feat: add cppcheck static analysis #44
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Analysis | |
| on: | |
| push: | |
| branches: [ "master", "main", "devin/*" ] | |
| pull_request: | |
| jobs: | |
| cppcheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install dependencies | |
| run: | | |
| sudo dpkg --add-architecture i386 | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-multilib g++-multilib cppcheck | |
| - name: Configure CMake | |
| run: cmake -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON | |
| - name: Build | |
| run: cmake --build build | |
| - name: Run cppcheck | |
| shell: bash | |
| run: | | |
| set -eo pipefail # Exit on error and propagate pipe failures | |
| echo "Running static analysis with cppcheck..." | |
| echo "----------------------------------------" | |
| # Run cppcheck with specific checks enabled | |
| cppcheck \ | |
| --enable=all \ | |
| --check-level=exhaustive \ | |
| --inconclusive \ | |
| --std=c11 \ | |
| --force \ | |
| --inline-suppr \ | |
| --suppress=missingIncludeSystem \ | |
| --suppress=nullPointerRedundantCheck:*/n_cjson.c \ | |
| --suppress=unusedFunction \ | |
| --suppress=unmatchedSuppression \ | |
| --suppress=style \ | |
| --suppress=information \ | |
| --template="{file}:{line}: {severity}: {id}: {message}" \ | |
| --max-configs=32 \ | |
| --check-library \ | |
| --debug-warnings \ | |
| --error-exitcode=1 \ | |
| . 2>&1 | tee cppcheck_output.txt | |
| # Use cppcheck's exit code | |
| exit ${PIPESTATUS[0]} | |
| echo "----------------------------------------" | |
| echo "Critical Issues:" | |
| echo "----------------------------------------" | |
| grep -E "error:|warning:" cppcheck_output.txt | grep -v "Checking " || true | |
| echo "----------------------------------------" | |
| echo "Other Issues:" | |
| echo "----------------------------------------" | |
| grep -E "style:|performance:|portability:|information:" cppcheck_output.txt | grep -v "Checking " || true | |
| echo "----------------------------------------" | |
| echo "Summary by Severity:" | |
| echo "----------------------------------------" | |
| for sev in error warning style performance portability information; do | |
| count=$(grep -c "${sev}:" cppcheck_output.txt || echo 0) | |
| [ "$count" -gt 0 ] && echo "${sev^^}: $count issues found" | |
| done | |
| # Show error summary but don't fail the build | |
| if grep -q "error:" cppcheck_output.txt; then | |
| echo "----------------------------------------" | |
| echo "NOTE: Critical issues found. These should be reviewed but won't block merging." | |
| fi |