Styling, Client Auth, Version Handshake

.clang-tidy

@@ -0,0 +1,41 @@
+Checks: '
+*,
+-llvmlibc-*,
+-android-*,
+-altera-*,
+-fuchsia*,
+-google-readability-todo,
+-cppcoreguidelines-init-variables,
+-cppcoreguidelines-pro-type-reinterpret-cast,
+-llvm-namespace-comment,
+-readability-implicit-bool-conversion,
+-google-explicit-constructor,
+-abseil-string-find-str-contains,
+-readability-avoid-return-with-void-value,
+-readability-convert-member-functions-to-static,
+
+-google-readability-braces-around-statements,
+-google-readability-namespace-comments,
+-hicpp-special-member-functions,
+-hicpp-braces-around-statements,
+-hicpp-explicit-conversions
+'
+
+WarningsAsErrors: 'bugprone-exception-escape'
+FormatStyle: 'none' # TODO: Replace with 'file' once we have a proper .clang-format file
+InheritParentConfig: true
+CheckOptions:
+  misc-include-cleaner.MissingIncludes: 'false'
+  misc-include-cleaner.IgnoreHeaders: 'CppSockets/OSDetection.*;.*Version.hpp'
+
+  bugprone-argument-comment.StrictMode: 1
+
+  # Readability
+  readability-braces-around-statements.ShortStatementLines: 2
+
+  readability-identifier-naming.NamespaceCase: CamelCase
+
+  readability-identifier-length.IgnoredVariableNames: "^(fd|nb|n|ss|ec|is|os|_.*)$"
+  readability-identifier-length.IgnoredParameterNames: "^(fd|n|is|os|_.*)$"
+
+  cppcoreguidelines-special-member-functions.AllowSoleDefaultDtor: true

.editorconfig

@@ -0,0 +1,11 @@
+root = true
+
+[*]
+end_of_line = lf
+insert_final_newline = true
+
+[*.{c++,cc,cpp,cxx,h,h++,hh,hpp,hxx,inl,ipp,tlh,tli}]
+cpp_indent_case_contents_when_block = true
+cpp_new_line_before_open_brace_namespace = same_line
+indent_size = 4
+indent_style = space

.github/workflows/cmake-multi-platform.yml

@@ -4,90 +4,110 @@ on:
   push:
     branches: [ "master" ]
   pull_request:
+    branches: [ "master" ]
     types: [ "opened", "reopened", "synchronize", "ready_for_review" ]
 
 jobs:
   build:
     runs-on: ${{ matrix.os }}
 
     strategy:
-      fail-fast: false # ensure we don't stop after 1 failure to always have a complete picture of what is failing
+      # ensure we don't stop after 1 failure to always have a complete picture of what is failing
+      fail-fast: false
 
       # Set up a matrix to run the following configurations:
       # - ubuntu Debug/Release clang/gcc
       # - windows Debug/Release cl
       # - macos Debug/Release clang
       matrix:
-        os: [ubuntu-latest, macos-latest] # , windows-latest
+        os: [ubuntu-latest, macos-latest, windows-latest]
         build_type: [Release, Debug]
-        c_compiler: [gcc-13, clang-15, cl]
+        c_compiler: [gcc, clang, cl]
         include:
-          # - os: windows-latest
-          #   c_compiler: cl
-          #   cpp_compiler: cl
+          - os: windows-latest
+            c_compiler: cl
+            cpp_compiler: cl
           - os: ubuntu-latest
-            c_compiler: gcc-13
-            cpp_compiler: g++-13
+            c_compiler: gcc
+            cpp_compiler: g++
           - os: ubuntu-latest
-            c_compiler: clang-15
-            cpp_compiler: clang++-15
+            c_compiler: clang
+            cpp_compiler: clang++
           - os: macos-latest
-            c_compiler: gcc-13
-            cpp_compiler: g++-13
+            c_compiler: clang
+            cpp_compiler: clang++
         exclude:
           - os: windows-latest
-            c_compiler: gcc-13
+            c_compiler: gcc
           - os: windows-latest
-            c_compiler: clang-15
+            c_compiler: clang
           - os: ubuntu-latest
             c_compiler: cl
           - os: macos-latest
             c_compiler: cl
           - os: macos-latest
-            c_compiler: clang-15
+            c_compiler: gcc
 
