CI workflow to run GCC static analyzer

.github/workflows/gcc-analyzer-check.yaml

@@ -0,0 +1,91 @@
+name: GCC Static Analyzer Check
+'run-name': "${{ github.actor }} running GCC static analyzer check"
+
+on:
+  pull_request:
+    branches: [ main ]
+  workflow_dispatch:
+
+jobs:
+  detect-gcc-analyzer-changes:
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+      packages: read
+
+    outputs:
+      has_changes: ${{ steps.filter.outputs.matched }}
+      changed_files: ${{ steps.filter.outputs.matched_files }}
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      with:
+        fetch-depth: 0
+        path: phlex-src
+
+    - name: Detect GCC analyzer relevant changes
+      id: filter
+      uses: Framework-R-D/phlex/.github/actions/detect-relevant-changes@main
+      with:
+        repo-path: phlex-src
+        base-ref: ${{ github.event.pull_request.base.sha }}
+        head-ref: ${{ github.event.pull_request.head.sha }}
+        file-type: |
+          cpp
+          cmake
+
+    - name: Report detection outcome
+      run: |
+        if [ "${{ steps.filter.outputs.matched }}" != "true" ]; then
+          echo "::notice::No C++ or CMake changes detected; job will be skipped."
+        else
+          echo "::group::GCC analyzer relevant files"
+          printf '%s\n' "${{ steps.filter.outputs.matched_files }}"
+          echo "::endgroup::"
+        fi
+
+  gcc-analyzer-check:
+    needs: detect-gcc-analyzer-changes
+    if: needs.detect-gcc-analyzer-changes.outputs.has_changes == 'true'
+    runs-on: ubuntu-24.04
+    permissions:
+      contents: read
+
+    container:
+      image: ghcr.io/framework-r-d/phlex-ci:latest
+
+    steps:
+    - name: Checkout code
+      uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
+      with:
+        path: phlex-src
+
+    - name: Setup build environment
+      uses: Framework-R-D/phlex/.github/actions/setup-build-env@main
+
+    - name: Configure CMake
+      uses: Framework-R-D/phlex/.github/actions/configure-cmake@main
+      with:
+        build-type: Debug
+        compiler: g++
+        extra-options: "-DENABLE_GCC_ANALYZER=ON"
+
+    - name: Run GCC static analyzer build
+      shell: bash
+      run: |
+        . /entrypoint.sh
+        cd $GITHUB_WORKSPACE/phlex-build
+        echo "Running build with GCC static analyzer..."
+        cmake --build .
+
+  gcc-analyzer-check-skipped:
+    needs: detect-gcc-analyzer-changes
+    if: needs.detect-gcc-analyzer-changes.outputs.has_changes != 'true'
+    runs-on: ubuntu-latest
+    permissions:
+      contents: read
+
+    steps:
+    - name: No relevant C++ or CMake changes detected
+      run: echo "No C++ or CMake changes detected; check skipped."

CMakeLists.txt

@@ -53,12 +53,14 @@ FetchContent_MakeAvailable(Catch2 GSL mimicpp)
 
 include(Modules/private/CreateClangTidyTargets.cmake)
 include(Modules/private/CreateCoverageTargets.cmake)
+include(Modules/private/EnableGccAnalyzer.cmake)
 
 option(ENABLE_TSAN "Enable Thread Sanitizer" OFF)
 option(ENABLE_ASAN "Enable Address Sanitizer" OFF)
 option(PHLEX_USE_FORM "Enable experimental integration with FORM" OFF)
 option(ENABLE_COVERAGE "Enable code coverage instrumentation" OFF)
 option(ENABLE_CLANG_TIDY "Enable clang-tidy checks during build" OFF)
+option(ENABLE_GCC_ANALYZER "Enable GCC static analyzer" OFF)
 
 add_compile_options(-Wall -Werror -Wunused -Wunused-parameter -pedantic)
 

Modules/private/EnableGccAnalyzer.cmake

@@ -0,0 +1,16 @@
+# --- EnableGccAnalyzer.cmake
+#
+# This module checks if the ENABLE_GCC_ANALYZER option is enabled, and if so, it
+# adds the necessary compiler flags to enable the GCC static analyzer.
+
+if(ENABLE_GCC_ANALYZER)
+  # Check if the compiler is GNU
+  if(NOT CMAKE_CXX_COMPILER_ID STREQUAL "GNU")
+    message(
+      FATAL_ERROR "GCC Static Analyzer is only supported with the GNU compiler."
+      )
+  else()
+    message(STATUS "Enabling GCC Static Analyzer")
+    add_compile_options(-fanalyzer)
+  endif()
+endif()