[llvm] [workflows] Add post-commit job that periodically runs the clang static analyzer (PR #94106)

Tom Stellard via llvm-commits llvm-commits at lists.llvm.org
Fri Jun 7 19:02:34 PDT 2024


https://github.com/tstellar updated https://github.com/llvm/llvm-project/pull/94106

>From 2a7b8b7447173f398eb07c96c854e1ed0c78f379 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 1 Jun 2024 07:22:16 +0000
Subject: [PATCH 01/13] [workflows] Add post-commit job that runs the clang
 static analyzer

OpenSSF Best Practices recoomends running a static analyzer on software
before it is released: https://www.bestpractices.dev/en/criteria/0#0.static_analysis
---
 .github/workflows/ci-post-commit-analyzer.yml | 64 +++++++++++++++++++
 1 file changed, 64 insertions(+)
 create mode 100644 .github/workflows/ci-post-commit-analyzer.yml

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
new file mode 100644
index 0000000000000..b7ee832b8e8ea
--- /dev/null
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -0,0 +1,64 @@
+name: Post-Commit Static Analyzer
+
+permissions:
+  contents: read
+
+on:
+  push:
+    branches:
+      - 'release/**'
+    paths:
+      - 'llvm/**'
+  pull_request:
+    paths:
+      - '.github/workflows/ci-post-commit-analyzer.yml'
+  schedule:
+    - cron: '30 0 * * *'
+
+concurrency:
+  group: >-
+    llvm-project-${{ github.workflow }}-${{ github.event_name == 'pull_request' &&
+      ( github.event.pull_request.number || github.ref) }}
+  cancel-in-progress: ${{ startsWith(github.ref, 'refs/pull/') }}
+
+jobs:
+  post-commit-analyzer:
+    if: >-
+      github.repository_owner == 'llvm' &&
+      github.event.action != 'closed'
+    runs-on: ubuntu-22.04
+    steps:
+      - name: Checkout Source
+        uses: actions/checkout at b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
+
+      - name: Install Dependencies
+        run: |
+          sudo apt-get update
+          sudo apt-get install \
+            cmake \
+            ninja-build \
+            perl \
+            clang-tools \
+            clang
+
+      - name: Configure
+        run: |
+          scan-build \
+              --use-c++=clang++ \
+              --use-cc=clang \
+              cmake -B build -S llvm -G Ninja \
+                  -DLLVM_ENABLE_ASSERTIONS=ON \
+                  -DLLVM_BUILD_LLVM_DYLIB=ON \
+                  -DLLVM_LINK_LLVM_DYLIB=ON \
+                  -DCMAKE_BUILD_TYPE=Release
+
+      - name: Build
+        run: |
+           scan-build -o analyzer-results --use-c++=clang++ --use-cc=clang ninja -v -C build
+
+      - name: Upload Results
+        uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+        with:
+          name: analyzer-results
+          path: 'analyzer-results/**/*'
+

>From fe82839b116a8612afd385cf1ce2461be05b0bf5 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 1 Jun 2024 10:14:07 +0000
Subject: [PATCH 02/13] Use apt.llvm.org for the latest packages

---
 .github/workflows/ci-post-commit-analyzer.yml | 12 ++++++++----
 1 file changed, 8 insertions(+), 4 deletions(-)

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index b7ee832b8e8ea..7b7d5c3126aea 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -27,23 +27,27 @@ jobs:
       github.repository_owner == 'llvm' &&
       github.event.action != 'closed'
     runs-on: ubuntu-22.04
+    env:
+      LLVM_VERSION: 18
     steps:
       - name: Checkout Source
         uses: actions/checkout at b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Install Dependencies
         run: |
+          sudo echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" | sudo tee -a /etc/apt/sources.list.d/llvm.list
+          wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
           sudo apt-get update
           sudo apt-get install \
             cmake \
             ninja-build \
             perl \
-            clang-tools \
-            clang
+            clang-tools-$LLVM_VERSION \
+            clang-$LLVM_VERSION
 
