Nightly static code analysis #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Nightly static code analysis | |
on: | |
workflow_dispatch: | |
schedule: | |
- cron: '30 0 * * *' | |
jobs: | |
tics: | |
runs-on: ubuntu-22.04 | |
env: | |
GOPATH: ${{ github.workspace }} | |
# Set PATH to ignore the load of magic binaries from /usr/local/bin and | |
# to use the go snap automatically. Note that we install go from the | |
# snap in a step below. Without this we get the GitHub-controlled latest | |
# version of go. | |
PATH: /snap/bin:/usr/sbin:/usr/bin:/sbin:/bin:/usr/games:${{ github.workspace }}/bin | |
GOROOT: "" | |
strategy: | |
matrix: | |
gochannel: | |
- 1.18 | |
unit-scenario: | |
- normal | |
steps: | |
- name: Checkout code | |
uses: actions/checkout@v3 | |
with: | |
# needed for git commit history | |
fetch-depth: 0 | |
# NOTE: checkout the code in a fixed location, even for forks, as this | |
# is relevant for go's import system. | |
path: ./src/github.com/snapcore/snapd | |
- name: Download Debian dependencies | |
run: | | |
sudo apt clean | |
sudo apt update | |
sudo apt build-dep -y "${{ github.workspace }}/src/github.com/snapcore/snapd" | |
- name: Install the go snap | |
run: | | |
sudo snap install --classic --channel="${{ matrix.gochannel }}" go | |
- name: Get deps | |
run: | | |
cd "${{ github.workspace }}/src/github.com/snapcore/snapd" | |
./get-deps.sh | |
- name: Build C | |
run: | | |
cd "${{ github.workspace }}/src/github.com/snapcore/snapd/cmd" | |
./autogen.sh | |
make -j$(nproc) | |
- name: Build Go | |
run: | | |
go build github.com/snapcore/snapd/... | |
- name: Test C | |
run: | | |
cd "${{ github.workspace }}/src/github.com/snapcore/snapd/cmd" | |
make check | |
- name: Reset code coverage data | |
run: | | |
rm -rf "${{ github.workspace }}/src/github.com/snapcore/snapd/.coverage" | |
- name: Test Go with coverage | |
run: | | |
go install github.com/boumenot/gocover-cobertura@latest | |
cd "${{ github.workspace }}/src/github.com/snapcore/snapd" | |
COVERAGE_OUT=.coverage/coverage.txt ./run-checks --unit | |
gocover-cobertura < .coverage/coverage.txt > .coverage/coverage.xml | |
- name: Install TICS dependencies | |
run: | | |
sudo snap refresh --channel=latest/stable go | |
go install honnef.co/go/tools/cmd/staticcheck@latest | |
- name: TICS scan | |
run: | | |
set -x | |
export TICSAUTHTOKEN="${{ secrets.TICSAUTHTOKEN }}" | |
# Install and run TICS | |
curl --silent --show-error "https://canonical.tiobe.com/tiobeweb/TICS/api/public/v1/fapi/installtics/Script?cfg=default&platform=linux&url=https://canonical.tiobe.com/tiobeweb/TICS/" > install_tics.sh | |
. ./install_tics.sh | |
TICSQServer -project snapd -tmpdir /tmp/tics -branchdir "${{ github.workspace }}/src/github.com/snapcore/snapd" | |
tar -cvzf tics-logs.tar.gz /tmp/tics | |
- name: Uploading TICS logs | |
uses: actions/upload-artifact@v4 | |
with: | |
name: tics-logs.tar.gz | |
path: tics-logs.tar.gz |