mirror of
https://github.com/fergalmoran/ladybird.git
synced 2026-01-07 17:15:26 +00:00
e5f361500e
Unfortunately a composite action cannot have a `post:` step like JavaScript actions are allowed to have, so we need to explicitly call the post/save actions ourselves from the workflow file when we want to save Toolchain/QEMU/ccache caches. Co-Authored-By: Timothy Flynn <trflynn89@pm.me>
126 lines
5.7 KiB
YAML
126 lines
5.7 KiB
YAML
name: Sonar Cloud Static Analysis
|
|
on:
|
|
# Automatically run at the end of every day.
|
|
schedule:
|
|
- cron: '0 0 * * *'
|
|
|
|
env:
|
|
SERENITY_CCACHE_DIR: ${{ github.workspace }}/.ccache
|
|
TOOLCHAIN_CCACHE_DIR: ${{ github.workspace }}/Toolchain/.ccache
|
|
|
|
jobs:
|
|
build:
|
|
name: Static Analysis
|
|
runs-on: ubuntu-22.04
|
|
if: always() && github.repository == 'SerenityOS/serenity' && github.ref == 'refs/heads/master'
|
|
env:
|
|
# Latest scanner version is tracked on: https://docs.sonarcloud.io/advanced-setup/ci-based-analysis/sonarscanner-cli/
|
|
SONAR_SCANNER_VERSION: 4.7.0.2747
|
|
SONAR_SERVER_URL: "https://sonarcloud.io"
|
|
SONAR_ANALYSIS_ARCH: x86_64
|
|
steps:
|
|
- uses: actions/checkout@v4
|
|
with:
|
|
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
|
|
|
|
# Install JDK for sonar-scanner
|
|
- name: Set up JDK 11
|
|
uses: actions/setup-java@v4
|
|
with:
|
|
distribution: 'temurin'
|
|
java-version: 11
|
|
|
|
- name: Download and set up sonar-scanner
|
|
env:
|
|
SONAR_SCANNER_DOWNLOAD_URL: https://binaries.sonarsource.com/Distribution/sonar-scanner-cli/sonar-scanner-cli-${{ env.SONAR_SCANNER_VERSION }}-linux.zip
|
|
if: steps.sonarcloud-cache.outputs.cache-hit != 'true'
|
|
run: |
|
|
mkdir -p $HOME/.sonar
|
|
curl -sSLo $HOME/.sonar/sonar-scanner.zip ${{ env.SONAR_SCANNER_DOWNLOAD_URL }}
|
|
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
|
|
rm $HOME/.sonar/sonar-scanner.zip
|
|
|
|
- name: Configure sonar-scanner
|
|
run: |
|
|
echo "$HOME/.sonar/sonar-scanner-${{ env.SONAR_SCANNER_VERSION }}-linux/bin" >> $GITHUB_PATH
|
|
echo "sonar.projectKey=SerenityOS_serenity" >> ${{ github.workspace }}/sonar-project.properties
|
|
echo "sonar.projectVersion=${{ github.sha }}" >> ${{ github.workspace }}/sonar-project.properties
|
|
echo "sonar.organization=serenityos" >> ${{ github.workspace }}/sonar-project.properties
|
|
echo "sonar.cfamily.compile-commands=${{ github.workspace }}/Build/${{ env.SONAR_ANALYSIS_ARCH }}/compile_commands.json" >> ${{ github.workspace }}/sonar-project.properties
|
|
echo "sonar.exclusions=Userland/Libraries/LibWasm/Parser/Parser.cpp" >> ${{ github.workspace }}/sonar-project.properties
|
|
echo "sonar.host.url=${{ env.SONAR_SERVER_URL }}" >> ${{ github.workspace }}/sonar-project.properties
|
|
echo "sonar.sources=AK,Build,Userland,Kernel,Meta" >> ${{ github.workspace }}/sonar-project.properties
|
|
echo "sonar.tests=Tests" >> ${{ github.workspace }}/sonar-project.properties
