codechecker-analysis-action/action.yml

name: 'CodeChecker Static Analysis'
author: 'Whisperity'
description: 'Execute C/C++ static analysis of LLVM/Clang (Clang Static Analyzer and Clang-Tidy) driven via CodeChecker.'
branding:
  icon: 'tool'
  color: 'blue'

inputs:
  install-custom:
    description: 'Whether to download, check out, and build a CodeChecker package manually in the CI.'
    required: true
    default: 'false'
  repository:
    description: 'The CodeChecker repository to check out and build from.'
    required: true
    default: 'Ericsson/CodeChecker'
  version:
    description: 'The version of the CodeChecker suite to obtain and execute. Might be a Git commit SHA, a branch name, or a tag if building a custom package, or a release version if downloading from PyPI. If "master" and downloading from PyPI, fetch the latest release.'
    required: true
    default: 'master'
  llvm-version:
    description: 'The major version of LLVM to install and use. LLVM is installed from PPA. If "latest", automatically gather the latest version. If "ignore", do not install anything. (Not recommended)'
    required: true
    default: 'latest'

  config:
    description: 'The CodeChecker configuration JSON that contains for each CodeChecker action (analyze, parse, ...) the list of flags that should be appended to the invocation of the command.'
    required: false

  logfile:
    description: 'The location of the JSON Compilation Database for the project. This file describes how the project is compiled, and thus how it should be analysed. Mutually exclusive with "build-command".'
    required: false
  build-command:
    description: 'The build command to execute and log for the creation of a JSON Compilation Database. Mutually exclusive with "logfile".'
    required: false

  analyze-output:
    description: 'The output directory where the raw analysis output should be stored. If left the default empty, the path will be generated automatically.'
    required: false
    default: ''
  ctu:
    description: 'Whether to enable Cross Translation Unit (CTU) analysis in the Clang Static Analyzer.'
    required: true
    default: 'false'

  store:
    description: 'Whether to enable storing the results to a CodeChecker server. If enabled, other flags, such as "store-url" must also be set.'
    required: true
    default: 'false'
  store-url:
    description: 'The CodeChecker product URL (usually in the format of http://example.com/ProductName) where the store should connect to. Mandatory if "store" is true.'
    required: false
  store-username:
    description: 'If the server requires authentication, the username to authenticate with.'
    required: false
  store-password:
    description: 'The password (or generated private access token) corresponding to the user.'
    required: false
  store-run-name:
    description: 'An identifying name of the analysis run. A run usually correlates to a set of configuration, e.g. analysis mode, branch, etc. If left default, the name is automatically generated from the current repository and branch name.'
    required: true
    default: '__DEFAULT__'

outputs:
  logfile:
    description: 'The location of the JSON Compilation Database that was used for the analysis.'
    value: ${{ steps.log.outputs.COMPILATION_DATABASE }}

  analyze-output:
    description: 'The output directory where the raw analysis output was stored to.'
    value: ${{ steps.analyze.outputs.OUTPUT_DIR }}

  warnings:
    description: 'Whether the static analyser(s) reported any findings.'
    value: ${{ steps.parse.outputs.HAS_FINDINGS }}
  result-log:
    description: 'The file where the output of CodeChecker parse is written to verbatim.'
    value: ${{ steps.parse.outputs.OUTPUT_LOG }}
  result-html-dir:
    description: 'The output directory where the user-friendly HTML reports were stored to.'
    value: ${{ steps.parse.outputs.HTML_DIR }}

  store-run-name:
    description: 'The name of the analysis run that the results were uploaded to.'
    value: ${{ steps.store-pre.outputs.RUN_NAME }}
  store-successful:
    description: 'Whether storing the analysis results to the configured server was successful. Useful for breaking the build in a later step if the store action is deemed mandatory.'
    value: ${{ steps.store.outputs.SUCCESS }}

runs:
  using: "composite"
  steps:
    - name: "Check out repository ${{ inputs.repository }}"
      uses: actions/checkout@v2
      if: ${{ inputs.install-custom == 'true' }}
      with:
        path: CodeChecker
        repository: ${{ inputs.repository }}
        ref: ${{ inputs.version }}

