Merge branch 'trunk' into 1327-ssh-np-desktop-connect-to-c-daemons-fails

.gitbook.yaml

@@ -3,3 +3,6 @@ root: ./docs
 structure:
   readme: README.md
   summary: SUMMARY.md
+
+redirects:
+  ssh-no-ports/guides/installation-guide: installation/README.md

.github/dependabot.yml

@@ -40,3 +40,11 @@ updates:
       pip:
         patterns:
           - "*"
+  - package-ecosystem: 'npm'
+    directory: "/apps/admin/webapp/"
+    schedule:
+      interval: "daily"
+    groups:
+      npm:
+        patterns:
+          - "*"

.github/workflows/c_release.yml

@@ -16,7 +16,36 @@ permissions: # added using https://github.com/step-security/secure-repo
   contents: read
 
 jobs:
+  verify_tags:
+    permissions:
+      contents: write # Needed to create workflow branch
+    runs-on: ubuntu-latest
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+      - name: Create action branch
+        run: |
+          git config --global user.name 'Atsign Robot'
+          git config --global user.email '41898282+github-actions[bot]@users.noreply.github.com'
+          git checkout -b c_release-${{github.run_number}}
+      - name:
+          Ensure pubspec.yaml matches git ref (if current git ref is a version
+          tag)
+        shell: bash
+        if: startsWith(github.ref, 'refs/tags/c')
+        working-directory: ./packages/c/sshnpd/include/sshnpd/
+        run: |
+          REF=${{ github.ref }}
+          VER=${REF:11}
+          sed -i "0,/#define SSHNPD_VERSION/{s/#define SSHNPD_VERSION \(.*\)/#DEFINE SSHNPD_VERSION "${VER}"/}" version.h
+          if [ "$(git status --porcelain)" ]; then
+            git add .
+            git commit -m 'ci: Updated version to tag'
+          fi
+      - name: Push changes to branch
+        run: git push --set-upstream origin c_release-${{github.run_number}}
+
   native_build:
+    needs: [verify_tags]
     runs-on: ${{ matrix.os }}
     defaults:
       run:
@@ -37,12 +66,14 @@ jobs:
             bundle: "shell"
             compiler: "clang"
             flags: "-Wno-error -pthread"
-#          - os: windows-latest
-#            output-name: sshnp-windows-x64
-#            ext: '.exe'
-#            bundle: 'windows'
+    #          - os: windows-latest
+    #            output-name: sshnp-windows-x64
+    #            ext: '.exe'
+    #            bundle: 'windows'
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: c_release-${{github.run_number}}
       # compile binaries
       - run: |
           cmake -B build -S . -DBUILD_SHARED_LIBS=off -DCMAKE_C_COMPILER=${{ matrix.compiler }} -DCMAKE_C_FLAGS="${{matrix.flags}}"
@@ -51,22 +82,28 @@ jobs:
           mv build/sshnpd .
       # zip the build
       - if: ${{ matrix.os == 'macOS-13' || matrix.os == 'macos-14'}}
-        run: ditto -c -k --keepParent sshnpd tarball/${{ matrix.output-name }}.zip
+        run:
+          ditto -c -k --keepParent sshnpd tarball/${{ matrix.output-name }}.zip
       - if: ${{ matrix.os == 'ubuntu-latest' }}
         run: tar -cvzf tarball/${{ matrix.output-name }}.tgz sshnpd
       - if: ${{ matrix.os == 'windows-latest' }}
-        run: Compress-Archive -Path sshnpd -Destination tarball/${{ matrix.output-name }}.zip
+        run:
+          Compress-Archive -Path sshnpd -Destination tarball/${{
+          matrix.output-name }}.zip
       # upload the build
-      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name:
-            ${{ matrix.output-name }}_${{ matrix.compiler }}-${{  github.ref_name  
+            ${{ matrix.output-name }}_${{ matrix.compiler
+            }}-${{  github.ref_name
             }}-${{github.run_number}}-${{github.run_attempt}}
           path: ./packages/c/sshnpd/tarball
           if-no-files-found: error
 
