mirror of
https://github.com/ArchipelagoMW/Archipelago.git
synced 2026-03-30 15:13:24 -07:00
2ee20a3ac4
* CI: reduce default permissions to minimum * CI: update pin actions Most of them. CodeQL and action-gh-release is untouched for now. Immutable actions and actions/* are pinned to version, other actions are pinned to hash. * CI: make use of archive: false in upload-artifact also set compression level and error behavior for scan-build upload. * CI: update codeql and enable scanning actions
70 lines
1.6 KiB
YAML
70 lines
1.6 KiB
YAML
name: Native Code Static Analysis
|
|
|
|
on:
|
|
push:
|
|
paths:
|
|
- '**.c'
|
|
- '**.cc'
|
|
- '**.cpp'
|
|
- '**.cxx'
|
|
- '**.h'
|
|
- '**.hh'
|
|
- '**.hpp'
|
|
- '**.pyx'
|
|
- 'setup.py'
|
|
- 'requirements.txt'
|
|
- '.github/workflows/scan-build.yml'
|
|
pull_request:
|
|
paths:
|
|
- '**.c'
|
|
- '**.cc'
|
|
- '**.cpp'
|
|
- '**.cxx'
|
|
- '**.h'
|
|
- '**.hh'
|
|
- '**.hpp'
|
|
- '**.pyx'
|
|
- 'setup.py'
|
|
- 'requirements.txt'
|
|
- '.github/workflows/scan-build.yml'
|
|
|
|
permissions: {}
|
|
|
|
jobs:
|
|
scan-build:
|
|
runs-on: ubuntu-latest
|
|
|
|
steps:
|
|
- uses: actions/checkout@v6.0.2
|
|
with:
|
|
submodules: recursive
|
|
- name: Install newer Clang
|
|
run: |
|
|
wget https://apt.llvm.org/llvm.sh
|
|
chmod +x ./llvm.sh
|
|
sudo ./llvm.sh 19
|
|
- name: Install scan-build command
|
|
run: |
|
|
sudo apt install clang-tools-19
|
|
- name: Get a recent python
|
|
uses: actions/setup-python@v6.2.0
|
|
with:
|
|
python-version: '3.11'
|
|
- name: Install dependencies
|
|
run: |
|
|
python -m venv venv
|
|
source venv/bin/activate
|
|
python -m pip install --upgrade pip -r requirements.txt
|
|
- name: scan-build
|
|
run: |
|
|
source venv/bin/activate
|
|
scan-build-19 --status-bugs -o scan-build-reports -disable-checker deadcode.DeadStores python setup.py build -y
|
|
- name: Store report
|
|
if: failure()
|
|
uses: actions/upload-artifact@v7.0.0
|
|
with:
|
|
name: scan-build-reports
|
|
path: scan-build-reports
|
|
compression-level: 9 # highly compressible
|
|
if-no-files-found: error
|