2021-08-29 17:02:01 +00:00
|
|
|
name: Sonar Cloud Static Analysis
|
|
|
|
|
on:
|
2021-08-31 06:24:00 +00:00
|
|
|
# Automatically run at the end of every day.
|
2021-08-29 17:02:01 +00:00
|
|
|
schedule:
|
2021-08-30 18:06:45 +00:00
|
|
|
- cron: '0 0 * * *'
|
2021-08-29 17:02:01 +00:00
|
|
|
|
|
|
|
|
jobs:
|
|
|
|
|
build:
|
|
|
|
|
name: Static Analysis
|
|
|
|
|
runs-on: ubuntu-latest
|
2021-09-10 00:51:14 +00:00
|
|
|
if: always() && github.repository == 'SerenityOS/serenity' && github.ref == 'refs/heads/master'
|
2021-08-29 17:02:01 +00:00
|
|
|
env:
|
|
|
|
|
# Latest scanner version is tracked on: https://sonarcloud.io/documentation/analysis/scan/sonarscanner/
|
2021-09-26 21:26:45 +00:00
|
|
|
SONAR_SCANNER_VERSION: 4.6.2.2472
|
2021-08-29 17:02:01 +00:00
|
|
|
SONAR_SERVER_URL: "https://sonarcloud.io"
|
2021-09-03 06:55:12 +00:00
|
|
|
SONAR_ANALYSIS_ARCH: i686
|
2021-08-29 17:02:01 +00:00
|
|
|
steps:
|
|
|
|
|
- uses: actions/checkout@v2
|
|
|
|
|
with:
|
|
|
|
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
|
|
|
|
|
|
|
|
|
# Install JDK for sonar-scanner
|
|
|
|
|
- name: Set up JDK 11
|
|
|
|
|
uses: actions/setup-java@v1
|
|
|
|
|
with:
|
|
|
|
|
java-version: 11
|
|
|
|
|
|
|
|
|
|
- name: Download and set up sonar-scanner
|
|
|
|
|
env:
|
|
|
|
|
SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
|
|
|
|
|
if: steps.sonarcloud-cache.outputs.cache-hit != 'true'
|
|
|
|
|
run: |
|
|
|
|
|
mkdir -p $HOME/.sonar
|
|
|
|
|
curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }}
|
|
|
|
|
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
|
|
|
|
|
rm $HOME/.sonar/sonar-scanner.zip
|
|
|
|
|
|
|
|
|
|
- name: Configure sonar-scanner
|
|
|
|
|
run: |
|
|
|
|
|
echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH
|
|
|
|
|
echo "sonar.projectKey=SerenityOS_serenity" >> ${{ github.workspace }}/sonar-project.properties
|
2021-10-02 07:02:25 +00:00
|
|
|
echo "sonar.projectVersion=${{ github.sha }}" >> ${{ github.workspace }}/sonar-project.properties
|
2021-08-29 17:02:01 +00:00
|
|
|
echo "sonar.organization=serenityos" >> ${{ github.workspace }}/sonar-project.properties
|
2021-09-16 07:56:54 +00:00
|
|
|
echo "sonar.cfamily.compile-commands=${{ github.workspace }}/Build/${{ env.SONAR_ANALYSIS_ARCH }}/compile_commands.json" >> ${{ github.workspace }}/sonar-project.properties
|
2021-08-29 17:02:01 +00:00
|
|
|
echo "sonar.cfamily.threads=2" >> ${{ github.workspace }}/sonar-project.properties
|
2021-09-28 06:11:52 +00:00
|
|
|
echo "sonar.cfamily.cache.enabled=false" >> ${{ github.workspace }}/sonar-project.properties
|
2021-09-22 22:45:53 +00:00
|
|
|
echo "sonar.exclusions=Userland/Libraries/LibWasm/Parser/Parser.cpp" >> ${{ github.workspace }}/sonar-project.properties
|
2021-08-29 17:02:01 +00:00
|
|
|
echo "sonar.host.url=${{ env.SONAR_SERVER_URL }}" >> ${{ github.workspace }}/sonar-project.properties
|
2021-08-31 06:24:00 +00:00
|
|
|
echo "sonar.sources=AK,Build,Userland,Kernel,Meta" >> ${{ github.workspace }}/sonar-project.properties
|
|
|
|
|
echo "sonar.tests=Tests" >> ${{ github.workspace }}/sonar-project.properties
|
2021-09-03 04:51:15 +00:00
|
|
|
echo "sonar.python.version=3.7, 3.8, 3.9" >> ${{ github.workspace }}/sonar-project.properties
|
2021-08-29 17:02:01 +00:00
|
|
|
|
|
|
|
|
# === OS SETUP ===
|
|
|
|
|
# TODO: Is there someway to share these steps with the cmake.yml?
|
|
|
|
|
|
|
|
|
|
- name: "Install Ubuntu dependencies"