   docker_build:
+    needs: [verify_tags]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.native_build_only }}
     defaults:
       run:
         working-directory: ./packages/c
@@ -77,35 +114,35 @@ jobs:
             output-name: sshnpd-linux-x64
           - platform: linux/arm64
             output-name: sshnpd-linux-arm64
-## 20240806: Clang and CMake that we use aren't packaged for
-## armv7 or riscv64 (also no Debian 10 for RISC-V)
-#          - platform: linux/arm/v7
-#            output-name: sshnpd-linux-arm
-#          - platform: linux/riscv64
-#            output-name: sshnpd-linux-riscv64
+    ## 20240806: Clang and CMake that we use aren't packaged for
+    ## armv7 or riscv64 (also no Debian 10 for RISC-V)
+    #          - platform: linux/arm/v7
+    #            output-name: sshnpd-linux-arm
+    #          - platform: linux/riscv64
+    #            output-name: sshnpd-linux-riscv64
     steps:
-      - if: ${{ ! inputs.native_build_only }}
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - if: ${{ ! inputs.native_build_only }}
-        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
-      - if: ${{ ! inputs.native_build_only }}
-        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
-      - if: ${{ ! inputs.native_build_only }}
-        run: |
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: c_release-${{github.run_number}}
+      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
+      - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+      - run: |
           docker buildx build -t atsigncompany/sshnpdc -f sshnpd/tools/Dockerfile.package \
           --platform ${{ matrix.platform }} -o type=tar,dest=bins.tar .
           mkdir tarballs
           tar -xvf bins.tar -C tarballs
-      - if: ${{ ! inputs.native_build_only }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name:
-            ${{ matrix.output-name  }}-${{  github.ref_name  }}-${{  github.run_number  
+            ${{
+            matrix.output-name  }}-${{  github.ref_name  }}-${{  github.run_number
             }}-${{  github.run_attempt  }}
           path: ./packages/c/tarballs/${{ matrix.output-name }}.tgz
 
   musl_build:
+    needs: [verify_tags]
     runs-on: ubuntu-latest
+    if: ${{ ! inputs.native_build_only }}
     defaults:
       run:
         working-directory: ./packages/c
@@ -117,46 +154,44 @@ jobs:
             output-name: sshnpd-linux-x64-musl
           - platform: linux/arm/v7
             output-name: sshnpd-linux-arm-musl
-## 20240806: arm64 failing due to Mbed TLS error:
-## /sshnpd/sshnpd/build/_deps/mbedtls-src/library/aesce.c:87:10:
-## fatal error: 'asm/hwcap.h' file not found
-#          - platform: linux/arm64
-#            output-name: sshnpd-linux-arm64-musl
+          - platform: linux/arm64
+            output-name: sshnpd-linux-arm64-musl
           - platform: linux/riscv64
             output-name: sshnpd-linux-riscv64-musl
     steps:
-      - if: ${{ ! inputs.native_build_only }}
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
-      - if: ${{ ! inputs.native_build_only }}
-        uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
-      - if: ${{ ! inputs.native_build_only }}
-        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
-      - if: ${{ ! inputs.native_build_only }}
-        run: |
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: c_release-${{github.run_number}}
+      - uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
+      - uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
+      - run: |
           docker buildx build -t atsigncompany/sshnpdcmusl -f sshnpd/tools/Dockerfile.musl \
           --platform ${{ matrix.platform }} -o type=tar,dest=bins.tar .
           mkdir tarballs
           tar -xvf bins.tar -C tarballs
-      - if: ${{ ! inputs.main_build_only }}
-        uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name:
-            ${{ matrix.output-name  }}-${{  github.ref_name  }}-${{  github.run_number  
+            ${{
+            matrix.output-name  }}-${{  github.ref_name  }}-${{  github.run_number
             }}-${{  github.run_attempt  }}
           path: ./packages/c/tarballs/${{ matrix.output-name }}.tgz
 
