Avoid potential corruption during unpack of static_variant #121
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Scan with SonarScanner | |
on: [ push, pull_request ] | |
env: | |
CCACHE_COMPRESS: exists means true | |
CCACHE_SLOPPINESS: include_file_ctime,include_file_mtime,time_macros | |
jobs: | |
sonar-scan: | |
name: Scan with SonarScanner | |
strategy: | |
matrix: | |
os: [ ubuntu-20.04 ] | |
runs-on: ${{ matrix.os }} | |
steps: | |
- name: Download and install latest SonarScanner CLI tool | |
run: | | |
SONAR_SCANNER_VERSION=`curl -w %{redirect_url} \ | |
https://github.com/SonarSource/sonar-scanner-cli/releases/latest \ | |
2>/dev/null | cut -f8 -d'/'` | |
SONAR_DOWNLOAD_PATH=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli | |
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip \ | |
$SONAR_DOWNLOAD_PATH/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip | |
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/ | |
curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip \ | |
https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip | |
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/ | |
SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux | |
echo "SONAR_SCANNER_VERSION=$SONAR_SCANNER_VERSION" >> $GITHUB_ENV | |
echo "SONAR_SCANNER_HOME=$SONAR_SCANNER_HOME" >> $GITHUB_ENV | |
echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV | |
echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH | |
echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH | |
- name: Install dependencies | |
run: | | |
sudo apt-get update | |
openssl_ver=`sudo apt-cache madison openssl | grep xenial-updates | awk '{print $3}'` | |
libssl_ver=`sudo apt-cache madison libssl-dev | grep xenial-updates | awk '{print $3}'` | |
[ -n "${openssl_ver}" ] && [ -n "${libssl_ver}" ] && \ | |
sudo apt-get install -y --allow-downgrades openssl=${openssl_ver} libssl-dev=${libssl_ver} | |
sudo apt-get install -y \ | |
ccache \ | |
gcovr \ | |
parallel \ | |
libboost-thread-dev \ | |
libboost-iostreams-dev \ | |
libboost-date-time-dev \ | |
libboost-system-dev \ | |
libboost-filesystem-dev \ | |
libboost-program-options-dev \ | |
libboost-chrono-dev \ | |
libboost-test-dev \ | |
libboost-context-dev \ | |
libboost-regex-dev \ | |
libboost-coroutine-dev | |
- uses: actions/checkout@v3 | |
with: | |
fetch-depth: 0 | |
submodules: recursive | |
- name: Configure | |
run: | | |
mkdir -p _build | |
pushd _build | |
export -n BOOST_ROOT BOOST_INCLUDEDIR BOOST_LIBRARYDIR | |
cmake -D CMAKE_BUILD_TYPE=Debug \ | |
-D CMAKE_CXX_OUTPUT_EXTENSION_REPLACE=ON \ | |
-D CMAKE_C_COMPILER=gcc \ | |
-D CMAKE_C_COMPILER_LAUNCHER=ccache \ | |
-D CMAKE_CXX_COMPILER=g++ \ | |
-D CMAKE_CXX_COMPILER_LAUNCHER=ccache \ | |
-D CMAKE_C_FLAGS=--coverage \ | |
-D CMAKE_CXX_FLAGS=--coverage \ | |
-D Boost_USE_STATIC_LIBS=OFF \ | |
.. | |
popd | |
# Get OS version to be used in cache key - see https://github.com/actions/cache/issues/543 | |
- run: | | |
echo "OS_VERSION=`lsb_release -sr`" >> $GITHUB_ENV | |
- name: Load Cache | |
uses: actions/cache@v3 | |
with: | |
path: | | |
ccache | |
key: sonar-${{ env.OS_VERSION }}-${{ github.ref }}-${{ github.sha }} | |
restore-keys: | | |
sonar-${{ env.OS_VERSION }}-${{ github.ref }}- | |
sonar-${{ env.OS_VERSION }}- | |
- name: Build | |
run: | | |
export CCACHE_DIR="$GITHUB_WORKSPACE/ccache" | |
mkdir -p "$CCACHE_DIR" | |
build-wrapper-linux-x86-64 --out-dir bw-output make -j 2 -C _build | |
- name: Test | |
run: | | |
parallel echo Running {}\; sh -c "./{}" <<_EOT_ | |
tests/run-parallel-tests.sh _build/tests/all_tests -l test_suite | |
_build/tests/bloom_test -- README.md | |
_build/tests/ecc_test README.md | |
_build/tests/hmac_test | |
_build/tests/task_cancel_test | |
_EOT_ | |
- name: Prepare for scanning with SonarScanner | |
run: | | |
if [ -z "$GITHUB_HEAD_REF" ]; then \ | |
if [ "$GITHUB_REF" != "refs/heads/master" ]; then \ | |
echo "sonar.branch.target=master" >> sonar-project.properties; \ | |
fi; \ | |
if [ "${GITHUB_REF#refs/heads/}" != "$GITHUB_REF" ]; then \ | |
echo "sonar.branch.name=${GITHUB_REF#refs/heads/}" >> sonar-project.properties; \ | |
elif [ "${GITHUB_REF#refs/tags/}" != "$GITHUB_REF" ]; then \ | |
echo "sonar.branch.name=${GITHUB_REF#refs/}" >> sonar-project.properties; \ | |
else \ | |
echo "sonar.branch.name=${GITHUB_REF}" >> sonar-project.properties; \ | |
fi \ | |
fi | |
pushd _build | |
gcovr --version | |
gcovr --exclude-unreachable-branches --sonarqube ../coverage.xml -r .. | |
popd | |
- name: Scan with SonarScanner | |
env: | |
# to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
run: | | |
sonar-scanner \ | |
-Dsonar.login=${{ secrets.SONAR_TOKEN }} |