|
|
|
|
|
# These packages are already part of the ubuntu-20.04 image:
|
|
|
|
|
# cmake clang-format-11 gcc-10 g++-10 libstdc++-10-dev libgmp-dev npm shellcheck
|
|
|
|
|
# Packages below aren't.
|
|
|
|
|
#
|
|
|
|
|
# We add the canonical-server/server-backports PPA to get updated QEMU releases without having to manage
|
|
|
|
|
# yet another cache in github actions
|
|
|
|
|
run: |
|
|
|
|
|
sudo add-apt-repository ppa:canonical-server/server-backports
|
|
|
|
|
sudo apt-get update
|
|
|
|
|
sudo apt-get install libmpfr-dev libmpc-dev ninja-build unzip
|
|
|
|
|
|
|
|
|
|
- name: Check versions
|
|
|
|
|
run: set +e; g++ --version; g++-10 --version; ninja --version;
|
|
|
|
|
|
|
|
|
|
- name: Prepare useful stamps
|
|
|
|
|
id: stamps
|
|
|
|
|
shell: cmake -P {0}
|
|
|
|
|
run: |
|
|
|
|
|
string(TIMESTAMP current_date "%Y_%m_%d_%H_%M_%S" UTC)
|
|
|
|
|
# Output everything twice to make it visible both in the logs
|
|
|
|
|
# *and* as actual output variable, in this order.
|
|
|
|
|
message(" set-output name=time::${current_date}")
|
|
|
|
|
message("::set-output name=time::${current_date}")
|
|
|
|
|
message(" set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")
|
|
|
|
|
message("::set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}")
|
|
|
|
|
|
|
|
|
|
- name: Toolchain cache
|
|
|
|
|
# TODO: Change the version to the released version when https://github.com/actions/cache/pull/489 (or 571) is merged.
|
|
|
|
|
uses: actions/cache@03e00da99d75a2204924908e1cca7902cafce66b
|
|
|
|
|
env:
|
|
|
|
|
# This job should always read the cache, never populate it.
|
2021-09-03 06:55:12 +00:00
|
|
|
CACHE_SKIP_SAVE: true
|
2021-08-29 17:02:01 +00:00
|
|
|
|
|
|
|
|
with:
|
|
|
|
|
path: ${{ github.workspace }}/Toolchain/Cache/
|
|
|
|
|
# This assumes that *ALL* LibC and LibPthread headers have an impact on the Toolchain.
|
|
|
|
|
# This is wrong, and causes more Toolchain rebuilds than necessary.
|
|
|
|
|
# However, we want to avoid false cache hits at all costs.
|
2021-09-03 06:55:12 +00:00
|
|
|
key: ${{ runner.os }}-toolchain-${{ env.SONAR_ANALYSIS_ARCH }}-${{ steps.stamps.outputs.libc_headers }}
|
2021-08-29 17:02:01 +00:00
|
|
|
|
|
|
|
|
- name: Restore or regenerate Toolchain
|
2021-09-03 06:55:12 +00:00
|
|
|
run: TRY_USE_LOCAL_TOOLCHAIN=y ARCH="${{ env.SONAR_ANALYSIS_ARCH }}" ${{ github.workspace }}/Toolchain/BuildIt.sh
|
2021-08-29 17:02:01 +00:00
|
|
|
|
|
|
|
|
- name: Create build directory
|
|
|
|
|
run: |
|
2021-09-16 07:56:54 +00:00
|
|
|
mkdir -p ${{ github.workspace }}/Build/${{ env.SONAR_ANALYSIS_ARCH }}/UCD
|
|
|
|
|
mkdir -p ${{ github.workspace }}/Build/${{ env.SONAR_ANALYSIS_ARCH }}/CLDR
|
2021-08-29 17:02:01 +00:00
|
|
|
|
|
|
|
|
- name: Create build environment
|
2021-09-16 07:56:54 +00:00
|
|
|
working-directory: ${{ github.workspace }}
|
|
|
|
|
run: |
|
|
|
|
|
cmake -S Meta/CMake/Superbuild -B Build/superbuild -GNinja \
|
|
|
|
|
-DSERENITY_ARCH=${{ env.SONAR_ANALYSIS_ARCH }} \
|
|
|
|
|
-DSERENITY_TOOLCHAIN=GNU \
|
|
|
|
|
-DCMAKE_C_COMPILER=gcc-10 \
|
|
|
|
|
-DCMAKE_CXX_COMPILER=g++-10 \
|
|
|
|
|
-DENABLE_PCI_IDS_DOWNLOAD=OFF \
|
|
|
|
|
-DENABLE_USB_IDS_DOWNLOAD=OFF
|
2021-08-29 17:02:01 +00:00
|
|
|
|
|
|
|
|
- name: Build generated sources so they are available for analysis.
|
2021-09-16 07:56:54 +00:00
|
|
|
working-directory: ${{ github.workspace }}
|
|
|
|
|
# Note: The superbuild will create the Build/arch directory when doing the
|
|
|
|
|
# configure step for the serenity ExternalProject, as that's the configured
|
|
|
|
|
# binary directory for that project.
|
2021-08-29 17:02:01 +00:00
|
|
|
run: |
|
2021-09-16 07:56:54 +00:00
|
|
|
ninja -C Build/superbuild serenity-configure
|
2021-09-17 09:54:12 +00:00
|
|
|
cmake -B Build/${{ env.SONAR_ANALYSIS_ARCH }} -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
|
|
|
|
|
ninja -C Build/${{ env.SONAR_ANALYSIS_ARCH }} all_generated
|
2021-08-29 17:02:01 +00:00
|
|
|
|
|
|
|
|
- name: Run sonar-scanner, upload results
|
|
|
|
|
env:
|
|
|
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
|
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
|
|
|
run: |
|
|
|
|
|
sonar-scanner
|
