Fix static-analysis issues #798
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Static code analysis workflow for Sonar Cloud, results are published to projects: | |
# - Windows: https://sonarcloud.io/project/overview?id=methane-powered-kit-windows | |
# - Linux: https://sonarcloud.io/project/overview?id=methane-powered-kit-linux | |
# - MacOS: https://sonarcloud.io/project/overview?id=methane-powered-kit-macos | |
name: '🎯 CI Sonar Scan' | |
on: | |
workflow_dispatch: | |
push: | |
branches: [ master, develop ] | |
paths: | |
- '.github/**/*sonar*.yml' | |
- 'sonar-project.properties' | |
- 'Apps/**' | |
- 'Modules/**' | |
- 'Tests/**' | |
- 'Externals/**' | |
- 'CMake/**' | |
- 'Build/*/CI/**' | |
- 'CMakeLists.txt' | |
- 'CMakePresets.json' | |
# "Pull request" event runs in context of the target repository branch, but remote repos do not have access to secrets, | |
# it is used only for internal PRs from origin repository branches according to job condition below. | |
pull_request: | |
branches: [ master ] | |
types: [opened, synchronize, reopened] | |
paths: | |
- '.github/**/*sonar*.yml' | |
- 'sonar-project.properties' | |
- 'Apps/**' | |
- 'Modules/**' | |
- 'Tests/**' | |
- 'Externals/**' | |
- 'CMake/**' | |
- 'Build/*/CI/**' | |
- 'CMakeLists.txt' | |
- 'CMakePresets.json' | |
# "Pull request target" event runs in context of the base repository and has access to secrets, | |
# it is used only for external PRs from forked repositories to origin according to job condition below. | |
pull_request_target: | |
branches: [ master ] | |
types: [ opened, synchronize, reopened ] | |
paths: | |
- 'Apps/**' | |
- 'Modules/**' | |
- 'Tests/**' | |
- 'Externals/**' | |
- 'CMake/**' | |
- 'Build/*/CI/**' | |
- 'CMakeLists.txt' | |
- 'CMakePresets.json' | |
schedule: | |
- cron: '20 23 * * 3' # Scheduled workflow will not run in GitHub forks by default | |
env: | |
METHANE_VERSION_MAJOR: 0 | |
METHANE_VERSION_MINOR: 8 | |
METHANE_VERSION_PATCH: 0 | |
METHANE_VERSION_BUILD: ${{ github.run_number }} | |
jobs: | |
sonar_scan: | |
name: ${{ matrix.name }} | |
# Run sonar scan job only in context of the origin repository: | |
# - Trigger on either "push" or "pull request" event for the origin repository owned branches | |
# - Or trigger on "pull request target" event for external repositories to have access to secrets from origin repo context | |
# see https://github.com/orgs/community/discussions/26829 | |
if: ${{ github.repository == 'MethanePowered/MethaneKit' && ( | |
github.event_name == 'push' || | |
(github.event_name == 'pull_request' && | |
github.event.pull_request.head.repo.full_name == github.repository) || | |
(github.event_name == 'pull_request_target' && | |
github.event.pull_request.head.repo.full_name != github.repository) | |
) }} | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- os: windows-latest | |
name: "Win64_DX_SonarScan" | |
named_logo: Windows | |
config_preset: "Ninja-Win-DX-Scan" | |
build_preset: "Ninja-Win-DX-Scan" | |
sonar_project_key: "methane-powered-kit-windows" | |
tests_coverage_reports: "Build/Output/Ninja-Win-DX-Scan/Install/Tests/Coverage/*.xml" | |
- os: ubuntu-latest | |
name: "Ubuntu_VK_SonarScan" | |
named_logo: Linux | |
config_preset: "Ninja-Lin-VK-Scan" | |
build_preset: "Ninja-Lin-VK-Scan" | |
sonar_project_key: "methane-powered-kit-linux" | |
tests_coverage_reports: "Build/Output/Ninja-Lin-VK-Scan/Build/MethaneTestCoverage.info" | |
