Skip to content

Avoid potential corruption: unpack(static_variant) #106

Avoid potential corruption: unpack(static_variant)

Avoid potential corruption: unpack(static_variant) #106

Workflow file for this run

name: Scan with SonarScanner
on: [ push, pull_request ]
env:
CCACHE_COMPRESS: exists means true
CCACHE_SLOPPINESS: include_file_ctime,include_file_mtime,time_macros
jobs:
sonar-scan:
name: Scan with SonarScanner
strategy:
matrix:
os: [ ubuntu-20.04 ]
runs-on: ${{ matrix.os }}
steps:
- name: Download and install latest SonarScanner CLI tool
run: |
SONAR_SCANNER_VERSION=`curl -w %{redirect_url} \
https://github.com/SonarSource/sonar-scanner-cli/releases/latest \
2>/dev/null | cut -f8 -d'/'`
SONAR_DOWNLOAD_PATH=https://binaries.sonarsource.com/Distribution/sonar-scanner-cli
curl --create-dirs -sSLo $HOME/.sonar/sonar-scanner.zip \
$SONAR_DOWNLOAD_PATH/sonar-scanner-cli-$SONAR_SCANNER_VERSION-linux.zip
unzip -o $HOME/.sonar/sonar-scanner.zip -d $HOME/.sonar/
curl --create-dirs -sSLo $HOME/.sonar/build-wrapper-linux-x86.zip \
https://sonarcloud.io/static/cpp/build-wrapper-linux-x86.zip
unzip -o $HOME/.sonar/build-wrapper-linux-x86.zip -d $HOME/.sonar/
SONAR_SCANNER_HOME=$HOME/.sonar/sonar-scanner-$SONAR_SCANNER_VERSION-linux
echo "SONAR_SCANNER_VERSION=$SONAR_SCANNER_VERSION" >> $GITHUB_ENV
echo "SONAR_SCANNER_HOME=$SONAR_SCANNER_HOME" >> $GITHUB_ENV
echo "SONAR_SCANNER_OPTS=-server" >> $GITHUB_ENV
echo "$SONAR_SCANNER_HOME/bin" >> $GITHUB_PATH
echo "$HOME/.sonar/build-wrapper-linux-x86" >> $GITHUB_PATH
- name: Install dependencies
run: |
sudo apt-get update
openssl_ver=`sudo apt-cache madison openssl | grep xenial-updates | awk '{print $3}'`
libssl_ver=`sudo apt-cache madison libssl-dev | grep xenial-updates | awk '{print $3}'`
[ -n "${openssl_ver}" ] && [ -n "${libssl_ver}" ] && \
sudo apt-get install -y --allow-downgrades openssl=${openssl_ver} libssl-dev=${libssl_ver}
sudo apt-get install -y \
ccache \
gcovr \
parallel \
libboost-thread-dev \
libboost-iostreams-dev \
libboost-date-time-dev \
libboost-system-dev \
libboost-filesystem-dev \
libboost-program-options-dev \
libboost-chrono-dev \
libboost-test-dev \
libboost-context-dev \
libboost-regex-dev \
libboost-coroutine-dev
- uses: actions/checkout@v3
with:
fetch-depth: 0
submodules: recursive
- name: Configure
run: |
mkdir -p _build
pushd _build
export -n BOOST_ROOT BOOST_INCLUDEDIR BOOST_LIBRARYDIR
cmake -D CMAKE_BUILD_TYPE=Debug \
-D CMAKE_CXX_OUTPUT_EXTENSION_REPLACE=ON \
-D CMAKE_C_COMPILER=gcc \
-D CMAKE_C_COMPILER_LAUNCHER=ccache \
-D CMAKE_CXX_COMPILER=g++ \
-D CMAKE_CXX_COMPILER_LAUNCHER=ccache \
-D CMAKE_C_FLAGS=--coverage \
-D CMAKE_CXX_FLAGS=--coverage \
-D Boost_USE_STATIC_LIBS=OFF \
..
popd
# Get OS version to be used in cache key - see https://github.com/actions/cache/issues/543
- run: |
echo "OS_VERSION=`lsb_release -sr`" >> $GITHUB_ENV
- name: Load Cache
uses: actions/cache@v3
with:
path: |
ccache
key: sonar-${{ env.OS_VERSION }}-${{ github.ref }}-${{ github.sha }}
restore-keys: |
sonar-${{ env.OS_VERSION }}-${{ github.ref }}-
sonar-${{ env.OS_VERSION }}-
- name: Build
run: |
export CCACHE_DIR="$GITHUB_WORKSPACE/ccache"
mkdir -p "$CCACHE_DIR"
build-wrapper-linux-x86-64 --out-dir bw-output make -j 2 -C _build
- name: Test
run: |
parallel echo Running {}\; sh -c "./{}" <<_EOT_
tests/run-parallel-tests.sh _build/tests/all_tests -l test_suite
_build/tests/bloom_test -- README.md
_build/tests/ecc_test README.md
_build/tests/hmac_test
_build/tests/task_cancel_test
_EOT_
- name: Prepare for scanning with SonarScanner
run: |
if [ -z "$GITHUB_HEAD_REF" ]; then \
if [ "$GITHUB_REF" != "refs/heads/master" ]; then \
echo "sonar.branch.target=master" >> sonar-project.properties; \
fi; \
if [ "${GITHUB_REF#refs/heads/}" != "$GITHUB_REF" ]; then \
echo "sonar.branch.name=${GITHUB_REF#refs/heads/}" >> sonar-project.properties; \
elif [ "${GITHUB_REF#refs/tags/}" != "$GITHUB_REF" ]; then \
echo "sonar.branch.name=${GITHUB_REF#refs/}" >> sonar-project.properties; \
else \
echo "sonar.branch.name=${GITHUB_REF}" >> sonar-project.properties; \
fi \
fi
pushd _build
gcovr --version
gcovr --exclude-unreachable-branches --sonarqube ../coverage.xml -r ..
popd
- name: Scan with SonarScanner
env:
# to get access to secrets.SONAR_TOKEN, provide GITHUB_TOKEN
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
run: |
sonar-scanner \
-Dsonar.login=${{ secrets.SONAR_TOKEN }}