[llvm] [workflows] Add post-commit job that periodically runs the clang static analyzer (PR #94106)
Tom Stellard via llvm-commits
llvm-commits at lists.llvm.org
Wed Jun 5 12:35:11 PDT 2024
https://github.com/tstellar updated https://github.com/llvm/llvm-project/pull/94106
>From 2a7b8b7447173f398eb07c96c854e1ed0c78f379 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 1 Jun 2024 07:22:16 +0000
Subject: [PATCH 1/5] [workflows] Add post-commit job that runs the clang
static analyzer
OpenSSF Best Practices recoomends running a static analyzer on software
before it is released: https://www.bestpractices.dev/en/criteria/0#0.static_analysis
---
.github/workflows/ci-post-commit-analyzer.yml | 64 +++++++++++++++++++
1 file changed, 64 insertions(+)
create mode 100644 .github/workflows/ci-post-commit-analyzer.yml
diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
new file mode 100644
index 0000000000000..b7ee832b8e8ea
--- /dev/null
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -0,0 +1,64 @@
+name: Post-Commit Static Analyzer
+
+permissions:
+ contents: read
+
+on:
+ push:
+ branches:
+ - 'release/**'
+ paths:
+ - 'llvm/**'
+ pull_request:
+ paths:
+ - '.github/workflows/ci-post-commit-analyzer.yml'
+ schedule:
+ - cron: '30 0 * * *'
+
+concurrency:
+ group: >-
+ llvm-project-${{ github.workflow }}-${{ github.event_name == 'pull_request' &&
+ ( github.event.pull_request.number || github.ref) }}
+ cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
+
+jobs:
+ post-commit-analyzer:
+ if: >-
+ github.repository_owner == 'llvm' &&
+ github.event.action != 'closed'
+ runs-on: ubuntu-22.04
+ steps:
+ - name: Checkout Source
+ uses: actions/checkout at b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+ - name: Install Dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install \
+ cmake \
+ ninja-build \
+ perl \
+ clang-tools \
+ clang
+
+ - name: Configure
+ run: |
+ scan-build \
+ --use-c++=clang++ \
+ --use-cc=clang \
+ cmake -B build -S llvm -G Ninja \
+ -DLLVM_ENABLE_ASSERTIONS=ON \
+ -DLLVM_BUILD_LLVM_DYLIB=ON \
+ -DLLVM_LINK_LLVM_DYLIB=ON \
+ -DCMAKE_BUILD_TYPE=Release
+
+ - name: Build
+ run: |
+ scan-build -o analyzer-results --use-c++=clang++ --use-cc=clang ninja -v -C build
+
+ - name: Upload Results
+ uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ with:
+ name: analyzer-results
+ path: 'analyzer-results/**/*'
+
>From fe82839b116a8612afd385cf1ce2461be05b0bf5 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 1 Jun 2024 10:14:07 +0000
Subject: [PATCH 2/5] Use apt.llvm.org for the latest packages
---
.github/workflows/ci-post-commit-analyzer.yml | 12 ++++++++----
1 file changed, 8 insertions(+), 4 deletions(-)
diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index b7ee832b8e8ea..7b7d5c3126aea 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -27,23 +27,27 @@ jobs:
github.repository_owner == 'llvm' &&
github.event.action != 'closed'
runs-on: ubuntu-22.04
+ env:
+ LLVM_VERSION: 18
steps:
- name: Checkout Source
uses: actions/checkout at b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Dependencies
run: |
+ sudo echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" | sudo tee -a /etc/apt/sources.list.d/llvm.list
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
sudo apt-get update
sudo apt-get install \
cmake \
ninja-build \
perl \
- clang-tools \
- clang
+ clang-tools-$LLVM_VERSION \
+ clang-$LLVM_VERSION
- name: Configure
run: |
- scan-build \
+ scan-build-$LLVM_VERSION \
--use-c++=clang++ \
--use-cc=clang \
cmake -B build -S llvm -G Ninja \
@@ -54,7 +58,7 @@ jobs:
- name: Build
run: |
- scan-build -o analyzer-results --use-c++=clang++ --use-cc=clang ninja -v -C build
+ scan-build-$LLVM_VERSION -o analyzer-results --use-c++=clang++ --use-cc=clang ninja -v -C build
- name: Upload Results
uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
>From ac70506508aecae24f2785ad3ac93a0bf69106f4 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 1 Jun 2024 10:18:29 +0000
Subject: [PATCH 3/5] Run workflow on pushes when the workflow file itself is
modified.
