source: mod_gnutls/.github/workflows/analysis.yaml @ 40e845b

Last change on this file since 40e845b was 40e845b, checked in by Fiona Klute <fiona.klute@…>, 10 months ago

CI: Use temporary merge commit for code analysis in pull requests

Much simpler, and HEAD2 could happend to be from the target branch
depending on commit order.

  • Property mode set to 100644
File size: 3.4 KB
Line 
1name: Analysis
2on:
3  pull_request:
4  push:
5    # don't run on packaging branches
6    branches-ignore:
7      - 'for-debian'
8      - 'debian/**'
9      - 'pristine-tar'
10    paths:
11      - '**'
12      - '!doc/**'
13      - '!**.md'
14
15jobs:
16
17  clang:
18    runs-on: ubuntu-20.04
19    container: debian:sid
20    name: clang-analyzer
21    steps:
22      - name: install dependencies
23        run: |
24          export DEBIAN_FRONTEND=noninteractive
25          apt-get update
26          apt-get -y install git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkg-config procps clang clang-tools libmsv-dev
27      - uses: actions/checkout@v2
28      - name: find usable IPs for tests
29        run: |
30          echo "test_ips=$(python3 test/check_test_ips.py -H localhost)" >> ${GITHUB_ENV}
31      - name: autoreconf
32        run: autoreconf -fiv
33      - name: configure
34        run: scan-build --use-cc=clang ./configure --enable-msva TEST_IP="${test_ips}" APACHE_MUTEX=pthread
35      - name: store config.log
36        uses: actions/upload-artifact@v2
37        if: failure()
38        with:
39          name: scan-build-config-log
40          path: config.log
41      - name: make
42        run: scan-build -sarif -o sarif-output --use-cc=clang make
43      - name: find output directory
44        run: |
45          echo "SARIF_DIR=$(ls -d sarif-output/*)" >> ${GITHUB_ENV}
46      - name: define CONTAINER_WORKSPACE
47        run: |
48          echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}
49      - name: upload SARIF results
50        uses: github/codeql-action/upload-sarif@v1
51        with:
52          sarif_file: ${{ env.SARIF_DIR }}
53          checkout_path: ${{ env.CONTAINER_WORKSPACE }}
54
55  cppcheck:
56    runs-on: ubuntu-20.04
57    container: debian:sid
58    name: cppcheck
59    steps:
60      - name: install dependencies
61        run: |
62          export DEBIAN_FRONTEND=noninteractive
63          apt-get update
64          apt-get -y install git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkg-config procps bear cppcheck
65      - uses: actions/checkout@v2
66      - name: autoreconf
67        run: autoreconf -fiv
68      - name: configure
69        run: ./configure APACHE_MUTEX=pthread
70      - name: make and create compile_commands.json
71        run: bear -- make -j4
72      - name: cppcheck
73        run: |
74          cppcheck --project=compile_commands.json -DAF_UNIX=1 --enable=warning,style,unusedFunction --xml 2>cppcheck.xml
75      - uses: airtower-luna/convert-to-sarif@v0.2.0
76        with:
77          tool: 'CppCheck'
78          input_file: 'cppcheck.xml'
79          sarif_file: 'cppcheck.sarif'
80      - name: define CONTAINER_WORKSPACE
81        run: |
82          echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}
83      - name: upload SARIF results
84        uses: github/codeql-action/upload-sarif@v1
85        with:
86          sarif_file: 'cppcheck.sarif'
87          checkout_path: ${{ env.CONTAINER_WORKSPACE }}
88
89  codeql:
90    runs-on: ubuntu-20.04
91    name: CodeQL
92    steps:
93      - uses: actions/checkout@v2
94      - name: install dependencies
95        run: |
96          sudo apt-get update
97          sudo apt-get -y install python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkg-config procps
98      - name: Initialize CodeQL
99        uses: github/codeql-action/init@v1
100        with:
101          languages: cpp
102      - name: Autobuild
103        uses: github/codeql-action/autobuild@v1
104      - name: Perform CodeQL Analysis
105        uses: github/codeql-action/analyze@v1
Note: See TracBrowser for help on using the repository browser.