GitLab

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Updated library_index.json for testing

* Use easyjson for parsing library_index

* Added benchmarks for json deconding.

Results:

$ go test -v -benchmem -bench BenchmarkIndexParsing github.com/arduino/arduino-cli/arduino/libraries/librariesindex
=== RUN   TestIndexer
--- PASS: TestIndexer (0.16s)
goos: linux
goarch: amd64
pkg: github.com/arduino/arduino-cli/arduino/libraries/librariesindex
cpu: Intel(R) Core(TM) i7-8550U CPU @ 1.80GHz
BenchmarkIndexParsingStdJSON
BenchmarkIndexParsingStdJSON-8                 5         214872730 ns/op          94.52 MB/s    58956539 B/op     418973 allocs/op
BenchmarkIndexParsingEasyJSON
BenchmarkIndexParsingEasyJSON-8               16          69215472 ns/op         293.42 MB/s    56162664 B/op     418966 allocs/op
PASS
ok      github.com/arduino/arduino-cli/arduino/libraries/librariesindex 4.442s

easyjson is 3x faster.

* Updated license check cache

* Added easyjson to package_index.json parser

* Allow easyjson to match tags in case-insensitive

See https://github.com/mailru/easyjson/pull/372

* Added easyjson generation task in Taskfile

* Added github action check

* Update .github/workflows/check-easyjson.yml
Co-authored-by: per1234 <accounts@perglass.com>
Co-authored-by: per1234 <accounts@perglass.com>

A "Check Go Dependencies" GitHub Actions workflow is used to check whether all Go package dependencies of the modules in
this repository use compatible licenses.

This workflow is hosted and maintained in a repository dedicated to a collection of such reusable Arduino tooling project assets.

Several enhancements have been made to the upstream file, which are pulled into the Arduino CLI repository here:

- Add schedule event trigger to catch breakage caused by external changes
  https://github.com/arduino/tooling-project-assets/commit/e71e4702279bd165769efd830f276b6b492de92c
- Run workflow on release branch creation
  https://github.com/arduino/tooling-project-assets/commit/22504dc85c1bea37613506016e677cd545a9af1b

The script which provides convenient installation of Arduino CLI is hosted and maintained in a separate repository which
contains the collection of reusable tooling project assets. Some defects were present in the script's handling of lack
of a build for a specific host architecture, which manifested when users with Apple M1 systems attempted to use it.

These defects were fixed and some general improvements made to the related code.

- Remove broken frivolous function from install script
  https://github.com/arduino/tooling-project-assets/commit/127116b30163e5c63384d6a46c57f9f5d093d61a
- Remove unnecessary use of eval from install script
  https://github.com/arduino/tooling-project-assets/commit/e2b5740daf890aa20d27d901ee8fc11743b38036
- Fallback to x86-64 release when macOS ARM 64-bit build not available
  https://github.com/arduino/tooling-project-assets/commit/d8c59e3caac6182077e9bbefe3a5209c3ec96782

Those are pulled into the Arduino CLI project here.

* Changes in errors.MultipleBoardsDetectedError and errors.NoBoardsDetectedError

- The message formatting has been fixed
- The errors now accepts a *rpc.Port instead of a *discovery.Port
- The new error NoBoardsDetectedError has been added

* Renamed some variable in compile/compile.go to improve readability

fqbn -> fqbnArg
port -> portArgs
detectedFqbn -> fqbn
discoveryPort -> port

* Renamed some variable in debug/debug.go to improve readability

fqbn -> fqbnArg
port -> portArgs
discoveryPort -> port

* Fixed some error formatting

* Renamed some variable in compile/compile.go to improve readability

fqbn -> fqbnArg
port -> portArgs
discoveryPort -> port

* Refactored board autodetection in upload/compile

- use `board.List()` instead of implementing a duplicate of it
- factored the logic that calculates FQBN, Port and possibly
  autodetects FQBN, so we have a single implementation for all
  commands of the cli.

* Removed SupportedUserFieldsRequest.Address gRPC parameter

Because it's no more needed

* Added notes about technical debt

* Factored --discovery-timeout flag and added timeout to board autodetection

* Added docs

* Fixed error message and integration tests

* Update cli/arguments/port.go
Co-authored-by: Umberto Baldi <34278123+umbynos@users.noreply.github.com>
Co-authored-by: Umberto Baldi <34278123+umbynos@users.noreply.github.com>

* Fix typo

* Rename custom keys filename to make more clear that private key is used to sign and public key is used for encryption

* Update Security setting postbuild.cmd path

* Update Security setting keychain path

* Update Security setting default keys filename

* Updated relaxed-semver library to v0.9.0

* Fixed errors translations

* Make architecture explicit in loadPlatform

* Extracted subrotuine loadToolReleaseFromDirectory

* Added cores.InstallPlatformInDirectory(..) helper function

* legacy: allow using a preconfigured library manager in build

The "Check Go Dependencies" GitHub Actions workflow checks for dependencies with incompatible or unapproved license
types.

