Skip to content

Add GitHub action to test with CodeChecker static analyzer #132

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Closed
cconlon wants to merge 1 commit into from
Closed

Add GitHub action to test with CodeChecker static analyzer #132

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
97 changes: 97 additions & 0 deletions .github/workflows/codechecker.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,97 @@
name: CodeChecker Static Analysis

on:
push:
branches: [ 'master', 'main', 'release/**' ]
pull_request:
branches: [ '*' ]

jobs:
codechecker:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4

# Cache Junit JARs
- name: Cache Junit JARs
uses: actions/cache@v3
id: cache-junit
with:
path: ${{ github.workspace }}/junit
key: junit-cache-${{ runner.os }}-junit-4.13.2-hamcrest-1.3
restore-keys: |
junit-cache-${{ runner.os }}-

# Download Junit JARs (needed for full build)
- name: Download junit-4.13.2.jar
if: steps.cache-junit.outputs.cache-hit != 'true'
run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/junit/junit/4.13.2/junit-4.13.2.jar
- name: Download hamcrest-all-1.3.jar
if: steps.cache-junit.outputs.cache-hit != 'true'
run: wget --directory-prefix=$GITHUB_WORKSPACE/junit https://repo1.maven.org/maven2/org/hamcrest/hamcrest-all/1.3/hamcrest-all-1.3.jar

# Build native wolfSSL
- name: Build native wolfSSL
uses: wolfSSL/actions-build-autotools-project@v1
with:
repository: wolfSSL/wolfssl
ref: master
path: wolfssl
configure: '--enable-jni --enable-all'
check: false
install: true

# Setup Java
- name: Setup java
uses: actions/setup-java@v4
with:
distribution: 'zulu'
java-version: '11'

- name: Set JUNIT_HOME
run: |
echo "JUNIT_HOME=$GITHUB_WORKSPACE/junit" >> "$GITHUB_ENV"
- name: Set LD_LIBRARY_PATH
run: |
echo "LD_LIBRARY_PATH=$LD_LIBRARY_PATH:$GITHUB_WORKSPACE/build-dir/lib" >> "$GITHUB_ENV"

# Copy appropriate makefile for Linux
- name: Copy makefile
run: cp makefile.linux makefile

# Run CodeChecker static analysis
- name: Run CodeChecker analysis
uses: whisperity/codechecker-analysis-action@v1
id: codechecker
with:
build-command: 'PREFIX=${{ github.workspace }}/build-dir make'
ctu: true
config: |
{
"CodeChecker": {
"analyzer": [
"--enable=sensitive"
]
}
}

# Upload CodeChecker results as artifacts
- name: Upload CodeChecker results
if: always()
uses: actions/upload-artifact@v4
with:
name: codechecker-reports
path: ${{ steps.codechecker.outputs.result-html-dir }}

# Show CodeChecker results in logs
- name: Show CodeChecker results
if: always()
run: |
echo "=== CodeChecker analysis complete ==="
echo "Warnings found: ${{ steps.codechecker.outputs.warnings }}"
echo "CodeChecker version: ${{ steps.codechecker.outputs.codechecker-version }}"
if [ "${{ steps.codechecker.outputs.warnings }}" -eq "0" ]; then
echo "✅ No static analysis issues found"
else
echo "⚠️ Static analysis issues detected - check artifacts"
fi
180 changes: 0 additions & 180 deletions .github/workflows/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -6,184 +6,4 @@ on:
branches: [ '*' ]

jobs:
# Oracle JDK (Linux, Mac)
# Oracle JDK requires JAR to be signed for some classes to load/run
# properly, for example KeyAgreement. These tests are commented out
# here until we get a solution in place for CI JAR signing
#linux-oracle:
# strategy:
# matrix:
# os: [ 'ubuntu-latest', 'macos-latest' ]
# jdk_version: [ '17', '21' ]
# wolfssl_configure: [ '--enable-jni' ]
# name: ${{ matrix.os }} (Oracle JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
# uses: ./.github/workflows/linux-common.yml
# with:
# os: ${{ matrix.os }}
# jdk_distro: "oracle"
# jdk_version: ${{ matrix.jdk_version }}
# wolfssl_configure: ${{ matrix.wolfssl_configure }}

