feat: add cppcheck static analysis #36
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Analysis | |
| on: | |
| push: | |
| branches: [ "master", "main", "devin/*" ] | |
| pull_request: | |
| jobs: | |
| cppcheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install dependencies | |
| run: | | |
| sudo dpkg --add-architecture i386 | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-multilib g++-multilib cppcheck | |
| - name: Configure CMake | |
| run: cmake -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON | |
| - name: Build | |
| run: cmake --build build | |
| - name: Run cppcheck | |
| run: | | |
| echo "Running static analysis with cppcheck..." | |
| echo "----------------------------------------" | |
| # Run cppcheck with specific checks enabled | |
| cppcheck \ | |
| --enable=all \ | |
| --check-level=exhaustive \ | |
| --inconclusive \ | |
| --std=c11 \ | |
| --force \ | |
| --inline-suppr \ | |
| --suppress=missingIncludeSystem \ | |
| --suppress=nullPointerRedundantCheck:*/n_cjson.c \ | |
| --template="{file}:{line}: {severity}: {id}: {message}" \ | |
| --max-configs=32 \ | |
| --check-library \ | |
| --debug-warnings \ | |
| . 2>&1 | tee cppcheck_output.txt | |
| echo "----------------------------------------" | |
| echo "Critical Issues:" | |
| echo "----------------------------------------" | |
| grep -E "error:|warning:" cppcheck_output.txt | grep -v "Checking " || true | |
| echo "----------------------------------------" | |
| echo "Other Issues:" | |
| echo "----------------------------------------" | |
| grep -E "style:|performance:|portability:|information:" cppcheck_output.txt | grep -v "Checking " || true | |
| echo "----------------------------------------" | |
| echo "Summary by Severity:" | |
| echo "----------------------------------------" | |
| for sev in error warning style performance portability information; do | |
| count=$(grep -c "${sev}:" cppcheck_output.txt || echo 0) | |
| [ "$count" -gt 0 ] && echo "${sev^^}: $count issues found" | |
| done | |
| # Exit with error if there are error-level issues | |
| if grep -q "error:" cppcheck_output.txt; then | |
| echo "----------------------------------------" | |
| echo "ERROR: Critical issues found. Please fix them before merging." | |
| exit 1 | |
| fi |