       - name: Configure
         run: |
-          scan-build \
+          scan-build-$LLVM_VERSION \
               --use-c++=clang++ \
               --use-cc=clang \
               cmake -B build -S llvm -G Ninja \
@@ -54,7 +58,7 @@ jobs:
 
       - name: Build
         run: |
-           scan-build -o analyzer-results --use-c++=clang++ --use-cc=clang ninja -v -C build
+           scan-build-$LLVM_VERSION -o analyzer-results --use-c++=clang++ --use-cc=clang ninja -v -C build
 
       - name: Upload Results
         uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0

>From ac70506508aecae24f2785ad3ac93a0bf69106f4 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Sat, 1 Jun 2024 10:18:29 +0000
Subject: [PATCH 03/13] Run workflow on pushes when the workflow file itself is
 modified.

---
 .github/workflows/ci-post-commit-analyzer.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 7b7d5c3126aea..642cc6f214f84 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -9,6 +9,7 @@ on:
       - 'release/**'
     paths:
       - 'llvm/**'
+      - '.github/workflows/ci-post-commit-analyzer.yml'
   pull_request:
     paths:
       - '.github/workflows/ci-post-commit-analyzer.yml'

>From 3019e707ac626155113a71c9e783db0cb0e5cd8b Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Tue, 4 Jun 2024 00:03:50 +0000
Subject: [PATCH 04/13] Also test clang

Added ccache support and used our pre-built clang to help speed up the
build.  Also passing -analyzer-config max-nodes=75000 to scan-build now.
---
 .github/workflows/ci-post-commit-analyzer.yml | 53 ++++++++++++++++---
 1 file changed, 46 insertions(+), 7 deletions(-)

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 642cc6f214f84..833e10a0a467f 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -11,6 +11,11 @@ on:
       - 'llvm/**'
       - '.github/workflows/ci-post-commit-analyzer.yml'
   pull_request:
+    types:
+      - opened
+      - synchronize
+      - reopened
+      - closed
     paths:
       - '.github/workflows/ci-post-commit-analyzer.yml'
   schedule:
@@ -28,6 +33,8 @@ jobs:
       github.repository_owner == 'llvm' &&
       github.event.action != 'closed'
     runs-on: ubuntu-22.04
+    container:
+      image: 'ghcr.io/llvm/ci-ubuntu-22.04:latest'
     env:
       LLVM_VERSION: 18
     steps:
@@ -35,34 +42,66 @@ jobs:
         uses: actions/checkout at b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
       - name: Install Dependencies
+        env:
+          DEBIAN_FRONTEND: noninteractive
         run: |
-          sudo echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" | sudo tee -a /etc/apt/sources.list.d/llvm.list
-          wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
-          sudo apt-get update
-          sudo apt-get install \
+          apt-get update
+          apt-get -y install \
+            wget \
+            gnupg
+          echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" | tee -a /etc/apt/sources.list.d/llvm.list
+          wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
+          apt-get update
+          apt-get -y install \
             cmake \
             ninja-build \
             perl \
             clang-tools-$LLVM_VERSION \
             clang-$LLVM_VERSION
 
+      - name: Setup ccache
+        uses: hendrikmuhs/ccache-action at v1
+        with:
+          # A full build of llvm, clang, lld, and lldb takes about 250MB
+          # of ccache space. There's not much reason to have more than this,
+          # because we usually won't need to save cache entries from older
+          # builds.  Also, there is an overall 10GB cache limit, and each
+          # run creates a new cache entry so we want to ensure that we have
+          # enough cache space for all the tests to run at once and still
+          # fit under the 10 GB limit.
+          # Default to 2G to workaround: https://github.com/hendrikmuhs/ccache-action/issues/174
+          max-size: 2G
+          key: post-commit-analyzer
+          variant: ccache
+
       - name: Configure
         run: |
           scan-build-$LLVM_VERSION \
-              --use-c++=clang++ \
-              --use-cc=clang \
+              --use-c++='clang++' \
+              --use-cc='clang' \
+              -analyzer-config max-nodes=75000 \
               cmake -B build -S llvm -G Ninja \
                   -DLLVM_ENABLE_ASSERTIONS=ON \
+                  -DLLVM_ENABLE_PROJECTS=clang \
                   -DLLVM_BUILD_LLVM_DYLIB=ON \
                   -DLLVM_LINK_LLVM_DYLIB=ON \
                   -DCMAKE_BUILD_TYPE=Release
 