The dependency license metadata consumed by the "Licensed" tool is cached in the project repository, in a dedicated file
for each dependency.

The `check-cache` job of the workflow checks whether that cache is in sync with the project's current dependencies. It
does this by using the "Licensed" tool to update the cache and then a `git diff` command to check whether that resulted
in any changes (which would indicate it is out of sync).

Out of sync states could result from any of three distinct conditions:

- Missing metadata file
- Incorrect metadata file contents
- Superfluous metadata file

An incorrectly configured `git diff` command previously caused the last of these to be missed.

My first take at this system was simply using `git diff --exit-code` alone. That detects the last two, but misses the
first. I added the `git add --intent-to-add .` command to detect added files, but didn't realize that it caused the last
to be missed.

Superfluous files in the dependency license metadata cache won't actually interfere with its intended functionality, but
it is still important to avoid an accumulation of unused files.

The new commands will catch all three of the possible out of sync conditions by staging all changes that result from
the metadata cache update to the repository and then comparing those against the `HEAD` commit.

I considered an alternative approach which works just as well as the chosen one:

```
git add .
git diff --exit-code HEAD
```

However, I feel that the `--cached` flag makes the `git diff` command more self-explanatory.

* Moved downloaders subroutines in 'resources' package

* Moved function to the correct file

* Merge Download subroutine for resources

* Factored all download subroutines

* Allow passing nil Config in resource.Download method

* Moved some package in their appropriate place.

httpclient is now under arduino/httpclient.
Some configuration values have been moved under 'configuration' package,
and the related subroutines have been refactored.

* Created IndexResource and factored out all download utilities

* Fix regression in unit-tests

* Adjusted integration tests

* Fixed linter problems

* Moved DownloadFile from 'resources' package into 'httpclient'

* Factored all progress reports callback definitions in the rpc package

* Updated UPGRADING.md

* Applied suggestions from code review
Co-authored-by: per1234 <accounts@perglass.com>

* Fixed typos
Co-authored-by: per1234 <accounts@perglass.com>

Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](https://github.com/actions/upload-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/upload-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/download-artifact](https://github.com/actions/download-artifact) from 2 to 3.
- [Release notes](https://github.com/actions/download-artifact/releases)
- [Commits](https://github.com/actions/download-artifact/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/download-artifact
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/setup-go](https://github.com/actions/setup-go) from 2 to 3.
- [Release notes](https://github.com/actions/setup-go/releases)
- [Commits](https://github.com/actions/setup-go/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-go
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Made monitor.jsonDecodeLoop more thread resilient

* Use idiomatic way to check for channel-closed event

* Ensure that monitor processes are killed and collected correctly

* Simplified (and fixed...) monitor stream handling

There is no need to spawn two goroutines, one is enough. Also the extra
context is not needed anymore. The monitor port can be closed when the
goroutine with the grpc recv loop ends.

* Fix cli crash if no configuration is provided in the Monitor gRPC call

* Extended term_example gRPC API test coverage

Now it cycles on the same port two times.

* Reduce timeout for monitor close/quit commands to 250ms

Bumps [codecov/codecov-action](https://github.com/codecov/codecov-action) from 2 to 3.
- [Release notes](https://github.com/codecov/codecov-action/releases)
- [Changelog](https://github.com/codecov/codecov-action/blob/master/CHANGELOG.md)
- [Commits](https://github.com/codecov/codecov-action/compare/v2...v3)

---
updated-dependencies:
- dependency-name: codecov/codecov-action
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

The "github-stats" GitHub Actions workflow periodically gathers GitHub release asset download statistics for Arduino CLI
and pushes the results to Datadog.

There are no known problems with this workflow. However, the companion "arduino-stats" workflow that did the same for
the downloads of Arduino CLI from downloads.arduino.cc was broken and thus removed from the repository.

The GitHub stats are not very valuable on their own as they only provide an unknown fraction of the total downloads of
Arduino CLI. They have also not ended up being used. Since it doesn't provide any value and represents a maintenance
burden, it is hereby removed from the repository.

The "arduino-stats" GitHub Actions workflow was designed to periodically gather download statistics from Arduino CDN and
push results to Datadog.

The recorded stats showed a periodic decrease in total download count. Since this is patently impossible, it is clear
that something was wrong with the system and that the recorded data was not usable. An investigation into the problem
was never done.

On 2022-03-14, the runs of the "arduino-stats" GitHub Actions workflow began to fail. Because there had not been any
relevant change in the repository between the last successful run and the first failing run, it seems that some external
change caused the breakage. Since the workflow was not ever working successfully and the lack of an investigation about
that indicates that the stats are not of immediate importance, the best course of action is to simply remove the broken
infrastructure from the repository rather than investing time into fixing something that isn't being used anyway.

