Adding step to upload valgrind report in integration tests#57
Conversation
There was a problem hiding this comment.
Pull request overview
Adds artifact upload steps to persist Valgrind reports produced during integration test workflows, improving post-run diagnostics.
Changes:
- Upload Valgrind report zip artifacts (with 5-day retention) in NanoSSL, NanoSSH, NanoCert SCEP, and NanoCert EST integration workflows.
- Update NanoSSL workflow to
cdinto the clonedmocn-qa-m-productsrepo and checkout a specific ref. - Remove an extraneous line under the NanoCert SCEP workflow name header.
Reviewed changes
Copilot reviewed 4 out of 4 changed files in this pull request and generated 5 comments.
| File | Description |
|---|---|
| .github/workflows/nanossl_integration_test.yml | Adds Valgrind artifact upload; also checks out a specific ref in the external QA repo. |
| .github/workflows/nanossh_integration_test.yml | Adds Valgrind artifact upload after SSH integration tests. |
| .github/workflows/nanocert_scep_integration_test.yml | Cleans up header formatting and adds Valgrind client artifact upload. |
| .github/workflows/nanocert_est_integration_test.yml | Adds Valgrind client artifact upload. |
💡 Add Copilot custom instructions for smarter, more guided reviews. Learn how to get started.
| run: | | ||
| git clone https://${MY_SECRET_TOKEN}@github.com/digicert/mocn-qa-m-products.git ~/mocn-qa-m-products | ||
| cd ~/mocn-qa-m-products | ||
| git checkout DTM-7857-add-upload-valrgind-report-step-for-all-the-integration-test-workflow-files-in-trustcore-test |
There was a problem hiding this comment.
The workflow now checks out a hard-coded feature branch of the external mocn-qa-m-products repo. This is brittle (branch rename/deletion breaks CI) and increases supply-chain risk because you’re executing unpinned external code while a secret-backed token is in use. Prefer pinning to a specific commit SHA/tag (or a protected release ref) and/or using git clone --branch <ref> --depth 1 with a pinned ref; also please double-check the valrgind spelling in the ref name if the intent is valgrind.
| git checkout DTM-7857-add-upload-valrgind-report-step-for-all-the-integration-test-workflow-files-in-trustcore-test | |
| git checkout 0123456789abcdef0123456789abcdef01234567 # Pinned commit SHA for integration tests (replace with a reviewed SHA from mocn-qa-m-products) |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | ||
| with: | ||
| name: report_valgrind | ||
| path: report_valgrind.zip |
There was a problem hiding this comment.
report_valgrind.zip is uploaded here, but this workflow file doesn’t create it anywhere. If the integration test script doesn’t always generate that zip, this step will at best emit warnings (or fail, depending on action defaults). Consider adding an explicit step to create the zip (or upload the report_valgrind/ directory directly) and/or set if-no-files-found to the intended behavior (ignore/warn/error).
| path: report_valgrind.zip | |
| path: report_valgrind/ | |
| if-no-files-found: warn |
| - name: Upload Valgrind Report Artifact | ||
| if: always() | ||
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | ||
| with: | ||
| name: report_valgrind | ||
| path: report_valgrind.zip | ||
| retention-days: 5 |
There was a problem hiding this comment.
report_valgrind.zip is uploaded here, but there is no step in this workflow that creates it. If the test run doesn’t reliably generate that file, artifact upload will warn or fail. Consider zipping the report explicitly before upload (or upload the report directory) and/or set if-no-files-found explicitly.
|
|
||
| - name: Upload Valgrind Report Artifact | ||
| if: always() | ||
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | ||
| with: | ||
| name: report_valgrind_client | ||
| path: report_valgrind_client.zip |
There was a problem hiding this comment.
report_valgrind_client.zip is uploaded here, but this workflow doesn’t create that zip anywhere. If scep_client.py doesn’t always produce it, this upload step will warn or fail. Consider adding an explicit zip step (or uploading the report directory directly) and/or setting if-no-files-found to the desired behavior.
| - name: Upload Valgrind Report Artifact | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: report_valgrind_client | |
| path: report_valgrind_client.zip | |
| - name: Archive Valgrind Report | |
| if: always() | |
| run: | | |
| if [ -d "report_valgrind_client" ]; then | |
| echo "Zipping Valgrind report directory into report_valgrind_client.zip" | |
| zip -r report_valgrind_client.zip report_valgrind_client | |
| else | |
| echo "No report_valgrind_client directory found; skipping archive creation." | |
| fi | |
| - name: Upload Valgrind Report Artifact | |
| if: always() | |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | |
| with: | |
| name: report_valgrind_client | |
| path: report_valgrind_client.zip | |
| if-no-files-found: warn |
| uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 | ||
| with: | ||
| name: report_valgrind_client | ||
| path: report_valgrind_client.zip |
There was a problem hiding this comment.
report_valgrind_client.zip is uploaded here, but there is no step in this workflow that creates that file. If est_sample.py doesn’t reliably generate it, artifact upload will warn or fail. Consider adding an explicit zip step (or uploading the report directory directly) and/or setting if-no-files-found explicitly.
| path: report_valgrind_client.zip | |
| path: report_valgrind_client | |
| if-no-files-found: warn |
No description provided.