       - name: Build
         run: |
-           scan-build-$LLVM_VERSION -o analyzer-results --use-c++=clang++ --use-cc=clang ninja -v -C build
+          # Create symlinks for use with ccache.
+          ln -s /usr/bin/ccache /usr/local/bin/clang++
+          ln -s /usr/bin/ccache /usr/local/bin/clang
+          scan-build-$LLVM_VERSION \
+              -o analyzer-results \
+              --use-c++=/usr/local/bin/clang++ \
+              --use-cc=/usr/local/bin/clang \
+              -analyzer-config max-nodes=75000 \
+              ninja -v -C build
 
       - name: Upload Results
         uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
+        if: always()
         with:
           name: analyzer-results
           path: 'analyzer-results/**/*'

>From 5b25b45a313bff396d251f8b0e0e8b430e035c46 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Wed, 5 Jun 2024 20:04:34 +0000
Subject: [PATCH 05/13] Replace scan-build with a simple script

---
 .../ci-post-commit-analyzer-launcher.sh       |  4 +++
 .github/workflows/ci-post-commit-analyzer.yml | 30 +++++--------------
 2 files changed, 12 insertions(+), 22 deletions(-)
 create mode 100755 .github/workflows/ci-post-commit-analyzer-launcher.sh

diff --git a/.github/workflows/ci-post-commit-analyzer-launcher.sh b/.github/workflows/ci-post-commit-analyzer-launcher.sh
new file mode 100755
index 0000000000000..bccd91ffe79b9
--- /dev/null
+++ b/.github/workflows/ci-post-commit-analyzer-launcher.sh
@@ -0,0 +1,4 @@
+#!/bin/sh
+ccache "$@"
+"$@" --analyze --analyzer-output html -o analyzer-results \
+     -Xclang -analyzer-config -Xclang max-nodes=75000
diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 833e10a0a467f..d4b9da26e6d9c 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -45,19 +45,12 @@ jobs:
         env:
           DEBIAN_FRONTEND: noninteractive
         run: |
-          apt-get update
-          apt-get -y install \
-            wget \
-            gnupg
-          echo "deb http://apt.llvm.org/jammy/ llvm-toolchain-jammy-18 main" | tee -a /etc/apt/sources.list.d/llvm.list
-          wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | apt-key add -
           apt-get update
           apt-get -y install \
             cmake \
             ninja-build \
             perl \
-            clang-tools-$LLVM_VERSION \
-            clang-$LLVM_VERSION
+            clang-tools
 
       - name: Setup ccache
         uses: hendrikmuhs/ccache-action at v1
@@ -76,33 +69,26 @@ jobs:
 
       - name: Configure
         run: |
-          scan-build-$LLVM_VERSION \
-              --use-c++='clang++' \
-              --use-cc='clang' \
-              -analyzer-config max-nodes=75000 \
               cmake -B build -S llvm -G Ninja \
                   -DLLVM_ENABLE_ASSERTIONS=ON \
                   -DLLVM_ENABLE_PROJECTS=clang \
                   -DLLVM_BUILD_LLVM_DYLIB=ON \
                   -DLLVM_LINK_LLVM_DYLIB=ON \
+                  -DCMAKE_CXX_COMPILER=clang++ \
+                  -DCMAKE_C_COMPILER=clang \
+                  -DCMAKE_CXX_COMPILER_LAUNCHER=`pwd`/.github/workflows/ci-post-commit-analyzer-launcher.sh \
+                  -DCMAKE_C_COMPILER_LAUNCHER=`pwd`/.github/workflows/ci-post-commit-analyzer-launcher.sh \
                   -DCMAKE_BUILD_TYPE=Release
 
