From: Remi Gacogne Date: Fri, 13 Oct 2023 11:22:14 +0000 (+0200) Subject: CodeQL: Fix analysis X-Git-Tag: rec-5.0.0-beta1~23^2~10 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=825560a1c8fb99fbd28518a7a43bf0e6ceeb87c3;p=thirdparty%2Fpdns.git CodeQL: Fix analysis --- diff --git a/.github/workflows/build-and-test-all.yml b/.github/workflows/build-and-test-all.yml index 22b31a6635..104adde128 100644 --- a/.github/workflows/build-and-test-all.yml +++ b/.github/workflows/build-and-test-all.yml @@ -19,6 +19,7 @@ env: COVERAGE: yes LLVM_PROFILE_FILE: "/tmp/code-%p.profraw" OPTIMIZATIONS: yes + DECAF_SUPPORT: yes jobs: build-auth: diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index 381a7bc6d8..3857c01e0d 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -37,8 +37,9 @@ jobs: COVERAGE: no OPTIMIZATIONS: no # for clang-tidy only, not compilation - CLANG_VERSION: '15' + CLANG_VERSION: '14' REPO_HOME: ${{ github.workspace }} + DECAF_SUPPORT: no outputs: clang-tidy-annotations-auth: ${{ steps.clang-tidy-annotations-auth.outputs.failed }} @@ -54,11 +55,6 @@ jobs: # a pull request then we can checkout the head. fetch-depth: 2 - # Python is required for building the Authoritative server - - uses: actions/setup-python@v4 - with: - python-version: '3.8' - # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 @@ -88,9 +84,9 @@ jobs: run: | sudo apt-get update - - name: Update repository metadata + - name: Install python invoke and needed libs run: | - sudo apt-get -qq -y --no-install-recommends install python3-pip python3-invoke + sudo apt-get -qq -y --no-install-recommends install python3 python3-pip python3-invoke python3-git python3-unidiff ccache - name: Install clang-tidy tools run: | @@ -113,9 +109,14 @@ jobs: run: | inv ci-auth-make-bear - run: ln -s .clang-tidy.full .clang-tidy + if: matrix.product == 'auth' + - run: cp ./pdns/compile_commands.json . + if: matrix.product == 'auth' + - run: cat compile_commands.json + if: matrix.product == 'auth' - name: Run clang-tidy for auth if: matrix.product == 'auth' - run: git diff -U0 HEAD^..HEAD | python3 .github/scripts/git-filter.py | clang-tidy-diff -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p1 -export-fixes clang-tidy-auth.yml + run: git diff -U0 HEAD^..HEAD | python3 .github/scripts/git-filter.py | /usr/bin/clang-tidy-diff-${CLANG_VERSION}.py -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p1 -export-fixes clang-tidy-auth.yml - name: Print clang-tidy fixes YAML for auth if: matrix.product == 'auth' shell: bash @@ -143,6 +144,12 @@ jobs: working-directory: ./pdns/dnsdistdist/ run: | inv ci-autoconf + - run: inv ci-install-rust ${{ env.REPO_HOME }} + if: matrix.product == 'dnsdist' + working-directory: ./pdns/dnsdistdist/ + - run: inv ci-build-and-install-quiche + if: matrix.product == 'dnsdist' + working-directory: ./pdns/dnsdistdist/ - name: Configure dnsdist if: matrix.product == 'dnsdist' working-directory: ./pdns/dnsdistdist/ @@ -153,15 +160,17 @@ jobs: working-directory: ./pdns/dnsdistdist/ run: | inv ci-dnsdist-make-bear - - run: ln -s ../../.clang-tidy.full .clang-tidy - working-directory: ./pdns/dnsdistdist/ + - run: ln -s .clang-tidy.full .clang-tidy + if: matrix.product == 'dnsdist' + - run: cp ./pdns/dnsdistdist/compile_commands.json . + if: matrix.product == 'dnsdist' + - run: cat compile_commands.json + if: matrix.product == 'dnsdist' - name: Run clang-tidy for dnsdist if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ - run: git diff -U0 HEAD^..HEAD | python3 ../../.github/scripts/git-filter.py | clang-tidy-diff -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p1 -export-fixes clang-tidy-dnsdist.yml + run: git diff -U0 HEAD^..HEAD | python3 .github/scripts/git-filter.py | /usr/bin/clang-tidy-diff-${CLANG_VERSION}.py -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p1 -export-fixes clang-tidy-dnsdist.yml - name: Print clang-tidy fixes YAML for dnsdist if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ shell: bash run: | if [ -f clang-tidy-dnsdist.yml ]; then @@ -169,7 +178,6 @@ jobs: fi - name: Result annotations for dnsdist if: matrix.product == 'dnsdist' - working-directory: ./pdns/dnsdistdist/ id: clang-tidy-annotations-dnsdist shell: bash run: | @@ -184,6 +192,7 @@ jobs: run: | inv install-rec-build-deps - run: inv ci-install-rust ${{ env.REPO_HOME }} + if: matrix.product == 'rec' working-directory: ./pdns/recursordist/ - name: Autoreconf rec if: matrix.product == 'rec' @@ -200,15 +209,17 @@ jobs: working-directory: ./pdns/recursordist/ run: | inv ci-rec-make-bear - - run: ln -s ../../.clang-tidy.full .clang-tidy - working-directory: ./pdns/recursordist/ + - run: ln -s .clang-tidy.full .clang-tidy + if: matrix.product == 'rec' + - run: cp ./pdns/recursordist/compile_commands.json . + if: matrix.product == 'rec' + - run: cat compile_commands.json + if: matrix.product == 'rec' - name: Run clang-tidy for rec if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ - run: git diff -U0 HEAD^..HEAD | python3 ../../.github/scripts/git-filter.py | clang-tidy-diff -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p1 -export-fixes clang-tidy-rec.yml + run: git diff -U0 HEAD^..HEAD | python3 .github/scripts/git-filter.py | /usr/bin/clang-tidy-diff-${CLANG_VERSION}.py -clang-tidy-binary /usr/bin/clang-tidy-${CLANG_VERSION} -extra-arg=-ferror-limit=0 -p1 -export-fixes clang-tidy-rec.yml - name: Print clang-tidy fixes YAML for rec if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ shell: bash run: | if [ -f clang-tidy-rec.yml ]; then @@ -216,7 +227,6 @@ jobs: fi - name: Result annotations for rec if: matrix.product == 'rec' - working-directory: ./pdns/recursordist/ id: clang-tidy-annotations-rec shell: bash run: | diff --git a/tasks.py b/tasks.py index 5f14fad837..0d98603ab2 100644 --- a/tasks.py +++ b/tasks.py @@ -203,7 +203,8 @@ def install_doc_deps_pdf(c): @task def install_auth_build_deps(c): c.sudo('apt-get install -y --no-install-recommends ' + ' '.join(all_build_deps + git_build_deps + auth_build_deps)) - install_libdecaf(c, 'pdns-auth') + if os.getenv('DECAF_SUPPORT', 'no') == 'yes': + install_libdecaf(c, 'pdns-auth') def is_coverage_enabled(): sanitizers = os.getenv('SANITIZERS') @@ -266,9 +267,10 @@ def install_auth_test_deps(c, backend): # FIXME: rename this, we do way more tha # FIXME we may want to start a background recursor here to make ALIAS tests more robust setup_authbind(c) - # Copy libdecaf out - c.sudo('mkdir -p /usr/local/lib') - c.sudo('cp /opt/pdns-auth/libdecaf/libdecaf.so* /usr/local/lib/.') + if os.getenv('DECAF_SUPPORT', 'no') == 'yes': + # Copy libdecaf out + c.sudo('mkdir -p /usr/local/lib') + c.sudo('cp /opt/pdns-auth/libdecaf/libdecaf.so* /usr/local/lib/.') @task def install_rec_bulk_deps(c): # FIXME: rename this, we do way more than apt-get @@ -459,7 +461,7 @@ def ci_auth_configure(c): "--enable-experimental-gss-tsig", "--enable-remotebackend-zeromq", "--with-lmdb=/usr", - "--with-libdecaf", + "--with-libdecaf" if os.getenv('DECAF_SUPPORT', 'no') == 'yes' else '', "--prefix=/opt/pdns-auth", "--enable-ixfrdist", sanitizers,