diff --git a/.github/workflows/sonar-cloud-static-analysis.yml b/.github/workflows/sonar-cloud-static-analysis.yml new file mode 100644 index 00000000000..a2e10f36d60 --- /dev/null +++ b/.github/workflows/sonar-cloud-static-analysis.yml @@ -0,0 +1,126 @@ +name: Sonar Cloud Static Analysis +on: + schedule: + # At the end of every day + cron: "0 0 * * *" + +jobs: + build: + name: Static Analysis + runs-on: ubuntu-latest + env: + # Latest scanner version is tracked on: https://sonarcloud.io/documentation/analysis/scan/sonarscanner/ + SONAR_SCANNER_VERSION: 4.6.1.2450 + SONAR_SERVER_URL: "https://sonarcloud.io" + steps: + - uses: actions/checkout@v2 + with: + fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis + + # Install JDK for sonar-scanner + - name: Set up JDK 11 + uses: actions/setup-java@v1 + with: + java-version: 11 + + # The sonar cache appears to be about ~450 MB + - name: Cache SonarCloud packages and analysis + uses: actions/cache@v2 + id: sonarcloud-cache + with: + path: ~/.sonar + key: ${{ runner.os }}-sonar-${{ env.SONAR_SCANNER_VERSION }} + restore-keys: ${{ runner.os }}-sonar-${{ env.SONAR_SCANNER_VERSION }} + + - name: Download and set up sonar-scanner + env: + SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip + if: steps.sonarcloud-cache.outputs.cache-hit != 'true' + run: | + mkdir -p $HOME/.sonar + curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }} + unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ + rm $HOME/.sonar/sonar-scanner.zip + + - name: Configure sonar-scanner + run: | + echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH + echo "sonar.projectKey=SerenityOS_serenity" >> ${{ github.workspace }}/sonar-project.properties + echo "sonar.organization=serenityos" >> ${{ github.workspace }}/sonar-project.properties + echo "sonar.cfamily.cache.enabled=true" >> ${{ github.workspace }}/sonar-project.properties + echo "sonar.cfamily.cache.path=.sonar" >> ${{ github.workspace }}/sonar-project.properties + echo "sonar.cfamily.compile-commands=${{ github.workspace }}/Build/compile_commands.json" >> ${{ github.workspace }}/sonar-project.properties + echo "sonar.cfamily.threads=2" >> ${{ github.workspace }}/sonar-project.properties + echo "sonar.host.url=${{ env.SONAR_SERVER_URL }}" >> ${{ github.workspace }}/sonar-project.properties + echo "sonar.sources=." >> ${{ github.workspace }}/sonar-project.properties + echo "sonar.tests=${{ github.workspace }}/Tests,${{ github.workspace }}/Base/res,${{ github.workspace }}/Base/www" >> ${{ github.workspace }}/sonar-project.properties + + # === OS SETUP === + # TODO: Is there someway to share these steps with the cmake.yml? + + - name: "Install Ubuntu dependencies" + # These packages are already part of the ubuntu-20.04 image: + # cmake clang-format-11 gcc-10 g++-10 libstdc++-10-dev libgmp-dev npm shellcheck + # Packages below aren't. + # + # We add the canonical-server/server-backports PPA to get updated QEMU releases without having to manage + # yet another cache in github actions + run: | + sudo add-apt-repository ppa:canonical-server/server-backports + sudo apt-get update + sudo apt-get install libmpfr-dev libmpc-dev ninja-build unzip + + - name: Check versions + run: set +e; g++ --version; g++-10 --version; ninja --version; + + - name: Prepare useful stamps + id: stamps + shell: cmake -P {0} + run: | + string(TIMESTAMP current_date "%Y_%m_%d_%H_%M_%S" UTC) + # Output everything twice to make it visible both in the logs + # *and* as actual output variable, in this order. + message(" set-output name=time::${current_date}") + message("::set-output name=time::${current_date}") + message(" set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}") + message("::set-output name=libc_headers::${{ hashFiles('Userland/Libraries/LibC/**/*.h', 'Userland/Libraries/LibPthread/**/*.h', 'Toolchain/Patches/*[!llvm].patch', 'Toolchain/BuildIt.sh') }}") + + - name: Toolchain cache + # TODO: Change the version to the released version when https://github.com/actions/cache/pull/489 (or 571) is merged. + uses: actions/cache@03e00da99d75a2204924908e1cca7902cafce66b + env: + # This job should always read the cache, never populate it. + CACHE_SKIP_SAVE: false + + with: + path: ${{ github.workspace }}/Toolchain/Cache/ + # This assumes that *ALL* LibC and LibPthread headers have an impact on the Toolchain. + # This is wrong, and causes more Toolchain rebuilds than necessary. + # However, we want to avoid false cache hits at all costs. + key: ${{ runner.os }}-toolchain-i686-${{ steps.stamps.outputs.libc_headers }} + + - name: Restore or regenerate Toolchain + run: TRY_USE_LOCAL_TOOLCHAIN=y ARCH="${{ matrix.arch }}" ${{ github.workspace }}/Toolchain/BuildIt.sh + + - name: Create build directory + run: | + mkdir -p ${{ github.workspace }}/Build + mkdir -p ${{ github.workspace }}/Build/UCD + mkdir -p ${{ github.workspace }}/Build/CLDR + + - name: Create build environment + working-directory: ${{ github.workspace }}/Build + run: cmake .. -GNinja -DSERENITY_ARCH=i686 -DCMAKE_EXPORT_COMPILE_COMMANDS=ON -DENABLE_PCI_IDS_DOWNLOAD=OFF -DENABLE_USB_IDS_DOWNLOAD=OFF -DCMAKE_C_COMPILER=gcc-10 -DCMAKE_CXX_COMPILER=g++-10 + + + - name: Build generated sources so they are available for analysis. + working-directory: ${{ github.workspace }}/Build + run: | + ninja all_generated + + - name: Run sonar-scanner, upload results + env: + GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} + SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} + run: | + sonar-scanner