analysis #1157
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# Copyright Contributors to the Open Shading Language project. | |
# SPDX-License-Identifier: BSD-3-Clause | |
# https://github.com/AcademySoftwareFoundation/OpenShadingLanguage | |
name: Analysis | |
on: | |
schedule: | |
# Run nightly while we're still working our way through the warnings | |
- cron: "0 8 * * *" | |
# Run unconditionally once weekly | |
# - cron: "0 0 * * 0" | |
push: | |
branches: | |
- main | |
- '*analysis*' | |
paths-ignore: | |
- '**.md' | |
- '**.rst' | |
- '**.tex' | |
# Allow manual kicking off of the workflow from github.com | |
workflow_dispatch: | |
permissions: read-all | |
# Allow subsequent pushes to the same PR or REF to cancel any previous jobs. | |
concurrency: | |
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
cancel-in-progress: true | |
jobs: | |
aswf: | |
name: "SonarCloud Analysis" | |
if: | | |
github.repository == 'AcademySoftwareFoundation/OpenShadingLanguage' | |
strategy: | |
fail-fast: false | |
matrix: | |
include: | |
- desc: sonar gcc9/C++17 llvm13 py3.9 exr3.1 oiio3.0 avx2 | |
nametag: static-analysis-sonar | |
os: ubuntu-latest | |
vfxyear: 2023 | |
vfxsuffix: -clang15 | |
cxx_std: 17 | |
openimageio_ver: release | |
python_ver: "3.10" | |
pybind11_ver: v2.10.0 | |
simd: avx2,f16c | |
batched: b8_AVX2,b16_AVX512 | |
coverage: 1 | |
# skip_tests: 1 | |
sonar: 1 | |
setenvs: export xSONAR_SCANNER_VERSION=4.7.0.2747 | |
SONAR_SERVER_URL="https://sonarcloud.io" | |
BUILD_WRAPPER_OUT_DIR=bw_output | |
OSL_CMAKE_BUILD_WRAPPER="build-wrapper-linux-x86-64 --out-dir bw_output" | |
CMAKE_BUILD_TYPE=Debug | |
CMAKE_UNITY_BUILD=OFF | |
CODECOV=1 | |
TESTRENDER_AA=1 | |
OSL_TESTSUITE_SKIP_DIFF=1 | |
CTEST_TEST_TIMEOUT=1200 | |
OSL_CMAKE_FLAGS="-DOSL_TEST_BIG_TIMEOUT=1200 -DUSE_QT=0" | |
CTEST_EXCLUSIONS="broken|noise-reg.regress|noise-gabor-reg.regress" | |
runs-on: ${{ matrix.os }} | |
container: | |
image: aswf/ci-osl:2023-clang15 | |
env: | |
CXX: ${{matrix.cxx_compiler}} | |
CC: ${{matrix.cc_compiler}} | |
CMAKE_CXX_STANDARD: ${{matrix.cxx_std}} | |
FMT_VERSION: ${{matrix.fmt_ver}} | |
OPENEXR_VERSION: ${{matrix.openexr_ver}} | |
OPENIMAGEIO_VERSION: ${{matrix.openimageio_ver}} | |
PYBIND11_VERSION: ${{matrix.pybind11_ver}} | |
PYTHON_VERSION: ${{matrix.python_ver}} | |
USE_BATCHED: ${{matrix.batched}} | |
USE_SIMD: ${{matrix.simd}} | |
# DEBUG_CI: 1 | |
steps: | |
# We would like to use harden-runner, but it flags too many false | |
# positives, every time we download a dependency. We should use it only | |
# on CI runs where we are producing artifacts that users might rely on. | |
# - name: Harden Runner | |
# uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1.4.3 | |
# with: | |
# egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs | |
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2 | |
with: | |
fetch-depth: '0' | |
- name: Prepare ccache timestamp | |
id: ccache_cache_keys | |
run: echo "::set-output name=date::`date -u +'%Y-%m-%dT%H:%M:%SZ'`" | |
- name: ccache | |
id: ccache | |
uses: actions/cache@c3f1317a9e7b1ef106c153ac8c0f00fed3ddbc0d # v3.0.4 | |
with: | |
path: /tmp/ccache | |
key: ${{github.job}}-${{matrix.nametag}}-${{steps.ccache_cache_keys.outputs.date}} | |
restore-keys: ${{github.job}}- | |
- name: Build setup | |
run: | | |
${{matrix.setenvs}} | |
src/build-scripts/ci-startup.bash | |
- name: Remove existing OIIO | |
if: matrix.openimageio_ver != '' | |
run: | | |
sudo rm -rf /usr/local/include/OpenImageIO | |
sudo rm -rf /usr/local/lib*/cmake/OpenImageIO | |
sudo rm -rf /usr/local/lib*/libOpenImageIO* | |
sudo rm -rf /usr/local/lib*/python3.9/site-packages/OpenImageIO* | |
- name: Dependencies | |
run: | | |
${{matrix.depcmds}} | |
src/build-scripts/gh-installdeps.bash | |
- name: Build | |
run: src/build-scripts/ci-build.bash | |
- name: Testsuite | |
if: matrix.skip_tests != '1' | |
run: src/build-scripts/ci-test.bash | |
- name: Code coverage | |
if: matrix.coverage == '1' | |
run: src/build-scripts/ci-coverage.bash | |
- name: Sonar-scanner | |
if: matrix.sonar == 1 | |
env: | |
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }} | |
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} | |
run: | | |
sonar-scanner -X --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" --define sonar.cfamily.build-wrapper-output="build/bw_output" --define sonar.cfamily.gcov.reportsPath="_coverage" |