mirror of
https://github.com/LadybirdBrowser/ladybird.git
synced 2025-01-24 10:12:25 -05:00
37f2d49818
Bumps [github/codeql-action](https://github.com/github/codeql-action) from 2 to 3. - [Release notes](https://github.com/github/codeql-action/releases) - [Changelog](https://github.com/github/codeql-action/blob/main/CHANGELOG.md) - [Commits](https://github.com/github/codeql-action/compare/v2...v3) --- updated-dependencies: - dependency-name: github/codeql-action dependency-type: direct:production update-type: version-update:semver-major ... Signed-off-by: dependabot[bot] <support@github.com>
160 lines
7.7 KiB
YAML
160 lines
7.7 KiB
YAML
name: PVS-Studio Static Analysis
|
|
on:
|
|
# Automatically run at the end of every day.
|
|
schedule:
|
|
- cron: '0 0 * * *'
|
|
|
|
jobs:
|
|
build:
|
|
name: Static Analysis
|
|
runs-on: ubuntu-22.04
|
|
env:
|
|
PVS_STUDIO_ANALYSIS_ARCH: x86_64
|
|
if: always() && github.repository == 'SerenityOS/serenity' && github.ref == 'refs/heads/master'
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
|
|
- name: "Configure PVS-Studio Repository"
|
|
run: |
|
|
wget -q -O - https://files.pvs-studio.com/beta/etc/pubkey.txt | sudo apt-key add -
|
|
sudo wget -O /etc/apt/sources.list.d/viva64.list https://files.pvs-studio.com/beta/etc/viva64.list
|
|
|
|
- name: "Install Ubuntu dependencies"
|
|
# These packages are already part of the ubuntu-22.04 image:
|
|
# cmake libgmp-dev npm shellcheck
|
|
# Packages below aren't.
|
|
#
|
|
run: |
|
|
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
|
|
sudo add-apt-repository 'deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-16 main'
|
|
sudo apt-get update
|
|
sudo apt-get install -y clang-format-16 gcc-12 g++-12 libstdc++-12-dev libmpfr-dev libmpc-dev ninja-build unzip pvs-studio
|
|
|
|
- name: Check versions
|
|
run: set +e; g++ --version; g++-12 --version; ninja --version;
|
|
|
|
- name: Prepare useful stamps
|
|
id: stamps
|
|
shell: cmake -P {0}
|
|
run: |
|
|
string(TIMESTAMP current_date "%Y_%m_%d_%H_%M_%S" UTC)
|
|
# Output everything twice to make it visible both in the logs
|
|
# *and* as actual output variable, in this order.
|
|
message(" set-output name=time::${current_date}")
|
|
message("::set-output name=time::${current_date}")
|
|
message(" set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*.patch', 'Toolchain/Patches/gcc/*.patch', 'Toolchain/BuildGNU.sh') }}")
|
|
message("::set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*.patch', 'Toolchain/Patches/gcc/*.patch', 'Toolchain/BuildGNU.sh') }}")
|
|
|
|
- name: Toolchain cache
|
|
# This job should always read the cache, never populate it.
|
|
uses: actions/cache/restore@v3
|
|
id: toolchain-cache
|
|
with:
|
|
path: ${{ github.workspace }}/Toolchain/Local/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}