- os: macos-13 # macos-latest is using M1 h/w, which is not supported by sonar scanner yet (see SonarSource/sonarcloud-github-c-cpp/pull/55) | |
name: "MacOS_MTL_SonarScan" | |
named_logo: Apple | |
config_preset: "Ninja-Mac-MTL-Scan" | |
build_preset: "Ninja-Mac-MTL-Scan" | |
sonar_project_key: "methane-powered-kit-macos" | |
tests_coverage_reports: "Build/Output/Ninja-Mac-MTL-Scan/Install/Tests/Coverage/*.lcov" | |
runs-on: ${{ matrix.os }} | |
env: | |
BUILD_DIR: Build/Output/${{ matrix.config_preset }}/Build | |
INSTALL_DIR: Build/Output/${{ matrix.config_preset }}/Install | |
BUILD_LOG_FILE: Build/Output/${{ matrix.config_preset }}/Install/Build.log | |
COVERAGE_LOG_FILE: Build/Output/${{ matrix.config_preset }}/Install/Coverage.log | |
SCAN_LOG_FILE: Build/Output/${{ matrix.config_preset }}/Install/SonarScan.log | |
COMPILE_COMMANDS_FILE: Build/Output/${{ matrix.config_preset }}/Build/compile_commands.json | |
steps: | |
- name: Checkout pull-request merge commit from origin | |
if: ${{ github.event_name != 'pull_request_target' }} | |
uses: actions/checkout@v4 | |
with: | |
fetch-depth: 2 # 2 commits are necessary for CodeCov diff | |
- name: Checkout pull-request merge commit from fork | |
if: ${{ github.event_name == 'pull_request_target' }} | |
uses: actions/checkout@v4 | |
with: | |
ref: "${{ github.event.pull_request.merge_commit_sha }}" | |
fetch-depth: 2 # 2 commits are necessary for CodeCov diff | |
- name: Install Linux prerequisites | |
if: ${{ runner.os == 'Linux' }} | |
run: ./Build/Unix/CI/InstallLinuxPrerequisites.sh lcov | |
- name: Install TestSpace | |
if: ${{ github.event_name == 'push' }} | |
uses: testspace-com/setup-testspace@v1 | |
with: | |
domain: ${{ github.repository_owner }} | |
# .NET Core is required by ReportGenerator | |
- name: Install .NET Core | |
uses: actions/setup-dotnet@v4 | |
with: | |
dotnet-version: 6.0.400 | |
- name: Install Sonar-Scanner | |
uses: sonarsource/sonarcloud-github-c-cpp@v2 | |
# Ninja build is required to generate compile commands file used by Sonar-Scanner | |
- name: Install Ninja | |
uses: seanmiddleditch/gha-setup-ninja@v5 | |
with: | |
version: 1.11.1 | |
- name: Initialize Externals Cache | |
uses: actions/cache@v4 | |
with: | |
path: Build/Output/ExternalsCache | |
key: ExternalsCache-${{ matrix.config_preset }}-${{ hashFiles('Externals/*.cmake') }} | |
- name: Setup Developer Command Prompt for MSVC (VS2022 x64) to build with Ninja | |
if: ${{ runner.os == 'Windows' }} | |
uses: ilammy/msvc-dev-cmd@v1 | |
with: | |
arch: x64 | |
- name: CMake Configure Preset ${{ matrix.config_preset }} | |
shell: bash | |
env: | |
# Set BUILD version to zero to benefit from SonarCloud analysis cache (version change invalidates cache at each run) | |
METHANE_VERSION_BUILD: 0 | |
run: | | |
./Build/Unix/CI/CMakeConfigurePreset.sh "${{ matrix.config_preset }}" | |
if [ -f $COMPILE_COMMANDS_FILE ]; then | |
cp "$COMPILE_COMMANDS_FILE" "$INSTALL_DIR" | |
else | |
echo "Compile commands file was not found!" | |
fi | |
- name: CMake Build Preset ${{ matrix.build_preset }} | |
shell: bash | |
run: ./Build/Unix/CI/CMakeBuildPreset.sh "${{ matrix.build_preset }}" | |
- name: Download OpenCppCoverage | |
if: ${{ runner.os == 'Windows' }} | |
shell: powershell | |
working-directory: 'Build/Output/${{ matrix.config_preset }}/Install/Tests' | |
run: ${{ github.workspace }}\Build\Windows\CI\DownloadOpenCppCoverageRelease.ps1 | |
