suzanne.soy/racket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Fix tool name in SARIF files depending on racket build mode (#3328)

Browse Source 
This should replace the toolname in sarif files to workaround the lack of tags when uploading them.

See here for a request to add that:
https://github.com/github/codeql-action/issues/129
This commit is contained in:
Paulo Matos 2020-08-03 17:46:04 +02:00 committed by GitHub
parent 09ff1344e8
commit e62b3b8c1c
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
2 changed files with 18 additions and 46 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
.github/scripts/adjust-sarif-tool.sh vendored Executable file
View File

@ -0,0 +1,8 @@
#!/bin/bash
MODE="$1"
shopt -s globstar
for file in **/*.sarif; do
echo "Processing $file"
jq "setpath([\"runs\",0,\"tool\",\"driver\",\"name\"]; \"clang-${MODE}\")" $file | sponge $file
done

56
.github/workflows/scanbuild_static-analysis.yml vendored
View File

@ -1,6 +1,6 @@
name: LLVM Static Analysis
on: [push]
on: push
jobs:
@ -40,26 +40,14 @@ jobs:
--disable-docs
- name: Scan Build
working-directory: ./racket/src
run: |
export cpus=$(grep -c ^processor /proc/cpuinfo)
scan-build -sarif -o ../../racketcgc-report -analyzer-config 'crosscheck-with-z3=true' make -j$((cpus + 1)) cgc
run: scan-build -sarif -o ../../racketcgc-report -analyzer-config 'crosscheck-with-z3=true' make -j$(($(nproc) + 1)) cgc
- name: Move sarif results
run: |
mkdir sarif-files
find racketcgc-report -type f -name '*.sarif' -exec cp \{\} sarif-files/ \;
- name: Adjust tool name
run: |
cd sarif-files
cat > adjust.sh <<EOF
#!/bin/bash
shopt -s globstar
for file in **/*.sarif; do
jq "setpath([\"runs\",0,\"tool\",\"driver\",\"name\"]; \"clang-$1\")" $file | sponge $file
done
EOF
chmod +x adjust.sh
./adjust.sh cgc
working-directory: sarif-files
run: ../.github/scripts/adjust-sarif-tool.sh cgc
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v1
if: always()
@ -115,26 +103,14 @@ jobs:
--disable-docs
- name: Scan Build
working-directory: ./racket/src
run: |
export cpus=$(grep -c ^processor /proc/cpuinfo)
scan-build -sarif -o ../../racket3m-report -analyzer-config 'crosscheck-with-z3=true' make -j$((cpus + 1)) 3m
run: scan-build -sarif -o ../../racket3m-report -analyzer-config 'crosscheck-with-z3=true' make -j$(($(nproc) + 1)) 3m
- name: Move sarif results
run: |
mkdir sarif-files
find racket3m-report -type f -name '*.sarif' -exec cp \{\} sarif-files/ \;
- name: Adjust tool name
run: |
cd sarif-files
cat > adjust.sh <<EOF
#!/bin/bash
shopt -s globstar
for file in **/*.sarif; do
jq "setpath([\"runs\",0,\"tool\",\"driver\",\"name\"]; \"clang-$1\")" $file | sponge $file
done
EOF
chmod +x adjust.sh
./adjust.sh 3m
working-directory: sarif-files
run: ../.github/scripts/adjust-sarif-tool.sh 3m
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v1
if: always()
@ -186,26 +162,14 @@ jobs:
--enable-csonly
- name: Building
working-directory: ./racket/src
run: |
export cpus=$(grep -c ^processor /proc/cpuinfo)
scan-build -sarif -o ../../racketcs-report -analyzer-config 'crosscheck-with-z3=true' make -j $((cpus+1)) cs
run: scan-build -sarif -o ../../racketcs-report -analyzer-config 'crosscheck-with-z3=true' make -j $(($(nproc)+1)) cs
- name: Move sarif results
run: |
mkdir sarif-files
find racketcs-report -type f -name '*.sarif' -exec cp \{\} sarif-files/ \;
- name: Adjust tool name
run: |
cd sarif-files
cat > adjust.sh <<EOF
#!/bin/bash
shopt -s globstar
for file in **/*.sarif; do
jq "setpath([\"runs\",0,\"tool\",\"driver\",\"name\"]; \"clang-$1\")" $file | sponge $file
done
EOF
chmod +x adjust.sh
./adjust.sh cs
working-directory: sarif-files
run: ../.github/scripts/adjust-sarif-tool.sh cs
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v1
if: always()