From ab3446faed55aaaa564703215577d517da69152a Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20G=C3=B6ttgens?= Date: Sat, 21 Jan 2023 16:17:08 +0100 Subject: [PATCH] Back out changes to non-source files --- .github/ISSUE_TEMPLATE/New Board.yml | 2 +- .github/actions/setup-base/action.yml | 8 +-- .github/workflows/build_esp32.yml | 6 +-- .github/workflows/build_nrf52.yml | 4 +- .github/workflows/build_rpi2040.yml | 4 +- .github/workflows/sec_sast_flawfinder.yml | 48 +++++++++--------- .github/workflows/sec_sast_semgrep_cron.yml | 56 +++++++++++---------- .github/workflows/sec_sast_semgrep_pull.yml | 5 +- .trunk/trunk.yaml | 9 ++-- bin/build-esp32.sh | 6 +-- bin/build-native.sh | 7 +-- bin/build-nrf52.sh | 6 +-- bin/build-rpi2040.sh | 6 +-- bin/check-all.sh | 10 ++-- bin/check-dependencies.sh | 8 +-- bin/device-install.sh | 56 ++++++++++----------- bin/device-update.sh | 48 +++++++++--------- bin/dump-ram-users.sh | 2 +- bin/gen-images.sh | 2 +- bin/promote-release.sh | 4 +- bin/test-simulator.sh | 1 + 21 files changed, 151 insertions(+), 147 deletions(-) diff --git a/.github/ISSUE_TEMPLATE/New Board.yml b/.github/ISSUE_TEMPLATE/New Board.yml index c71ed4ba2..ad706f3c0 100644 --- a/.github/ISSUE_TEMPLATE/New Board.yml +++ b/.github/ISSUE_TEMPLATE/New Board.yml @@ -28,7 +28,7 @@ body: description: What LoRa IC does the board have? validations: required: true - + - type: input id: link attributes: diff --git a/.github/actions/setup-base/action.yml b/.github/actions/setup-base/action.yml index 45930a94f..1791f80ae 100644 --- a/.github/actions/setup-base/action.yml +++ b/.github/actions/setup-base/action.yml @@ -1,5 +1,5 @@ -name: "Setup Build Base Composite Action" -description: "Base build actions for Meshtastic Platform IO steps" +name: 'Setup Build Base Composite Action' +description: 'Base build actions for Meshtastic Platform IO steps' runs: using: "composite" @@ -10,7 +10,7 @@ runs: submodules: "recursive" ref: ${{github.event.pull_request.head.ref}} repository: ${{github.event.pull_request.head.repo.full_name}} - + - name: Install cppcheck shell: bash run: | @@ -38,4 +38,4 @@ runs: - name: Upgrade platformio shell: bash run: | - pio upgrade + pio upgrade \ No newline at end of file diff --git a/.github/workflows/build_esp32.yml b/.github/workflows/build_esp32.yml index 7996a9b1b..74b71db50 100644 --- a/.github/workflows/build_esp32.yml +++ b/.github/workflows/build_esp32.yml @@ -7,7 +7,7 @@ on: required: true type: string -jobs: +jobs: build-esp32: runs-on: ubuntu-latest steps: @@ -31,7 +31,7 @@ jobs: - name: Remove debug flags for release if: ${{ github.event_name == 'workflow_dispatch' }} - run: | + run: | sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32.ini sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32s2.ini sed -i '/DDEBUG_HEAP/d' ./arch/esp32/esp32s3.ini @@ -46,7 +46,7 @@ jobs: file: "firmware.bin" target: "release/bleota.bin" token: ${{ secrets.GITHUB_TOKEN }} - + - name: Get release version string shell: bash run: echo "version=$(./bin/buildinfo.py long)" >> $GITHUB_OUTPUT diff --git a/.github/workflows/build_nrf52.yml b/.github/workflows/build_nrf52.yml index 33ee4d00c..cdf43c22e 100644 --- a/.github/workflows/build_nrf52.yml +++ b/.github/workflows/build_nrf52.yml @@ -7,7 +7,7 @@ on: required: true type: string -jobs: +jobs: build-nrf52: runs-on: ubuntu-latest steps: @@ -30,4 +30,4 @@ jobs: path: | release/*.uf2 release/*.elf - release/*.zip + release/*.zip \ No newline at end of file diff --git a/.github/workflows/build_rpi2040.yml b/.github/workflows/build_rpi2040.yml index 76ca2c20e..fb7e3db5b 100644 --- a/.github/workflows/build_rpi2040.yml +++ b/.github/workflows/build_rpi2040.yml @@ -7,7 +7,7 @@ on: required: true type: string -jobs: +jobs: build-rpi2040: runs-on: ubuntu-latest steps: @@ -29,4 +29,4 @@ jobs: name: firmware-${{ inputs.board }}-${{ steps.version.outputs.version }}.zip path: | release/*.uf2 - release/*.elf + release/*.elf \ No newline at end of file diff --git a/.github/workflows/sec_sast_flawfinder.yml b/.github/workflows/sec_sast_flawfinder.yml index 2c7e751af..e2ba44090 100644 --- a/.github/workflows/sec_sast_flawfinder.yml +++ b/.github/workflows/sec_sast_flawfinder.yml @@ -10,31 +10,31 @@ on: jobs: flawfinder: - runs-on: ubuntu-latest - name: Flawfinder + runs-on: ubuntu-latest + name: Flawfinder - steps: - # step 1 - - name: clone application source code - uses: actions/checkout@v3 + steps: + # step 1 + - name: clone application source code + uses: actions/checkout@v3 - # step 2 - - name: flawfinder_scan - uses: david-a-wheeler/flawfinder@2.0.19 - with: - arguments: "--sarif ./" - output: "flawfinder_report.sarif" + # step 2 + - name: flawfinder_scan + uses: david-a-wheeler/flawfinder@2.0.19 + with: + arguments: '--sarif ./' + output: 'flawfinder_report.sarif' - # step 3 - - name: save report as pipeline artifact - uses: actions/upload-artifact@v3 - with: - name: flawfinder_report.sarif - path: flawfinder_report.sarif + # step 3 + - name: save report as pipeline artifact + uses: actions/upload-artifact@v3 + with: + name: flawfinder_report.sarif + path: flawfinder_report.sarif - # step 4 - - name: publish code scanning alerts - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: flawfinder_report.sarif - category: flawfinder + # step 4 + - name: publish code scanning alerts + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: flawfinder_report.sarif + category: flawfinder diff --git a/.github/workflows/sec_sast_semgrep_cron.yml b/.github/workflows/sec_sast_semgrep_cron.yml index cdd2c3c37..426250280 100644 --- a/.github/workflows/sec_sast_semgrep_cron.yml +++ b/.github/workflows/sec_sast_semgrep_cron.yml @@ -6,37 +6,39 @@ on: branches: - master schedule: - - cron: "0 1 * * 6" + - cron: '0 1 * * 6' jobs: + semgrep-full: - runs-on: ubuntu-latest - container: - image: returntocorp/semgrep + runs-on: ubuntu-latest + container: + image: returntocorp/semgrep - steps: - # step 1 - - name: clone application source code - uses: actions/checkout@v3 + steps: - # step 2 - - name: full scan - run: | - semgrep \ - --sarif --output report.sarif \ - --metrics=off \ - --config="p/default" + # step 1 + - name: clone application source code + uses: actions/checkout@v3 - # step 3 - - name: save report as pipeline artifact - uses: actions/upload-artifact@v3 - with: - name: report.sarif - path: report.sarif + # step 2 + - name: full scan + run: | + semgrep \ + --sarif --output report.sarif \ + --metrics=off \ + --config="p/default" - # step 4 - - name: publish code scanning alerts - uses: github/codeql-action/upload-sarif@v2 - with: - sarif_file: report.sarif - category: semgrep + # step 3 + - name: save report as pipeline artifact + uses: actions/upload-artifact@v3 + with: + name: report.sarif + path: report.sarif + + # step 4 + - name: publish code scanning alerts + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: report.sarif + category: semgrep diff --git a/.github/workflows/sec_sast_semgrep_pull.yml b/.github/workflows/sec_sast_semgrep_pull.yml index 1697ffb1b..8fe3632b4 100644 --- a/.github/workflows/sec_sast_semgrep_pull.yml +++ b/.github/workflows/sec_sast_semgrep_pull.yml @@ -1,14 +1,17 @@ --- name: Semgrep Differential Scan -on: pull_request +on: + pull_request jobs: + semgrep-diff: runs-on: ubuntu-latest container: image: returntocorp/semgrep steps: + # step 1 - name: clone application source code uses: actions/checkout@v3 diff --git a/.trunk/trunk.yaml b/.trunk/trunk.yaml index 3ba9cca33..70acfd11b 100644 --- a/.trunk/trunk.yaml +++ b/.trunk/trunk.yaml @@ -8,16 +8,17 @@ plugins: uri: https://github.com/trunk-io/plugins lint: enabled: + - git-diff-check + - gitleaks@8.15.2 + - clang-format@14.0.0 + - prettier@2.8.3 + disabled: - shellcheck@0.9.0 - shfmt@3.5.0 - oxipng@8.0.0 - actionlint@1.6.22 - - git-diff-check - - gitleaks@8.15.2 - markdownlint@0.33.0 - hadolint@2.12.0 - - clang-format@14.0.0 - - prettier@2.8.3 - svgo@3.0.2 runtimes: enabled: diff --git a/bin/build-esp32.sh b/bin/build-esp32.sh index 547a046f6..6068eb256 100755 --- a/bin/build-esp32.sh +++ b/bin/build-esp32.sh @@ -2,8 +2,8 @@ set -e -VERSION=$(bin/buildinfo.py long) -SHORT_VERSION=$(bin/buildinfo.py short) +VERSION=`bin/buildinfo.py long` +SHORT_VERSION=`bin/buildinfo.py short` OUTDIR=release/ @@ -11,7 +11,7 @@ rm -f $OUTDIR/firmware* rm -r $OUTDIR/* || true # Important to pull latest version of libs into all device flavors, otherwise some devices might be stale -platformio pkg update +platformio pkg update echo "Building for $1 with $PLATFORMIO_BUILD_FLAGS" rm -f .pio/build/$1/firmware.* diff --git a/bin/build-native.sh b/bin/build-native.sh index cc9fcb7ed..8bc262860 100755 --- a/bin/build-native.sh +++ b/bin/build-native.sh @@ -2,8 +2,8 @@ set -e -VERSION=$(bin/buildinfo.py long) -SHORT_VERSION=$(bin/buildinfo.py short) +VERSION=`bin/buildinfo.py long` +SHORT_VERSION=`bin/buildinfo.py short` OUTDIR=release/ @@ -13,10 +13,11 @@ mkdir -p $OUTDIR/ rm -r $OUTDIR/* || true # Important to pull latest version of libs into all device flavors, otherwise some devices might be stale -platformio pkg update +platformio pkg update pio run --environment native cp .pio/build/native/program $OUTDIR/meshtasticd_linux_amd64 cp bin/device-install.* $OUTDIR cp bin/device-update.* $OUTDIR + diff --git a/bin/build-nrf52.sh b/bin/build-nrf52.sh index c3a59dcbe..a9980f486 100755 --- a/bin/build-nrf52.sh +++ b/bin/build-nrf52.sh @@ -2,8 +2,8 @@ set -e -VERSION=$(bin/buildinfo.py long) -SHORT_VERSION=$(bin/buildinfo.py short) +VERSION=`bin/buildinfo.py long` +SHORT_VERSION=`bin/buildinfo.py short` OUTDIR=release/ @@ -11,7 +11,7 @@ rm -f $OUTDIR/firmware* rm -r $OUTDIR/* || true # Important to pull latest version of libs into all device flavors, otherwise some devices might be stale -platformio pkg update +platformio pkg update echo "Building for $1 with $PLATFORMIO_BUILD_FLAGS" rm -f .pio/build/$1/firmware.