     steps:
-    - uses: actions/checkout@v3
-
-    - name: Set reusable strings
-      # Turn repeated input strings (such as the build output directory) into step outputs. These step outputs can be used throughout the workflow file.
-      id: strings
-      shell: bash
-      run: |
-        echo "build-output-dir=${{ github.workspace }}/build" >> "$GITHUB_OUTPUT"
-
-    - name: Cache VCPKG (Windows)
-      if: runner.os == 'Windows'
-      uses: actions/cache@v3
-      with:
-        path: ${{ env.VCPKG_ROOT }}
-        key: ${{ runner.os }}-${{ matrix.build_type }}-${{ hashFiles('vcpkg.json') }}
-
-    - name: Install OpenSSL (Windows)
-      if: runner.os == 'Windows'
-      shell: powershell
-      run: |
-        echo "VCPKG_ROOT=$env:VCPKG_INSTALLATION_ROOT" | Out-File -FilePath $env:GITHUB_ENV -Append
-        echo "CMAKE_TOOLCHAIN_FILE=${env:VCPKG_INSTALLATION_ROOT}\scripts\buildsystems\vcpkg.cmake" | Out-File -FilePath $env:GITHUB_ENV -Append
-        vcpkg install
-
-    - name: Configure CMake
-      # Configure CMake in a 'build' subdirectory. `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
-      # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
-      run: >
-        cmake -B ${{ steps.strings.outputs.build-output-dir }}
-        -DCMAKE_CXX_COMPILER=${{ matrix.cpp_compiler }}
-        -DCMAKE_C_COMPILER=${{ matrix.c_compiler }}
-        -DCMAKE_BUILD_TYPE=${{ matrix.build_type }}
-        -DLIBFSP_BUILD_TESTS=TRUE
-        -S ${{ github.workspace }}
-
-    - name: Build
-      # Build your program with the given configuration. Note that --config is needed because the default Windows generator is a multi-config generator (Visual Studio generator).
-      run: cmake --build ${{ steps.strings.outputs.build-output-dir }} --config ${{ matrix.build_type }}
-
-    - name: Test
-      working-directory: ${{ steps.strings.outputs.build-output-dir }}
-      # Execute tests defined by the CMake configuration. Note that --build-config is needed because the default Windows generator is a multi-config generator (Visual Studio generator).
-      # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
-      run: ctest --build-config ${{ matrix.build_type }} --test-dir tests --output-on-failure
+      - uses: actions/checkout@v3
+
+      - name: Set Env
+        shell: bash
+        run: |
+          echo "BUILD_OUTPUT_DIR=${{ github.workspace }}/build" >> "$GITHUB_ENV"
+
+      - name: VCPKG Install (Windows)
+        if: runner.os == 'Windows'
+        uses: ./.github/workflows/windows-vcpkg
+        with:
+          key: ${{ runner.os }}-${{ matrix.build_type }}
+
+      - name: Configure CMake
+        # Configure CMake in a 'build' subdirectory.
+        # `CMAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
+        # See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
+        run: >
+          cmake -B ${{ env.BUILD_OUTPUT_DIR }}
+          -DCMAKE_CXX_COMPILER=${{ matrix.cpp_compiler }}
+          -DCMAKE_C_COMPILER=${{ matrix.c_compiler }}
+          -DCMAKE_BUILD_TYPE=${{ matrix.build_type }}
+          -DLIBFSP_BUILD_TESTS=TRUE
+          -S ${{ github.workspace }}
+
+      - name: Build
+        # Build your program with the given configuration. Note that --config is needed
+        # because the default Windows generator is a multi-config generator (Visual Studio generator).
+        run: cmake --build ${{ env.BUILD_OUTPUT_DIR }} --config ${{ matrix.build_type }}
+
+      - uses: actions/upload-artifact@v4
+        if: matrix.os == 'ubuntu-latest' && matrix.build_type == 'Release' && matrix.c_compiler == 'clang'
+        with:
+          name: compile_commands.json
+          path: ${{ env.BUILD_OUTPUT_DIR }}/compile_commands.json
+
+      - name: Test
+        working-directory: ${{ env.BUILD_OUTPUT_DIR }}
+        # Execute tests defined by the CMake configuration. Note that --build-config is needed
+        # because the default Windows generator is a multi-config generator (Visual Studio generator).
+        # See https://cmake.org/cmake/help/latest/manual/ctest.1.html for more detail
+        run: ctest --build-config ${{ matrix.build_type }} --test-dir tests --output-on-failure
+
+  clang-tidy:
+    needs: 'build'
+    runs-on: ubuntu-latest
+    if: always() && github.event_name == 'pull_request'
+
+    steps:
+      - name: Checkout Code
+        uses: actions/checkout@v4
+
+      - uses: actions/download-artifact@v4
+        with:
+          name: compile_commands.json
+
+      - name: clang-tidy review
+        uses: ZedThree/clang-tidy-review@v0.21.0
+
+      # If there are any comments, fail the check
+      - if: steps.review.outputs.total_comments > 0
+        run: exit 1

.github/workflows/code_scanning.yml

@@ -30,7 +30,7 @@ jobs:
 
