feat: add cppcheck static analysis #46
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Analysis | |
| on: | |
| push: | |
| branches: [ "master", "main", "devin/*" ] | |
| pull_request: | |
| jobs: | |
| cppcheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install dependencies | |
| run: | | |
| sudo dpkg --add-architecture i386 | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-multilib g++-multilib cppcheck | |
| - name: Configure CMake | |
| run: cmake -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON | |
| - name: Build | |
| run: cmake --build build | |
| - name: Run cppcheck | |
| shell: bash | |
| run: | | |
| set -o pipefail # Propagate pipe failures but don't exit immediately on error | |
| echo "Running static analysis with cppcheck..." | |
| echo "----------------------------------------" | |
| # Run cppcheck and capture its exit code | |
| cppcheck \ | |
| --enable=all \ | |
| --check-level=exhaustive \ | |
| --inconclusive \ | |
| --std=c11 \ | |
| --force \ | |
| --inline-suppr \ | |
| --suppress=missingIncludeSystem \ | |
| --suppress=nullPointerRedundantCheck:*/n_cjson.c \ | |
| --suppress=unusedFunction \ | |
| --suppress=unmatchedSuppression \ | |
| --suppress=style \ | |
| --suppress=information \ | |
| --template="{file}:{line}: {severity}: {id}: {message}" \ | |
| --max-configs=32 \ | |
| --check-library \ | |
| --debug-warnings \ | |
| --error-exitcode=1 \ | |
| . 2>&1 | tee cppcheck_output.txt | |
| CPPCHECK_EXIT_CODE=${PIPESTATUS[0]} | |
| echo "----------------------------------------" | |
| echo "Critical Issues:" | |
| echo "----------------------------------------" | |
| grep -E "error:|warning:" cppcheck_output.txt | grep -v "Checking " || true | |
| echo "----------------------------------------" | |
| echo "Other Issues:" | |
| echo "----------------------------------------" | |
| grep -E "style:|performance:|portability:|information:" cppcheck_output.txt | grep -v "Checking " || true | |
| echo "----------------------------------------" | |
| echo "Summary by Severity:" | |
| echo "----------------------------------------" | |
| for sev in error warning style performance portability information; do | |
| count=$(grep -c "${sev}:" cppcheck_output.txt || echo 0) | |
| [ "$count" -gt 0 ] && echo "${sev^^}: $count issues found" | |
| done | |
| # Exit with cppcheck's status code after showing the summary | |
| if [ $CPPCHECK_EXIT_CODE -ne 0 ]; then | |
| echo "----------------------------------------" | |
| echo "ERROR: Critical issues found. Build will fail." | |
| exit $CPPCHECK_EXIT_CODE | |
| fi |