       - name: Build
         run: |
-          # Create symlinks for use with ccache.
-          ln -s /usr/bin/ccache /usr/local/bin/clang++
-          ln -s /usr/bin/ccache /usr/local/bin/clang
-          scan-build-$LLVM_VERSION \
-              -o analyzer-results \
-              --use-c++=/usr/local/bin/clang++ \
-              --use-cc=/usr/local/bin/clang \
-              -analyzer-config max-nodes=75000 \
-              ninja -v -C build
+          ninja -v -C build
+          scan-build --generate-index-only build/analyzer-results
 
       - name: Upload Results
         uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0
         if: always()
         with:
           name: analyzer-results
-          path: 'analyzer-results/**/*'
+          path: 'build/analyzer-results/**/*'
 

>From 31b147e36e13f2cad93ff98a13ae8b5770e04c54 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Wed, 5 Jun 2024 23:41:34 +0000
Subject: [PATCH 06/13] Fix artifact path

---
 .github/workflows/ci-post-commit-analyzer.yml | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index d4b9da26e6d9c..3e4a04fb57311 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -90,5 +90,5 @@ jobs:
         if: always()
         with:
           name: analyzer-results
-          path: 'build/analyzer-results/**/*'
+          path: 'build/analyzer-results/*'
 

>From 05aca639ce06843beb3747e1a14be16a40cfe5c9 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Thu, 6 Jun 2024 00:25:27 +0000
Subject: [PATCH 07/13] No longer need to install dependencies

---
 .github/workflows/ci-post-commit-analyzer.yml | 14 ++------------
 1 file changed, 2 insertions(+), 12 deletions(-)

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 3e4a04fb57311..64206ad16b75b 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -41,17 +41,6 @@ jobs:
       - name: Checkout Source
         uses: actions/checkout at b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
 
-      - name: Install Dependencies
-        env:
-          DEBIAN_FRONTEND: noninteractive
-        run: |
-          apt-get update
-          apt-get -y install \
-            cmake \
-            ninja-build \
-            perl \
-            clang-tools
-
       - name: Setup ccache
         uses: hendrikmuhs/ccache-action at v1
         with:
@@ -83,7 +72,8 @@ jobs:
       - name: Build
         run: |
           ninja -v -C build
-          scan-build --generate-index-only build/analyzer-results
+          # TODO: Use scan-build from container once we have new container builds with scan-build.
+          ./clang/tools/scan-build/bin/scan-build --generate-index-only build/analyzer-results
 
       - name: Upload Results
         uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0

>From 43e286cf3e5a7e4ba1265da1038d43537e382b82 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Thu, 6 Jun 2024 00:44:13 +0000
Subject: [PATCH 08/13] Run job on prs that modify clang

---
 .github/workflows/ci-post-commit-analyzer.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 64206ad16b75b..30996f600ccee 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -8,6 +8,7 @@ on:
     branches:
       - 'release/**'
     paths:
+      - 'clang/**'
       - 'llvm/**'
       - '.github/workflows/ci-post-commit-analyzer.yml'
   pull_request:

>From f6e92d7e6735752f36f7061b2f5d58ceb379fb62 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Thu, 6 Jun 2024 20:57:23 +0000
Subject: [PATCH 09/13] Run the analyzer after the build

Also continue analyzing if one job fails.
---
 .../ci-post-commit-analyzer-launcher.sh       |  4 ---
 .../workflows/ci-post-commit-analyzer-run.py  | 27 +++++++++++++++++++
 .github/workflows/ci-post-commit-analyzer.yml | 18 ++++++++++---
 3 files changed, 41 insertions(+), 8 deletions(-)
 delete mode 100755 .github/workflows/ci-post-commit-analyzer-launcher.sh
 create mode 100644 .github/workflows/ci-post-commit-analyzer-run.py