* diff --git a/bin/build-rpi2040.sh b/bin/build-rpi2040.sh index 8eebfc8f1..fe0725085 100755 --- a/bin/build-rpi2040.sh +++ b/bin/build-rpi2040.sh @@ -2,8 +2,8 @@ set -e -VERSION=$(bin/buildinfo.py long) -SHORT_VERSION=$(bin/buildinfo.py short) +VERSION=`bin/buildinfo.py long` +SHORT_VERSION=`bin/buildinfo.py short` OUTDIR=release/ @@ -11,7 +11,7 @@ rm -f $OUTDIR/firmware* rm -r $OUTDIR/* || true # Important to pull latest version of libs into all device flavors, otherwise some devices might be stale -platformio pkg update +platformio pkg update echo "Building for $1 with $PLATFORMIO_BUILD_FLAGS" rm -f .pio/build/$1/firmware.* diff --git a/bin/check-all.sh b/bin/check-all.sh index 4f6a78b03..e6db5b959 100755 --- a/bin/check-all.sh +++ b/bin/check-all.sh @@ -4,23 +4,23 @@ set -e -VERSION=$(bin/buildinfo.py long) +VERSION=`bin/buildinfo.py long` # The shell vars the build tool expects to find export APP_VERSION=$VERSION if [[ $# -gt 0 ]]; then - # can override which environment by passing arg - BOARDS="$@" + # can override which environment by passing arg + BOARDS="$@" else - BOARDS="tlora-v2 tlora-v1 tlora_v1_3 tlora-v2-1-1.6 tbeam heltec-v1 heltec-v2.0 heltec-v2.1 tbeam0.7 meshtastic-diy-v1 rak4631 rak4631_eink rak11200 t-echo pca10059_diy_eink" + BOARDS="tlora-v2 tlora-v1 tlora_v1_3 tlora-v2-1-1.6 tbeam heltec-v1 heltec-v2.0 heltec-v2.1 tbeam0.7 meshtastic-diy-v1 rak4631 rak4631_eink rak11200 t-echo pca10059_diy_eink" fi echo "BOARDS:${BOARDS}" CHECK="" for BOARD in $BOARDS; do - CHECK="${CHECK} -e ${BOARD}" + CHECK="${CHECK} -e ${BOARD}" done pio check --flags "-DAPP_VERSION=${APP_VERSION} --suppressions-list=suppressions.txt" $CHECK --skip-packages --pattern="src/" --fail-on-defect=low --fail-on-defect=medium --fail-on-defect=high diff --git a/bin/check-dependencies.sh b/bin/check-dependencies.sh index a686c414b..27372487f 100644 --- a/bin/check-dependencies.sh +++ b/bin/check-dependencies.sh @@ -5,17 +5,17 @@ set -e if [[ $# -gt 0 ]]; then - # can override which environment by passing arg - BOARDS="$@" + # can override which environment by passing arg + BOARDS="$@" else - BOARDS="rak4631 rak4631_eink t-echo pca10059_diy_eink pico rak11200 tlora-v2 tlora-v1 tlora_v1_3 tlora-v2-1-1.6 tbeam heltec-v1 heltec-v2.0 heltec-v2.1 tbeam0.7 meshtastic-diy-v1 nano-g1 station-g1 m5stack-core m5stack-coreink tbeam-s3-core" + BOARDS="rak4631 rak4631_eink t-echo pca10059_diy_eink pico rak11200 tlora-v2 tlora-v1 tlora_v1_3 tlora-v2-1-1.6 tbeam heltec-v1 heltec-v2.0 heltec-v2.1 tbeam0.7 meshtastic-diy-v1 nano-g1 station-g1 m5stack-core m5stack-coreink tbeam-s3-core" fi echo "BOARDS:${BOARDS}" CHECK="" for BOARD in $BOARDS; do - CHECK="${CHECK} -e ${BOARD}" + CHECK="${CHECK} -e ${BOARD}" done echo $CHECK diff --git a/bin/device-install.sh b/bin/device-install.sh index 90ed32286..ca60740ab 100755 --- a/bin/device-install.sh +++ b/bin/device-install.sh @@ -1,12 +1,12 @@ #!