This patch identifies new static analysis issues during a GitHub action
run and reports them. The process involves analyzing the changes introduced
in the current commit and comparing them to those in the preceding commit.
However, there are two cases when the GitHub push action runner does not
provide enough details to determine the preceding commit. These cases are
a new branch or a forced push. The strategy for these exceptions is to
find the first common commit on any upstream branch, and use that.
An example error output might look like this:
error level: +0 -0 no changes
warning level: +2 +0
New issue "deadcode.DeadStores Value stored to 'remote' is never read" (1
occurrence)
file:///home/runner/work/ovs/ovs/vswitchd/ovs-vswitchd.c:86
New issue "unix.Malloc Potential leak of memory pointed to by 'remote'" (1
occurrence)
file:///home/runner/work/ovs/ovs/vswitchd/ovs-vswitchd.c:95
note level: +0 -0 no changes
all levels: +2 +0
Signed-off-by: Eelco Chaudron <[email protected]>
---
changes in v2:
- When it's a new branch, it compares it to the HEAD of the default branch.
changes in v3:
- Include the clang version as part of the cache
- Change the way it looks for the 'default' branch so it will work
for patch branches.
- Also compare to the base branch for forced commits.
changes in v4:
- No longer look for a default branch, but consume all patches
from the current author.
changes in v5:
- Addressed Ilya's comments.
- Checkout upstream branch and find common point to base delta on.
.ci/linux-build.sh | 30 +++++++
.ci/linux-prepare.sh | 2 +-
.github/workflows/build-and-test.yml | 113 +++++++++++++++++++++++++++
3 files changed, 144 insertions(+), 1 deletion(-)
diff --git a/.ci/linux-build.sh b/.ci/linux-build.sh
index 90581c10b..4589a8ba2 100755
--- a/.ci/linux-build.sh
+++ b/.ci/linux-build.sh
@@ -50,6 +50,31 @@ function build_ovs()
make ${JOBS}
}
+function clang_analyze()
+{
+ [ -d "./base-clang-analyzer-results" ] && cache_build=false \
+ || cache_build=true
+ if [ "$cache_build" = true ]; then
+ # If this is a cache build, proceed to the base branch's directory.
+ pushd base_ovs_main
+ fi;
+
+ configure_ovs $OPTS
+
+ make clean
+ scan-build -o ./clang-analyzer-results -sarif --use-cc=${CC} make ${JOBS}
+
+ if [ "$cache_build" = true ]; then
+ # Move results, so it will be picked up by the cache.
+ mv ./clang-analyzer-results ../base-clang-analyzer-results
+ popd
+ else
+ # Only do the compare on the none cache builds.
+ sarif --check note diff ./base-clang-analyzer-results \
+ ./clang-analyzer-results
+ fi;
+}
+
if [ "$DEB_PACKAGE" ]; then
./boot.sh && ./configure --with-dpdk=$DPDK && make debian
mk-build-deps --install --root-cmd sudo --remove debian/control
@@ -117,6 +142,11 @@ fi
OPTS="${EXTRA_OPTS} ${OPTS} $*"
+if [ "$CLANG_ANALYZE" ]; then
+ clang_analyze
+ exit 0
+fi
+
if [ "$TESTSUITE" = 'test' ]; then
# 'distcheck' will reconfigure with required options.
# Now we only need to prepare the Makefile without sparse-wrapped CC.
diff --git a/.ci/linux-prepare.sh b/.ci/linux-prepare.sh
index c28b6819a..5028bdc44 100755
--- a/.ci/linux-prepare.sh
+++ b/.ci/linux-prepare.sh
@@ -23,7 +23,7 @@ cd ..
# https://github.com/pypa/pip/issues/10655
pip3 install --disable-pip-version-check --user wheel
pip3 install --disable-pip-version-check --user \
- flake8 'hacking>=3.0' netaddr pyparsing sphinx setuptools
+ flake8 'hacking>=3.0' netaddr pyparsing sarif-tools sphinx setuptools
# Install python test dependencies
pip3 install -r python/test_requirements.txt
diff --git a/.github/workflows/build-and-test.yml
b/.github/workflows/build-and-test.yml
index 710757693..f5858fdbe 100644
--- a/.github/workflows/build-and-test.yml
+++ b/.github/workflows/build-and-test.yml
@@ -254,6 +254,119 @@ jobs:
name: logs-linux-${{ join(matrix.*, '-') }}
path: logs.tgz
+ build-clang-analyze:
+ needs: build-dpdk
+ env:
+ dependencies: |
+ automake bc clang-tools libbpf-dev libnuma-dev libpcap-dev \
+ libunbound-dev libunwind-dev libssl-dev libtool llvm-dev
+ CC: clang
+ DPDK: dpdk
+ CLANG_ANALYZE: true
+ name: clang-analyze
+ runs-on: ubuntu-22.04
+ timeout-minutes: 30
+
+ steps:
+ - name: checkout
+ uses: actions/checkout@v3
+ with:
+ fetch-depth: 0
+
+ - name: get base branch sha
+ id: base_branch
+ env:
+ BASE_SHA: ${{ github.event.pull_request.base.sha }}
+ EVENT_BEFORE: ${{ github.event.before }}
+ FORCED_PUSH: ${{ github.event.forced }}
+ run: |
+ if [ "$GITHUB_EVENT_NAME" = "pull_request" ]; then
+ echo "sha=$BASE_SHA" >> $GITHUB_OUTPUT
+ else
+ if [ "$EVENT_BEFORE" = "0000000000000000000000000000000000000000" ] \
+ || [ "$FORCED_PUSH" = true ]; then
+ BASE_SHA=HEAD~1
+ MIN_DISTANCE=1000
+ git remote add upstream https://github.com/openvswitch/ovs.git
+ git fetch upstream
+ for upstream_head in $(git ls-remote --heads upstream main master
dpdk-latest branch-2.17 branch-[3456789]* | cut -f 1); do
+ CURR_BASE=$(git merge-base ${upstream_head} HEAD 2>/dev/null)
+ if [ ${CURR_BASE} ]; then
+ DISTANCE=$(git log --oneline ${CURR_BASE}..HEAD | wc -l);
+ if test ${MIN_DISTANCE} -gt ${DISTANCE}; then
+ BASE_SHA=${CURR_BASE}
+ MIN_DISTANCE=${DISTANCE}
+ fi
+ fi
+ done
+ echo "sha=$BASE_SHA" >> $GITHUB_OUTPUT
+ else
+ echo "sha=$EVENT_BEFORE" >> $GITHUB_OUTPUT
+ fi
+ fi
+
+ - name: checkout base branch
+ env:
+ BASE_SHA: ${{ steps.base_branch.outputs.sha }}
+ run: |
+ cp -r $(pwd)/. /tmp/base_ovs_main && mv /tmp/base_ovs_main ./
+ cd $(pwd)/base_ovs_main
+ git checkout ${BASE_SHA}
+
+ - name: update PATH
+ run: |
+ echo "$HOME/bin" >> $GITHUB_PATH
+ echo "$HOME/.local/bin" >> $GITHUB_PATH
+
+ - name: generate cache key
+ id: cache_key
+ run: |
+ ver=$(${CC} -v 2>&1 | grep ' version ' | \
+ sed 's/.*version \([0-9]*\.[0-9]*\.[0-9]*\).*/\1/g')
+ echo "key=${CC}-${ver}-analyze-$(git -C base_ovs_main rev-parse HEAD)"
\
+ >> $GITHUB_OUTPUT
+
+ - name: check for analyzer result cache
+ id: clang_cache
+ uses: actions/cache@v3
+ with:
+ path: base-clang-analyzer-results
+ key: ${{ steps.cache_key.outputs.key }}
+
+ - name: set up python
+ uses: actions/setup-python@v4
+ with:
+ python-version: '3.9'
+
+ - name: get cached dpdk-dir
+ uses: actions/cache/restore@v3
+ with:
+ path: dpdk-dir
+ key: ${{ needs.build-dpdk.outputs.dpdk_key }}
+
+ - name: update APT cache
+ run: sudo apt update || true
+
+ - name: install common dependencies
+ run: sudo apt install -y ${{ env.dependencies }}
+
+ - name: prepare
+ run: ./.ci/linux-prepare.sh
+
+ - name: build base reference
+ if: steps.clang_cache.outputs.cache-hit != 'true'
+ run: ./.ci/linux-build.sh
+
+ - name: save cache
+ uses: actions/cache/save@v3
+ if: steps.clang_cache.outputs.cache-hit != 'true'
+ with:
+ path: base-clang-analyzer-results
+ key: ${{ steps.cache_key.outputs.key }}
+
+ - name: build
+ run: ./.ci/linux-build.sh
+
build-osx:
env:
CC: clang
--
2.43.0
_______________________________________________
dev mailing list
[email protected]
https://mail.openvswitch.org/mailman/listinfo/ovs-dev
