codechecker

Signed-off-by: Anas Nashif <[email protected]>

Author: nashif

.codechecker.yml

@@ -17,5 +17,13 @@ analyzer:
   - --disable=clang-diagnostic-reserved-identifier
   - --disable=clang-diagnostic-reserved-macro-identifier
 
+  # userspace includes c files
+  - --disable=bugprone-suspicious-include
+
+  # LOG_ macros
+  - --disable=alpha.core.SizeofPtr
+  - --disable=bugprone-sizeof-expression
+  - --disable=performance-no-int-to-ptr
+
   # Cleanup
   - --clean

.github/workflows/codechecker.yml

@@ -0,0 +1,120 @@
+name: Codechecker
+on:
+  push:
+    branches:
+      - main
+      - v*-branch
+      - collab-*
+permissions:
+  contents: read
+
+concurrency:
+  group: ${{ github.workflow }}-${{ github.event_name }}-${{ github.head_ref || github.ref }}
+  cancel-in-progress: true
+
+jobs:
+  Codechecker:
+    if: github.repository_owner == 'zephyrproject-rtos'
+    runs-on:
+      group: zephyr-runner-v2-linux-x64-4xlarge
+    container:
+      image: ghcr.io/zephyrproject-rtos/ci-repo-cache:v0.27.4.20241026
+      options: '--entrypoint /bin/bash'
+    env:
+      CCACHE_DIR: /node-cache/ccache-zephyr
+      CCACHE_REMOTE_STORAGE: "redis://cache-*.keydb-cache.svc.cluster.local|shards=1,2,3"
+      CCACHE_REMOTE_ONLY: "true"
+      CCACHE_IGNOREOPTIONS: '-specs=* --specs=*'
+      LLVM_TOOLCHAIN_PATH: /usr/lib/llvm-16
+      BASE_REF: ${{ github.base_ref }}
+    permissions:
+      security-events: write
+    steps:
+      - name: Apply container owner mismatch workaround
+        run: |
+          # FIXME: The owner UID of the GITHUB_WORKSPACE directory may not
+          #        match the container user UID because of the way GitHub
+          #        Actions runner is implemented. Remove this workaround when
+          #        GitHub comes up with a fundamental fix for this problem.
+          git config --global --add safe.directory ${GITHUB_WORKSPACE}
+
+      - name: Print cloud service information
+        run: |
+          echo "ZEPHYR_RUNNER_CLOUD_PROVIDER = ${ZEPHYR_RUNNER_CLOUD_PROVIDER}"
+          echo "ZEPHYR_RUNNER_CLOUD_NODE = ${ZEPHYR_RUNNER_CLOUD_NODE}"
+          echo "ZEPHYR_RUNNER_CLOUD_POD = ${ZEPHYR_RUNNER_CLOUD_POD}"
+
+      - name: Clone cached Zephyr repository
+        continue-on-error: true
+        run: |
+          git clone --shared /repo-cache/zephyrproject/zephyr .
+          git remote set-url origin ${GITHUB_SERVER_URL}/${GITHUB_REPOSITORY}
+
+      - name: Checkout
+        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
+        with:
+          fetch-depth: 0
+          persist-credentials: false
+
+      - name: Environment Setup
+        run: |
+          echo "$HOME/.local/bin" >> $GITHUB_PATH
+          git config --global user.email "[email protected]"
+          git config --global user.name "Zephyr Bot"
+          rm -fr ".git/rebase-apply"
+          rm -fr ".git/rebase-merge"
+          git clean -f -d
+          git log  --pretty=oneline | head -n 10
+          west init -l . || true
+          west config --global update.narrow true
+          west config manifest.group-filter -- +ci,-optional,-hal,-babblesim
+          # In some cases modules are left in a state where they can't be
+          # updated (i.e. when we cancel a job and the builder is killed),
+          # So first retry to update, if that does not work, remove all modules
+          # and start over. (Workaround until we implement more robust module
+          # west caching).
+          # west update --path-cache /repo-cache/zephyrproject 2>&1 1> west.log || west update --path-cache /repo-cache/zephyrproject 2>&1 1> west2.log || ( rm -rf ../modules ../bootloader ../tools && west update --path-cache /repo-cache/zephyrproject)
+
+          echo "ZEPHYR_SDK_INSTALL_DIR=/opt/toolchains/zephyr-sdk-$( cat SDK_VERSION )" >> $GITHUB_ENV
+
+      - name: Check Environment
+        run: |
+          cmake --version
+          ${LLVM_TOOLCHAIN_PATH}/bin/clang --version
+          gcc --version
+          ls -la
+
+      - name: Run Tests with Twister
+        id: twister
+        run: |
+          export ZEPHYR_BASE=${PWD}
+          export ZEPHYR_TOOLCHAIN_VARIANT=zephyr
+          export ZEPHYR_SCA_VARIANT=codechecker
+          export CODECHECKER_CONFIG_FILE=$ZEPHYR_BASE/.codechecker.yml
+          export CODECHECKER_CLEANUP=y
+          export CODECHECKER_EXPORT=sarif
+          pip install codechecker==v6.25.1 cppcheck sarif-tools jq
+          sudo apt-get update
+          sudo apt-get install -y jq
+          export PATH=/usr/lib/llvm-16/bin/:$PATH
+
+          ./scripts/twister -i --force-color -N -v --build-only --timeout-multiplier 2 -p qemu_x86 -T tests/kernel/threads
+
+          #sarif copy --output results.sarif $(find twister-out -name "codechecker.sarif")
+          jq -s '{ "$schema": "https://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": map(.runs) | add }'  $(find twister-out -name "codechecker.sarif")  > results.sarif
+
+      - name: Upload SARIF as artifact
+        if: always()
+        uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
+        with:
+          name: sarif
+          if-no-files-found: ignore
+          path: |
+            build/sca/codechecker/codechecker.sarif
+            results.sarif
+
+      - name: Upload Analysis Results
+        if: always()
+        uses: github/codeql-action/upload-sarif@v3
+        with:
+          sarif_file: results.sarif

west.yml

@@ -320,6 +320,8 @@ manifest:
     - name: nrf_hw_models
       revision: b84bd7314a239f818e78f6927f5673247816df53
       path: modules/bsim_hw_models/nrf_hw_models
+      groups:
+        - hal
     - name: nrf_wifi
       revision: 662ed74dce955e6c243f91c45a66768f5971e3cb
       path: modules/lib/nrf_wifi