CS,regexp: check that given progress is progress-evt?
#171
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: LLVM Static Analysis | |
| on: | |
| push: | |
| branches: | |
| - master | |
| permissions: | |
| security-events: write | |
| jobs: | |
| # | |
| # Jobs to scan-build racket | |
| # | |
| scanbuild-racketcgc: | |
| runs-on: ubuntu-20.04 | |
| container: pmatos/scan-build:12.0.1 | |
| steps: | |
| - name: Install dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y libffi-dev unzip python libxml2-dev libfindbin-libs-perl make gcc g++ git tree jq moreutils | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 100 | |
| - name: Configure | |
| working-directory: ./racket/src | |
| run: > | |
| ./configure | |
| CFLAGS="-O0 -g" | |
| CPPFLAGS="-DMZ_PRECISE_RETURN_SPEC" | |
| --disable-strip | |
| --prefix=${{ runner.temp }}/racketcgc | |
| --enable-werror | |
| --enable-cify | |
| --enable-cgcdefault | |
| --enable-jit | |
| --enable-foreign | |
| --enable-places | |
| --enable-futures | |
| --enable-float | |
| --enable-pthread | |
| --disable-docs | |
| - name: Scan Build | |
| working-directory: ./racket/src | |
| run: scan-build -sarif -o ../../racketcgc-report -analyzer-config 'crosscheck-with-z3=true' make -j$(($(nproc) + 1)) cgc | |
| - name: Move sarif results | |
| run: | | |
| mkdir sarif-files | |
| find racketcgc-report -type f -name '*.sarif' -exec cp \{\} sarif-files/ \; | |
| - name: Adjust tool name | |
| working-directory: sarif-files | |
| run: ../.github/scripts/adjust-sarif-tool.sh cgc | |
| - name: Create file list | |
| working-directory: sarif-files | |
| run: | | |
| find . -type f -name '*.sarif' > list.txt | |
| split -d -l15 list.txt list. | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: scanbuild-cgc-${{ github.sha }} | |
| path: sarif-files/ | |
| scanbuild-racket3m: | |
| runs-on: ubuntu-20.04 | |
| container: pmatos/scan-build:12.0.1 | |
| steps: | |
| - name: Change Owner of Container Working Directory | |
| run: chown root:root . | |
| - name: Install dependencies | |
| run: | | |
| apt-get update | |
| apt-get install -y libffi-dev unzip python libxml2-dev libfindbin-libs-perl make gcc g++ git jq moreutils | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 100 | |
| - name: Speed build and install racketcgc | |
| working-directory: ./racket/src | |
| run: | | |
| ./configure --enable-cgcdefault --prefix=/usr | |
| export cpus=$(grep -c ^processor /proc/cpuinfo) | |
| make -j$((cpus+1)) | |
| make -j$((cpus+1)) install | |
| - name: Clean repo | |
| run: git clean -xdf | |
| - name: Configure | |
| working-directory: ./racket/src | |
| run: > | |
| ./configure | |
| CFLAGS="-O0 -g" | |
| CPPFLAGS="-DMZ_PRECISE_RETURN_SPEC" | |
| --enable-bcdefault | |
| --disable-strip | |
| --enable-racket=/usr/bin/racket | |
| --enable-werror | |
| --enable-cify | |
| --enable-jit | |
| --enable-foreign | |
| --enable-places | |
| --enable-futures | |
| --enable-float | |
| --enable-pthread | |
| --disable-docs | |
| - name: Scan Build | |
| working-directory: ./racket/src | |
| run: scan-build -sarif -o ../../racket3m-report -analyzer-config 'crosscheck-with-z3=true' make -j$(($(nproc) + 1)) 3m | |
| - name: Move sarif results | |
| run: | | |
| mkdir sarif-files | |
| find racket3m-report -type f -name '*.sarif' -exec cp \{\} sarif-files/ \; | |
| - name: Adjust tool name | |
