ci: add static analysis workflow.

Use a matrix with jobs in order to parallelize running different tools. The check for GITHUB_HEAD_REF is used so the same workflow works for PRs and for branches. We ignore some files with cppcheck due to issues with Catch2. An example of an error generated by cppcheck with Catch2: util/tests/bits-test.cc:36:5: error: There is an unknown macro here somewhere. Configuration is required. If _catch_sr is a macro then please configure it. [unknownMacro] CHECK_THROWS_AS(clear_and_insert(reg, 1000U, range_mask), std::runtime_error); The issue causing git-config(1) to be necessary is tracked in [1]. Meson supports a clang-tidy target of its own, but it's not really usable for our purposes [2]. [1] actions/checkout#1169 [2] mesonbuild/meson#2383
lnls-dig · Jan 15, 2025 · bed288c · bed288c
1 parent c82469e
commit bed288c
Showing 1 changed file with 53 additions and 0 deletions.
diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml
@@ -0,0 +1,53 @@
+name: Run static analysis tools
+on:
+  push:
+    branches:
+      - master
+
+  pull_request:
+
+jobs:
+  # each one of the tools are used in different ways
+  static-analysis:
+    runs-on: ubuntu-latest
+    container:
+      image: debian:testing
+      env:
+        CC: clang
+        CXX: clang++
+    strategy:
+      fail-fast: false
+      matrix:
+        tool:
+          # clang-tidy is more extensive and the list of checks isn't final, so fixing all of them at once isn't tractable;
+          # therefore, the job doesn't fail due to clang-tidy, it's simply informative
+          - packages: "clang-tidy"
+            command: "clang-tidy '--warnings-as-errors=-*' -p build/ $(git ls-files | grep '\\.c\\+$')"
+          # however, we should check that the changed lines of code don't have any tidy warnings
+          - packages: "clang-tidy"
+            command: |
+              if [ -n \"$GITHUB_BASE_REF\" ]; then
+                git diff -U0 origin/$GITHUB_BASE_REF | clang-tidy-diff -p1 -config-file .clang-tidy -path build/ > result
+                exitcode=$?
+                cat result
+                exit $exitcode
+              fi
+          # cppcheck doesn't check as much, so we can make the job fail because of it;
+          # tests are skipped due to issues with Catch2 headers
+          - packages: "cppcheck"
+            command: >
+              cppcheck --error-exitcode=1 --std=c++20 --check-level=exhaustive --addon=threadsafety
+                -D__unix__ -D__GNUC__
+                --project=build/compile_commands.json -i subprojects/ -i util/tests/
+    steps:
+      - name: Install dependencies
+        run: apt update && apt install -y git meson clang ${{ matrix.tool.packages }}
+      - uses: actions/checkout@v4
+        with:
+          submodules: true
+          fetch-depth: 0
+      - run: git config --system --add safe.directory $(pwd)
+      - name: Generate compile_commands.json
+        run: meson setup --buildtype release --werror -Dpcie_opt=true build || cat build/meson-logs/meson-log.txt /nonexistent
+      - name: Run static analysis tool
+        run: ${{ matrix.tool.command }}