -11,8 +11,7 @@ }, "score_persistency": { - "version": "0.2.1", - "hash": "7548876ed3e40ec3f3053c57634de68129287e05", + "hash": "cc7da929bb3ddac4ac2c3e353cf88b2e711a504d", "repo": "https://github.com/eclipse-score/persistency.git" }, "score_orchestrator": { diff --git a/score_modules.MODULE.bazel b/score_modules.MODULE.bazel index 6715049222..9dc53d3edb 100644 --- a/score_modules.MODULE.bazel +++ b/score_modules.MODULE.bazel @@ -29,9 +29,10 @@ git_override( ) bazel_dep(name = "score_persistency") -single_version_override( +git_override( module_name = "score_persistency", - version = "0.2.1", + remote = "https://github.com/eclipse-score/persistency.git", + commit = "cc7da929bb3ddac4ac2c3e353cf88b2e711a504d", ) bazel_dep(name = "score_orchestrator") From 5c8546b7859eaf6a77c0e9e6c23e8bb2ea17bb06 Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Fri, 19 Dec 2025 17:46:11 +0100 Subject: [PATCH 24/25] updated com & baselibs to newest release --- known_good.json | 7 +++++-- score_modules.MODULE.bazel | 10 ++++------ 2 files changed, 9 insertions(+), 8 deletions(-) diff --git a/known_good.json b/known_good.json index abb1e9b75d..bb93b56929 100644 --- a/known_good.json +++ b/known_good.json @@ -2,12 +2,15 @@ "timestamp": "2025-08-13T12:55:10Z", "modules": { "score_baselibs": { - "hash": "3c65b223e9f516f95935bb4cd2e83d6088ca016f", + "version": "0.2.2", + "hash": "d072b126faa8ce2b6eaad88c6375b210fe42a547", "repo": "https://github.com/eclipse-score/baselibs.git" + }, "score_communication": { + "version": "0.1.2", "repo": "https://github.com/eclipse-score/communication.git", - "hash": "9761836735d2efeb895092bb976f09fd67260633" + "hash": "d5414f75bfd4fc116572091ccca305d9e4b39338" }, "score_persistency": { diff --git a/score_modules.MODULE.bazel b/score_modules.MODULE.bazel index 9dc53d3edb..0174b2acf2 100644 --- a/score_modules.MODULE.bazel +++ b/score_modules.MODULE.bazel @@ -15,17 +15,15 @@ # Do not edit manually - use tools/update_module_from_known_good.py bazel_dep(name = "score_baselibs") -git_override( +single_version_override( module_name = "score_baselibs", - remote = "https://github.com/eclipse-score/baselibs.git", - commit = "3c65b223e9f516f95935bb4cd2e83d6088ca016f", + version = "0.2.2", ) bazel_dep(name = "score_communication") -git_override( +single_version_override( module_name = "score_communication", - remote = "https://github.com/eclipse-score/communication.git", - commit = "9761836735d2efeb895092bb976f09fd67260633", + version = "0.1.2", ) bazel_dep(name = "score_persistency") From e10402c86149ae95c728991c28c83146b25519cc Mon Sep 17 00:00:00 2001 From: Frank Scholter Peres Date: Fri, 19 Dec 2025 18:14:06 +0100 Subject: [PATCH 25/25] added strictness --- scripts/run_unit_tests.sh | 20 +++++++++++++++----- 1 file changed, 15 insertions(+), 5 deletions(-) diff --git a/scripts/run_unit_tests.sh b/scripts/run_unit_tests.sh index 00af935e3d..6ff54a711d 100755 --- a/scripts/run_unit_tests.sh +++ b/scripts/run_unit_tests.sh @@ -13,7 +13,7 @@ declare -A UT_TARGET_GROUPS=( -@score_baselibs//score/language/safecpp/aborts_upon_exception:abortsuponexception_toolchain_test \ -@score_baselibs//score/containers:dynamic_array_test \ -@score_baselibs//score/mw/log/configuration:* \ - -@score_baselibs//score/json/examples:*" + -@score_baselibs//score/json/examples:*" [communication]="@score_communication//score/mw/com/impl/... -- \ -@score_communication//score/mw/com/impl:unit_test_runtime_single_exec \ -@score_communication//score/mw/com/impl/configuration:config_parser_test \ @@ -28,6 +28,9 @@ declare -A UT_TARGET_GROUPS=( # Markdown table header echo -e "Status\tPassed\tFailed\tSkipped\tTotal\tGroup\tDuration(s)" >> "${SUMMARY_FILE}" +# Track if any test failed +any_failed=0 + for group in "${!UT_TARGET_GROUPS[@]}"; do targets="${UT_TARGET_GROUPS[$group]}" command="bazel test --config="${CONFIG}" ${targets}" @@ -36,11 +39,11 @@ for group in "${!UT_TARGET_GROUPS[@]}"; do echo "${command}" echo "===========================================" start_ts=$(date +%s) - out=$(bazel test --test_summary=testcase --test_output=errors --nocache_test_results --config="${CONFIG}" ${targets} 2>&1 | tee "${LOG_DIR}/ut_${group}_output.log") + out=$(bazel test --test_summary=testcase --test_output=errors --nocache_test_results --config="${CONFIG}" ${targets} 2>&1 | tee "${LOG_DIR}/ut_${group}_output.log") build_status=${PIPESTATUS[0]} end_ts=$(date +%s) duration=$(( end_ts - start_ts )) - + # Parse bazel output tests_passed=$(echo "$out" | grep -Eo '[0-9]+ passing' | grep -Eo '[0-9]+' | head -n1) tests_failed=$(echo "$out" | grep -Eo '[0-9]+ failing' | grep -Eo '[0-9]+' | head -n1) @@ -50,13 +53,20 @@ for group in "${!UT_TARGET_GROUPS[@]}"; do status_symbol="✅" else status_symbol="❌" + any_failed=1 fi - + # Append as a markdown table row - echo -e "${status_symbol}\t${tests_passed}\t${tests_failed}\t${tests_skipped}\t${tests_executed}\t${group}\t${duration}s" >> "${SUMMARY_FILE}" + echo -e "${status_symbol}\t${tests_passed}\t${tests_failed}\t${tests_skipped}\t${tests_executed}\t${group}\t${duration}s" | tee -a "${SUMMARY_FILE}" echo "===========================================" echo -e "\n\n" done # Align the summary table columns column -t -s $'\t' "${SUMMARY_FILE}" > "${SUMMARY_FILE}.tmp" && mv "${SUMMARY_FILE}.tmp" "${SUMMARY_FILE}" + +# Final check: exit with non-zero if any test failed +if [[ $any_failed -ne 0 ]]; then + echo "Some unit test groups failed. Exiting with non-zero status." + exit 1 +fi \ No newline at end of file