* Fixed some staticcheck warnings

commands/core/search_test.go:24:2: package "github.com/arduino/arduino-cli/rpc/cc/arduino/cli/commands/v1" is being imported more than once (ST1019)
        commands/core/search_test.go:25:2: other import of "github.com/arduino/arduino-cli/rpc/cc/arduino/cli/commands/v1"
i18n/cmd/po/parser.go:34:2: should check returned error before deferring file.Close() (SA5001)
i18n/cmd/po/parser.go:105:48: cutset contains duplicate characters (SA1024)

* Fixed some staticcheck warnings

arduino/libraries/librariesindex/json.go:33:38: unknown JSON option "required" (SA5008)
arduino/libraries/librariesindex/json.go:34:38: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:39:37: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:40:37: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:44:37: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:45:37: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:51:51: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:53:51: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:57:51: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:58:51: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:59:51: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:69:34: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:70:34: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:71:34: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:88:36: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:89:36: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:90:36: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:95:30: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:96:30: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:97:30: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:98:30: unknown JSON option "required" (SA5008)
arduino/cores/packageindex/index.go:99:30: unknown JSON option "required" (SA5008)
arduino/cores/tools.go:30:35: unknown JSON option "required" (SA5008)
arduino/cores/tools.go:37:36: unknown JSON option "required" (SA5008)
arduino/cores/tools.go:45:18: unknown JSON option "required" (SA5008)
arduino/sketch/sketch.go:51:14: unknown JSON option "required" (SA5008)
arduino/sketch/sketch.go:53:14: unknown JSON option "omitepty" (SA5008)
cli/lib/search.go:103:16: unknown JSON option "required" (SA5008)
cli/lib/search.go:107:24: unknown JSON option "required" (SA5008)
cli/lib/search.go:183:9: the argument is already a string, there's no need to use fmt.Sprintf (S1025)

* Fixed some staticcheck warnings

arduino/builder/sketch.go:165:5: should use !bytes.Equal(existingBytes, source) instead (S1004)
arduino/builder/sketch_test.go:133:2: this value of err is never used (SA4006)
arduino/cores/board.go:125:3: the surrounding loop is unconditionally terminated (SA4004)
arduino/cores/packagemanager/package_manager.go:432:4: should replace loop with platforms = append(platforms, platform.GetAllInstalled()...) (S1011)
arduino/cores/status.go:191:28: func ToolDependency.extractTool is unused (U1000)
arduino/cores/status.go:203:28: func ToolDependency.extractRelease is unused (U1000)
arduino/libraries/librariesindex/json.go:141:9: empty branch (SA9003)

* Fixed some staticcheck warnings

arduino/monitors/null.go:48:14: should use time.Since instead of time.Now().Sub (S1012)
arduino/resources/checksums.go:79:5: should use !bytes.Equal(algo.Sum(nil), digest) instead (S1004)
arduino/resources/checksums.go:155:6: func createPackageFile is unused (U1000)
arduino/resources/helpers.go:65:12: this condition occurs multiple times in this if/else if chain (SA4014)
arduino/resources/helpers_test.go:40:24: unnecessary use of fmt.Sprintf (S1039)
cli/feedback/feedback.go:187:12: should use String() instead of fmt.Sprintf (S1025)
cli/globals/globals.go:31:2: var tr is unused (U1000)
cli/lib/args.go:89:6: should use strings.EqualFold instead (SA6005)
commands/daemon/monitor.go:176:6: this value of slots is never used (SA4006)

* add flags to allow the override of the keys used to sign and encrypt a binary for the boards that support the secure boot

* add integration test for ReplaceSecurityKeys() function

* fix regression introduced: target platform could be nil so using before checking is not a good idea

* apply suggestions from code review

* rename of some flags (done to accommodate the proposed changes in platform.txt)

* change approach: override keys using `builderCtx.CustomBuildProperties`

* add check in the builder regarding the usage of "build.keys.type" properties

* add secure boot to the platform specifications

* Apply suggestions from code review
Co-authored-by: per1234 <accounts@perglass.com>

* modify the check on in the builder regarding the usage of "build.keys" properties:
The "build.keys.type" is no longer mandatory, and the default is "public_keys"
We also check if the secureboot keys are all defined or none of them is.

* remove check on the flags specifying the keys, it's the tool responsibility to check if they are valid

* move content to a guides section

* add specifications regarding `build.keys` properties

* Apply suggestions from code review
Co-authored-by: per1234 <accounts@perglass.com>

* add link to external resource to provide a quick explanation of the reason for an Arduino boards platform developer to add a "secure boot" capability

* change `tools.imgtool.build.pattern` to `tools.imgtool.flags`

The property had the same form as the special `tools.TOOL_NAME.ACTION.pattern` properties
However, there is not a `build` action, the form of the property gives the impression that it is one that has special treatment by the build system.

