Merge branch 'master' into h265

.github/hooks/pre-commit.sh

@@ -10,3 +10,4 @@
 exec 1>&2
 
 .github/lint-disallowed-functions-in-library.sh
+.github/lint-no-trailing-newline-in-log-messages.sh

.github/lint-no-trailing-newline-in-log-messages.sh

@@ -0,0 +1,41 @@
+#!/usr/bin/env bash
+
+#
+# DO NOT EDIT THIS FILE
+#
+# It is automatically copied from https://github.com/pion/.goassets repository.
+#
+# If you want to update the shared CI config, send a PR to
+# https://github.com/pion/.goassets instead of this repository.
+#
+
+set -e
+
+# Disallow usages of functions that cause the program to exit in the library code
+SCRIPT_PATH=$( cd "$(dirname "${BASH_SOURCE[0]}")" ; pwd -P )
+if [ -f ${SCRIPT_PATH}/.ci.conf ]
+then
+  . ${SCRIPT_PATH}/.ci.conf
+fi
+
+files=$(
+  find "$SCRIPT_PATH/.." -name "*.go" \
+    | while read file
+    do
+      excluded=false
+      for ex in $EXCLUDE_DIRECTORIES
+      do
+        if [[ $file == */$ex/* ]]
+        then
+          excluded=true
+          break
+        fi
+      done
+      $excluded || echo "$file"
+    done
+)
+
+if grep -E '\.(Trace|Debug|Info|Warn|Error)f?\("[^"]*\\n"\)?' $files | grep -v -e 'nolint'; then
+	echo "Log format strings should have trailing new-line"
+	exit 1
+fi

.github/workflows/codeql-analysis.yml

@@ -0,0 +1,40 @@
+name: "CodeQL"
+
+on:
+  workflow_dispatch:
+  schedule:
+    - cron: '23 5 * * 0'
+  pull_request:
+    branches:
+      - master
+    paths:
+      - '**.go'
+
+jobs:
+  analyze:
+    name: Analyze
+    runs-on: ubuntu-latest
+    permissions:
+      actions: read
+      contents: read
+      security-events: write
+
+    steps:
+    - name: Checkout repo
+      uses: actions/checkout@v3
+
+    # The code in examples/ might intentionally do things like log credentials
+    # in order to show how the library is used, aid in debugging etc. We
+    # should ignore those for CodeQL scanning, and only focus on the package
+    # itself.
+    - name: Remove example code
+      run: |
+        rm -rf examples/
+
+    - name: Initialize CodeQL
+      uses: github/codeql-action/init@v2
+      with:
+        languages: 'go'
+
+    - name: CodeQL Analysis
+      uses: github/codeql-action/analyze@v2

.github/workflows/generate-authors.yml

@@ -16,6 +16,8 @@ on:
 
 jobs:
   checksecret:
+    permissions:
+      contents: none
     runs-on: ubuntu-latest
     outputs:
       is_PIONBOT_PRIVATE_KEY_set: ${{ steps.checksecret_job.outputs.is_PIONBOT_PRIVATE_KEY_set }}
@@ -28,11 +30,13 @@ jobs:
           echo "::set-output name=is_PIONBOT_PRIVATE_KEY_set::${{ env.PIONBOT_PRIVATE_KEY != '' }}"
 
   generate-authors:
+    permissions:
+      contents: write
     needs: [checksecret]
     if: needs.checksecret.outputs.is_PIONBOT_PRIVATE_KEY_set == 'true'
     runs-on: ubuntu-latest
     steps:
-    - uses: actions/checkout@v2
+    - uses: actions/checkout@v3
       with:
         ref: ${{ github.head_ref }}
         fetch-depth: 0

.github/workflows/lint.yaml

@@ -16,14 +16,18 @@ on:
       - opened
       - edited
       - synchronize
+
+permissions:
+  contents: read
+
 jobs:
   lint-commit-message:
     name: Metadata
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
     steps:
-        - uses: actions/checkout@v2
+        - uses: actions/checkout@v3
           with:
             fetch-depth: 0
 
@@ -36,16 +40,22 @@ jobs:
         - name: Functions
           run: .github/lint-disallowed-functions-in-library.sh
 
