source: mod_gnutls/.github/workflows/analysis.yaml @ 866273c

Last change on this file since 866273c was 866273c, checked in by Fiona Klute <fiona.klute@…>, 3 months ago

CI: Limit workflow permissions

  • Property mode set to 100644
File size: 3.5 KB
Line 
1name: Analysis
2on:
3  pull_request:
4  push:
5    # don't run on packaging and dependabot branches
6    branches-ignore:
7      - 'for-debian'
8      - 'debian/**'
9      - 'pristine-tar'
10      - 'dependabot/**'
11    paths:
12      - '**'
13      - '!doc/**'
14      - '!**.md'
15
16permissions:
17  contents: read
18  security-events: write
19
20jobs:
21
22  clang:
23    runs-on: ubuntu-20.04
24    container: debian:sid
25    name: clang-analyzer
26    steps:
27      - name: install dependencies
28        run: |
29          export DEBIAN_FRONTEND=noninteractive
30          apt-get update
31          apt-get -y install git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkg-config procps clang clang-tools libmsv-dev
32      - uses: actions/checkout@v2
33      - name: find usable IPs for tests
34        run: |
35          echo "test_ips=$(python3 test/check_test_ips.py -H localhost)" >> ${GITHUB_ENV}
36      - name: autoreconf
37        run: autoreconf -fiv
38      - name: configure
39        run: scan-build --use-cc=clang ./configure --enable-msva TEST_IP="${test_ips}" APACHE_MUTEX=pthread
40      - name: store config.log
41        uses: actions/upload-artifact@v2
42        if: failure()
43        with:
44          name: scan-build-config-log
45          path: config.log
46      - name: make
47        run: scan-build -sarif -o sarif-output --use-cc=clang make
48      - name: find output directory
49        run: |
50          echo "SARIF_DIR=$(ls -d sarif-output/*)" >> ${GITHUB_ENV}
51      - name: define CONTAINER_WORKSPACE
52        run: |
53          echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}
54      - name: upload SARIF results
55        uses: github/codeql-action/upload-sarif@v1
56        with:
57          sarif_file: ${{ env.SARIF_DIR }}
58          checkout_path: ${{ env.CONTAINER_WORKSPACE }}
59
60  cppcheck:
61    runs-on: ubuntu-20.04
62    container: debian:sid
63    name: cppcheck
64    steps:
65      - name: install dependencies
66        run: |
67          export DEBIAN_FRONTEND=noninteractive
68          apt-get update
69          apt-get -y install git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkg-config procps bear cppcheck
70      - uses: actions/checkout@v2
71      - name: autoreconf
72        run: autoreconf -fiv
73      - name: configure
74        run: ./configure APACHE_MUTEX=pthread
75      - name: make and create compile_commands.json
76        run: bear -- make -j4
77      - name: cppcheck
78        run: |
79          cppcheck --project=compile_commands.json -DAF_UNIX=1 --enable=warning,style,unusedFunction --xml 2>cppcheck.xml
80      - uses: airtower-luna/convert-to-sarif@v0.2.0
81        with:
82          tool: 'CppCheck'
83          input_file: 'cppcheck.xml'
84          sarif_file: 'cppcheck.sarif'
85      - name: define CONTAINER_WORKSPACE
86        run: |
87          echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}
88      - name: upload SARIF results
89        uses: github/codeql-action/upload-sarif@v1
90        with:
91          sarif_file: 'cppcheck.sarif'
92          checkout_path: ${{ env.CONTAINER_WORKSPACE }}
93
94  codeql:
95    runs-on: ubuntu-20.04
96    name: CodeQL
97    steps:
98      - uses: actions/checkout@v2
99      - name: install dependencies
100        run: |
101          sudo apt-get update
102          sudo apt-get -y install python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkg-config procps
103      - name: Initialize CodeQL
104        uses: github/codeql-action/init@v1
105        with:
106          languages: cpp
107      - name: Autobuild
108        uses: github/codeql-action/autobuild@v1
109      - name: Perform CodeQL Analysis
110        uses: github/codeql-action/analyze@v1
Note: See TracBrowser for help on using the repository browser.