THRIFT-5937: Fix generation of episodic nodejs for services #94
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Static Code Analysis" | |
| on: | |
| push: | |
| branches: ["*"] | |
| pull_request: | |
| branches: ["*"] | |
| workflow_dispatch: | |
| env: | |
| BUILD_DEPS: automake bison flex git libboost-all-dev libevent-dev libssl-dev libtool make pkg-config | |
| SCA_DEPS: cppcheck python3-flake8 sloccount libglib2.0-dev | |
| # Disable all languages for which we don't have SCA checks in place | |
| CONFIG_ARGS_FOR_SCA: > | |
| --enable-tutorial=no | |
| --disable-debug | |
| --disable-tests | |
| --disable-dependency-tracking | |
| --without-java | |
| --without-kotlin | |
| --without-netstd | |
| --without-nodejs | |
| --without-nodets | |
| --without-swift | |
| --without-go | |
| --without-dart | |
| --without-erlang | |
| --without-haxe | |
| --without-ruby | |
| --without-rs | |
| --without-lua | |
| --without-perl | |
| --without-d | |
| --without-cl | |
| permissions: | |
| contents: read | |
| jobs: | |
| sca: | |
| runs-on: ubuntu-24.04 | |
| steps: | |
| - uses: actions/checkout@v6 | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update -yq | |
| sudo apt-get install -y --no-install-recommends g++ $BUILD_DEPS $SCA_DEPS | |
| - name: Set up PHP | |
| uses: shivammathur/setup-php@v2 | |
| with: | |
| # Lowest supported PHP version | |
| php-version: "7.1" | |
| extensions: mbstring, xml, curl, pcntl | |
| - uses: actions/setup-python@v6 | |
| with: | |
| python-version: "3.12" | |
| - name: Install Python test dependencies | |
| run: | | |
| python -m pip install --upgrade pip setuptools wheel flake8 | |
| - name: Set up Ruby | |
| uses: ruby/setup-ruby@v1 | |
| with: | |
| ruby-version: "2.7" | |
| bundler-cache: true | |
| working-directory: "lib/rb" | |
| # Generate thrift files so the static code analysis includes an analysis | |
| # of the files the thrift compiler spits out. | |
| - name: Build compiler | |
| id: compile | |
| run: | | |
| ./bootstrap.sh | |
| ./configure $CONFIG_ARGS_FOR_SCA | |
| make -j$(nproc) -C compiler/cpp | |
| - name: Run cppcheck | |
| id: cppcheck | |
| continue-on-error: true | |
| run: | | |
| make -j$(nproc) -C lib/cpp | |
| make -j$(nproc) -C test/cpp precross | |
| make -j$(nproc) -C lib/c_glib | |
| make -j$(nproc) -C test/c_glib precross | |
| # Compiler cppcheck (All) | |
| cppcheck --force --quiet --inline-suppr --enable=all -j2 compiler/cpp/src | |
| # C++ cppcheck (All) | |
| cppcheck --force --quiet --inline-suppr --enable=all -j2 lib/cpp/src lib/cpp/test test/cpp tutorial/cpp | |
| # C Glib cppcheck (All) | |
| cppcheck --force --quiet --inline-suppr --enable=all -j2 lib/c_glib/src lib/c_glib/test test/c_glib/src tutorial/c_glib | |
| # Silent error checks | |
| # See THRIFT-4371: flex generated scanner code causes false positives in cppcheck. | |
| # suppress *:thrift/thriftl.cc -> flex-generated lexer triggers false null pointer paths. | |
| # suppress syntaxError:thrift/thrifty.cc -> bison-generated parser is not fully parseable. | |
| # suppress normalCheckLevelMaxBranches:compiler/cpp/src/* -> avoid info-only branch limit noise. | |
| cppcheck --force --quiet --inline-suppr \ | |
| --suppress="*:thrift/thriftl.cc" \ | |
| --suppress="syntaxError:thrift/thrifty.cc" \ | |
| --suppress="normalCheckLevelMaxBranches:compiler/cpp/src/*" \ | |
| --error-exitcode=1 -j2 compiler/cpp/src | |
| # suppress unknownMacro:lib/cpp/src/thrift/qt/* -> Qt namespace macro needs Qt preprocessing. | |
| # suppress unknownMacro:lib/cpp/test/* -> Boost.Test macros are unresolved in standalone analysis. | |
| # suppress syntaxError:lib/cpp/src/thrift/transport/TSSLSocket.cpp -> OpenSSL macro branches confuse parser. | |
| # suppress normalCheckLevelMaxBranches:* -> avoid info-only branch limit noise. | |
