Prefer plain scan-build-py command if available #203
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Analysis | |
on: | |
pull_request: | |
push: | |
# don't run on packaging and dependabot branches | |
branches-ignore: | |
- 'for-debian' | |
- 'debian/**' | |
- 'pristine-tar' | |
- 'dependabot/**' | |
paths: | |
- '**' | |
- '!doc/**' | |
- '!**.md' | |
permissions: | |
contents: read | |
security-events: write | |
jobs: | |
clang: | |
runs-on: ubuntu-24.04 | |
container: debian:bookworm | |
name: clang-analyzer | |
steps: | |
- name: install dependencies | |
run: | | |
export DEBIAN_FRONTEND=noninteractive | |
apt-get update | |
apt-get -y install meson make git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkgconf procps clang clang-tools | |
- uses: actions/checkout@v4 | |
- name: 'workaround for Meson versions < 1.1' | |
run: ln -s meson.options meson_options.txt | |
- name: define CONTAINER_WORKSPACE | |
run: | | |
echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV} | |
- name: meson setup | |
run: | | |
meson setup -Dpdf-doc=false build | |
- name: ninja scan-build | |
env: | |
SCANBUILD: '${{ env.CONTAINER_WORKSPACE }}/support/scan-build-wrapper.sh' | |
run: | | |
ninja -C build/ scan-build | |
- name: find output file | |
id: sarif-output | |
run: | | |
echo "file=$(find build/meson-logs/scanbuild/ -name results-merged.sarif)" >> ${GITHUB_OUTPUT} | |
- name: upload SARIF results | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: ${{ steps.sarif-output.outputs.file }} | |
checkout_path: ${{ env.CONTAINER_WORKSPACE }} | |
cppcheck: | |
runs-on: ubuntu-24.04 | |
container: debian:bookworm | |
name: cppcheck | |
steps: | |
- name: install dependencies | |
run: | | |
export DEBIAN_FRONTEND=noninteractive | |
apt-get update | |
apt-get -y install meson make git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkgconf procps cppcheck | |
- uses: actions/checkout@v4 | |
- name: 'workaround for Meson versions < 1.1' | |
run: ln -s meson.options meson_options.txt | |
- name: meson setup | |
run: meson setup -Dpdf-doc=false build | |
- name: cppcheck | |
run: | | |
ninja -C build/ cppcheck-xml | |
- uses: airtower-luna/[email protected] | |
with: | |
tool: 'CppCheck' | |
input_file: 'build/cppcheck.xml' | |
sarif_file: 'cppcheck.sarif' | |
- name: define CONTAINER_WORKSPACE | |
run: | | |
echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV} | |
- name: upload SARIF results | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'cppcheck.sarif' | |
checkout_path: ${{ env.CONTAINER_WORKSPACE }} | |
codeql: | |
runs-on: ubuntu-24.04 | |
name: CodeQL | |
steps: | |
- uses: actions/checkout@v4 | |
- name: install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get -y install meson make python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkgconf procps | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: cpp | |
- name: meson setup | |
run: meson setup -Dpdf-doc=false build | |
- name: meson compile | |
run: meson compile -C build/ | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 |