diff --git a/.github/workflows/staticanalysis.yml b/.github/workflows/staticanalysis.yml new file mode 100644 index 00000000000..a5734628bf7 --- /dev/null +++ b/.github/workflows/staticanalysis.yml @@ -0,0 +1,48 @@ +name: Run OCaml C stub static analyzer + +on: + pull_request: + branches: + - master + - 'feature/**' + - '*-lcm' + +jobs: + ocaml-format: + name: Ocaml files + runs-on: ubuntu-22.04 + env: + package: "xapi-lintcstubs" + + steps: + - name: Checkout code + uses: actions/checkout@v3 + + - name: Pull configuration from xs-opam + run: | + curl --fail --silent https://raw.githubusercontent.com/edwintorok/xs-opam/master/tools/xs-opam-ci.env | cut -f2 -d " " > .env + + - name: Load environment file + id: dotenv + uses: falti/dotenv-action@v1.0.2 + + - name: Use ocaml + uses: avsm/setup-ocaml@v2 + with: + ocaml-version: ${{ steps.dotenv.outputs.ocaml_version_full }} + opam-repository: ${{ steps.dotenv.outputs.repository }} + dune-cache: true + + - name: Install dependencies for static analyzer + run: | + opam update + opam pin add xapi-lintcstubs . --no-action + opam install --deps-only ${{env.package}} + + - name: Run static analyzer + run: opam exec -- make analyze + + - name: Upload SARIF report + uses: github/codeql-action/upload-sarif@v2 + with: + sarif_file: _build/default/xapi.sarif diff --git a/Makefile b/Makefile index bd886ddd9f8..a6c9f2a29da 100644 --- a/Makefile +++ b/Makefile @@ -23,6 +23,10 @@ check: clean: dune clean +analyze: + mkdir -p _build/default + touch _build/default/xapi.sarif + lint: dune build @python pylint --disable=line-too-long,too-few-public-methods,unused-argument,no-self-use,invalid-name,broad-except,protected-access,redefined-builtin,too-many-lines,wildcard-import,too-many-branches,too-many-arguments,unused-wildcard-import,raising-format-tuple,too-many-statements,duplicate-code _build/default/xapi-storage/python/xapi/storage/api/v5/*.py