| # exclude lib/cpp/test/gen-cpp and test/cpp/gen-* -> generated fixtures duplicate source/test coverage. | |
| cppcheck --force --quiet --inline-suppr \ | |
| --suppress="unknownMacro:lib/cpp/src/thrift/qt/*" \ | |
| --suppress="unknownMacro:lib/cpp/test/*" \ | |
| --suppress="syntaxError:lib/cpp/src/thrift/transport/TSSLSocket.cpp" \ | |
| --suppress="normalCheckLevelMaxBranches:lib/cpp/src/*" \ | |
| --suppress="normalCheckLevelMaxBranches:lib/cpp/test/*" \ | |
| --suppress="normalCheckLevelMaxBranches:test/cpp/*" \ | |
| --suppress="normalCheckLevelMaxBranches:tutorial/cpp/*" \ | |
| -i lib/cpp/test/gen-cpp \ | |
| -i test/cpp/gen-cpp \ | |
| -i test/cpp/gen-cpp-forward \ | |
| -i test/cpp/gen-cpp-private \ | |
| -i test/cpp/gen-cpp-enumclass \ | |
| --error-exitcode=1 -j2 lib/cpp/src lib/cpp/test test/cpp tutorial/cpp | |
| # suppress unknownMacro:lib/c_glib/src/* -> GObject type macros are unresolved in standalone analysis. | |
| # suppress unknownMacro:lib/c_glib/test/* -> test-side GLib macros are unresolved without full preprocess. | |
| # suppress syntaxError:lib/c_glib/test/* -> GLib assert macros parse as syntax errors. | |
| # suppress normalCheckLevelMaxBranches:* -> avoid info-only branch limit noise. | |
| # exclude lib/c_glib/test/gen-c_glib -> generated bindings are covered by generator output checks. | |
| # exclude lib/c_glib/test/gen-cpp -> generated skeleton has placeholder methods without returns. | |
| cppcheck --force --quiet --inline-suppr \ | |
| --suppress="unknownMacro:lib/c_glib/src/*" \ | |
| --suppress="unknownMacro:lib/c_glib/test/*" \ | |
| --suppress="syntaxError:lib/c_glib/test/*" \ | |
| --suppress="normalCheckLevelMaxBranches:lib/c_glib/src/*" \ | |
| --suppress="normalCheckLevelMaxBranches:lib/c_glib/test/*" \ | |
| --suppress="normalCheckLevelMaxBranches:test/c_glib/*" \ | |
| --suppress="normalCheckLevelMaxBranches:tutorial/c_glib/*" \ | |
| -i lib/c_glib/test/gen-c_glib \ | |
| -i lib/c_glib/test/gen-cpp \ | |
| --error-exitcode=1 -j2 lib/c_glib/src lib/c_glib/test test/c_glib/src tutorial/c_glib | |
| - name: Run flake8 | |
| id: flake8 | |
| continue-on-error: true | |
| run: | | |
| make -j$(nproc) -C test/py precross | |
| flake8 | |
| - name: Run phpcs | |
| id: phpcs | |
| continue-on-error: true | |
| run: | | |
| # PHP code style | |
| composer install --quiet | |
| ./vendor/bin/phpcs | |
| - name: Run rubocop | |
| id: rubocop | |
| continue-on-error: true | |
| working-directory: "lib/rb" | |
| run: | | |
| bundle exec rubocop --config .rubocop.yml --format progress --format github . ../../test/rb ../../tutorial/rb | |
| - name: Print statistics | |
| if: ${{ always() }} | |
| run: | | |
| # TODO etc | |
| echo "FIXMEs: $(grep -r FIXME * | wc -l)" | |
| echo "HACKs: $(grep -r HACK * | wc -l)" | |
| echo "TODOs: $(grep -r TODO * | wc -l)" | |
| # LoC | |
| sloccount . | |
| # System info | |
| # dpkg -l | |
| uname -a | |
| - name: Fail if any SCA check failed | |
| if: ${{ always() && steps.compile.outcome == 'success' }} | |
| env: | |
| CPPCHECK_OUTCOME: ${{ steps.cppcheck.outcome }} | |
| FLAKE8_OUTCOME: ${{ steps.flake8.outcome }} | |
| PHPCS_OUTCOME: ${{ steps.phpcs.outcome }} | |
| RUBOCOP_OUTCOME: ${{ steps.rubocop.outcome }} | |
| run: | | |
| failed=0 | |
| if [ "$CPPCHECK_OUTCOME" != "success" ]; then | |
| echo "::error::Step 'cppcheck' failed (outcome: $CPPCHECK_OUTCOME)" | |
| failed=1 | |
| fi | |
| if [ "$FLAKE8_OUTCOME" != "success" ]; then | |
| echo "::error::Step 'flake8' failed (outcome: $FLAKE8_OUTCOME)" | |
| failed=1 | |
| fi | |
| if [ "$PHPCS_OUTCOME" != "success" ]; then | |
| echo "::error::Step 'phpcs' failed (outcome: $PHPCS_OUTCOME)" | |
| failed=1 | |
| fi | |
| if [ "$RUBOCOP_OUTCOME" != "success" ]; then | |
| echo "::error::Step 'rubocop' failed (outcome: $RUBOCOP_OUTCOME)" | |
| failed=1 | |
| fi | |
| exit $failed |