Skip to content

Analysis

Analysis #635

Workflow file for this run

# Copyright Contributors to the OpenImageIO project.
# SPDX-License-Identifier: BSD-3-Clause
# https://github.com/OpenImageIO/oiio
name: Analysis
on:
schedule:
# Run nightly while we're still working our way through the warnings
- cron: "0 8 * * *"
# Run unconditionally once weekly
# - cron: "0 0 * * 0"
push:
# Run on pushes only to master or if the branch name contains "analysis"
branches:
- master
- '*analysis*'
- '*sonar*'
# Allow manual kicking off of the workflow from github.com
workflow_dispatch:
# Uncomment the following line if we want to run analysis on all PRs:
# pull_request:
permissions: read-all
# Allow subsequent pushes to the same PR or REF to cancel any previous jobs.
concurrency:
group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }}
cancel-in-progress: true
jobs:
aswf:
name: "SonarCloud Analysis"
# Exclude runs on forks, since only the main org has the SonarCloud
# account credentials.
if: github.repository == 'OpenImageIO/oiio'
strategy:
fail-fast: false
matrix:
include:
- desc: sonar gcc9/C++14 py39 boost1.76 exr3.1 ocio2.2
nametag: static-analysis-sonar
os: ubuntu-latest
vfxyear: 2022
vfxsuffix: -clang11
cxx_std: 14
python_ver: 3.9
simd: "avx2,f16c"
fmt_ver: 8.1.1
pybind11_ver: v2.9.0
coverage: 1
# skip_tests: 1
sonar: 1
setenvs: export SONAR_SCANNER_VERSION=4.7.0.2747
SONAR_SERVER_URL="https://sonarcloud.io"
BUILD_WRAPPER_OUT_DIR=bw_output
OIIO_CMAKE_BUILD_WRAPPER="build-wrapper-linux-x86-64 --out-dir bw_output"
CMAKE_BUILD_TYPE=Debug
CMAKE_UNITY_BUILD=OFF
CODECOV=1
CTEST_TEST_TIMEOUT=1200
OIIO_CMAKE_FLAGS="-DOIIO_TEX_IMPLEMENT_VARYINGREF=OFF"
OPENCOLORIO_VERSION=v2.2.0
runs-on: ${{ matrix.os }}
container:
image: aswf/ci-osl:${{matrix.vfxyear}}${{matrix.vfxsuffix}}
env:
CXX: ${{matrix.cxx_compiler}}
CC: ${{matrix.cc_compiler}}
CMAKE_CXX_STANDARD: ${{matrix.cxx_std}}
USE_SIMD: ${{matrix.simd}}
FMT_VERSION: ${{matrix.fmt_ver}}
OPENEXR_VERSION: ${{matrix.openexr_ver}}
PYBIND11_VERSION: ${{matrix.pybind11_ver}}
PYTHON_VERSION: ${{matrix.python_ver}}
# DEBUG_CI: 1
steps:
# We would like to use harden-runner, but it flags too many false
# positives, every time we download a dependency. We should use it only
# on CI runs where we are producing artifacts that users might rely on.
# - name: Harden Runner
# uses: step-security/harden-runner@248ae51c2e8cc9622ecf50685c8bf7150c6e8813 # v1.4.3
# with:
# egress-policy: audit # TODO: change to 'egress-policy: block' after couple of runs
- uses: actions/checkout@2541b1294d2704b0964813337f33b291d3f8596b # v3.0.2
with:
fetch-depth: '0'
- name: Prepare ccache timestamp
id: ccache_cache_keys
run: echo "::set-output name=date::`date -u +'%Y-%m-%dT%H:%M:%SZ'`"
- name: ccache
id: ccache
uses: actions/cache@c3f1317a9e7b1ef106c153ac8c0f00fed3ddbc0d # v3.0.4
with:
path: /tmp/ccache
key: ${{github.job}}-${{matrix.nametag}}-${{steps.ccache_cache_keys.outputs.date}}
restore-keys: ${{github.job}}-
- name: Build setup
run: |
${{matrix.setenvs}}
src/build-scripts/ci-startup.bash
- name: Dependencies
run: |
${{matrix.depcmds}}
src/build-scripts/gh-installdeps.bash
- name: Build
run: src/build-scripts/ci-build.bash
- name: Testsuite
if: matrix.skip_tests != '1'
run: src/build-scripts/ci-test.bash
- name: Code coverage
if: matrix.coverage == '1'
run: src/build-scripts/ci-coverage.bash
- name: Sonar-scanner
if: matrix.sonar == 1
env:
GITHUB_TOKEN: ${{ secrets.GITHUB_TOKEN }}
SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }}
run: |
sonar-scanner --define sonar.host.url="${{ env.SONAR_SERVER_URL }}" --define sonar.cfamily.build-wrapper-output="build/bw_output" --define sonar.cfamily.gcov.reportsPath="_coverage"
# - uses: actions/upload-artifact@3cea5372237819ed00197afe530f5a7ea3e805c8 # v3.1.0
# if: failure()
# with:
# name: oiio-${{github.job}}-${{matrix.nametag}}
# path: |
# build/cmake-save
# build/testsuite/*/*.*
# !build/testsuite/oiio-images
# !build/testsuite/openexr-images
# !build/testsuite/fits-images
# !build/testsuite/j2kp4files_v1_5