# Zulu JDK (Linux, Mac)
linux-zulu:
strategy:
matrix:
os: [ 'ubuntu-latest', 'macos-latest' ]
jdk_version: [ '8', '11', '17', '21' ]
wolfssl_configure: [ '--enable-jni' ]
name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
uses: ./.github/workflows/linux-common.yml
with:
os: ${{ matrix.os }}
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# Corretto JDK (Linux, Mac)
linux-corretto:
strategy:
matrix:
os: [ 'ubuntu-latest', 'macos-latest' ]
jdk_version: [ '8', '11', '17', '21' ]
wolfssl_configure: [ '--enable-jni' ]
name: ${{ matrix.os }} (Corretto JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
uses: ./.github/workflows/linux-common.yml
with:
os: ${{ matrix.os }}
jdk_distro: "corretto"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# Temurin JDK (Linux, Mac)
# JDK 8 seems to have been removed from Temurin macos, with 8 we see the error
# Could not find satisfied version for SemVer '8'
linux-temurin:
strategy:
matrix:
os: [ 'ubuntu-latest', 'macos-latest' ]
jdk_version: [ '11', '17', '21' ]
wolfssl_configure: [ '--enable-jni' ]
name: ${{ matrix.os }} (Temurin JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
uses: ./.github/workflows/linux-common.yml
with:
os: ${{ matrix.os }}
jdk_distro: "temurin"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# Microsoft JDK (Linux, Mac)
linux-microsoft:
strategy:
matrix:
os: [ 'ubuntu-latest', 'macos-latest' ]
jdk_version: [ '11.0.19', '17.0.7', '21.0.0' ]
wolfssl_configure: [ '--enable-jni' ]
name: ${{ matrix.os }} (Microsoft JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
uses: ./.github/workflows/linux-common.yml
with:
os: ${{ matrix.os }}
jdk_distro: "microsoft"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# -------------------- enable-all sanity checks -----------------------
# Only check one Linux and Mac JDK version with --enable-jni --enable-all
# as sanity. Using Zulu, but this can be expanded if needed.
linux-zulu-all:
strategy:
matrix:
os: [ 'ubuntu-latest', 'macos-latest' ]
jdk_version: [ '11' ]
wolfssl_configure: [ '--enable-jni --enable-all' ]
name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
uses: ./.github/workflows/linux-common.yml
with:
os: ${{ matrix.os }}
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# ------------------ RSA 1024 min size sanity check -------------------
# Only check one Linux and Mac JDK version as a sanity check. Using Zulu,
# but this can be expanded if needed.
# wolfSSL ./configure:
# --enable-jni CFLAGS="-DRSA_MIN_SIZE=1024
linux-zulu-rsa-min-size:
strategy:
matrix:
os: [ 'ubuntu-latest', 'macos-latest' ]
jdk_version: [ '11' ]
wolfssl_configure: [ '--enable-jni CFLAGS="-DRSA_MIN_SIZE=1024"' ]
name: ${{ matrix.os }} (Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure}})
uses: ./.github/workflows/linux-common.yml
with:
os: ${{ matrix.os }}
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# ------------------ Facebook Infer static analysis -------------------
# Run Facebook infer over PR code, only running on Linux with one
# JDK/version for now.
fb-infer:
strategy:
matrix:
os: [ 'ubuntu-latest' ]
jdk_version: [ '11' ]
wolfssl_configure: [ '--enable-jni --enable-all' ]
name: Facebook Infer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }}, ${{ matrix.wolfssl_configure }})
uses: ./.github/workflows/infer.yml
with:
os: ${{ matrix.os }}
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# ----------------------- Android Gradle build ------------------------
# Run Android gradle build over PR code, only running on Linux with one
# JDK/version for now.
android-gradle:
strategy:
matrix:
os: [ 'ubuntu-latest' ]
jdk_version: [ '21' ]
name: Android Gradle (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }})
uses: ./.github/workflows/android_gradle.yml
with:
os: ${{ matrix.os }}
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}

# --------------------- Maven build - test pom.xml --------------------
# Run Maven build over PR code, running on Linux and Mac with only one
# JDK/version for now.
maven-build:
strategy:
matrix:
os: [ 'ubuntu-latest', 'macos-latest' ]
jdk_version: [ '21' ]
wolfssl_configure: [ '--enable-jni' ]
name: Maven Build (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }})
uses: ./.github/workflows/maven.yml
with:
os: ${{ matrix.os }}
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

# --------------- AddressSanitizer build and test ------------------
# Run AddressSanitizer build and test on Linux only for memory error detection
address-sanitizer:
strategy:
matrix:
os: [ 'ubuntu-latest' ]
jdk_version: [ '21' ]
wolfssl_configure: [ '--enable-jni' ]
name: AddressSanitizer (${{ matrix.os }} Zulu JDK ${{ matrix.jdk_version }})
uses: ./.github/workflows/sanitizer-common.yml
with:
os: ${{ matrix.os }}
jdk_distro: "zulu"
jdk_version: ${{ matrix.jdk_version }}
wolfssl_configure: ${{ matrix.wolfssl_configure }}

Loading