whisperity/codechecker-analysis-action
0
0
Fork 0
mirror of https://github.com/whisperity/CodeChecker-Action.git synced 2026-02-09 22:57:45 +00:00
Code Issues Packages Projects Releases Wiki Activity

feat: Do not break the build internally if there were reports, but instruct the user how to do it themselves

Browse Source
This commit is contained in:
Whisperity
2021-11-30 15:10:38 +01:00
parent 790fee122b
commit a3612b27c9
5 changed files with 116 additions and 43 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
.github/workflows/test.yml vendored
View File

@@ -98,8 +98,8 @@ jobs:
- name: "Reject test if previous step did not produce CTU finding"
run: cat ${{ steps.codechecker.outputs.result-log }} | grep "Dereference of null pointer"
fail-on-error:
name: "Parse: Fail the build on error"
reports-errors:
name: "Parse: Findings are reported"
runs-on: ubuntu-20.04
steps:
- uses: actions/checkout@v2
@@ -109,15 +109,14 @@ jobs:
continue-on-error: true
with:
logfile: 'test/simple/compile_commands.json'
fail-build-if-reports: true
# FIXME: 6.18 release on PyPI is broken when it comes to the "parse"
# command. See Ericsson/CodeChecker#3515.
install-custom: true
version: "v6.18.0"
- name: "Reject test if previous step did not fail"
if: ${{ steps.codechecker.outcome != 'failure' }}
- name: "Reject test if output isn't as expected"
if: ${{ steps.codechecker.outputs.warnings != 'true' }}
run: |
echo "::error title=fail-on-error test passed::Expected the 'parse' step to breka the build."
echo "::error title=fail-on-error test passed::Expected the 'parse' step to report findings."
exit 1
parse-html:
@@ -209,5 +208,5 @@ jobs:
docker-compose down
docker ps -a
- name: "Fail the build if the test execution failed"
if: ${{ steps.test.outcome == 'failure' || steps.codechecker.outcome == 'failure' }}
if: ${{ steps.test.outcome == 'failure' || steps.codechecker.outcome == 'failure' || steps.codechecker.outputs.store-successful != 'true' }}
run: exit 1

