Skip to content

Run static code analysis on GitHub#3323

Open
kpumuk wants to merge 1 commit intoapache:masterfrom
kpumuk:sca
Open

Run static code analysis on GitHub#3323
kpumuk wants to merge 1 commit intoapache:masterfrom
kpumuk:sca

Conversation

@kpumuk
Copy link
Contributor

@kpumuk kpumuk commented Feb 27, 2026

This PR re-invents SCA we used to have in Travis CI. Previously, sca.sh was used as a step on Travis, with this change we will run it as a GitHub workflow.

  • Different languages run as steps
  • All code analysis steps are allowed to fail, last step checks if any of the previous steps failed, and fails the workflow if that happened
  • Currently only ported what we used to have before - cppcheck, flake8, phpcs, with Rubocop coming up next. All offences were addressed in previous PRs
  • cppcheck renders quite a few offences, I have tried to explicitly mark why those are not a concern, but would appreciate if somebody can verify

Demo run: https://github.com/kpumuk/thrift/actions/runs/22493975101

  • Did you create an Apache Jira ticket? (Request account here, not required for trivial changes)
  • If a ticket exists: Does your pull request title follow the pattern "THRIFT-NNNN: describe my issue"?
  • Did you squash your changes to a single commit? (not required, but preferred)
  • Did you do your best to avoid breaking changes? If one was needed, did you label the Jira ticket with "Breaking-Change"?
  • If your change does not involve any code, include [skip ci] anywhere in the commit message to free up build resources.

@mergeable mergeable bot added the github_actions Pull requests that update GitHub Actions code label Feb 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

github_actions Pull requests that update GitHub Actions code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant