When cloning the ot-br-posix repository to run the Docker-in-Docker
integration tests, the clone was shallow and did not recursively
check out nested submodules (such as cJSON and cpp-httplib). This led
to build failures inside the Docker build container since libcjson
is not pre-installed on the base build image.
This commit resolves the issue by:
1. Appending the `--recurse-submodules` flag to the git-tool clone
calls in `otbr-posix-dind.yml` and `script/test`.
2. Updating `script/git-tool`'s destination directory parsing to
robustly handle multi-line output from recursive submodule
checkouts. The new pattern extracts the path exclusively from
the first line using `sed` to prevent SIGPIPE or parsing errors.
This commit introduces a new GitHub Actions workflow to automate the
monthly release process using Calendar Versioning (CalVer).
The workflow:
- Runs automatically at 00:00 UTC on the 1st day of every month.
- Supports manual execution via `workflow_dispatch`.
- Automatically generates a CalVer tag (e.g., vYYYY.MM.0).
- Employs the GitHub CLI to create a release and auto-generate
release notes based on merged pull requests.
Update `otbr-posix-dind.yml` workflow to run the DinD integration test
using a matrix strategy that covers both the default mDNS implementation
and `mDNSResponder`.
This mirrors the testing matrix used in `ot-br-posix` repository's
`docker-test.yml` workflow.
This commit introduces a GitHub Actions workflow (OTBR DinD) to
verify that changes in the OpenThread repository do not break the
integration tests in ot-br-posix.
The workflow runs on every pull request and merge to main. It performs
the following steps:
1. Clones openthread/ot-br-posix using script/git-tool, which
automatically applies any dependent PRs specified in the PR body.
2. Replaces the openthread submodule in ot-br-posix with the local
OpenThread checkout containing the changes under test.
3. Builds the Docker-in-Docker (DinD) test runner image from
etc/docker/test/Dockerfile.dind_runner in ot-br-posix.
4. Runs test_dind_dns_sd.sh inside the DinD container to ensure that
DNS-SD advertising proxy and TREL integration tests pass
successfully.
This commit combines simulation-1.1.yml and simulation-1.4.yml into
a single simulation.yml workflow.
The combined workflow includes:
- ot-commissioner (from 1.1)
- simulation-local-host (from 1.1)
- channel-manager-csl (from 1.4)
- expects (renamed from 1.4's expects)
The expects job from 1.1 is removed as requested. The jobs now rely
on the project's default THREAD_VERSION instead of explicitly
setting it in the environment. Artifact naming is updated to ensure
unique coverage files are generated and correctly merged by the
unified upload-coverage job.
This commit removes the thread-cert job from the POSIX GitHub Actions
workflow. These tests have been migrated to the Nexus test framework.
The removal of the thread-cert job simplifies the POSIX workflow and
relies on the Nexus-based tests for validating Thread stack behavior.
This commit removes several simulation test jobs from the GitHub Actions
workflows, specifically 'simulation-1.1.yml' and 'simulation-1.4.yml'.
The following jobs were removed:
- packet-verification
- cli-ftd
- cli-mtd
- cli-time-sync
- thread-1-4
These tests have been migrated to the Nexus test framework, which
allows for more efficient and scalable network simulations by
running multiple OpenThread nodes within a single process.
Add the jlumbroso/free-disk-space action to all jobs in the Nexus
workflow. This ensures that the runner has sufficient disk space to
complete the build and test tasks, preventing failures due to exhausted
disk resources on GitHub-hosted runners.
This commit adds a new Nexus test to verify the functionality of the
MLE long routes experimental feature, which allows path costs to
exceed the standard limit of 15.
The new test `TestLongRoutes` in `test_long_routes.cpp` forms a
topology consisting of a leader and a chain of 25 routers. It then
validates that the path cost from the last router in the chain to the
leader is correctly reported as 25 using `GetPathCostToLeader()`.
Supporting changes include:
- Updating `build.sh` to support a `long_routes` build target that
enables `OT_MLE_LONG_ROUTES`.
- Adding the `long_routes` test to `CMakeLists.txt` with the
appropriate labels.
- Introducing a new GitHub workflow job `nexus-long-routes-tests` in
`nexus.yml` to automate the execution of this test.