| working-directory: sarif-files | |
| run: ../.github/scripts/adjust-sarif-tool.sh 3m | |
| - name: Create file list | |
| working-directory: sarif-files | |
| run: | | |
| find . -type f -name '*.sarif' > list.txt | |
| split -d -l15 list.txt list. | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: scanbuild-3m-${{ github.sha }} | |
| path: sarif-files/ | |
| scanbuild-racketcs: | |
| runs-on: ubuntu-20.04 | |
| container: pmatos/scan-build:12.0.1 | |
| steps: | |
| - name: Change Owner of Container Working Directory | |
| run: chown root:root . | |
| - name: Install pkg dependencies | |
| run: | | |
| apt update | |
| apt install -y libffi-dev unzip python libxml2-dev libfindbin-libs-perl make gcc g++ git jq moreutils | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 100 | |
| - name: Speed build and install racketcgc | |
| working-directory: ./racket/src | |
| run: | | |
| ./configure --enable-cgcdefault --prefix=/usr | |
| export cpus=$(grep -c ^processor /proc/cpuinfo) | |
| make -j$((cpus+1)) | |
| make -j$((cpus+1)) install | |
| - name: Clean repo | |
| run: git clean -xdf | |
| - name: Configuring Racket CS | |
| working-directory: ./racket/src | |
| env: | |
| CC: ${{ matrix.cc }} | |
| run: > | |
| ./configure | |
| CFLAGS="-O0 -g" | |
| CPPFLAGS="-DMZ_PRECISE_RETURN_SPEC" | |
| --enable-racket=/usr/bin/racket | |
| --enable-compress | |
| --disable-docs | |
| --enable-pthread | |
| --enable-csdefault | |
| --enable-csonly | |
| - name: Building | |
| working-directory: ./racket/src | |
| run: scan-build -sarif -o ../../racketcs-report -analyzer-config 'crosscheck-with-z3=true' make -j $(($(nproc)+1)) cs | |
| - name: Move sarif results | |
| run: | | |
| mkdir sarif-files | |
| find racketcs-report -type f -name '*.sarif' -exec cp \{\} sarif-files/ \; | |
| - name: Adjust tool name | |
| working-directory: sarif-files | |
| run: ../.github/scripts/adjust-sarif-tool.sh cs | |
| - name: Create file list | |
| working-directory: sarif-files | |
| run: | | |
| find . -type f -name '*.sarif' > list.txt | |
| split -d -l15 list.txt list. | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: scanbuild-cs-${{ github.sha }} | |
| path: sarif-files/ | |
| upload: | |
| runs-on: ubuntu-20.04 | |
| needs: [scanbuild-racketcgc, scanbuild-racket3m, scanbuild-racketcs] | |
| strategy: | |
| matrix: | |
| # Process up to 15 * 5 = 75 files | |
| variants: ["cgc", "3m", "cs"] | |
| chunks: ["00", "01", "02", "03", "04"] | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 100 | |
| - uses: actions/download-artifact@v4 | |
| with: | |
| name: scanbuild-${{ matrix.variants }}-${{ github.sha }} | |
| - name: Test for presence of the chunk | |
| id: chunk_presence | |
| run: | | |
| if [[ -e "list.${{ matrix.chunks }}" ]] | |
| then | |
| echo "presence=1" >> $GITHUB_OUTPUT | |
| else | |
| echo "presence=0" >> $GITHUB_OUTPUT | |
| fi | |
| - name: Partition the chunk | |
| if: ${{ steps.chunk_presence.outputs.presence == '1' }} | |
| run: | | |
| mkdir workspace | |
| for file in $(cat list.${{ matrix.chunks }}); do mv "$file" workspace; done | |
| - name: Upload SARIF | |
| uses: github/codeql-action/upload-sarif@v3 | |
| if: ${{ steps.chunk_presence.outputs.presence == '1' }} | |
| with: | |
| sarif_file: workspace | |
| category: scanbuild-${{ matrix.variants }}-${{ matrix.chunks }}-${{ github.sha }} |