- name: Run all unit-tests with OpenCppCoverage code coverage on Windows | |
if: ${{ runner.os == 'Windows' }} | |
shell: cmd | |
working-directory: 'Build\Output\${{ matrix.config_preset }}\Install\Tests' | |
run: | | |
${{ github.workspace }}\Build\Windows\CI\RunUnitTestsWithCoverage.bat cobertura sonarqube junit ^ | |
"${{ github.workspace }}\Modules" ^ | |
Build/Output/${{ matrix.config_preset }}/Install/Tests | |
- name: Run all unit-tests to collect SonarQube and JUnit test results on Linux | |
if: ${{ runner.os == 'Linux' }} | |
working-directory: 'Build/Output/${{ matrix.config_preset }}/Install/Tests' | |
run: ${{ github.workspace }}/Build/Unix/CI/RunUnitTests.sh sonarqube junit | |
- name: Run all unit-tests with code coverage using CTest and GCov on Linux | |
if: ${{ runner.os == 'Linux' && (success() || failure()) }} | |
run: ./Build/Unix/CI/CMakeBuildPreset.sh "${{ matrix.build_preset }}" MethaneTestCoverage "$COVERAGE_LOG_FILE" | |
- name: Run all unit-tests with LCov code coverage on MacOS | |
if: ${{ runner.os == 'macOS' }} | |
working-directory: 'Build/Output/${{ matrix.config_preset }}/Install/Tests' | |
run: ${{ github.workspace }}/Build/Unix/CI/RunUnitTestsWithCoverage.sh lcov sonarqube junit | |
- name: Generate Code Coverage Reports | |
if: ${{ success() || failure() }} | |
uses: danielpalme/ReportGenerator-GitHub-Action@5 | |
with: | |
reports: ${{ matrix.tests_coverage_reports }} | |
targetdir: 'Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report' | |
reporttypes: 'Cobertura;SonarQube' | |
title: 'Methane Tests Code Coverage for ${{ matrix.build_preset }}' | |
tag: '${{ env.METHANE_VERSION_MAJOR }}.${{ env.METHANE_VERSION_MINOR }}.${{ env.METHANE_VERSION_PATCH }}.${{ env.METHANE_VERSION_BUILD }}' | |
- name: Upload Code Coverage Cobertura Report | |
if: ${{ success() || failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MethaneKit_${{ matrix.name }}_CoverageResults | |
path: Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report/Cobertura.xml | |
- name: Upload Build Log and Code Coverage to TestSpace server | |
if: ${{ github.event_name == 'push' && (success() || failure()) }} | |
continue-on-error: true # testspace will fail if test result already exists for current build id, but it's OK on build re-run. | |
shell: bash | |
run: | | |
testspace \ | |
"[ ${{ matrix.name }} ]Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report/Cobertura.xml" \ | |
"[ ${{ matrix.name }} ]${{ env.BUILD_LOG_FILE }}" | |
- name: Publish Code Coverage to CodeCov server | |
if: ${{ github.event_name != 'pull_request_target' && (success() || failure()) }} | |
uses: codecov/codecov-action@v4 | |
with: | |
files: Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report/Cobertura.xml | |
flags: unittests,${{ runner.os }} | |
name: ${{ matrix.name }} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Publish Code Coverage to CodeCov server (from PR target) | |
if: ${{ github.event_name == 'pull_request_target' && (success() || failure()) }} | |
uses: codecov/codecov-action@v4 | |
with: | |
override_pr: ${{ github.event.pull_request.number }} | |
override_commit: ${{ github.event.pull_request.head.sha }} | |
files: Build/Output/${{ matrix.config_preset }}/Install/Tests/Coverage/Report/Cobertura.xml | |
flags: unittests,${{ runner.os }} | |
name: ${{ matrix.name }} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Publish Test Results to Codecov server | |