   source_tarball:
+    needs: [verify_tags]
     name: Generate source tarball
     runs-on: ubuntu-latest
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          ref: c_release-${{github.run_number}}
       - name: Create tarball
         run: |
           mkdir tarball
           cd ./packages
           mv c csshnpd-${{ github.ref_name }}
           tar -cvzf ../tarball/csshnpd-${{ github.ref_name }}.tar.gz csshnpd-${{ github.ref_name }}
-      - uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
+      - uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
         with:
           name: csshnpd-src-${{github.ref_name}}-${{github.run_number}}-${{github.run_attempt}}
           path: ./tarball/csshnpd-${{ github.ref_name }}.tar.gz
@@ -177,12 +212,12 @@ jobs:
         uses: actions/download-artifact@fa0a91b85d4f404e444e00e005971372dc801d16 # v4.1.8
         with:
           path: tarballs/
-## 20240806: Need a different approach to SBOMs for C daemon
-#    - name: Generate SBOMs
-#      run: |
-#        syft scan file:./packages/dart/sshnoports/pubspec.lock \
-#          -o 'spdx-json=tarballs/dart_sshnoports_sbom.spdx.json' \
-#          -o 'cyclonedx-json=tarballs/dart_sshnoports_sbom.cyclonedx.json'
+      ## 20240806: Need a different approach to SBOMs for C daemon
+      #    - name: Generate SBOMs
+      #      run: |
+      #        syft scan file:./packages/dart/sshnoports/pubspec.lock \
+      #          -o 'spdx-json=tarballs/dart_sshnoports_sbom.spdx.json' \
+      #          -o 'cyclonedx-json=tarballs/dart_sshnoports_sbom.cyclonedx.json'
       - name: Move packages for signing
         run: |
           cd tarballs
@@ -208,7 +243,7 @@ jobs:
         working-directory: tarballs
         run: |
           echo "hashes=$(cat checksums.txt | base64 -w0)" >> "$GITHUB_OUTPUT"
-      - uses: actions/attest-build-provenance@1c608d11d69870c2092266b3f9a6f3abbf17002c # v1.4.3
+      - uses: actions/attest-build-provenance@ef244123eb79f2f7a7e75d99086184180e6d0018 # v1.4.4
         with:
           subject-path: "tarballs/**"
 

.github/workflows/c_unit_tests.yaml

@@ -0,0 +1,24 @@
+name: C Unit Tests
+
+on:
+  workflow_dispatch:
+  push:
+    branches: [trunk]
+  pull_request:
+    branches: [trunk]
+
+permissions: # added using https://github.com/step-security/secure-repo
+  contents: read
+
+jobs:
+  unit-tests:
+    runs-on: "ubuntu-latest"
+    steps:
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+
+      - name: sshnpd Unit CTest
+        working-directory: packages/c
+        run: |
+          cmake -S . -B build -DSSHNPD_BUILD_TESTS=ON
+          cmake --build build
+          ctest --test-dir build/sshnpd/tests --output-on-failure --timeout 2

.github/workflows/codeql.yml

@@ -41,16 +41,16 @@ jobs:
 
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
       - name: Checkout repository
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
 
       # Initializes the CodeQL tools for scanning.
       - name: Initialize CodeQL
-        uses: github/codeql-action/init@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/init@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
         with:
           languages: ${{ matrix.language }}
           # If you wish to specify custom queries, you can do so here or in a config file.
@@ -60,7 +60,7 @@ jobs:
       # Autobuild attempts to build any compiled languages  (C/C++, C#, or Java).
       # If this step fails, then you should remove it and run the build manually (see below)
       - name: Autobuild
-        uses: github/codeql-action/autobuild@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/autobuild@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
 
