On 11/27/23 18:36, Eelco Chaudron wrote: > This patch detects new static analyze issues, and report them. > It does this by reporting on the delta for this branch, compared > to the previous branch. > > For example the error might look like this: > > error level: +0 -0 no changes > warning level: +2 +0 > New issue "deadcode.DeadStores Value stored to 'remote' is never read" (1 > occurrence) > file:///home/runner/work/ovs/ovs/vswitchd/ovs-vswitchd.c:86 > New issue "unix.Malloc Potential leak of memory pointed to by 'remote'" > (1 occurrence) > file:///home/runner/work/ovs/ovs/vswitchd/ovs-vswitchd.c:95 > note level: +0 -0 no changes > all levels: +2 +0 > > Signed-off-by: Eelco Chaudron <echau...@redhat.com> > --- > > changes in v2: > - When it's a new branch, it compares it to the HEAD of the default branch. > > .ci/linux-build.sh | 29 ++++++++++ > .github/workflows/build-and-test.yml | 96 > ++++++++++++++++++++++++++++++++++ > 2 files changed, 125 insertions(+) > > diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh > index aa2ecc505..fedf1398a 100755 > --- a/.ci/linux-build.sh > +++ b/.ci/linux-build.sh > @@ -49,6 +49,30 @@ function build_ovs() > make -j4 > } > > +function clang_analyze() > +{ > + [ -d "./base-clang-analyzer-results" ] && cache_build=false \ > + || cache_build=true > + if [ "$cache_build" = true ]; then > + # If this is a cache build, proceed to the base branch's directory. > + cd base_ovs_main > + fi; > + > + configure_ovs $OPTS > + make clean > + scan-build -o ./clang-analyzer-results -sarif --use-cc=clang make -j4 > + > + if [ "$cache_build" = true ]; then > + # Move results, so it will be picked up by the cache. > + mv ./clang-analyzer-results ../base-clang-analyzer-results > + cd .. > + else > + # Only do the compare on the none cache builds. > + sarif --check note diff ./base-clang-analyzer-results \ > + ./clang-analyzer-results > + fi; > +} > + > if [ "$DEB_PACKAGE" ]; then > ./boot.sh && ./configure --with-dpdk=$DPDK && make debian > mk-build-deps --install --root-cmd sudo --remove debian/control > @@ -116,6 +140,11 @@ fi > > OPTS="${EXTRA_OPTS} ${OPTS} $*" > > +if [ "$CLANG_ANALYZE" ]; then > + clang_analyze > + exit 0 > +fi > + > if [ "$TESTSUITE" = 'test' ]; then > # 'distcheck' will reconfigure with required options. > # Now we only need to prepare the Makefile without sparse-wrapped CC. > diff --git a/.github/workflows/build-and-test.yml > b/.github/workflows/build-and-test.yml > index 09654205e..d15105e7d 100644 > --- a/.github/workflows/build-and-test.yml > +++ b/.github/workflows/build-and-test.yml > @@ -223,6 +223,102 @@ jobs: > name: logs-linux-${{ join(matrix.*, '-') }} > path: logs.tgz > > + build-clang-analyze: > + needs: build-dpdk > + env: > + dependencies: | > + automake bc clang-tools libbpf-dev libnuma-dev libpcap-dev \ > + libunbound-dev libunwind-dev libssl-dev libtool llvm-dev \ > + python3-unbound > + CC: clang > + DPDK: dpdk > + CLANG_ANALYZE: true > + name: clang-analyze > + runs-on: ubuntu-22.04 > + timeout-minutes: 30 > + > + steps: > + - name: checkout > + uses: actions/checkout@v3 > + > + - name: get base branch sha > + id: base_branch > + run: | > + if [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then > + echo "sha=$BASE_SHA" >> $GITHUB_OUTPUT > + else > + if [ "$EVENT_BEFORE" = "0000000000000000000000000000000000000000" > ]; then > + echo "sha=$DEFAULT_BRANCH" >> $GITHUB_OUTPUT
How this is going ot work on patches for older branches? > + else > + echo "sha=$EVENT_BEFORE" >> $GITHUB_OUTPUT > + fi > + fi > + env: > + BASE_SHA: ${{ github.event.pull_request.base.sha }} > + EVENT_BEFORE: ${{ github.event.before }} > + DEFAULT_BRANCH: ${{ github.event.repository.default_branch }} Can we swap env and run sections, so everything that is used is already defined? > + > + - name: checkout base branch > + uses: actions/checkout@v3 > + with: > + ref: ${{ steps.base_branch.outputs.sha }} > + path: base_ovs_main > + > + - name: update PATH > + run: | > + echo "$HOME/bin" >> $GITHUB_PATH > + echo "$HOME/.local/bin" >> $GITHUB_PATH > + > + - name: generate cache key > + id: cache_key > + run: | > + echo "key=clang-analyze-$(git -C base_ovs_main rev-parse HEAD)" \ > + >> $GITHUB_OUTPUT > + > + - name: check for analyzer result cache > + id: clang_cache > + uses: actions/cache@v3 > + with: > + path: base-clang-analyzer-results > + key: ${{ steps.cache_key.outputs.key }} > + > + - name: set up python > + uses: actions/setup-python@v4 > + with: > + python-version: '3.9' > + > + - name: get cached dpdk-dir > + uses: actions/cache/restore@v3 > + with: > + path: dpdk-dir > + key: ${{ needs.build-dpdk.outputs.dpdk_key }} > + > + - name: update APT cache > + run: sudo apt update || true > + > + - name: install common dependencies > + run: sudo apt install -y ${{ env.dependencies }} > + > + - name: install sarif tools > + run: sudo pip3 install --disable-pip-version-check sarif-tools > + > + - name: prepare > + run: ./.ci/linux-prepare.sh > + > + - name: build base reference > + if: steps.clang_cache.outputs.cache-hit != 'true' > + run: ./.ci/linux-build.sh > + > + - name: build > + run: ./.ci/linux-build.sh > + > + - name: save cache > + uses: actions/cache/save@v3 > + if: always() && steps.clang_cache.outputs.cache-hit != 'true' > + with: > + path: base-clang-analyzer-results > + key: ${{ steps.cache_key.outputs.key }} > + > build-osx: > env: > CC: clang > > _______________________________________________ > dev mailing list > d...@openvswitch.org > https://mail.openvswitch.org/mailman/listinfo/ovs-dev > _______________________________________________ dev mailing list d...@openvswitch.org https://mail.openvswitch.org/mailman/listinfo/ovs-dev