source: mod_gnutls/.github/workflows/analysis.yaml @ a6b3ae3

Last change on this file since a6b3ae3 was a6b3ae3, checked in by Fiona Klute <fiona.klute@…>, 21 months ago

Don't run analysis for push events on Dependabot branches

Dependabot branches are treated like a fork now, which means the push
event can't upload SARIF results. The pull_request will continue to do
so, so nothing is lost.

  • Property mode set to 100644
File size: 3.5 KB
Line 
1name: Analysis
2on:
3  pull_request:
4  push:
5    # don't run on packaging and dependabot branches
6    branches-ignore:
7      - 'for-debian'
8      - 'debian/**'
9      - 'pristine-tar'
10      - 'dependabot/**'
11    paths:
12      - '**'
13      - '!doc/**'
14      - '!**.md'
15
16jobs:
17
18  clang:
19    runs-on: ubuntu-20.04
20    container: debian:sid
21    name: clang-analyzer
22    steps:
23      - name: install dependencies
24        run: |
25          export DEBIAN_FRONTEND=noninteractive
26          apt-get update
27          apt-get -y install git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkg-config procps clang clang-tools libmsv-dev
28      - uses: actions/checkout@v2
29      - name: find usable IPs for tests
30        run: |
31          echo "test_ips=$(python3 test/check_test_ips.py -H localhost)" >> ${GITHUB_ENV}
32      - name: autoreconf
33        run: autoreconf -fiv
34      - name: configure
35        run: scan-build --use-cc=clang ./configure --enable-msva TEST_IP="${test_ips}" APACHE_MUTEX=pthread
36      - name: store config.log
37        uses: actions/upload-artifact@v2
38        if: failure()
39        with:
40          name: scan-build-config-log
41          path: config.log
42      - name: make
43        run: scan-build -sarif -o sarif-output --use-cc=clang make
44      - name: find output directory
45        run: |
46          echo "SARIF_DIR=$(ls -d sarif-output/*)" >> ${GITHUB_ENV}
47      - name: define CONTAINER_WORKSPACE
48        run: |
49          echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}
50      - name: upload SARIF results
51        uses: github/codeql-action/upload-sarif@v1
52        with:
53          sarif_file: ${{ env.SARIF_DIR }}
54          checkout_path: ${{ env.CONTAINER_WORKSPACE }}
55
56  cppcheck:
57    runs-on: ubuntu-20.04
58    container: debian:sid
59    name: cppcheck
60    steps:
61      - name: install dependencies
62        run: |
63          export DEBIAN_FRONTEND=noninteractive
64          apt-get update
65          apt-get -y install git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkg-config procps bear cppcheck
66      - uses: actions/checkout@v2
67      - name: autoreconf
68        run: autoreconf -fiv
69      - name: configure
70        run: ./configure APACHE_MUTEX=pthread
71      - name: make and create compile_commands.json
72        run: bear -- make -j4
73      - name: cppcheck
74        run: |
75          cppcheck --project=compile_commands.json -DAF_UNIX=1 --enable=warning,style,unusedFunction --xml 2>cppcheck.xml
76      - uses: airtower-luna/convert-to-sarif@v0.2.0
77        with:
78          tool: 'CppCheck'
79          input_file: 'cppcheck.xml'
80          sarif_file: 'cppcheck.sarif'
81      - name: define CONTAINER_WORKSPACE
82        run: |
83          echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}
84      - name: upload SARIF results
85        uses: github/codeql-action/upload-sarif@v1
86        with:
87          sarif_file: 'cppcheck.sarif'
88          checkout_path: ${{ env.CONTAINER_WORKSPACE }}
89
90  codeql:
91    runs-on: ubuntu-20.04
92    name: CodeQL
93    steps:
94      - uses: actions/checkout@v2
95      - name: install dependencies
96        run: |
97          sudo apt-get update
98          sudo apt-get -y install python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkg-config procps
99      - name: Initialize CodeQL
100        uses: github/codeql-action/init@v1
101        with:
102          languages: cpp
103      - name: Autobuild
104        uses: github/codeql-action/autobuild@v1
105      - name: Perform CodeQL Analysis
106        uses: github/codeql-action/analyze@v1
Note: See TracBrowser for help on using the repository browser.