From: Victor Julien Date: Mon, 24 Apr 2023 05:25:25 +0000 (+0200) Subject: github: add scan-build workflow X-Git-Tag: suricata-7.0.0-rc2~359 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=efeaa6e2c7f17307534fd852ad5776e04f62fdc1;p=thirdparty%2Fsuricata.git github: add scan-build workflow Add scan-build workflow that fails on any warning. Exclude libhtp as there is still one open issue there. --- diff --git a/.github/workflows/scan-build.yml b/.github/workflows/scan-build.yml new file mode 100644 index 0000000000..710005d0a3 --- /dev/null +++ b/.github/workflows/scan-build.yml @@ -0,0 +1,70 @@ +name: Scan-build + +on: + - push + - pull_request + +jobs: + scan-build: + name: Scan-build + runs-on: ubuntu-latest + container: ubuntu:23.04 + steps: + - name: Cache scan-build + uses: actions/cache@9b0c1fce7a93df8e3bb8926b0d6e9d89e92f20a7 + with: + path: ~/.cargo + key: scan-build + + - name: Install system packages + run: | + apt update + apt -y install \ + libpcre2-dev \ + build-essential \ + autoconf \ + automake \ + cargo \ + cbindgen \ + clang-16 \ + clang-tools-16 \ + git \ + jq \ + libtool \ + libpcap-dev \ + libnet1-dev \ + libyaml-0-2 \ + libyaml-dev \ + libcap-ng-dev \ + libcap-ng0 \ + libmagic-dev \ + libnetfilter-queue-dev \ + libnetfilter-queue1 \ + libnfnetlink-dev \ + libnfnetlink0 \ + libnuma-dev \ + libhiredis-dev \ + libhyperscan-dev \ + liblua5.1-dev \ + libjansson-dev \ + libevent-dev \ + libevent-pthreads-2.1-7 \ + libjansson-dev \ + llvm-16-dev \ + make \ + parallel \ + python3-yaml \ + rustc \ + software-properties-common \ + zlib1g \ + zlib1g-dev + - uses: actions/checkout@v3.3.0 + - run: ./scripts/bundle.sh + - run: ./autogen.sh + - run: scan-build-16 ./configure + env: + CC: clang-16 + # exclude libhtp from the analysis + - run: scan-build-16 --status-bugs --exclude libhtp/ make + env: + CC: clang-16