Skip to content
C/C++ Code Scan

C/C++ Code Scan #2

Sign in to view logs

C/C++ Code Scan

C/C++ Code Scan #2

Workflow file for this run

.github/workflows/code-scan.yml at 05800ef
# --- VDR-NG-EM-COPYRIGHT-NOTE-BEGIN ---
#
# Copyright (C) 2021-2024 VDR-NG-EM Project
#
# More information can be found in the files COPYING and README.
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program. If not, see <https://www.gnu.org/licenses/>.
#
# The project's page is at https://github.com/bittor7x0/VDR-M7x0
# Our English forum is at https://vdr-m7x0.foroactivo.com.es/f19-international-forum
# Our Spanish forum is at https://vdr-m7x0.foroactivo.com.es
#
# --- VDR-NG-EM-COPYRIGHT-NOTE-END ---
name: C/C++ Code Scan
on:
# Triggers the workflow on push events but only for the code_scan branch
push:
branches:
- code_scan
# Manual trigger
workflow_dispatch:
defaults:
run:
shell: bash
jobs:
code-scan:
runs-on: ubuntu-latest
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
COVERITY_SCAN_PROJECT_NAME: bittor7x0%2FVDR-M7x0
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_SCAN_NOTIFICATION_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
BUILD_WRAPPER_OUT_DIR: cov-int # Directory where cov-build and build-wrapper output will be placed
steps:
- name: Checkout Repo
uses: actions/checkout@v4
with:
fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis
- name: Prepare code to compile without Toolchain
run: |
mkdir m7x0-linux-headers
tar xvf toolchain/downloads/m7x0-linux-headers.tar.bz2 --strip 1 -C m7x0-linux-headers
rm -rf vdr-m7x0/PLUGINS/src
rm -rf vdr-m7x0-plugins/markad vdr-m7x0-plugins/submenu vdr-m7x0-plugins/tvscraper vdr-m7x0-plugins/weatherng vdr-m7x0-plugins/xvdr
ln -sf $(pwd)/vdr-m7x0-plugins vdr-m7x0/PLUGINS/src
ln -sf $(pwd)/vdr-m7x0 m7x0-linux-headers/include/vdr
echo '#define O7OTOOLCHAINVERSION "9.9.9 Code Scan"' > m7x0-linux-headers/include/o7o-toolchain-version.h
sed -i -e 's,$(CC) -M,$(CC) $(CFLAGS) $(CPPFLAGS) -M,g' toolchain/buildin/tool-box/Makefile
sed -i '/@$(STRIP) $@/d' vdr-m7x0-plugins/pin/Makefile
sed -i '/@cp -f $@ $(FSKCHKDIR)/d' vdr-m7x0-plugins/pin/Makefile
sed -i -e 's,std::min,std::min<long int>,g' vdr-m7x0/dvbdevice.c
sed -i -e 's,std::min,std::min<long int>,g' vdr-m7x0/remux.c
sed -i -e 's,std::max,std::max<long int>,g' vdr-m7x0/remux.c
sed -i -e 's,strrchr(recording->FileName(),(char *) strrchr(recording->FileName(),' vdr-m7x0/recording.c
sed -i -e 's,strrchr(,(char *) strrchr(,' vdr-m7x0-plugins/filebrowser/menu-filebrowser.c
sed -i -e 's,strrchr(,(char *) strrchr(,' vdr-m7x0-plugins/filebrowser/commands.c
sed -i -e 's,index(Include,(char *) index(Include,' vdr-m7x0-plugins/mp3/data.c
sed -i -e 's,index(buff,(char *) index(buff,g' vdr-m7x0-plugins/mp3/stream.c
sed -i -e 's,strchr(host,(char *) strchr(host,' vdr-m7x0-plugins/rssreader/http_fetcher.c
sed -i -e 's,strstr(str,(char *) strstr(str,' vdr-m7x0-plugins/rssreader/parser.c
sed -i -e 's,strrchr(Filename,(char *) strrchr(Filename,' vdr-m7x0-plugins/setup/commands.cpp
sed -i -e 's,strrchr(,(char *) strrchr(,g' vdr-m7x0-plugins/setup/menu-filebrowser.cpp
sed -i -e 's,strrchr(font,(char *) strrchr(font,' vdr-m7x0-plugins/skinenigmang/config.c
sed -i -e 's,strcasestr(aux,(char *) strcasestr(aux,g' vdr-m7x0-plugins/skinenigmang/tools.c
sed -i -e 's,strrchr(NewName,(char *) strrchr(NewName,' vdr-m7x0-plugins/undelete/undelete.c
sed -i -e 's,std::min,std::min<long int>,g' vdr-m7x0-plugins/cridplayer/cridplayer_player.c
sed -i -e 's,strrchr(filename,(char *) strrchr(filename,' vdr-m7x0-plugins/mp3/stream.c
sed -i -e 's,strrchr(filename,(char *) strrchr(filename,' vdr-m7x0-plugins/mp3/decoder.c
cat <<EOF > run-make.sh
#!/bin/bash
