Add clang static analyzer workflow

qgis · Nov 25, 2024 · 0931b1a · 0931b1a
1 parent 0650cbd
commit 0931b1a
Show file tree

Hide file tree

Showing 2 changed files with 71 additions and 0 deletions.
diff --git a/.github/workflows/clang_static_analyzer.yml b/.github/workflows/clang_static_analyzer.yml
@@ -0,0 +1,15 @@
+name: CLang Static Analyzer
+
+on: [push, pull_request]
+
+jobs:
+
+  clang_static_analyzer:
+    runs-on: ubuntu-latest
+    if: "!contains(github.event.head_commit.message, '[ci skip]') && !contains(github.event.head_commit.message, '[skip ci]')"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v2
+
+      - name: Run
+        run: .github/workflows/clang_static_analyzer/start.sh
diff --git a/.github/workflows/clang_static_analyzer/start.sh b/.github/workflows/clang_static_analyzer/start.sh
@@ -0,0 +1,56 @@
+#!/bin/bash
+
+set -e
+
+sudo apt update
+
+DEBIAN_FRONTEND=noninteractive sudo apt-get install -y --no-install-recommends \
+    libtool \
+    g++ \
+    make \
+    jq \
+    clang-tools \
+    qtbase5-dev \
+    qt5keychain-dev \
+    qtscript5-dev \
+    qtwebengine5-dev
+
+CLANG_LLVM=clang+llvm-9.0.0-x86_64-linux-gnu-ubuntu-18.04
+wget -nv https://releases.llvm.org/9.0.0/$CLANG_LLVM.tar.xz
+tar xJf $CLANG_LLVM.tar.xz
+mv $CLANG_LLVM clang+llvm-9
+
+NPROC=$(nproc)
+echo "NPROC=${NPROC}"
+export MAKEFLAGS="-j ${NPROC}"
+
+export PATH=$PWD/clang+llvm-9/bin:$PATH
+
+# prepare build files
+mkdir -p csa_build
+cd csa_build
+
+scan-build -o scanbuildoutput -plist -v cmake ..
+
+scan-build -o scanbuildoutput -sarif -v -enable-checker alpha.unix.cstring.OutOfBounds,alpha.unix.cstring.BufferOverlap,optin.cplusplus.VirtualCall,optin.cplusplus.UninitializedObject make
+
+rm -f filtered_scanbuild.txt
+files=$(find scanbuildoutput -name "*.sarif")
+for f in $files; do
+    jq '.runs[].results[] | (if .locations[].physicalLocation.fileLocation.uri | (contains("_generated_parser") ) then empty else { "uri": .locations[].physicalLocation.fileLocation.uri, "msg": .message.text, "location": .codeFlows[-1].threadFlows[-1].locations[-1] } end)' < $f > tmp.txt
+    if [ -s tmp.txt ]; then
+        echo "Errors from $f: "
+        cat $f
+        echo ""
+        cat tmp.txt >> filtered_scanbuild.txt
+    fi
+    rm -f tmp.txt
+done
+if [ -s filtered_scanbuild.txt ]; then
+    echo ""
+    echo ""
+    echo "========================"
+    echo "Summary of errors found:"
+    cat filtered_scanbuild.txt
+    /bin/false
+fi