|
|
# This assumes that *ALL* LibC and LibPthread headers have an impact on the Toolchain.
|
|
# This is wrong, and causes more Toolchain rebuilds than necessary.
|
|
# However, we want to avoid false cache hits at all costs.
|
|
key: ${{ runner.os }}-toolchain-${{ env.PVS_STUDIO_ANALYSIS_ARCH }}-${{ steps.stamps.outputs.libc_headers }}
|
|
|
|
- name: Build toolchain
|
|
if: ${{ !steps.toolchain-cache.outputs.cache-hit }}
|
|
run: ARCH="${{ env.PVS_STUDIO_ANALYSIS_ARCH }}" ${{ github.workspace }}/Toolchain/BuildGNU.sh
|
|
|
|
- name: Create build directory
|
|
run: |
|
|
mkdir -p ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}
|
|
mkdir -p ${{ github.workspace }}/Build/caches/TZDB
|
|
mkdir -p ${{ github.workspace }}/Build/caches/UCD
|
|
mkdir -p ${{ github.workspace }}/Build/caches/CLDR
|
|
|
|
- name: TimeZoneData cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ${{ github.workspace }}/Build/caches/TZDB
|
|
key: TimeZoneData-${{ hashFiles('Meta/CMake/time_zone_data.cmake') }}
|
|
- name: UnicodeData cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ${{ github.workspace }}/Build/caches/UCD
|
|
key: UnicodeData-${{ hashFiles('Meta/CMake/unicode_data.cmake') }}
|
|
- name: UnicodeLocale Cache
|
|
uses: actions/cache@v3
|
|
with:
|
|
path: ${{ github.workspace }}/Build/caches/CLDR
|
|
key: UnicodeLocale-${{ hashFiles('Meta/CMake/locale_data.cmake') }}
|
|
|
|
- name: Create build environment
|
|
working-directory: ${{ github.workspace }}
|
|
run: |
|
|
cmake -S Meta/CMake/Superbuild -B Build/superbuild -GNinja \
|
|
-DSERENITY_ARCH=${{ env.PVS_STUDIO_ANALYSIS_ARCH }} \
|
|
-DSERENITY_TOOLCHAIN=GNU \
|
|
-DCMAKE_C_COMPILER=gcc-12 \
|
|
-DCMAKE_CXX_COMPILER=g++-12 \
|
|
-DENABLE_PCI_IDS_DOWNLOAD=OFF \
|
|
-DENABLE_USB_IDS_DOWNLOAD=OFF
|
|
|
|
- name: Build generated sources so they are available for analysis.
|
|
working-directory: ${{ github.workspace }}
|
|
# Note: The superbuild will create the Build/arch directory when doing the
|
|
# configure step for the serenity ExternalProject, as that's the configured
|
|
# binary directory for that project.
|
|
run: |
|
|
ninja -C Build/superbuild serenity-configure
|
|
cmake -B Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }} -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
|
|
ninja -C Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }} all_generated
|
|
|
|
- name: Configure PVS-Studio License
|
|
env:
|
|
MAIL: ${{ secrets.PVS_STUDIO_MAIL }}
|
|
KEY: ${{ secrets.PVS_STUDIO_KEY }}
|
|
run: pvs-studio-analyzer credentials $MAIL $KEY
|
|
|
|
- name: Run PVS-Studio Analyzer
|
|
working-directory: ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}
|
|
run: pvs-studio-analyzer analyze -o project.plog --compiler ${{ env.PVS_STUDIO_ANALYSIS_ARCH }}-pc-serenity-g++ --compiler ${{ env.PVS_STUDIO_ANALYSIS_ARCH }}-pc-serenity-gcc -j2
|
|
|
|
# Suppress Rules:
|
|
# - v530: The return value of function 'release_value' is required to be utilized.
|
|
# Our TRY(..) macro seems to breaks this rule and trigger weird behavior in PVS Studio.
|
|
#
|
|
# - v677: Custom declaration of a standard '<example>' type. The declaration from system header files should be used instead.
|
|
# This rule doesn't make sense for Serenity, as we are the system headers.
|
|
#
|
|
# - v1061: Extending the 'std' namespace may result in undefined behavior.
|
|
# We have no choice, some features of C++ require us to.
|
|
#
|
|
# - V1052: Declaring virtual methods in a class marked as 'final' is pointless.
|
|
# This rule contradicts the serenity style rules.
|
|
#
|
|
# - False Positives:
|
|
# v591: Non-void function should return a value.
|
|
# v603: Object was created but is not being used.
|
|
# v1047: Lifetime of the lambda is greater than lifetime of the local variable captured by reference.
|
|
# v1076: Code contains invisible characters that may alter its logic.
|
|
#
|
|
- name: Filter PVS Log
|
|
working-directory: ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}
|
|
run: |
|
|
pvs-studio-analyzer suppress -v530 -v591 -v603 -v677 -v1047 -v1052 -v1061 -v1076 project.plog
|
|
pvs-studio-analyzer filter-suppressed project.plog
|
|
|
|
- name: Print PVS Log
|
|
run: plog-converter -a 'GA:1,2;64:1;OP:1,2,3' -t errorfile ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}/project.plog | GREP_COLOR='01;31' grep -E --color=always 'error:|$' | GREP_COLOR='01;33' grep -E --color=always 'warning:|$'
|
|
|
|
- name: Convert PVS Log to SARIF
|
|
run: plog-converter -a 'GA:1,2;64:1;OP:1,2,3' -o project.sarif -t sarif ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}/project.plog
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
path: ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}/project.plog
|
|
|
|
- uses: actions/upload-artifact@v4
|
|
with:
|
|
path: ${{ github.workspace }}/project.sarif
|
|
|
|
- name: Upload SARIF results file
|
|
uses: github/codeql-action/upload-sarif@v3
|
|
with:
|
|
# Path to SARIF file relative to the root of the repository
|
|
sarif_file: project.sarif
|