---
.github/workflows/ci-post-commit-analyzer.yml | 1 +
1 file changed, 1 insertion(+)
diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 7b7d5c3126aea..642cc6f214f84 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -9,6 +9,7 @@ on:
- 'release/**'
paths:
- 'llvm/**'
+ - '.github/workflows/ci-post-commit-analyzer.yml'
pull_request:
paths:
- '.github/workflows/ci-post-commit-analyzer.yml'
>From 3019e707ac626155113a71c9e783db0cb0e5cd8b Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Tue, 4 Jun 2024 00:03:50 +0000
Subject: [PATCH 4/5] Also test clang
Added ccache support and used our pre-built clang to help speed up the
build. Also passing -analyzer-config max-nodes=75000 to scan-build now.
---
.github/workflows/ci-post-commit-analyzer.yml | 53 ++++++++++++++++---
1 file changed, 46 insertions(+), 7 deletions(-)
diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 642cc6f214f84..833e10a0a467f 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -11,6 +11,11 @@ on:
- 'llvm/**'
- '.github/workflows/ci-post-commit-analyzer.yml'
pull_request:
+ types:
+ - opened
+ - synchronize
+ - reopened
+ - closed
paths:
- '.github/workflows/ci-post-commit-analyzer.yml'
schedule:
@@ -28,6 +33,8 @@ jobs:
github.repository_owner == 'llvm' &&
github.event.action != 'closed'
runs-on: ubuntu-22.04
+ container:
+ image: 'ghcr.io/llvm/ci-ubuntu-22.04:latest'
env:
LLVM_VERSION: 18
steps:
@@ -35,34 +42,66 @@ jobs:
uses: actions/checkout at b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Install Dependencies
+ env:
+ DEBIAN_FRONTEND: noninteractive
run: |
- sudo echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" | sudo tee -a /etc/apt/sources.list.d/llvm.list
- wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
- sudo apt-get update
- sudo apt-get install \
+ apt-get update
+ apt-get -y install \
+ wget \
+ gnupg
+ echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" | tee -a /etc/apt/sources.list.d/llvm.list
+ wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+ apt-get update
+ apt-get -y install \
cmake \
ninja-build \
perl \
clang-tools-$LLVM_VERSION \
clang-$LLVM_VERSION
+ - name: Setup ccache
+ uses: hendrikmuhs/ccache-action at v1
+ with:
+ # A full build of llvm, clang, lld, and lldb takes about 250MB
+ # of ccache space. There's not much reason to have more than this,
+ # because we usually won't need to save cache entries from older
+ # builds. Also, there is an overall 10GB cache limit, and each
+ # run creates a new cache entry so we want to ensure that we have
+ # enough cache space for all the tests to run at once and still
+ # fit under the 10 GB limit.
+ # Default to 2G to workaround: https://github.com/hendrikmuhs/ccache-action/issues/174
+ max-size: 2G
+ key: post-commit-analyzer
+ variant: ccache
+
- name: Configure
run: |
scan-build-$LLVM_VERSION \
- --use-c++=clang++ \
- --use-cc=clang \
+ --use-c++='clang++' \
+ --use-cc='clang' \
+ -analyzer-config max-nodes=75000 \
cmake -B build -S llvm -G Ninja \
-DLLVM_ENABLE_ASSERTIONS=ON \
+ -DLLVM_ENABLE_PROJECTS=clang \
-DLLVM_BUILD_LLVM_DYLIB=ON \
-DLLVM_LINK_LLVM_DYLIB=ON \
-DCMAKE_BUILD_TYPE=Release
- name: Build
run: |
- scan-build-$LLVM_VERSION -o analyzer-results --use-c++=clang++ --use-cc=clang ninja -v -C build
+ # Create symlinks for use with ccache.
+ ln -s /usr/bin/ccache /usr/local/bin/clang++
+ ln -s /usr/bin/ccache /usr/local/bin/clang
+ scan-build-$LLVM_VERSION \
+ -o analyzer-results \
+ --use-c++=/usr/local/bin/clang++ \
+ --use-cc=/usr/local/bin/clang \
+ -analyzer-config max-nodes=75000 \
+ ninja -v -C build
- name: Upload Results
uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+ if: always()
with:
name: analyzer-results
path: 'analyzer-results/**/*'
>From 709feebfa1b362acdfe4d1a7048c9af5161a9a16 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 1 Jun 2024 07:22:49 +0000
Subject: [PATCH 5/5] XXX: Debug
---
.github/workflows/ci-post-commit-analyzer.yml | 1 -
1 file changed, 1 deletion(-)
diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 833e10a0a467f..7e0b6b3668aa8 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -30,7 +30,6 @@ concurrency:
jobs:
post-commit-analyzer:
if: >-
- github.repository_owner == 'llvm' &&
github.event.action != 'closed'
runs-on: ubuntu-22.04
container:
More information about the llvm-commits
mailing list