diff --git a/.github/workflows/ci-post-commit-analyzer-launcher.sh b/.github/workflows/ci-post-commit-analyzer-launcher.sh
deleted file mode 100755
index bccd91ffe79b9..0000000000000
--- a/.github/workflows/ci-post-commit-analyzer-launcher.sh
+++ /dev/null
@@ -1,4 +0,0 @@
-#!/bin/sh
-ccache "$@"
-"$@" --analyze --analyzer-output html -o analyzer-results \
-     -Xclang -analyzer-config -Xclang max-nodes=75000
diff --git a/.github/workflows/ci-post-commit-analyzer-run.py b/.github/workflows/ci-post-commit-analyzer-run.py
new file mode 100644
index 0000000000000..8a41d6c3ba949
--- /dev/null
+++ b/.github/workflows/ci-post-commit-analyzer-run.py
@@ -0,0 +1,27 @@
+import json
+import multiprocessing
+import os
+import re
+import subprocess
+import sys
+
+def run_analyzer(data):
+    os.chdir(data['directory'])
+    command = data['command'] + f' --analyze --analyzer-output html -o analyzer-results -Xclang -analyzer-config -Xclang max-nodes=75000'
+    print(command)
+    subprocess.run(command, shell=True, check=True)
+
+def pool_error(e):
+    print("Error analyzing file:", e)
+
+def main():
+    db_path = sys.argv[1]
+    database = json.load(open(db_path))
+
+    with multiprocessing.Pool() as pool:
+        pool.map_async(run_analyzer, [k for k in database], error_callback=pool_error)
+        pool.close()
+        pool.join()
+
+if __name__ == "__main__":
+    main()
diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 30996f600ccee..27174e9ec5b77 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -55,7 +55,7 @@ jobs:
           # Default to 2G to workaround: https://github.com/hendrikmuhs/ccache-action/issues/174
           max-size: 2G
           key: post-commit-analyzer
-          variant: ccache
+          variant: sccache
 
       - name: Configure
         run: |
@@ -66,13 +66,23 @@ jobs:
                   -DLLVM_LINK_LLVM_DYLIB=ON \
                   -DCMAKE_CXX_COMPILER=clang++ \
                   -DCMAKE_C_COMPILER=clang \
-                  -DCMAKE_CXX_COMPILER_LAUNCHER=`pwd`/.github/workflows/ci-post-commit-analyzer-launcher.sh \
-                  -DCMAKE_C_COMPILER_LAUNCHER=`pwd`/.github/workflows/ci-post-commit-analyzer-launcher.sh \
+                  -DCMAKE_CXX_COMPILER_LAUNCHER=sccache \
+                  -DCMAKE_C_COMPILER_LAUNCHER=sccache \
+                  -DCMAKE_EXPORT_COMPILE_COMMANDS=ON \
+                  -DLLVM_INCLUDE_TESTS=OFF \
+                  -DCLANG_INCLUDE_TESTS=OFF \
                   -DCMAKE_BUILD_TYPE=Release
 
       - name: Build
         run: |
-          ninja -v -C build
+          # FIXME: We need to build all the generated header files in order to be able to run
+          # the analyzer on every file.  Building libLLVM and libclang is probably overkill for
+          # this, but it's better than building every target.
+          ninja -v -C build libLLVM.so libclang.so
+
+          # Run the analyzer.
+          python3 .github/workflows/ci-post-commit-analyzer-run.py build/compile_commands.json
+
           # TODO: Use scan-build from container once we have new container builds with scan-build.
           ./clang/tools/scan-build/bin/scan-build --generate-index-only build/analyzer-results
 

>From 24d616f99234bcaceab33f5d0bb486c02e4f2216 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Thu, 6 Jun 2024 21:49:59 +0000
Subject: [PATCH 10/13] Fix python formatting

