lgtm.com will be shutdown soon.
+++ /dev/null
-name: lgtm.com
-
-on: [push]
-
-env:
- OS_NAME: linux
-
-jobs:
- pre-check:
- runs-on: ubuntu-latest
- outputs:
- should_skip: ${{ steps.skip-check.outputs.should_skip }}
- steps:
- - id: skip-check
- uses: fkirc/skip-duplicate-actions@master
- with:
- concurrent_skipping: 'same_content'
-
- lgtm:
- needs: pre-check
- if: ${{ needs.pre-check.outputs.should_skip != 'true' }}
- runs-on: ubuntu-latest
- env:
- TEST: lgtm
- steps:
- - uses: actions/checkout@v3
- with:
- fetch-depth: 0
- # we don't use github/codeql-action because we can't exclude queries there,
- # so we continue to use the approach we used on Travis
- - env:
- LGTM_TOKEN: ${{ secrets.LGTM_TOKEN }}
- LGTM_PROJECT: ${{ secrets.LGTM_PROJECT }}
- BUILD_NUMBER: ${{ github.run_number }}
- COMMIT_ID: ${{ github.sha }}
- COMMIT_BASE: ${{ github.event.before }}
- uses: ./.github/actions/default
+++ /dev/null
-queries:
- - exclude: cpp/fixme-comment
- # this rule produces too many false positives due to our custom specifiers and
- # the use of void pointers in swanctl
- - exclude: cpp/wrong-type-format-argument
-
-extraction:
- cpp:
- prepare:
- packages:
- # for tss2
- - libssl-dev
- - libjson-c-dev
- - libcurl4-openssl-dev
- after_prepare:
- - export DEPS_BUILD_DIR=$LGTM_WORKSPACE/deps
- - mkdir -p $DEPS_BUILD_DIR
- - export DEPS_PREFIX=$DEPS_BUILD_DIR/usr
- - mkdir -p $DEPS_PREFIX
- - export PKG_CONFIG_PATH="$DEPS_PREFIX/lib/pkgconfig:$PKG_CONFIG_PATH"
- - export LD_LIBRARY_PATH="$DEPS_PREFIX/lib:$LD_LIBRARY_PATH"
- - mkdir -p $LGTM_WORKSPACE/bin
- # sudo doesn't work on the build hosts
- - ln -s /usr/bin/nice $LGTM_WORKSPACE/bin/sudo
- # for ldconfig we don't have enough permissions
- - ln -s /bin/true $LGTM_WORKSPACE/bin/ldconfig
- # likewise for apt-get
- - ln -s /bin/echo $LGTM_WORKSPACE/bin/apt-get
- - export PATH=$LGTM_WORKSPACE/bin:$PATH
- - export TEST=all
- - ./scripts/test.sh build-deps
- - rm $LGTM_WORKSPACE/bin/*
- configure:
- command:
- # follows the "all" build in test.sh (without custom-compiled stuff)
- - ./autogen.sh
- - ./configure --enable-all
- --disable-af-alg
- --disable-android-dns
- --disable-android-log
- --disable-asan
- --disable-coverage
- --disable-dbghelp-backtraces
- --disable-fuzzing
- --disable-kernel-iph
- --disable-kernel-pfroute
- --disable-kernel-wfp
- --disable-keychain
- --disable-leak-detective
- --disable-lock-profiler
- --disable-monolithic
- --disable-osx-attr
- --disable-padlock
- --disable-python-eggs-install
- --disable-socket-win
- --disable-svc
- --disable-tkm
- --disable-uci
- --disable-unwind-backtraces
- --disable-warnings
- --disable-winhttp
CONFIG="--disable-defaults"
TARGET=apidoc
;;
-lgtm)
- if [ -z "$LGTM_PROJECT" -o -z "$LGTM_TOKEN" ]; then
- echo "The LGTM_PROJECT and LGTM_TOKEN environment variables" \
- "are required to run this test"
- exit 0
- fi
- DEPS="jq"
- if test -z "$1"; then
- base=$COMMIT_BASE
- # after rebases or for new/duplicate branches, the passed base commit
- # ID might not be valid
- git rev-parse -q --verify $base^{commit}
- if [ $? != 0 ]; then
- # this will always compare against master, while via base we
- # otherwise only contains "new" commits
- base=$(git merge-base origin/master ${COMMIT_ID})
- fi
- base=$(git rev-parse $base)
-
- echo "Starting code review for $COMMIT_ID (base $base) on lgtm.com"
- git diff --binary $base > lgtm.patch || exit $?
- curl -s -X POST --data-binary @lgtm.patch \
- "https://lgtm.com/api/v1.0/codereviews/${LGTM_PROJECT}?base=${base}&external-id=${BUILD_NUMBER}" \
- -H 'Content-Type: application/octet-stream' \
- -H 'Accept: application/json' \
- -H "Authorization: Bearer ${LGTM_TOKEN}" > lgtm.res || exit $?
- lgtm_check_url=$(jq -r '."task-result-url"' lgtm.res)
- if [ -z "$lgtm_check_url" -o "$lgtm_check_url" = "null" ]; then
- cat lgtm.res
- exit 1
- fi
- lgtm_url=$(jq -r '."task-result"."results-url"' lgtm.res)
- echo "Progress and full results: ${lgtm_url}"
-
- echo -n "Waiting for completion: "
- lgtm_status=pending
- while [ "$lgtm_status" = "pending" ]; do
- sleep 15
- curl -s -X GET "${lgtm_check_url}" \
- -H 'Accept: application/json' \
- -H "Authorization: Bearer ${LGTM_TOKEN}" > lgtm.res
- if [ $? != 0 ]; then
- echo -n "-"
- continue
- fi
- echo -n "."
- lgtm_status=$(jq -r '.status' lgtm.res)
- done
- echo ""
-
- if [ "$lgtm_status" != "success" ]; then
- lgtm_message=$(jq -r '.["status-message"]' lgtm.res)
- echo "Code review failed: ${lgtm_message}"
- exit 1
- fi
- lgtm_new=$(jq -r '.languages[].new' lgtm.res | awk '{t+=$1} END {print t}')
- lgtm_fixed=$(jq -r '.languages[].fixed' lgtm.res | awk '{t+=$1} END {print t}')
- echo -n "Code review complete: "
- printf "%b\n" "\e[1;31m${lgtm_new}\e[0m new alerts, \e[1;32m${lgtm_fixed}\e[0m fixed"
- exit $lgtm_new
- fi
- ;;
*)
echo "$0: unknown test $TEST" >&2
exit 1
projects / thirdparty / strongswan.git / commitdiff