|
|
echo "sonar.python.version=3.7, 3.8, 3.9" >> ${{ github.workspace }}/sonar-project.properties
|
|
|
|
# === OS SETUP ===
|
|
|
|
- name: "Set up environment"
|
|
uses: ./.github/actions/setup
|
|
with:
|
|
os: 'Serenity'
|
|
arch: ${{ env.SONAR_ANALYSIS_ARCH }}
|
|
|
|
- name: Restore Caches
|
|
uses: ./.github/actions/cache-restore
|
|
id: 'cache-restore'
|
|
with:
|
|
os: 'Serenity'
|
|
arch: ${{ env.SONAR_ANALYSIS_ARCH }}
|
|
toolchain: 'GNU'
|
|
cache_key_extra: 'Static Analysis'
|
|
serenity_ccache_path: ${{ env.SERENITY_CCACHE_DIR }}
|
|
toolchain_ccache_path: ${{ env.TOOLCHAIN_CCACHE_DIR }}
|
|
download_cache_path: ${{ github.workspace }}/Build/caches
|
|
|
|
- name: Build toolchain
|
|
if: ${{ !steps.toolchain-cache.outputs.cache-hit }}
|
|
run: ARCH="${{ env.SONAR_ANALYSIS_ARCH }}" ${{ github.workspace }}/Toolchain/BuildGNU.sh
|
|
env:
|
|
CCACHE_DIR: ${{ env.TOOLCHAIN_CCACHE_DIR }}
|
|
|
|
- name: Create build environment
|
|
working-directory: ${{ github.workspace }}
|
|
run: |
|
|
cmake -S Meta/CMake/Superbuild -B Build/superbuild -GNinja \
|
|
-DSERENITY_ARCH=${{ env.SONAR_ANALYSIS_ARCH }} \
|
|
-DSERENITY_TOOLCHAIN=GNU \
|
|
-DCMAKE_C_COMPILER=gcc-13 \
|
|
-DCMAKE_CXX_COMPILER=g++-13 \
|
|
-DENABLE_PCI_IDS_DOWNLOAD=OFF \
|
|
-DENABLE_USB_IDS_DOWNLOAD=OFF \
|
|
-DSERENITY_CACHE_DIR=${{ github.workspace }}/Build/caches
|
|
env:
|
|
CCACHE_DIR: ${{ env.SERENITY_CCACHE_DIR }}
|
|
|
|
- name: Build generated sources so they are available for analysis.
|
|
working-directory: ${{ github.workspace }}
|
|
# Note: The superbuild will create the Build/arch directory when doing the
|
|
# configure step for the serenity ExternalProject, as that's the configured
|
|
# binary directory for that project.
|
|
run: |
|
|
ninja -C Build/superbuild serenity-configure
|
|
cmake -B Build/${{ env.SONAR_ANALYSIS_ARCH }} -DCMAKE_EXPORT_COMPILE_COMMANDS=ON
|
|
ninja -C Build/${{ env.SONAR_ANALYSIS_ARCH }} all_generated
|
|
env:
|
|
CCACHE_DIR: ${{ env.SERENITY_CCACHE_DIR }}
|
|
|
|
- name: Save Caches
|
|
uses: ./.github/actions/cache-save
|
|
with:
|
|
arch: ${{ matrix.arch }}
|
|
serenity_ccache_path: ${{ env.SERENITY_CCACHE_DIR }}
|
|
serenity_ccache_primary_key: ${{ steps.cache-restore.outputs.serenity_ccache_primary_key }}
|
|
toolchain_ccache_path: ${{ env.TOOLCHAIN_CCACHE_DIR }}
|
|
toolchain_ccache_primary_key: ${{ steps.cache-restore.outputs.toolchain_ccache_primary_key }}
|
|
toolchain_prebuilt_path: ${{ steps.cache-restore.outputs.toolchain_prebuilt_path }}
|
|
toolchain_prebuilt_primary_key: ${{ steps.cache-restore.outputs.toolchain_prebuilt_primary_key }}
|
|
toolchain_prebuilt_hit: ${{ steps.cache-restore.outputs.toolchain_prebuilt_hit }}
|
|
|
|
- name: Run sonar-scanner, upload results
|
|
env:
|
|
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
|
|
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
|
|
run: |
|
|
sonar-scanner
|