-
-
Notifications
You must be signed in to change notification settings - Fork 426
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #1375 from rakshasa/fix/github-workflows
Added separate workflow for clang-tidy static analysis.
- Loading branch information
Showing
3 changed files
with
163 additions
and
66 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,93 @@ | ||
| # Secure workflow with access to repository secrets and GitHub token for posting analysis results | ||
| name: Post the static analysis results | ||
|
|
||
| on: | ||
| workflow_run: | ||
| workflows: [ "Static analysis" ] | ||
| types: [ completed ] | ||
|
|
||
| jobs: | ||
| clang-tidy-results: | ||
| # Trigger the job only if the previous (insecure) workflow completed successfully | ||
| if: ${{ github.event.workflow_run.event == 'pull_request' && github.event.workflow_run.conclusion == 'success' }} | ||
| runs-on: ubuntu-22.04 | ||
| permissions: | ||
| pull-requests: write | ||
| # OPTIONAL: auto-closing conversations requires the `contents` permission | ||
| contents: write | ||
| steps: | ||
| - name: Download analysis results | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const artifacts = await github.rest.actions.listWorkflowRunArtifacts({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| run_id: ${{ github.event.workflow_run.id }}, | ||
| }); | ||
| const matchArtifact = artifacts.data.artifacts.filter((artifact) => { | ||
| return artifact.name == "clang-tidy-result" | ||
| })[0]; | ||
| const download = await github.rest.actions.downloadArtifact({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| artifact_id: matchArtifact.id, | ||
| archive_format: "zip", | ||
| }); | ||
| const fs = require("fs"); | ||
| fs.writeFileSync("${{ github.workspace }}/clang-tidy-result.zip", Buffer.from(download.data)); | ||
| - name: Extract analysis results | ||
| run: | | ||
| mkdir clang-tidy-result | ||
| unzip -j clang-tidy-result.zip -d clang-tidy-result | ||
| - name: Set environment variables | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const assert = require("node:assert").strict; | ||
| const fs = require("fs"); | ||
| function exportVar(varName, fileName, regEx) { | ||
| const val = fs.readFileSync("${{ github.workspace }}/clang-tidy-result/" + fileName, { | ||
| encoding: "ascii" | ||
| }).trimEnd(); | ||
| assert.ok(regEx.test(val), "Invalid value format for " + varName); | ||
| core.exportVariable(varName, val); | ||
| } | ||
| exportVar("PR_ID", "pr-id.txt", /^[0-9]+$/); | ||
| exportVar("PR_HEAD_REPO", "pr-head-repo.txt", /^[-./0-9A-Z_a-z]+$/); | ||
| exportVar("PR_HEAD_SHA", "pr-head-sha.txt", /^[0-9A-Fa-f]+$/); | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| repository: ${{ env.PR_HEAD_REPO }} | ||
| ref: ${{ env.PR_HEAD_SHA }} | ||
| persist-credentials: false | ||
| - name: Redownload analysis results | ||
| uses: actions/github-script@v7 | ||
| with: | ||
| script: | | ||
| const artifacts = await github.rest.actions.listWorkflowRunArtifacts({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| run_id: ${{ github.event.workflow_run.id }}, | ||
| }); | ||
| const matchArtifact = artifacts.data.artifacts.filter((artifact) => { | ||
| return artifact.name == "clang-tidy-result" | ||
| })[0]; | ||
| const download = await github.rest.actions.downloadArtifact({ | ||
| owner: context.repo.owner, | ||
| repo: context.repo.repo, | ||
| artifact_id: matchArtifact.id, | ||
| archive_format: "zip", | ||
| }); | ||
| const fs = require("fs"); | ||
| fs.writeFileSync("${{ github.workspace }}/clang-tidy-result.zip", Buffer.from(download.data)); | ||
| - name: Extract analysis results | ||
| run: | | ||
| mkdir clang-tidy-result | ||
| unzip -j clang-tidy-result.zip -d clang-tidy-result | ||
| - name: Run clang-tidy-pr-comments action | ||
| uses: platisd/clang-tidy-pr-comments@v1 | ||
| with: | ||
| github_token: ${{ secrets.GITHUB_TOKEN }} | ||
| clang_tidy_fixes: clang-tidy-result/fixes.yml | ||
| pull_request_id: ${{ env.PR_ID }} |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -0,0 +1,56 @@ | ||
| name: Static analysis | ||
|
|
||
| on: pull_request | ||
|
|
||
| jobs: | ||
|
|
||
| unit-tests: | ||
| runs-on: ubuntu-22.04 | ||
|
|
||
| steps: | ||
| - name: Update Packages | ||
| run: | | ||
| sudo apt-get update | ||
| - name: Fetch libtorrent | ||
| run: | | ||
| git clone https://github.com/rakshasa/libtorrent | ||
| - name: Build libtorrent | ||
| run: | | ||
| cd libtorrent | ||
| libtoolize | ||
| aclocal -I scripts | ||
| autoconf -i | ||
| autoheader | ||
| automake --add-missing | ||
| ./configure | ||
| make | ||
| sudo make install | ||
| cd .. | ||
| rm -rf libtorrent | ||
| - uses: actions/checkout@v4 | ||
| with: | ||
| ref: ${{ github.event.pull_request.head.sha }} | ||
| fetch-depth: 0 | ||
| - name: Fetch base branch | ||
| run: | | ||
| git remote add upstream "https://github.com/${{ github.event.pull_request.base.repo.full_name }}" | ||
| git fetch --no-tags --no-recurse-submodules upstream "${{ github.event.pull_request.base.ref }}" | ||
| - name: Install Dependencies | ||
| run: | | ||
| sudo apt-get install -y \ | ||
| libcppunit-dev \ | ||
| libcurl4-openssl-dev | ||
| - name: Configure Project | ||
| run: | | ||
| libtoolize | ||
| aclocal -I scripts | ||
| autoconf -i | ||
| autoheader | ||
| automake --add-missing | ||
| ./configure | ||
| - name: Build Project | ||
| run: | | ||
| make | ||
| - name: Run Unit Tests | ||
| run: | | ||
| make check |