/bin/sh -PYTHON=${PYTHON:-$(which python3 python | head -n 1)} +PYTHON=${PYTHON:-$(which python3 python|head -n 1)} set -e # Usage info show_help() { - cat <&2 - exit 1 - ;; - esac + case "${opt}" in + h) + show_help + exit 0 + ;; + p) export ESPTOOL_PORT=${OPTARG} + ;; + P) PYTHON=${OPTARG} + ;; + f) FILENAME=${OPTARG} + ;; + *) + echo "Invalid flag." + show_help >&2 + exit 1 + ;; + esac done -shift "$((OPTIND - 1))" +shift "$((OPTIND-1))" [ -z "$FILENAME" -a -n "$1" ] && { - FILENAME=$1 - shift + FILENAME=$1 + shift } if [ -f "${FILENAME}" ] && [ ! -z "${FILENAME##*"update"*}" ]; then echo "Trying to flash ${FILENAME}, but first erasing and writing system information" - "$PYTHON" -m esptool erase_flash - "$PYTHON" -m esptool write_flash 0x00 ${FILENAME} - "$PYTHON" -m esptool write_flash 0x260000 bleota.bin - "$PYTHON" -m esptool write_flash 0x300000 littlefs-*.bin + "$PYTHON" -m esptool erase_flash + "$PYTHON" -m esptool write_flash 0x00 ${FILENAME} + "$PYTHON" -m esptool write_flash 0x260000 bleota.bin + "$PYTHON" -m esptool write_flash 0x300000 littlefs-*.bin else show_help diff --git a/bin/device-update.sh b/bin/device-update.sh index 6640741c0..7233f61f6 100755 --- a/bin/device-update.sh +++ b/bin/device-update.sh @@ -1,10 +1,10 @@ #!/bin/sh -PYTHON=${PYTHON:-$(which python3 python | head -n 1)} +PYTHON=${PYTHON:-$(which python3 python|head -n 1)} # Usage info show_help() { - cat <&2 - exit 1 - ;; - esac + case "${opt}" in + h) + show_help + exit 0 + ;; + p) export ESPTOOL_PORT=${OPTARG} + ;; + P) PYTHON=${OPTARG} + ;; + f) FILENAME=${OPTARG} + ;; + *) + echo "Invalid flag." + show_help >&2 + exit 1 + ;; + esac done -shift "$((OPTIND - 1))" +shift "$((OPTIND-1))" [ -z "$FILENAME" -a -n "$1" ] && { - FILENAME=$1 - shift + FILENAME=$1 + shift } if [ -f "${FILENAME}" ] && [ -z "${FILENAME##*"update"*}" ]; then diff --git a/bin/dump-ram-users.sh b/bin/dump-ram-users.sh index 1fc5ebe45..3cc3ce5dc 100755 --- a/bin/dump-ram-users.sh +++ b/bin/dump-ram-users.sh @@ -2,4 +2,4 @@ arm-none-eabi-readelf -s -e .pio/build/nrf52dk/firmware.elf | head -80 -nm -CSr --size-sort .pio/build/nrf52dk/firmware.elf | grep '^200' +nm -CSr --size-sort .pio/build/nrf52dk/firmware.elf | grep '^200' diff --git a/bin/gen-images.sh b/bin/gen-images.sh index b6a4b2fe0..0c10fddb8 100755 --- a/bin/gen-images.sh +++ b/bin/gen-images.sh @@ -1,6 +1,6 @@ #!/usr/bin/env bash -set -e +set -e # regen the design bins first cd design diff --git a/bin/promote-release.sh b/bin/promote-release.sh index 9edafd83c..f96d2a568 100755 --- a/bin/promote-release.sh +++ b/bin/promote-release.sh @@ -1,10 +1,10 @@ #!/usr/bin/env bash -set -e +set -e echo "This script is only for developers who are publishing new builds on github. Most users don't need it" -VERSION=$(bin/buildinfo.py long) +VERSION=`bin/buildinfo.py long` # Must have a V prefix to trigger github git tag "v${VERSION}" diff --git a/bin/test-simulator.sh b/bin/test-simulator.sh index 132f621a9..3c5f8f811 100755 --- a/bin/test-simulator.sh +++ b/bin/test-simulator.sh @@ -8,3 +8,4 @@ sleep 20 # 5 seconds was not enough echo "Simulator started, launching python test..." python3 -c 'from meshtastic.test import testSimulator; testSimulator()' +