     # Initializes the CodeQL tools for scanning.
     - name: Initialize CodeQL
-      uses: github/codeql-action/init@v2
+      uses: github/codeql-action/init@v3
       with:
         languages: 'c-cpp'
         # If you wish to specify custom queries, you can do so here or in a config file.
@@ -44,23 +44,10 @@ jobs:
     # Autobuild attempts to build any compiled languages (C/C++, C#, Go, Java, or Swift).
     # If this step fails, then you should remove it and run the build manually (see below)
     - name: Autobuild
-      env:
-        CXX: g++-13
-        CC: gcc-13
-      uses: github/codeql-action/autobuild@v2
-
-    # ℹ️ Command-line programs to run using the OS shell.
-    # 📚 See https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#jobsjob_idstepsrun
-
-    #   If the Autobuild fails above, remove it and uncomment the following three lines.
-    #   modify them (or add more) to build your code if your project, please refer to the EXAMPLE below for guidance.
-
-    # - run: |
-    #     echo "Run, Build Application using script"
-    #     ./location_of_script_within_repo/buildscript.sh
+      uses: github/codeql-action/autobuild@v3
 
     - name: Perform CodeQL Analysis
-      uses: github/codeql-action/analyze@v2
+      uses: github/codeql-action/analyze@v3
       with:
         category: "/language:c-cpp"
 
@@ -76,53 +63,66 @@ jobs:
         uses: actions/checkout@v3
 
       - name: flawfinder_scan
-        uses: david-a-wheeler/flawfinder@8e4a779ad59dbfaee5da586aa9210853b701959c
+        uses: david-a-wheeler/flawfinder@2.0.19
         with:
           arguments: '--sarif ./'
           output: 'flawfinder_results.sarif'
 
       - name: Upload analysis results to GitHub Security tab
-        uses: github/codeql-action/upload-sarif@v2
+        uses: github/codeql-action/upload-sarif@v3
         with:
           sarif_file: ${{github.workspace}}/flawfinder_results.sarif
 
-  # microsoft-analyze:
-  #   permissions:
-  #     contents: read # for actions/checkout to fetch code
-  #     security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
-  #     actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
-  #   name: Microsoft Analyze
-  #   runs-on: windows-latest
-
-  #   steps:
-  #     - name: Checkout repository
-  #       uses: actions/checkout@v3
-
-  #     - name: Configure CMake
-  #       run: cmake -B ./build
-
-  #     # Build is not required unless generated source files are used
-  #     # - name: Build CMake
-  #     #   run: cmake --build ./build
-
-  #     - name: Initialize MSVC Code Analysis
-  #       uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99
-  #       # Provide a unique ID to access the sarif output path
-  #       id: run-analysis
-  #       with:
-  #         cmakeBuildDirectory: ${{ env.build }}
-  #         # Ruleset file that will determine what checks will be run
-  #         ruleset: NativeRecommendedRules.ruleset
-
-  #     # Upload SARIF file to GitHub Code Scanning Alerts
-  #     - name: Upload SARIF to GitHub
-  #       uses: github/codeql-action/upload-sarif@v2
-  #       with:
-  #         sarif_file: ${{ steps.run-analysis.outputs.sarif }}
-
-  #     # Upload SARIF file as an Artifact to download and view
-  #     # - name: Upload SARIF as an Artifact
-  #     #   uses: actions/upload-artifact@v3
-  #     #   with:
-  #     #     name: sarif-file
-  #     #     path: ${{ steps.run-analysis.outputs.sarif }}
+  microsoft-analyze:
+    permissions:
+      actions: read # only required for a private repository by github/codeql-action/upload-sarif to get the Action run status
+      contents: read # for actions/checkout to fetch code
+      security-events: write # for github/codeql-action/upload-sarif to upload SARIF results
+    name: Microsoft Analyze
+    runs-on: windows-latest
+
+    env:
+      # Path to the CMake build directory.
+      build: '${{ github.workspace }}/build'
+      config: 'Debug'
+
+    steps:
+      - name: Checkout repository
+        uses: actions/checkout@v3
+
+      - name: VCPKG Install (Windows)
+        uses: ./.github/workflows/windows-vcpkg
+        with:
+          key: ${{ runner.os }}-${{ env.config }}
+
+      - name: Configure CMake
+        run: cmake -B ${{ env.build }} -DCMAKE_BUILD_TYPE=${{ env.config }}
+
+      # Build is not required unless generated source files are used
+      # - name: Build CMake
+      #   run: cmake --build ${{ env.build }} --config ${{ env.config }}
+
+      - name: Run MSVC Code Analysis
+        uses: microsoft/msvc-code-analysis-action@v0.1.1
+        # Provide a unique ID to access the sarif output path
+        id: run-analysis
+        with:
+          cmakeBuildDirectory: ${{ env.build }}
+          buildConfiguration: ${{ env.config }}
+          # Ruleset file that will determine what checks will be run
+          ruleset: NativeRecommendedRules.ruleset
+          # Paths to ignore analysis of CMake targets and includes
+          # ignoredPaths: ${{ github.workspace }}/dependencies;${{ github.workspace }}/test
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+      - name: Upload SARIF to GitHub
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: ${{ steps.run-analysis.outputs.sarif }}
+
+      # # Upload SARIF file as an Artifact to download and view
+      # - name: Upload SARIF as an Artifact
+      #   uses: actions/upload-artifact@v4
+      #   with:
+      #     name: sarif-file
+      #     path: ${{ steps.run-analysis.outputs.sarif }}