Bump github/codeql-action from 3.25.11 to 3.25.12 #726
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: SonarCloud | |
| on: | |
| push: | |
| branches: | |
| - main | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| jobs: | |
| sonar: | |
| name: Build | |
| runs-on: ubuntu-latest | |
| env: | |
| SONAR_SERVER_URL: "https://sonarcloud.io" | |
| BUILD_DIR: build | |
| BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed | |
| CLANG_VERSION: 14 | |
| steps: | |
| #- name: Harden Runner | |
| # uses: step-security/harden-runner@1b05615854632b887b69ae1be8cbefe72d3ae423 # v2.6.0 | |
| # with: | |
| # egress-policy: audit | |
| - name: Install clang | |
| run: | | |
| if ! command -v "clang++-${{ env.CLANG_VERSION }}" | |
| then | |
| wget https://apt.llvm.org/llvm.sh | |
| # Force --yes to the end of the add-apt-repository command to | |
| # prevent the llvm.sh script hanging. | |
| sed -ie "/^add-apt-repository/ s/$/ --yes/" llvm.sh | |
| chmod +x llvm.sh | |
| sudo ./llvm.sh "$CLANG_VERSION" all | |
| fi | |
| - uses: actions/checkout@692973e3d937129bcbf40652eb9f2f61becf3332 # v4.1.7 | |
| with: | |
| fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis | |
| submodules: 'True' | |
| - name: Install libc++, libc++abc, and ninja | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y \ | |
| cmake \ | |
| libc++-dev \ | |
| libc++abi-dev \ | |
| ninja-build | |
| - name: Install sonar-scanner and build-wrapper | |
| uses: SonarSource/sonarcloud-github-c-cpp@e25edaefff1e076daf6517d462ed86f8c99fec70 # v3.0.0 | |
| - name: Configure build | |
| run: | | |
| mkdir "$BUILD_DIR" | |
| cmake \ | |
| -G Ninja \ | |
| -S . \ | |
| -B "$BUILD_DIR" \ | |
| -D PEEJAY_COVERAGE=Yes \ | |
| -D PEEJAY_CXX17=Yes \ | |
| -D LIBCXX=Yes \ | |
| -D CMAKE_C_COMPILER="clang-$CLANG_VERSION" \ | |
| -D CMAKE_CXX_COMPILER="clang++-$CLANG_VERSION" \ | |
| -D CMAKE_EXE_LINKER_FLAGS=-fuse-ld=gold | |
| - name: Build | |
| run: | | |
| build-wrapper-linux-x86-64 \ | |
| --out-dir "$BUILD_WRAPPER_OUT_DIR" \ | |
| cmake --build "$BUILD_DIR" | |
| - name: Index the raw profile | |
| run: | | |
| "llvm-profdata-$CLANG_VERSION" merge \ | |
| --sparse \ | |
| $(find "$BUILD_DIR" -name \*.profraw) \ | |
| -o "$BUILD_DIR/merged.profdata" | |
| - name: Collect the coverage | |
| run: | | |
| "llvm-cov-$CLANG_VERSION" show \ | |
| --instr-profile "$BUILD_DIR/merged.profdata" \ | |
| "$BUILD_DIR/unittests/pj-unittests" > coverage.txt | |
| - name: Run sonar-scanner | |
| env: | |
| GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
| SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
| run: | | |
| sonar-scanner \ | |
| -X \ | |
| --define sonar.cfamily.build-wrapper-output="$BUILD_WRAPPER_OUT_DIR" \ | |
| --define sonar.cfamily.llvm-cov.reportPath=coverage.txt \ | |
| --define sonar.exclusions="$BUILD_DIR/**/*,docs/**/*,klee/**" \ | |
| --define sonar.host.url="$SONAR_SERVER_URL" \ | |
| --define sonar.organization=paulhuggett-github \ | |
| --define sonar.projectKey=paulhuggett_peejay \ | |
| --define sonar.projectVersion="$(git rev-parse HEAD)" \ | |
| --define sonar.python.version=3 \ | |
| --define sonar.sourceEncoding=UTF-8 |