+        - name: Logging messages should not have trailing newlines
+          run: .github/lint-no-trailing-newline-in-log-messages.sh
+
   lint-go:
     name: Go
+    permissions:
+      contents: read
+      pull-requests: read
     runs-on: ubuntu-latest
     strategy:
       fail-fast: false
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: golangci-lint
-        uses: golangci/golangci-lint-action@v2
+        uses: golangci/golangci-lint-action@v3
         with:
-          version: v1.31
+          version: v1.45.2
           args: $GOLANGCI_LINT_EXRA_ARGS

.github/workflows/renovate-go-mod-fix.yaml

@@ -15,12 +15,15 @@ on:
     branches:
       - renovate/*
 
+permissions:
+  contents: write
+
 jobs:
   go-mod-fix:
     runs-on: ubuntu-latest
     steps:
       - name: checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
         with:
           fetch-depth: 2
       - name: fix

.github/workflows/test.yaml

@@ -17,18 +17,22 @@ on:
   pull_request:
     branches:
     - master
+
+permissions:
+  contents: read
+
 jobs:
   test:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: ["1.16", "1.17"]
+        go: ["1.17", "1.18"]
       fail-fast: false
     name: Go ${{ matrix.go }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
@@ -39,23 +43,36 @@ jobs:
             ${{ runner.os }}-amd64-go-
 
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
         with:
           go-version: ${{ matrix.go }}
 
       - name: Setup go-acc
-        run: |
-          go get github.com/ory/go-acc
-          git checkout go.mod go.sum
+        run: go install github.com/ory/go-acc@latest
+
+      - name: Set up gotestfmt
+        uses: haveyoudebuggedit/gotestfmt-action@v2
+        with:
+          token: ${{ secrets.GITHUB_TOKEN }} # Avoid getting rate limited
 
       - name: Run test
         run: |
           TEST_BENCH_OPTION="-bench=."
           if [ -f .github/.ci.conf ]; then . .github/.ci.conf; fi
 
+          set -euo pipefail
           go-acc -o cover.out ./... -- \
             ${TEST_BENCH_OPTION} \
-            -v -race
+            -json \
+            -v -race 2>&1 | grep -v '^go: downloading' | tee /tmp/gotest.log | gotestfmt
+
+      - name: Upload test log
+        uses: actions/upload-artifact@v2
+        if: always()
+        with:
+          name: test-log-${{ matrix.go }}
+          path: /tmp/gotest.log
+          if-no-files-found: error
 
       - name: Run TEST_HOOK
         run: |
@@ -64,7 +81,6 @@ jobs:
 
       - uses: codecov/codecov-action@v2
         with:
-          file: ./cover.out
           name: codecov-umbrella
           fail_ci_if_error: true
           flags: go
@@ -73,13 +89,13 @@ jobs:
     runs-on: ubuntu-latest
     strategy:
       matrix:
-        go: ["1.16", "1.17"]
+        go: ["1.17", "1.18"]
       fail-fast: false
     name: Go i386 ${{ matrix.go }}
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
@@ -110,14 +126,14 @@ jobs:
       fail-fast: false
     name: WASM
     steps:
-      - uses: actions/checkout@v2
+      - uses: actions/checkout@v3
 
       - name: Use Node.js
-        uses: actions/setup-node@v2
+        uses: actions/setup-node@v3
         with:
           node-version: '16.x'
 
-      - uses: actions/cache@v2
+      - uses: actions/cache@v3
         with:
           path: |
             ~/go/pkg/mod
@@ -153,7 +169,6 @@ jobs:
 
       - uses: codecov/codecov-action@v2
         with:
-          file: ./cover.out
           name: codecov-umbrella
           fail_ci_if_error: true
           flags: wasm

.github/workflows/tidy-check.yaml

@@ -18,14 +18,17 @@ on:
     branches:
       - master
 
+permissions:
+  contents: read
+
 jobs:
   Check:
     runs-on: ubuntu-latest
     steps:
       - name: checkout
-        uses: actions/checkout@v2
+        uses: actions/checkout@v3
       - name: Setup Go
-        uses: actions/setup-go@v2
+        uses: actions/setup-go@v3
       - name: check
         run: |
           go mod download

.gitignore

@@ -22,3 +22,4 @@ cover.out
 *.wasm
 examples/sfu-ws/cert.pem
 examples/sfu-ws/key.pem
+wasm_exec.js