feat: add cppcheck static analysis #48
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Static Analysis | |
| on: | |
| push: | |
| branches: [ "master", "main", "devin/*" ] | |
| pull_request: | |
| jobs: | |
| cppcheck: | |
| runs-on: ubuntu-latest | |
| steps: | |
| - uses: actions/checkout@v3 | |
| - name: Install dependencies | |
| run: | | |
| sudo dpkg --add-architecture i386 | |
| sudo apt-get update | |
| sudo apt-get install -y gcc-multilib g++-multilib cppcheck | |
| - name: Configure CMake | |
| run: cmake -B build -DCMAKE_EXPORT_COMPILE_COMMANDS=ON | |
| - name: Build | |
| run: cmake --build build | |
| - name: Run cppcheck | |
| shell: bash | |
| run: | | |
| set -o pipefail | |
| echo "=== Running Static Analysis ===" | |
| echo | |
| # Run cppcheck and capture output | |
| cppcheck \ | |
| --enable=all \ | |
| --check-level=exhaustive \ | |
| --inconclusive \ | |
| --std=c11 \ | |
| --force \ | |
| --inline-suppr \ | |
| --suppress=missingIncludeSystem \ | |
| --suppress=nullPointerRedundantCheck:*/n_cjson.c \ | |
| --suppress=unusedFunction \ | |
| --suppress=unmatchedSuppression \ | |
| --suppress=style \ | |
| --suppress=information \ | |
| --template="{file}:{line}: {severity}: {id}: {message}" \ | |
| --max-configs=32 \ | |
| --check-library \ | |
| --debug-warnings \ | |
| --error-exitcode=1 \ | |
| . 2>&1 | tee cppcheck_output.txt | |
| CPPCHECK_EXIT_CODE=${PIPESTATUS[0]} | |
| # Generate comprehensive summary | |
| { | |
| echo "=== Static Analysis Summary ===" | |
| echo | |
| echo "Critical Issues (Errors & Warnings):" | |
| echo "-----------------------------------" | |
| grep -E "error:|warning:" cppcheck_output.txt | grep -v "Checking " | \ | |
| awk -F': ' '{printf "%-40s %s\n", $1, $4}' || echo "None found" | |
| echo | |
| echo "Performance & Portability Issues:" | |
| echo "--------------------------------" | |
| grep -E "performance:|portability:" cppcheck_output.txt | grep -v "Checking " | \ | |
| awk -F': ' '{printf "%-40s %s\n", $1, $4}' || echo "None found" | |
| echo | |
| echo "Issue Count by Severity:" | |
| echo "------------------------" | |
| for sev in error warning performance portability style information; do | |
| count=$(grep -c "${sev}:" cppcheck_output.txt || echo 0) | |
| printf "%-12s %d issues\n" "${sev^^}:" "$count" | |
| done | |
| echo | |
| if [ $CPPCHECK_EXIT_CODE -ne 0 ]; then | |
| echo "Status: FAILED - Critical issues found" | |
| echo "Action Required: Please fix the critical issues listed above" | |
| else | |
| echo "Status: PASSED - No critical issues found" | |
| echo "Note: Review non-critical issues for potential improvements" | |
| fi | |
| } | tee static_analysis_summary.txt | |
| # Always display the summary in the build log | |
| cat static_analysis_summary.txt | |
| # Exit with original status code | |
| exit $CPPCHECK_EXIT_CODE |