    - name: "Install LLVM (${{ inputs.llvm-version }})"
      id: llvm
      if: ${{ inputs.llvm-version != 'ignore' }}
      env:
        IN_LLVM_VERSION: ${{ inputs.llvm-version }}
      shell: bash
      run: ${{ github.action_path }}/src/get-llvm.sh

    - name: "Build and Package CodeChecker"
      id: codechecker
      env:
        CODECHECKER_WILL_USE_WEB_API: ${{ inputs.store == 'true' }}

        IN_INSTALL_CUSTOM: ${{ inputs.install-custom }}
        IN_VERSION: ${{ inputs.version }}
      shell: bash
      run: |
        set -x
        if [[ "$IN_INSTALL_CUSTOM" == "true" ]]; then
          ${{ github.action_path }}/src/build-codechecker.sh
        else
          ${{ github.action_path }}/src/pip-codechecker.sh
        fi

    - name: "Prepare JSON Compilation Database"
      id: log
      env:
        ACTION_NAME: ${{ github.action }}
        CODECHECKER_PATH: ${{ steps.codechecker.outputs.PATH }}

        IN_LOGFILE: ${{ inputs.logfile }}
        IN_COMMAND: ${{ inputs.build-command }}

        OUT_FILE: ${{ github.workspace }}/${{ github.action }}_codechecker_compilation_database.json
      shell: bash
      run: ${{ github.action_path }}/src/get-or-create-build-json.sh

    - name: "Execute static analysis"
      id: analyze
      env:
        ACTION_NAME: ${{ github.action }}
        CODECHECKER_PATH: ${{ steps.codechecker.outputs.PATH }}
        COMPILATION_DATABASE: ${{ steps.log.outputs.COMPILATION_DATABASE }}

        IN_CONFIGFILE: ${{ inputs.config }}
        IN_CTU: ${{ inputs.ctu }}
        IN_FLAGS: ${{ inputs.analyze-options }}
        IN_OUTPUT_DIR: ${{ inputs.analyze-output }}
      shell: bash
      run: ${{ github.action_path }}/src/execute-analysis.sh

    - name: "Parse and convert results"
      id: parse
      env:
        PROJECT_PATH: ${{ github.workspace }}
        CODECHECKER_PATH: ${{ steps.codechecker.outputs.PATH }}
        RAW_RESULT_DIR: ${{ steps.analyze.outputs.OUTPUT_DIR }}

        IN_CONFIGFILE: ${{ inputs.config }}
        IN_OUTPUT_DIR: ${{ inputs.analyze-output }}
      shell: bash
      run: ${{ github.action_path }}/src/parse-results.sh

    - name: "Generate the configuration for uploading results"
      id: store-pre
      if: ${{ inputs.store == 'true' }}
      env:
        IN_STORE_URL: ${{ inputs.store-url }}
        IN_STORE_USERNAME: ${{ inputs.store-username }}
        IN_STORE_PASSWORD: ${{ inputs.store-password }}
        IN_STORE_RUN_NAME: ${{ inputs.store-run-name }}

        GITHUB_REPOSITORY: ${{ github.repository }}
        GITHUB_REF_NAME: ${{ github.ref_name }}
        GITHUB_REF_TYPE: ${{ github.ref_type }}
        GITHUB_SHA: ${{ github.sha }}
      shell: bash
      run: ${{ github.action_path }}/src/store-pre.sh

    - name: "Store analysis results to server"
      id: store
      if: ${{ steps.store-pre.outputs.STORE_CONFIGURED == 'true' }}
      env:
        PROJECT_PATH: ${{ github.workspace }}
        CODECHECKER_PATH: ${{ steps.codechecker.outputs.PATH }}
        CODECHECKER_STORE_RUN_NAME: ${{ steps.store-pre.outputs.RUN_NAME }}
        CODECHECKER_STORE_RUN_TAG: ${{ steps.store-pre.outputs.RUN_TAG }}
        RAW_RESULT_DIR: ${{ steps.analyze.outputs.OUTPUT_DIR }}

        IN_CONFIGFILE: ${{ inputs.config }}
        IN_STORE_URL: ${{ inputs.store-url }}
      shell: bash
      run: ${{ github.action_path }}/src/store.sh