Bump step-security/harden-runner from 2.6.0 to 2.6.1 (#39) #497
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Codacy Clang-Tidy | |
| on: | |
| push: | |
| branches: | |
| - main | |
| - v2 | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| permissions: | |
| contents: read | |
| jobs: | |
| tidy: | |
| name: Tidy | |
| runs-on: ubuntu-22.04 | |
| env: | |
| BUILD: ./build | |
| CLANG_VERSION: 16 | |
| CCT_VERSION: 1.3.8 | |
| CCT: codacy-clang-tidy-linux-1.3.8 | |
| CODACY_URL: https://api.codacy.com | |
| # The path for clang-tidy output. | |
| CLANG_TIDY_OUT: /tmp/clang-tidy-out | |
| # The path for codacy-clang-tidy output. | |
| CCT_OUT: /tmp/cct-out | |
| steps: | |
| - name: Harden Runner | |
| uses: step-security/harden-runner@eb238b55efaa70779f274895e782ed17c84f2895 # v2.6.1 | |
| with: | |
| egress-policy: audit | |
| - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
| with: | |
| submodules: 'True' | |
| - name: Install clang | |
| run: | | |
| wget https://apt.llvm.org/llvm.sh | |
| # Force --yes to the end of the add-apt-repository command to | |
| # prevent the llvm.sh script hanging. | |
| sed -ie "/^add-apt-repository/ s/$/ --yes/" llvm.sh | |
| chmod +x llvm.sh | |
| sudo ./llvm.sh "$CLANG_VERSION" all | |
| - name: Download the codacy-clang-tidy tool | |
| run: | | |
| mkdir -p "$HOME/cct" | |
| CCT_DOWNLOAD_URL="https://github.com/codacy/codacy-clang-tidy/releases/download/$CCT_VERSION/$CCT" | |
| curl \ | |
| -L \ | |
| "$CCT_DOWNLOAD_URL" \ | |
| -o "$HOME/cct/$CCT" | |
| chmod +x "$HOME/cct/$CCT" | |
| - name: Install Dependencies | |
| run: | | |
| sudo apt-get install -y cmake | |
| - name: Configure | |
| run: | | |
| rm -f -r "$BUILD" | |
| cmake \ | |
| -S . \ | |
| -B "$BUILD" \ | |
| -D CMAKE_BUILD_TYPE=Release \ | |
| -D "CMAKE_CXX_COMPILER=clang++-$CLANG_VERSION" \ | |
| -D "CMAKE_C_COMPILER=clang-$CLANG_VERSION" \ | |
| -D CMAKE_EXPORT_COMPILE_COMMANDS=Yes | |
| - name: Run clang-tidy | |
| run: | | |
| SRC="$(find . -name \*.\?pp -not -path "$BUILD*/*" -not -path ./klee/\* -not -path ./systemtests/\*)" | |
| "clang-tidy-$CLANG_VERSION" \ | |
| -p="$BUILD/compile_commands.json" \ | |
| $SRC \ | |
| -- \ | |
| -std=c++20 \ | |
| -I ./include \ | |
| -I ./googletest/googletest/include \ | |
| -I ./googletest/googlemock/include \ | |
| -D NDEBUG \ | |
| | tee "$CLANG_TIDY_OUT" | |
| # Convert the clang-tidy output to a format that the Codacy API accepts | |
| - name: Run codacy-clang-tidy | |
| run: | | |
| "$HOME/cct/$CCT" < "$CLANG_TIDY_OUT" > "$CCT_OUT" | |
| - name: Upload to the Codacy server | |
| run: | | |
| COMMIT="$(git rev-parse HEAD)" | |
| # Send the results to Codacy | |
| curl \ | |
| -XPOST \ | |
| -L \ | |
| -H "project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}" \ | |
| -H "Content-type: application/json" \ | |
| -d "@$CCT_OUT" \ | |
| "$CODACY_URL/2.0/commit/$COMMIT/issuesRemoteResults" | |
| # Signal that Codacy can use the sent results and start a new analysis | |
| curl \ | |
| -XPOST \ | |
| -L \ | |
| -H "project-token: ${{ secrets.CODACY_PROJECT_TOKEN }}" \ | |
| -H "Content-type: application/json" \ | |
| "$CODACY_URL/2.0/commit/$COMMIT/resultsFinal" |