Explicitly define build process for CodeQL analysis #146
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Analysis | |
on: | |
pull_request: | |
push: | |
# don't run on packaging and dependabot branches | |
branches-ignore: | |
- 'for-debian' | |
- 'debian/**' | |
- 'pristine-tar' | |
- 'dependabot/**' | |
paths: | |
- '**' | |
- '!doc/**' | |
- '!**.md' | |
permissions: | |
contents: read | |
security-events: write | |
jobs: | |
clang: | |
runs-on: ubuntu-22.04 | |
container: debian:bookworm | |
name: clang-analyzer | |
steps: | |
- name: install dependencies | |
run: | | |
export DEBIAN_FRONTEND=noninteractive | |
apt-get update | |
apt-get -y install git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev pkgconf procps clang clang-tools libmsv-dev | |
- uses: actions/checkout@v4 | |
- name: find usable IPs for tests | |
run: | | |
echo "test_ips=$(python3 test/check_test_ips.py -H localhost)" >> ${GITHUB_ENV} | |
- name: autoreconf | |
run: autoreconf -fiv | |
- name: configure | |
run: scan-build --use-cc=clang ./configure --enable-msva TEST_IP="${test_ips}" APACHE_MUTEX=pthread | |
- name: store config.log | |
uses: actions/upload-artifact@v4 | |
if: failure() | |
with: | |
name: scan-build-config-log | |
path: config.log | |
- name: make | |
run: scan-build -sarif -o sarif-output --use-cc=clang make | |
- name: find output directory | |
run: | | |
echo "SARIF_DIR=$(ls -d sarif-output/*)" >> ${GITHUB_ENV} | |
- name: define CONTAINER_WORKSPACE | |
run: | | |
echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV} | |
- name: upload SARIF results | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: ${{ env.SARIF_DIR }} | |
checkout_path: ${{ env.CONTAINER_WORKSPACE }} | |
cppcheck: | |
runs-on: ubuntu-22.04 | |
container: debian:bookworm | |
name: cppcheck | |
steps: | |
- name: install dependencies | |
run: | | |
export DEBIAN_FRONTEND=noninteractive | |
apt-get update | |
apt-get -y install git python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkgconf procps bear cppcheck | |
- uses: actions/checkout@v4 | |
- name: autoreconf | |
run: autoreconf -fiv | |
- name: configure | |
run: ./configure APACHE_MUTEX=pthread | |
- name: make and create compile_commands.json | |
run: bear -- make -j4 | |
- name: cppcheck | |
run: | | |
cppcheck --project=compile_commands.json -DAF_UNIX=1 --enable=warning,style,unusedFunction --xml 2>cppcheck.xml | |
- uses: airtower-luna/[email protected] | |
with: | |
tool: 'CppCheck' | |
input_file: 'cppcheck.xml' | |
sarif_file: 'cppcheck.sarif' | |
- name: define CONTAINER_WORKSPACE | |
run: | | |
echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV} | |
- name: upload SARIF results | |
uses: github/codeql-action/upload-sarif@v3 | |
with: | |
sarif_file: 'cppcheck.sarif' | |
checkout_path: ${{ env.CONTAINER_WORKSPACE }} | |
codeql: | |
runs-on: ubuntu-22.04 | |
name: CodeQL | |
steps: | |
- uses: actions/checkout@v4 | |
- name: install dependencies | |
run: | | |
sudo apt-get update | |
sudo apt-get -y install python3-yaml apache2-bin apache2-dev gnutls-bin libapr1-dev libgnutls28-dev libmsv-dev pkgconf procps | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: cpp | |
- name: autoreconf | |
run: autoreconf -fiv | |
- name: configure | |
run: ./configure --disable-pdf-doc | |
- name: make | |
run: make -j4 | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 |