It looks like the convention is `*.flags`

* add small section explaining why is recommended to use these prop names

* Apply suggestions from code review
Co-authored-by: per1234 <accounts@perglass.com>

* Correct error message

* Apply suggestions from code review
Co-authored-by: per1234 <accounts@perglass.com>
Co-authored-by: per1234 <accounts@perglass.com>

Bumps [peter-evans/create-pull-request](https://github.com/peter-evans/create-pull-request) from 3 to 4.
- [Release notes](https://github.com/peter-evans/create-pull-request/releases)
- [Commits](https://github.com/peter-evans/create-pull-request/compare/v3...v4)

---
updated-dependencies:
- dependency-name: peter-evans/create-pull-request
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Validation of links to internal anchors was recently added to the markdown-link-check tool used to check for broken
links in this project's documentation.

Although a much needed feature, unfortunately it does not currently support anchors created by HTML anchor tags.

For example, this is valid and common Markdown:

[click here](#some-anchor)
<a name="some-anchor"></a>

but will fail the check:

ERROR: 1 dead links found!
[x] #some-anchor -> Status: 404

This type of link markup is used by the protoc-gen-doc tool that generates the gRPC interface documentation, which
causes a spurious failure of the link check.

The solution is to configure markdown-link-check to skip these links (which was the behavior anyway with versions 3.8.7
and older). That will be reverted whenever the tool is able to correctly validate internal anchor links.

* bump go version we use to build and release to go 1.17.8
Co-authored-by: per1234 <accounts@perglass.com>

* bump go version in go.mod

* bump go version in GH Actions workflows

* bump go version in the docs
Co-authored-by: per1234 <accounts@perglass.com>

* update documentation links

* Update docs/library-specification.md
Co-authored-by: per1234 <accounts@perglass.com>
Co-authored-by: per1234 <accounts@perglass.com>

* Make use of 'avr' as example platform more consistent

It's fairly easy to miss the one line early in the doc that says this text uses 'avr' as an example, leading a reader to possibly believe the documentation hasn't been updated since 'avr' was the only platform choice. Within the doc, the text was a little inconsistent as to how it referred to the avr platform and platform specific tools. This change tries to standardize how we refer to the example platform.

* Fix a couple lint errors.

* Fix prettier lint errors.

* Fix an additional prettier lint error

* Update docs/sketch-build-process.md
Co-authored-by: per1234 <accounts@perglass.com>
Co-authored-by: per1234 <accounts@perglass.com>

* Removed `error` return from `discovery.New(...)`

The `New` function never fails.

* Replaced *status.Status with errors in packagamanager

* Apply suggestions from code review

Bumps [actions/checkout](https://github.com/actions/checkout) from 2 to 3.
- [Release notes](https://github.com/actions/checkout/releases)
- [Changelog](https://github.com/actions/checkout/blob/main/CHANGELOG.md)
- [Commits](https://github.com/actions/checkout/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/checkout
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

Bumps [actions/setup-python](https://github.com/actions/setup-python) from 2 to 3.
- [Release notes](https://github.com/actions/setup-python/releases)
- [Commits](https://github.com/actions/setup-python/compare/v2...v3)

---
updated-dependencies:
- dependency-name: actions/setup-python
  dependency-type: direct:production
  update-type: version-update:semver-major
...
Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>

* Discoveries are now closed and unregistered after failure

* Add mutex to guard discoveries in DiscoveryManager

* Fixed all lint warnings

* Replaced findFilesInFolder with go-paths equivalent

* Removed some constants

* Removed unused parameter

* Removed redundant builder_utils.CompileFilesRecursive function

* Simplified structure of CompileFiles

* Inlined call to compileFilesWithRecipe

* Removed unused function FindAllSubdirectories

* Rewrite of FindFilesInFolder using go-paths-helper

* Updated dependency go.sum and licensed cache

* Removed duplication of extensions table

* Applied suggestion from codereview

* Update legacy/builder/builder_utils/utils.go
Co-authored-by: Silvano Cerza <3314350+silvanocerza@users.noreply.github.com>

* Applied code review suggestions

* Applied code review suggestions
Co-authored-by: Silvano Cerza <3314350+silvanocerza@users.noreply.github.com>

Co-authored-by: github-actions[bot] <41898282+github-actions[bot]@users.noreply.github.com>

* Sample command to solve compile or upload issue is now shown to CLI users

* Fix error strings
Co-authored-by: per1234 <accounts@perglass.com>

* Enhance error message if core is unknown

* Fix compile error not being printed if output is json
Co-authored-by: per1234 <accounts@perglass.com>