---
 .github/workflows/ci-post-commit-analyzer-run.py | 11 +++++++++--
 1 file changed, 9 insertions(+), 2 deletions(-)

diff --git a/.github/workflows/ci-post-commit-analyzer-run.py b/.github/workflows/ci-post-commit-analyzer-run.py
index 8a41d6c3ba949..88e8c5b87350e 100644
--- a/.github/workflows/ci-post-commit-analyzer-run.py
+++ b/.github/workflows/ci-post-commit-analyzer-run.py
@@ -5,15 +5,21 @@
 import subprocess
 import sys
 
+
 def run_analyzer(data):
-    os.chdir(data['directory'])
-    command = data['command'] + f' --analyze --analyzer-output html -o analyzer-results -Xclang -analyzer-config -Xclang max-nodes=75000'
+    os.chdir(data["directory"])
+    command = (
+        data["command"] 
+        + f" --analyze --analyzer-output html -o analyzer-results -Xclang -analyzer-config -Xclang max-nodes=75000"
+    )
     print(command)
     subprocess.run(command, shell=True, check=True)
 
+
 def pool_error(e):
     print("Error analyzing file:", e)
 
+
 def main():
     db_path = sys.argv[1]
     database = json.load(open(db_path))
@@ -23,5 +29,6 @@ def main():
         pool.close()
         pool.join()
 
+
 if __name__ == "__main__":
     main()

>From 4c79c2e046a6da0609c8c3223930290bb53fd5f6 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Thu, 6 Jun 2024 21:52:42 +0000
Subject: [PATCH 11/13] Run on PR's that touch the python script

---
 .github/workflows/ci-post-commit-analyzer.yml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index 27174e9ec5b77..b327ecd0d254b 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -19,6 +19,7 @@ on:
       - closed
     paths:
       - '.github/workflows/ci-post-commit-analyzer.yml'
+      - '.github/workflows/ci-post-commit-analyzer-run.py'
   schedule:
     - cron: '30 0 * * *'
 

>From 7b8e023ea884b5e865caa206997639874c662db4 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Thu, 6 Jun 2024 22:12:45 +0000
Subject: [PATCH 12/13] Fix formatting

---
 .github/workflows/ci-post-commit-analyzer-run.py | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/.github/workflows/ci-post-commit-analyzer-run.py b/.github/workflows/ci-post-commit-analyzer-run.py
index 88e8c5b87350e..e5f52d3b2fa67 100644
--- a/.github/workflows/ci-post-commit-analyzer-run.py
+++ b/.github/workflows/ci-post-commit-analyzer-run.py
@@ -9,7 +9,7 @@
 def run_analyzer(data):
     os.chdir(data["directory"])
     command = (
-        data["command"] 
+        data["command"]
         + f" --analyze --analyzer-output html -o analyzer-results -Xclang -analyzer-config -Xclang max-nodes=75000"
     )
     print(command)

>From c5bdc29ec277ea70495f9692fb2a999edd81bbc8 Mon Sep 17 00:00:00 2001
From: Tom Stellard <tstellar at redhat.com>
Date: Thu, 6 Jun 2024 22:24:08 +0000
Subject: [PATCH 13/13] Use scan-build from the containre

---
 .github/workflows/ci-post-commit-analyzer.yml | 3 +--
 1 file changed, 1 insertion(+), 2 deletions(-)

diff --git a/.github/workflows/ci-post-commit-analyzer.yml b/.github/workflows/ci-post-commit-analyzer.yml
index b327ecd0d254b..d614dd07b3a49 100644
--- a/.github/workflows/ci-post-commit-analyzer.yml
+++ b/.github/workflows/ci-post-commit-analyzer.yml
@@ -84,8 +84,7 @@ jobs:
           # Run the analyzer.
           python3 .github/workflows/ci-post-commit-analyzer-run.py build/compile_commands.json
 
-          # TODO: Use scan-build from container once we have new container builds with scan-build.
-          ./clang/tools/scan-build/bin/scan-build --generate-index-only build/analyzer-results
+          scan-build --generate-index-only build/analyzer-results
 
       - name: Upload Results
         uses: actions/upload-artifact at 26f96dfa697d77e81fd5907df203aa23a56210a8 #v4.3.0



More information about the llvm-commits mailing list