fix #14077: fuzzing crash (assert) in Token::update_property_info()…
          
            #3091
        
      
  
    
      This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
      Learn more about bidirectional Unicode characters
    
  
  
    
  | # Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions | |
| # Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners | |
| name: scriptcheck | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'releases/**' | |
| - '2.*' | |
| tags: | |
| - '2.*' | |
| pull_request: | |
| permissions: | |
| contents: read | |
| jobs: | |
| build: | |
| runs-on: ubuntu-22.04 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: ccache | |
| uses: hendrikmuhs/[email protected] | |
| with: | |
| key: ${{ github.workflow }}-${{ runner.os }} | |
| - name: Cache Cppcheck | |
| uses: actions/cache@v4 | |
| with: | |
| path: cppcheck | |
| key: ${{ runner.os }}-scriptcheck-cppcheck-${{ github.sha }} | |
| - name: build cppcheck | |
| run: | | |
| export PATH="/usr/lib/ccache:/usr/local/opt/ccache/libexec:$PATH" | |
| make -j$(nproc) CXXOPTS="-Werror" | |
| strip -s ./cppcheck | |
| scriptcheck: | |
| needs: build | |
| runs-on: ubuntu-22.04 | |
| strategy: | |
| matrix: | |
| python-version: [3.7, 3.8, 3.9, '3.10', '3.11', '3.12', '3.13'] | |
| include: | |
| - python-version: '3.13' | |
| python-latest: true | |
| fail-fast: false | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| # TODO: bailout on error | |
| - name: Restore Cppcheck | |
| uses: actions/cache@v4 | |
| with: | |
| path: cppcheck | |
| key: ${{ runner.os }}-scriptcheck-cppcheck-${{ github.sha }} | |
| - name: Set up Python ${{ matrix.python-version }} | |
| uses: actions/setup-python@v5 | |
| with: | |
| python-version: ${{ matrix.python-version }} | |
| check-latest: true | |
| - name: Install missing software on ubuntu | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install tidy libxml2-utils | |
| - name: Install missing software on ubuntu (Python 3) | |
| run: | | |
| # shellcheck cannot be installed via pip | |
| # ERROR: Could not find a version that satisfies the requirement shellcheck (from versions: none) | |
| # ERROR: No matching distribution found for shellcheck | |
| sudo apt-get install shellcheck | |
| python -m pip install pip --upgrade | |
| python -m pip install natsort | |
| python -m pip install pexpect | |
| python -m pip install 'pylint<=3.3.0' | |
| python -m pip install unittest2 | |
| python -m pip install pytest | |
| python -m pip install pytest-xdist | |
| python -m pip install pygments | |
| python -m pip install requests | |
| python -m pip install psutil | |
| python -m pip install setuptools | |
| - name: run Shellcheck | |
| if: matrix.python-latest | |
| run: | | |
| find . -name "*.sh" | xargs shellcheck --exclude SC2002,SC2013,SC2034,SC2035,SC2043,SC2046,SC2086,SC2089,SC2090,SC2129,SC2211,SC2231 | |
| - name: run pylint | |
| if: matrix.python-latest | |
| run: | | |
| shopt -s globstar | |
| pylint --jobs $(nproc) --py-version 3.7 addons/**/*.py htmlreport/cppcheck-htmlreport htmlreport/**/*.py test/**/*.py tools/**/*.py | |
| - name: check .json files | |
| if: matrix.python-latest | |
| run: | | |
| find . -name '*.json' | xargs -n 1 python -m json.tool > /dev/null | |
| - name: Validate | |
| if: matrix.python-latest | |
| run: | | |
| make -j$(nproc) validateCFG validatePlatforms validateRules | |
| - name: check python syntax | |
| run: | | |
| shopt -s globstar | |
| python -m py_compile addons/**/*.py | |
| python -m py_compile htmlreport/cppcheck-htmlreport | |
| python -m py_compile htmlreport/**/*.py | |
| python -m py_compile test/**/*.py | |
| python -m py_compile tools/**/*.py | |
| - name: compile addons | |
| run: | | |
| python -m compileall ./addons | |
| - name: test matchcompiler | |
| run: | | |
| python test/tools/test_matchcompiler.py | |
| env: | |
| PYTHONPATH: ./tools | |
| # TODO: run with "-n auto" when misra_test.py can be run in parallel | |
| # we cannot specify -Werror since xml/etree/ElementTree.py in Python 3.9/3.10 contains an unclosed file | |
| - name: test addons | |
| if: matrix.python-version == '3.9' || matrix.python-version == '3.10' | |
| run: | | |
| python -m pytest --strict-markers -vv -n 1 addons/test | |
| env: | |
| PYTHONPATH: ./addons | |
| # TODO: run with "-n auto" when misra_test.py can be run in parallel | |
| - name: test addons | |
| if: matrix.python-version != '3.9' && matrix.python-version != '3.10' | |
| run: | | |
| python -m pytest -Werror --strict-markers -vv -n 1 addons/test | |
| env: | |
| PYTHONPATH: ./addons | |
| - name: test htmlreport (standalone) | |
| run: | | |
| test/tools/htmlreport/test_htmlreport.py | |
| test/tools/htmlreport/check.sh | |
| - name: test htmlreport (pip) | |
| run: | | |
| python -m venv venv | |
| source venv/bin/activate | |
| python -m pip install -U pip | |
| pip install ./htmlreport/ | |
| which cppcheck-htmlreport | |
| PIP_PACKAGE_TEST=1 test/tools/htmlreport/test_htmlreport.py | |
| # TODO: does not test the pip binary | |
| test/tools/htmlreport/check.sh | |
| - name: test reduce | |
| run: | | |
| python -m pytest -Werror --strict-markers -vv test/tools/reduce_test.py | |
| env: | |
| PYTHONPATH: ./tools | |
| - name: test donate_cpu_lib | |
| run: | | |
| python -m pytest -Werror --strict-markers -vv test/tools/donate_cpu_lib_test.py | |
| env: | |
| PYTHONPATH: ./tools | |
| - name: test donate_cpu_server | |
| run: | | |
| python -m pytest -Werror --strict-markers -vv test/tools/donate_cpu_server_test.py | |
| # TODO: why is this file generated? also should be in a temporary folder if possible | |
| rm -f test/tools/donate-cpu-server.log | |
| env: | |
| PYTHONPATH: ./tools | |
| - name: Show all ignored files | |
| if: false # TODO: currently lists all the contents of ignored folders - we only need what actually matched | |
| run: | | |
| git ls-files --others --ignored --exclude-standard | |
| - name: Check for changed and unversioned files | |
| run: | | |
| # TODO: how to do this with a single command? | |
| git status --ignored=no | |
| git status --ignored=no | grep -q 'working tree clean' | |
| dmake: | |
| strategy: | |
| matrix: | |
| os: [ubuntu-22.04, macos-15, windows-2025] | |
| fail-fast: false | |
| runs-on: ${{ matrix.os }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: run dmake | |
| run: | | |
| make -j3 CXXOPTS="-Werror" run-dmake | |
| - name: check diff | |
| run: | | |
| git diff --exit-code |