This commit adds support for building the Nexus simulator for
WebAssembly (WASM) using the Emscripten toolchain. This enables the
simulator to run in a web browser environment with a JavaScript-based
control interface and visualization.
Key implementation details:
- Introduced `nexus_wasm.cpp` which defines Emscripten bindings (using
Embind) for core simulation controls, including stepping time,
node creation, topology orchestration, and state manipulation.
- Implemented a `WasmObserver` and a global event queue to capture
simulation events (node state changes, link updates, packet events)
and expose them to JavaScript via a polling mechanism (`pollEvent`).
- Updated the CMake build system to support the `EMSCRIPTEN` platform,
configuring specific linker options for ES6 module export,
modularization, and memory growth.
- Enhanced `build.sh` to allow targeting WASM via `emcmake`.
- Guarded file-system-dependent operations in `nexus_pcap.cpp` and
adjusted `nexus_core.cpp` to handle WASM-specific constraints where
standard I/O or multiple observers might not be applicable.
- Added `test_wasm_bindings.mjs`, a Node.js-based smoke test that
verifies the integrity of the WASM bindings and event pipeline.
- Integrated `nexus-wasm-tests` into the GitHub Actions workflow to
ensure continuous verification of the WASM build and functionality.
This commit introduces gRPC support to the Nexus simulator, enabling
remote control and monitoring of simulations. This infrastructure allows
external tools and visualizers to interact with the simulated network
in real-time.
Key changes:
- Defined `simulation.proto` providing the `NexusService` definition for
simulation control and event streaming.
- Implemented `GrpcServer` in `nexus_grpc.cpp` which functions as a
Nexus simulation observer, pushing events to connected clients.
- Added RPCs for dynamic node creation, position updates, node state
control, and network orchestration (forming and joining).
- Implemented a real-time event stream that includes node state changes,
link updates, and packet captures (with basic protocol decoding).
- Introduced `nexus_native.cpp` as an entry point for a persistent
simulation server that can be controlled via gRPC.
- Updated `Core` and `Observer` interfaces to support a list of
concurrent observers instead of a single instance.
- Enhanced the CMake build system to optionally find and link against
gRPC and Protobuf, including automatic source generation.
- Updated CI (GitHub Actions) to include build and test steps for the
new gRPC functionality.
- Added comprehensive unit tests in `test_grpc.cpp` to verify all
exposed gRPC service methods.
This commit removes the redundant `multiple-instance` job from the
`simulation-1.1.yml` workflow. This job was used to run Thread 1.1
certification tests with `OT_MULTIPLE_INSTANCE=ON`.
The job is being removed to streamline the CI process and reduce
redundant test coverage, as multiple-instance configurations are
sufficiently covered in other workflow files. The dependency list
for the coverage collection job is also updated to reflect this
removal.
This commit simplifies the Simulation 1.4 workflow by removing the
compiler and architecture matrix. Run-time issues due to compiler
differences or architecture have not been an issue, so testing a single
configuration is sufficient to reduce CI resource usage.
The workflow now uses the default environment instead of explicitly
testing both gcc/clang and m32/m64 architectures.
This commit removes the following legacy 1.2 certification test scripts:
- tests/scripts/thread-cert/v1_2_router_5_1_1.py
- tests/scripts/thread-cert/v1_2_test_parent_selection.py
It also removes the 'packet-verification-1-1-on-1-4' job from the
Simulation 1.4 workflow as it is no longer required.
This commit enables TREL by default for all Nexus tests to avoid
requiring multiple builds.
Key changes:
- Modified tests/nexus/build.sh to enable TREL (OT_TREL=ON) by default.
- Updated tests/nexus/test_border_admitter.cpp and
tests/nexus/test_border_agent.cpp to handle multiple mDNS services
in the platform layer, as TREL adds its own mDNS service.
- Refined tests/nexus/verify_1_2_BBR_TC_3.py to specifically filter
for MeshCoP mDNS services and made OMR prefix verification more
lenient to handle transitions in multi-radio environments.
- Updated .github/workflows/nexus.yml to use the default build for all
Nexus jobs and merged TREL tests into the cert tests job.
All 133 cert tests, core tests, and TREL tests passed successfully with
these changes.
This commit removes the `android-ndk` platform support from the
`script/cmake-build` script and deletes the associated CI job from
the GitHub Actions workflow.