make -C toolchain/buildin/libosd
make -C toolchain/buildin/fw-utils
make -C toolchain/buildin/sstrip
make -C toolchain/buildin/tool-box CFLAGS="-I$(pwd)/toolchain/buildin -I$(pwd)/m7x0-linux-headers/include" LDFLAGS="-L$(pwd)/toolchain/buildin/libosd"
make -C toolchain/buildin/o7o_flasher CFLAGS="-I$(pwd)/toolchain/buildin -I$(pwd)/m7x0-linux-headers/include -D__MIPSEL__" LDFLAGS="-L$(pwd)/toolchain/buildin/libosd"
make -C toolchain/buildin/usbautomounter CPPFLAGS="-I$(pwd)/toolchain/buildin -D_FILE_OFFSET_BITS=64 -DO_LARGEFILE=0x2000" LDFLAGS="-L$(pwd)/toolchain/buildin/libosd"
make -C vdr-m7x0 all CXXFLAGS="-I$(pwd)/m7x0-linux-headers/include" USE_PINPLUGIN=1
make -C vdr-m7x0 plugins CFLAGS="-fPIC" CXXFLAGS="-I$(pwd)/m7x0-linux-headers/include -I$(pwd)/m7x0-linux-headers/include/vdr -D__UCLIBC__ -D__UCLIBC_MAJOR__=1 -D__UCLIBC_MINOR__=0 -D__UCLIBC_SUBLEVEL__=37 -fPIC" USE_PINPLUGIN=1
EOF
chmod +x run-make.sh
# "Clean workspace" step will revert all Git changes, but we want to keep "Compile without Toolchain" changes after completing that step
- name: Add changes in Git to compile without Toolchain
run: |
git config --global user.email "${GITHUB_ACTOR}@users.noreply.github.com"
git config --global user.name "${GITHUB_ACTOR}"
git add -A .
git commit -m "Compile without Toolchain"
- name: Install dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y build-essential pkg-config m4 automake libz-dev libsqlite3-dev libcurl4-openssl-dev libpcre3-dev libpcre++-dev
- name: Set Coverity Build Tool MD5 hash
id: coverity_scan_md5
run: |
echo "coverity_scan_md5sum=$(curl --silent https://scan.coverity.com/download/linux64 --data "token=${COVERITY_SCAN_TOKEN}&project=${COVERITY_SCAN_PROJECT_NAME}&md5=1")" >> ${GITHUB_OUTPUT}
- name: Cache Coverity Build Tool
id: coverity_scan_cache
uses: actions/cache@v4
with:
path: cov-analysis-linux64.tar.gz
key: cov-analysis-linux64-${{ steps.coverity_scan_md5.outputs.coverity_scan_md5sum }}
- name: Download Coverity Build Tool
if: steps.coverity_scan_cache.outputs.cache-hit != 'true'
run: |
curl -fs --show-error https://scan.coverity.com/download/linux64 --data "token=${COVERITY_SCAN_TOKEN}&project=${COVERITY_SCAN_PROJECT_NAME}" -o cov-analysis-linux64.tar.gz
- name: Extract Coverity Build Tool
run: |
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip-components=1 -C cov-analysis-linux64
- name: Build with cov-build
run: |
export PATH="$(pwd)/cov-analysis-linux64/bin:$PATH"
cov-build --dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ./run-make.sh
- name: Submit the result to Coverity Scan
continue-on-error: true
run: |
tar jcvf VDR-M7x0.tar.bz2 ${{ env.BUILD_WRAPPER_OUT_DIR }}
curl \
--silent --show-error \
--output coverity_scan_submit.txt \
--form project=VDR-M7x0 \
--form token=${COVERITY_SCAN_TOKEN} \
--form email=${COVERITY_SCAN_NOTIFICATION_EMAIL} \
--form file=@VDR-M7x0.tar.bz2 \
--form version=${GITHUB_SHA} \
--form description="Automatic Coverity Scan build for ${GITHUB_REF} - $(vdr-m7x0/vdr --version)" \
https://scan.coverity.com/builds?project=${COVERITY_SCAN_PROJECT_NAME}
cat ./coverity_scan_submit.txt
- name: Clean workspace
run: |
git reset --hard
git clean -fdx
- name: Install sonar-scanner and build-wrapper
uses: SonarSource/sonarcloud-github-c-cpp@v2
- name: Build with build-wrapper
run: |
build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} ./run-make.sh
- name: Run sonar-scanner and submit the result to SonarCloud
continue-on-error: true
run: |
sonar-scanner \
-Dsonar.organization=bittor7x0 \
-Dsonar.projectKey=bittor7x0_vdr-m7x0 \
-Dsonar.sources=. \
-Dsonar.cfamily.build-wrapper-output="${{ env.BUILD_WRAPPER_OUT_DIR }}" \
-Dsonar.host.url=https://sonarcloud.io