       # ℹ️ Command-line programs to run using the OS shell.
       # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
@@ -73,6 +73,6 @@ jobs:
       #   ./location_of_script_within_repo/buildscript.sh
 
       - name: Perform CodeQL Analysis
-        uses: github/codeql-action/analyze@8214744c546c1e5c8f03dde8fab3a7353211988d # v3.26.7
+        uses: github/codeql-action/analyze@f09c1c0a94de965c15400f5634aa42fac8fb8f88 # v3.27.5
         with:
           category: "/language:${{matrix.language}}"

.github/workflows/cppcheck.yml

@@ -20,7 +20,7 @@ jobs:
       run:
         working-directory: ./packages/c
     steps:
-      - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+      - uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Cppcheck
         run: |
           sudo apt install -y cppcheck

.github/workflows/dependency-review.yml

@@ -17,11 +17,11 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Harden Runner
-        uses: step-security/harden-runner@91182cccc01eb5e619899d80e4e971d6181294a7 # v2.10.1
+        uses: step-security/harden-runner@0080882f6c36860b6ba35c610c98ce87d4e2f26f # v2.10.2
         with:
           egress-policy: audit
 
       - name: 'Checkout Repository'
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: 'Dependency Review'
-        uses: actions/dependency-review-action@5a2ce3f5b92ee19cbb1541a4984c76d921601d7c # v4.3.4
+        uses: actions/dependency-review-action@3b139cfc5fae8b618d3eae3675e383bb1769c019 # v4.5.0

.github/workflows/dockerhub_sshnpd.yml

@@ -23,7 +23,7 @@ jobs:
     runs-on: ubuntu-latest
     steps:
       - name: Checkout
-        uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
       - name: Ensure pubspec.yaml matches git ref (if current git ref is a version tag)
         shell: bash
         if: startsWith(github.ref, 'refs/tags/v')
@@ -35,7 +35,7 @@ jobs:
       - name: Set up QEMU
         uses: docker/setup-qemu-action@49b3bc8e6bdd4a60e6116a5414239cba5943d3cf # v3.2.0
       - name: Set up Docker Buildx
-        uses: docker/setup-buildx-action@988b5a0280414f521da01fcc63a27aeeb4b104db # v3.6.1
+        uses: docker/setup-buildx-action@c47758b77c9736f4b2ef4073d4d51994fabfe349 # v3.7.1
       - name: Login to Docker Hub
         uses: docker/login-action@9780b0c442fbb1117ed29e0efdff1e18412f7567 # v3.3.0
         with:
@@ -45,7 +45,7 @@ jobs:
       - name: Get version
         run: echo "VERSION=${GITHUB_REF##*/}" >> $GITHUB_ENV
       - name: Build and push
-        uses: docker/build-push-action@5cd11c3a4ced054e52742c5fd54dca954e0edd85 # v6.7.0
+        uses: docker/build-push-action@4f58ea79222b3b9dc2c8bbdd6debcef730109a75 # v6.9.0
         with:
           context: .
           file: ${{ matrix.dockerfile }}

.github/workflows/e2e_all.yaml

@@ -29,14 +29,15 @@ jobs:
 
     steps:
       - name: execute tests on cicd vm
-        uses: appleboy/ssh-action@029f5b4aeeeb58fdfe1410a5d17f967dacf36262 # v1.0.3
+        uses: appleboy/ssh-action@7eaf76671a0d7eec5d98ee897acda4f968735a17 # v1.2.0
         env:
           SHA: ${{ github.event.pull_request.head.sha || github.sha }}
         with:
           host: ${{ secrets.NOPORTS_CICD_HOST }}
           username: ubuntu
           key: ${{ secrets.NOPORTS_CICD_SSH_KEY }}
           envs: SHA
+          command_timeout: 15m
           script: |
             cd noports
             rm -rf tests/e2e_all/runtime