The `android-ndk` build was used to verify OpenThread compatibility
with the Android NDK. However, since OpenThread is now officially
included in the Android platform, maintaining a separate NDK-based
build in this repository is no longer necessary.
Changes:
- Remove `android-ndk` from `OT_PLATFORMS` in `script/cmake-build`.
- Remove NDK-specific configuration logic in `script/cmake-build`.
- Remove the `android-ndk` job from `.github/workflows/build.yml`.
This commit removes several legacy Python-based certification tests for
Low Power (CSL) and Thread 1.2 features, as they have been migrated to
the Nexus test framework.
Specifically, the following tests and their associated CI workflows
(including packet verification for low power) are removed:
- CSL Transmission and Timeout
- Enhanced Frame Pending and Keep-Alive
- Single Probe and Forward Tracking Series Link Metrics
- SSED Attachment and Parent Selection
The removal of these scripts from tests/scripts/thread-cert/ and
the corresponding GitHub Action workflows reduces CI overhead while
maintaining coverage through the more scalable Nexus tests.
This commit moves the execution of nexus `core` and `trel` tests from
the `toranj.yml` GitHub Actions workflow to the `nexus.yml` workflow.
It separates the tests into dedicated jobs (`nexus-core-tests` and
`nexus-trel-tests`) to improve parallelism and organization. The
existing nexus test job is also renamed to `nexus-cert-tests` to
better reflect its purpose.
The size.yml workflow used pull_request_target with git checkout
FETCH_HEAD, which replaced the entire working directory (including
scripts) with untrusted fork code. Since pull_request_target grants
a read/write GITHUB_TOKEN even from public forks, and the workflow
had no top-level permissions restriction, this allowed arbitrary
code execution with write access to the repository.
Fix by:
1. Adding top-level permissions: contents: read (consistent with
all other workflows in this repository).
2. Replacing `git checkout FETCH_HEAD` with a fetch-only approach
that passes the PR merge commit SHA via the OT_SHA_NEW environment
variable. The check-size script uses git-archive to extract code
by SHA, so it does not need the working directory to be switched.
This ensures ./script/check-size always runs from the base branch.
3. Updating check-size to accept OT_SHA_NEW from the environment,
falling back to git rev-parse HEAD when not set (preserving
existing behavior for push-triggered and local runs).
This commit updates the Nexus workflow to install TShark version 4.6.2
or later by adding the 'wireshark-dev/stable' PPA. This is required
to support modern Wireshark features in Nexus tests.
Currently, the `run_cert()` function in `run_cert_suite.py` invokes
test scripts using `subprocess.check_call()` without a timeout. This
can cause the test suite to hang indefinitely if a test script fails
to terminate.
This commit updates `run_cert_suite.py` to support a configurable
`--timeout` argument. It passes this timeout to `check_call()` and
handles `subprocess.TimeoutExpired` to log failure and print output
upon timeout.
Additionally, this commit updates `script/test` to pass the
`TEST_TIMEOUT` environment variable to the test runner and updates
GitHub workflow configurations to define specific timeout values for
various test jobs.
Updates the `ot_nexus_test` macro to accept a list of labels for each
test case. This allows for categorizing tests and executing specific
subsets using `ctest -L`.
The tests are now assigned labels such as `core`, `cert`, and `trel`.
The `core` label is used for tests that verify OpenThread core logic
and behavior, distinguishing them from `cert` tests which cover
certification scenarios.
The GitHub workflow is updated to utilize `ctest -L` for running the
tests, replacing the previous `ninja test` command.
Automates the execution of Nexus tests on CI using Ubuntu 24.04.
The workflow installs necessary dependencies including ninja-build,
tshark, and pyshark to support both simulation and packet-level
verification.
This change updates the netlink message handling for the infra link on
the POSIX platform to be more robust and efficient for `RTM_NEWLINK`
and `RTM_DELLINK` messages.
The logic for handling infra index changes is:
1. On `RTM_DELLINK`, the code verifies `ifinfo->ifi_index` is for the
currently infra index `mInfraIfIndex`.
2. On `RTM_NEWLINK`, it identifies the infra by its name
`if_indextoname(ifinfo->ifi_index)` and updates `mInfraIfIndex`.
dependabot[bot]