96
README.md
View File

@@ -25,10 +25,12 @@ Please ensure that your project is completely configured for a build before exec
**Note:** Static analysers can rely on additional information that is optimised out in a true release build.
Hence, it's recommended to configure your project in a **`Debug`** configuration.
### Specifying the project to analyse
Add the job into your CI as follows.
The two versions are mutually exclusive — you either can give a compilation database, or you instruct CodeChecker to create one.
### Projects that can generate a [JSON Compilation Database](http://clang.llvm.org/docs/JSONCompilationDatabase.html) and build cleanly (no generated code)
#### Projects that can generate a [JSON Compilation Database](http://clang.llvm.org/docs/JSONCompilationDatabase.html) and build cleanly (no generated code)
Some projects are trivial enough in their build configuration that no additional steps need to be taken after executing `configure.sh`, `cmake`, or similar tools.
If you are able to generate a _compilation database_ from your build system **without** running the build itself, you can save some time, and go to the analysis immediately.
@@ -62,7 +64,7 @@ runs:
path: ${{ steps.codechecker.outputs.result-html-dir }}
```
### Projects that need to self-creating a *JSON Compilation Database* or require generated code
#### Projects that need to self-creating a *JSON Compilation Database* or require generated code
Other kinds of projects might rely heavily on _generated code_.
When looking at the source code of these projects **without** a build having been executed beforehand, they do not compile — as such, analysis cannot be executed either.
@@ -98,6 +100,83 @@ runs:
path: ${{ steps.codechecker.outputs.result-html-dir }}
```
### Breaking the build if there are static analysis warnings
If requested, the _`warnings`_ output variable can be matched against to execute a step in the job which breaks the entire job if **any** static analysis warnings were emitted by the project.
**Note:** Due to static analysis being potentially noisy and the reports being unwieldy to fix, the default behaviour and recommendation is to only report the findings but do not break the entire CI.
To get the reports in a human-consumable form, they must be uploaded somewhere first, before the failure step fails the entire job!
```yaml
runs:
steps:
# Check YOUR project out!
- name: "Check out repository"
uses: actions/checkout@v2
# Prepare a build
- name: "Prepare build"
run: |
mkdir -pv Build
cd Build
cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_EXPORT_COMPILE_COMMANDS=OFF
# Run the analysis
- uses: whisperity/codechecker-analysis-action
id: codechecker
with:
build-command: "cd ${{ github.workspace }}/Build; cmake --build ."
# Upload the results to the CI.
- uses: actions/upload-artifact@v2
with:
name: "CodeChecker Bug Reports"
path: ${{ steps.codechecker.outputs.result-html-dir }}
# Break the build if there are *ANY* warnings emitted by the analysers.
- name: "Break build if CodeChecker reported any findings"
if: ${{ steps.codechecker.outputs.warnings == 'true' }}
run: exit 1
```
### Uploading results to a CodeChecker server
If your project hosts a CodeChecker server somewhere, the job can be configured
to automatically create or update a run.
```yaml
runs:
steps:
# Check YOUR project out!
- name: "Check out repository"
uses: actions/checkout@v2
# Prepare a build
- name: "Prepare build"
run: |
mkdir -pv Build
cd Build
cmake .. -DCMAKE_BUILD_TYPE=Debug -DCMAKE_EXPORT_COMPILE_COMMANDS=OFF
# Run the analysis
- uses: whisperity/codechecker-analysis-action
id: codechecker
with:
build-command: "cd ${{ github.workspace }}/Build; cmake --build ."
store: true
store-url: 'http://example.com:8001/MyProject'
store-username: ${{ secrets.CODECHECKER_STORE_USER }}
store-password: ${{ secrets.CODECHECKER_STORE_PASSWORD }}
# Upload the results to the CI.
- uses: actions/upload-artifact@v2
with:
name: "CodeChecker Bug Reports"
path: ${{ steps.codechecker.outputs.result-html-dir }}
```
## Action configuration
@@ -127,7 +206,6 @@ runs:
🔖 Read more about [`CodeChecker analyze`](http://codechecker.readthedocs.io/en/latest/analyzer/user_guide/#analyze) in the official documentation.
| Variable | Default | Description |
|------------------|------------------|--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `analyze-output` | (auto-generated) | The directory where the **raw** analysis output should be stored. |
@@ -137,19 +215,10 @@ runs:
🔖 Read more about [`CodeChecker parse`](http://codechecker.readthedocs.io/en/latest/analyzer/user_guide/#parse) in the official documentation.
**Note:** Due to static analysis being potentially noisy and the reports being unwieldy to fix, the default behaviour is to only report the findings but do not break the CI.
| Variable | Default | Description |
|-------------------------|---------|---------------------------------------------------------------------------------------------------|
| `fail-build-if-reports` | `false` | If set to `true`, the build will be set to broken if the static analysers reports _any_ findings. |
### Store settings
🔖 Read more about [`CodeChecker store`](http://codechecker.readthedocs.io/en/latest/web/user_guide/#store) in the official documentation.
| Variable | Default | Description |
|------------------|---------------------------------------------------------|---------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------------|
| `store` | `false` | If set to `true`, the script will upload the findings to a CodeChecker server. Usually, other flags need to be configured too! |
@@ -163,10 +232,11 @@ runs:
The action exposes the following outputs which may be used in a workflow's steps succeeding the analysis.
| Variable | Value | Description |
|-------------------|-------------------------------------------|----------------------------------------------------------------------------------------------|
|--------------------|-------------------------------------------|----------------------------------------------------------------------------------------------------------------------|
| `analyze-output` | Auto-generated, or `analyze-output` input | The directory where the **raw** analysis output files are available. |
| `logfile` | Auto-generated, or `logfile` input | The JSON Compilation Database of the analysis that was executed. |
| `result-html-dir` | Auto-generated. | The directory where the **user-friendly HTML** bug reports were generated to. |
| `result-log` | Auto-generated. | `CodeChecker parse`'s output log file which contains the findings dumped into it. |
| `store-run-name` | Auto-generated, or `store-run-name` input | The name of the analysis run (if `store` was enabled) to which the results were uploaded to. |
| `store-successful` | `true` or `false` | Whether storing the results succeeded. Useful for optionally breaking the build later to detect networking failures. |
| `warnings` | `true` or `false` | Whether the static analysers reported any findings. |

