2021-09-11 07:17:00 +03:00
name : PVS-Studio Static Analysis
on :
# Automatically run at the end of every day.
schedule :
- cron : '0 0 * * *'
jobs :
build :
name : Static Analysis
runs-on : ubuntu-latest
env :
PVS_STUDIO_ANALYSIS_ARCH : i686
if : always() && github.repository == 'SerenityOS/serenity' && github.ref == 'refs/heads/master'
steps :
- uses : actions/checkout@v2
- name : "Configure PVS-Studio Repository"
run : |
wget -q -O - https://files.pvs-studio.com/beta/etc/pubkey.txt | sudo apt-key add -
sudo wget -O /etc/apt/sources.list.d/viva64.list https://files.pvs-studio.com/beta/etc/viva64.list
- name : "Install Ubuntu dependencies"
# These packages are already part of the ubuntu-20.04 image:
2022-02-06 22:05:35 +03:00
# cmake libgmp-dev npm shellcheck
2021-09-11 07:17:00 +03:00
# Packages below aren't.
#
run : |
2022-01-07 09:27:53 +03:00
sudo add-apt-repository ppa:ubuntu-toolchain-r/test
2022-02-06 22:05:35 +03:00
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
sudo add-apt-repository 'deb http://apt.llvm.org/focal/ llvm-toolchain-focal-14 main'
2021-09-11 07:17:00 +03:00
sudo apt-get update
2022-02-06 22:05:35 +03:00
sudo apt-get install -y clang-format-14 gcc-11 g++-11 libstdc++-11-dev libmpfr-dev libmpc-dev ninja-build unzip pvs-studio
2021-09-11 07:17:00 +03:00
- name : Check versions
2022-01-07 09:27:53 +03:00
run : set +e; g++ --version; g++-11 --version; ninja --version;
2021-09-11 07:17:00 +03:00
- name : Prepare useful stamps
id : stamps
shell : cmake -P {0}
run : |
string(TIMESTAMP current_date "%Y_%m_%d_%H_%M_%S" UTC)
# Output everything twice to make it visible both in the logs
# *and* as actual output variable, in this order.
message(" set-output name=time::${current_date}")
message("::set-output name=time::${current_date}")
message(" set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")
message("::set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")
- name : Toolchain cache
# TODO: Change the version to the released version when https://github.com/actions/cache/pull/489 (or 571) is merged.
uses : actions/cache@03e00da99d75a2204924908e1cca7902cafce66b
env :
# This job should always read the cache, never populate it.
CACHE_SKIP_SAVE : true
with :
path : ${{ github.workspace }}/Toolchain/Cache/
# This assumes that *ALL* LibC and LibPthread headers have an impact on the Toolchain.
# This is wrong, and causes more Toolchain rebuilds than necessary.
# However, we want to avoid false cache hits at all costs.
key : ${{ runner.os }}-toolchain-${{ env.PVS_STUDIO_NALYSIS_ARCH }}-${{ steps.stamps.outputs.libc_headers }}
- name : Restore or regenerate Toolchain
run : TRY_USE_LOCAL_TOOLCHAIN=y ARCH="${{ env.PVS_STUDIO_ANALYSIS_ARCH }}" ${{ github.workspace }}/Toolchain/BuildIt.sh
- name : Create build directory
run : |
mkdir -p ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}/UCD
mkdir -p ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}/CLDR
- name : Create build environment
working-directory : ${{ github.workspace }}
run : |
cmake -S Meta/CMake/Superbuild -B Build/superbuild -GNinja \
-DSERENITY_ARCH=${{ env.PVS_STUDIO_ANALYSIS_ARCH }} \
-DSERENITY_TOOLCHAIN=GNU \
2022-01-07 09:27:53 +03:00
-DCMAKE_C_COMPILER=gcc-11 \
-DCMAKE_CXX_COMPILER=g++-11 \
2021-09-11 07:17:00 +03:00
-DENABLE_PCI_IDS_DOWNLOAD=OFF \
-DENABLE_USB_IDS_DOWNLOAD=OFF
- name : Build generated sources so they are available for analysis.
working-directory : ${{ github.workspace }}
# Note: The superbuild will create the Build/arch directory when doing the
# configure step for the serenity ExternalProject, as that's the configured
# binary directory for that project.
run : |
ninja -C Build/superbuild serenity-configure
cmake -B Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }} -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
ninja -C Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }} all_generated
- name : Configure PVS-Studio License
env :
MAIL : ${{ secrets.PVS_STUDIO_MAIL }}
KEY : ${{ secrets.PVS_STUDIO_KEY }}
run : pvs-studio-analyzer credentials $MAIL $KEY
- name : Run PVS-Studio Analyzer
working-directory : ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}
run : pvs-studio-analyzer analyze -o project.plog --compiler ${{ env.PVS_STUDIO_ANALYSIS_ARCH }}-pc-serenity-g++ --compiler ${{ env.PVS_STUDIO_ANALYSIS_ARCH }}-pc-serenity-gcc -j2
# Suppress Rules:
2022-04-04 01:47:55 +03:00
# - TRY(..) macro breaks this rule: V530 The return value of function 'release_value' is required to be utilized.
2021-09-11 07:17:00 +03:00
# - We are the system headers: V677 Custom declaration of a standard '<example>' type. The declaration from system header files should be used instead.
# - We have no choice: V1061 Extending the 'std' namespace may result in undefined behavior.
2022-02-12 18:14:41 +03:00
# - False positives:
2022-04-04 01:41:49 +03:00
# V591 Non-void function should return a value.
2022-04-04 01:44:56 +03:00
# V603 Object was created but is not being used.
2022-04-04 01:47:55 +03:00
# V1047 Lifetime of the lambda is greater than lifetime of the local variable captured by reference.
# V1076 Code contains invisible characters that may alter its logic.
2022-02-12 18:14:41 +03:00
#
2021-09-11 07:17:00 +03:00
- name : Filter PVS Log
working-directory : ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}
run : |
2022-04-04 01:47:55 +03:00
pvs-studio-analyzer suppress -v530 -v591 -v603 -v677 -v1047 -v1061 -v1076 project.plog
2021-09-11 07:17:00 +03:00
pvs-studio-analyzer filter-suppressed project.plog
- name : Print PVS Log
run : plog-converter -a 'GA:1,2;64:1;OP:1,2,3' -t errorfile ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}/project.plog | GREP_COLOR='01;31' grep -E --color=always 'error:|$' | GREP_COLOR='01;33' grep -E --color=always 'warning:|$'
- name : Convert PVS Log to SARIF
run : plog-converter -a 'GA:1,2;64:1;OP:1,2,3' -o project.sarif -t sarif ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}/project.plog
- uses : actions/upload-artifact@v2
with :
path : ${{ github.workspace }}/Build/${{ env.PVS_STUDIO_ANALYSIS_ARCH }}/project.plog
- uses : actions/upload-artifact@v2
with :
path : ${{ github.workspace }}/project.sarif
- name : Upload SARIF results file
uses : github/codeql-action/upload-sarif@v1
with :
# Path to SARIF file relative to the root of the repository
sarif_file : project.sarif