if: ${{ github.event_name != 'pull_request_target' && (success() || failure()) }} | |
uses: codecov/test-results-action@v1 | |
with: | |
files: Build/Output/${{ matrix.config_preset }}/Install/Tests/Results/junit/*Test.xml | |
flags: unittests,${{ runner.os }} | |
name: ${{ matrix.name }} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Publish Test Results to Codecov server (from PR target) | |
if: ${{ github.event_name == 'pull_request_target' && (success() || failure()) }} | |
uses: codecov/test-results-action@v1 | |
with: | |
override_pr: ${{ github.event.pull_request.number }} | |
override_commit: ${{ github.event.pull_request.head.sha }} | |
files: Build/Output/${{ matrix.config_preset }}/Install/Tests/Results/junit/*Test.xml | |
flags: unittests,${{ runner.os }} | |
name: ${{ matrix.name }} | |
token: ${{ secrets.CODECOV_TOKEN }} | |
- name: Publish Test Results to GitHub | |
if: ${{ success() || failure() }} | |
uses: EnricoMi/publish-unit-test-result-action/composite@v2 | |
with: | |
check_name: ${{ matrix.name }} Test Results | |
comment_title: ${{ matrix.name }} Test Results | |
files: Build/Output/${{ matrix.config_preset }}/Install/Tests/Results/junit/*Test.xml | |
action_fail: true | |
action_fail_on_inconclusive: true | |
- name: Run Sonar Scanner | |
if: ${{ success() || failure() }} | |
shell: bash | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
SONAR_ORGANIZATION: methane-powered | |
GITHUB_COMMIT_SHA: ${{ github.event_name == 'push' && github.sha || github.event.pull_request.head.sha }} | |
GITHUB_PR_FLAG: ${{ (github.event_name == 'pull_request' || github.event_name == 'pull_request_target') && 1 || 0 }} | |
GITHUB_PR_REPO: ${{ github.repository }} | |
GITHUB_PR_NUMBER: ${{ github.event.pull_request.number }} | |
GITHUB_PR_BRANCH: ${{ github.event.pull_request.head.ref }} | |
GITHUB_PR_BASE: ${{ github.event.pull_request.base.ref }} | |
run: | | |
./Build/Unix/CI/RunSonarScanner.sh "${{ matrix.sonar_project_key }}" \ | |
"Build/Output/${{ matrix.config_preset }}/Build" \ | |
"Build/Output/${{ matrix.config_preset }}/Install/Tests" | |
- name: Archive Scan Artifacts | |
if: ${{ success() || failure() }} | |
shell: bash | |
working-directory: Build/Output/${{ matrix.config_preset }}/Install | |
run: 7z a -t7z -mx=9 MethaneKit_${{ matrix.name }}.7z * | |
- name: Upload Archived Scan Artifacts | |
if: ${{ success() || failure() }} | |
uses: actions/upload-artifact@v4 | |
with: | |
name: MethaneKit_${{ matrix.name }}_${{ env.METHANE_VERSION_MAJOR }}.${{ env.METHANE_VERSION_MINOR }}.${{ env.METHANE_VERSION_PATCH }}.${{ env.METHANE_VERSION_BUILD }} | |
path: Build/Output/${{ matrix.config_preset }}/Install/MethaneKit_${{ matrix.name }}.7z | |
- name: Update Badge Parameters | |
if: ${{ (github.event_name == 'push' || github.event_name == 'schedule') && always() }} | |
shell: bash | |
run: ./Build/Unix/CI/UpdateBadgeParameters.sh "${{ job.status }}" | |
- name: Update Badge JSON | |
if: ${{ (github.event_name == 'push' || github.event_name == 'schedule') && always() }} | |
uses: schneegans/[email protected] | |
with: | |
auth: ${{ secrets.GIST_TOKEN }} | |
gistID: 96d788046ccd52b45b3354a99f8569c3 | |
filename: MethaneKit_${{ matrix.name }}_${{ github.ref_name }}.json | |
namedLogo: ${{ matrix.named_logo }} # https://simpleicons.org | |
label: ${{ matrix.name }} | |
labelColor: #f5f5f5 | |
logoColor: #f5f5f5 | |
message: ${{ env.badge_message }} | |
color: ${{ env.badge_color }} |