16
action.yml
View File

@@ -43,11 +43,6 @@ inputs:
required: true
default: 'false'
fail-build-if-reports:
description: 'Whether to fail the build if static analysis warnings are emitted.'
required: true
default: 'false'
store:
description: 'Whether to enable storing the results to a CodeChecker server. If enabled, other flags, such as "store-url" must also be set.'
required: true
@@ -88,6 +83,9 @@ outputs:
store-run-name:
description: 'The name of the analysis run that the results were uploaded to.'
value: ${{ steps.store-pre.outputs.RUN_NAME }}
store-successful:
description: 'Whether storing the analysis results to the configured server was successful. Useful for breaking the build in a later step if the store action is deemed mandatory.'
value: ${{ steps.store.outputs.SUCCESS }}
runs:
using: "composite"
@@ -159,18 +157,10 @@ runs:
RAW_RESULT_DIR: ${{ steps.analyze.outputs.OUTPUT_DIR }}
IN_CONFIGFILE: ${{ inputs.config }}
IN_FAIL_IF_REPORTS: ${{ inputs.fail-build-if-reports }}
IN_OUTPUT_DIR: ${{ inputs.analyze-output }}
shell: bash
run: ${{ github.action_path }}/src/parse-results.sh
- name: "Fail the build if requested and warnings detected"
if: ${{ steps.parse.outputs.HAS_FINDINGS == 'true' && inputs.fail-build-if-reports == 'true' }}
shell: bash
run: |
echo "Static analysis reported warnings, and user requested build breaking."
exit 1
- name: "Generate the configuration for uploading results"
id: store-pre
if: ${{ inputs.store == 'true' }}

8
src/parse-results.sh
View File

@@ -41,14 +41,16 @@ EXIT_CODE=$?
echo "::set-output name=OUTPUT_LOG::$OUTPUT_LOG"
if [[ "$EXIT_CODE" == "2" ]]; then
if [[ $EXIT_CODE == "2" ]]; then
echo "::set-output name=HAS_FINDINGS::true"
# Let the jobs continue. If there were failures, the action script will break
# Let the jobs continue. If there were failures, the script may be breaking
# the build in a later step. (After a potential upload to server.)
EXIT_CODE=0
else
elif [[ $EXIT_CODE == 0 ]]; then
echo "::set-output name=HAS_FINDINGS::false"
fi
# Exit code 1 is internal error of executing the step.
exit $EXIT_CODE

12
src/store.sh
View File

@@ -40,3 +40,15 @@ fi
--trim-path-prefix "$PROJECT_PATH" \
$RUN_TAG_FLAG_1 $RUN_TAG_FLAG_2 \
$CONFIG_FLAG_1 $CONFIG_FLAG_2
SUCCESS=$?
if [[ $SUCCESS -ne 0 ]]; then
echo "::warning title=Storing results failed::Executing 'CodeChecker store' to upload analysis results to the server has failed. The logs usually provide more information."
echo "::set-output name=SUCCESS::false"
else
echo "::set-output name=SUCCESS::true"
fi
# Always return 0 from this step. The user can decide if storage is mandatory
# and break the build later.
exit 0