Static code analysis #7
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: "Static code analysis" | |
on: | |
push: | |
branches: [master] | |
pull_request: | |
branches: [master] | |
schedule: | |
# Everyday at midnight | |
- cron: '0 0 * * *' | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.ref }} | |
cancel-in-progress: true | |
jobs: | |
codeql: | |
runs-on: ubuntu-latest | |
permissions: | |
security-events: write | |
steps: | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Install dependencies | |
id: dependencies | |
uses: ./.github/actions/install-dependencies | |
- name: Initialize CodeQL | |
uses: github/codeql-action/init@v3 | |
with: | |
languages: cpp, python | |
queries: +security-and-quality | |
- name: Configure sssd | |
uses: ./.github/actions/configure | |
- name: Build sssd | |
working-directory: x86_64 | |
run: | | |
PROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN) | |
make -j$PROCESSORS | |
- name: Upload configuration artifacts | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: codeql-build | |
path: | | |
x86_64/config.log | |
x86_64/config.h | |
if-no-files-found: ignore | |
- name: Perform CodeQL Analysis | |
uses: github/codeql-action/analyze@v3 | |
python-system-tests: | |
runs-on: ubuntu-latest | |
permissions: | |
contents: read | |
steps: | |
- uses: actions/setup-python@v5 | |
with: | |
python-version: 3.11 | |
- name: Checkout repository | |
uses: actions/checkout@v4 | |
- name: Setup virtual environment | |
working-directory: ./src/tests/system | |
run: | | |
sudo apt-get update | |
# Install dependencies for python-ldap | |
sudo apt-get install -y libsasl2-dev python3-dev libldap2-dev libssl-dev | |
pip3 install virtualenv | |
python3 -m venv .venv | |
source .venv/bin/activate | |
pip3 install -r ./requirements.txt | |
pip3 install flake8 pycodestyle isort mypy black | |
- name: flake8 | |
if: always() | |
working-directory: ./src/tests/system | |
run: source .venv/bin/activate && flake8 . | |
- name: pycodestyle | |
if: always() | |
working-directory: ./src/tests/system | |
run: source .venv/bin/activate && pycodestyle . | |
- name: isort | |
if: always() | |
working-directory: ./src/tests/system | |
run: source .venv/bin/activate && isort --check-only . | |
- name: black | |
if: always() | |
working-directory: ./src/tests/system | |
run: source .venv/bin/activate && black --check --diff . | |
- name: mypy | |
if: always() | |
working-directory: ./src/tests/system | |
run: source .venv/bin/activate && mypy --install-types --non-interactive tests | |
result: | |
name: All tests are successful | |
if: ${{ always() }} | |
runs-on: ubuntu-latest | |
needs: [codeql] | |
steps: | |
- name: Fail on failure | |
if: ${{ needs.codeql.result != 'success' }} | |
run: exit 1 |