1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
|
# Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions
# Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners
name: scriptcheck
on:
push:
branches:
- 'main'
- 'releases/**'
- '2.*'
tags:
- '2.*'
pull_request:
permissions:
contents: read
jobs:
build:
runs-on: ubuntu-22.04
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: ccache
uses: hendrikmuhs/ccache-action@v1.2
with:
key: ${{ github.workflow }}-${{ runner.os }}
- name: Cache Cppcheck
uses: actions/cache@v4
with:
path: cppcheck
key: ${{ runner.os }}-scriptcheck-cppcheck-${{ github.sha }}
- name: build cppcheck
run: |
export PATH="/usr/lib/ccache:/usr/local/opt/ccache/libexec:$PATH"
make -j$(nproc) CXXOPTS="-Werror"
strip -s ./cppcheck
scriptcheck:
needs: build
runs-on: ubuntu-22.04
strategy:
matrix:
python-version: [3.7, 3.8, 3.9, '3.10', '3.11', '3.12', '3.13', '3.14']
include:
- python-version: '3.14'
python-latest: true
fail-fast: false
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
# TODO: bailout on error
- name: Restore Cppcheck
uses: actions/cache@v4
with:
path: cppcheck
key: ${{ runner.os }}-scriptcheck-cppcheck-${{ github.sha }}
- name: Set up Python ${{ matrix.python-version }}
uses: actions/setup-python@v5
with:
python-version: ${{ matrix.python-version }}
check-latest: true
- name: Install missing software on ubuntu
run: |
sudo apt-get update
sudo apt-get install tidy libxml2-utils
- name: Install missing software on ubuntu (Python 3)
run: |
# shellcheck cannot be installed via pip
# ERROR: Could not find a version that satisfies the requirement shellcheck (from versions: none)
# ERROR: No matching distribution found for shellcheck
sudo apt-get install shellcheck
python -m pip install pip --upgrade
python -m pip install natsort
python -m pip install pexpect
python -m pip install 'pylint<4.1.0'
python -m pip install unittest2
python -m pip install pytest
python -m pip install pytest-xdist
python -m pip install pygments
python -m pip install requests
python -m pip install psutil
python -m pip install setuptools
- name: run Shellcheck
if: matrix.python-latest
run: |
find . -name "*.sh" | xargs shellcheck --exclude SC2002,SC2013,SC2034,SC2035,SC2043,SC2046,SC2086,SC2089,SC2090,SC2129,SC2211,SC2231
- name: run pylint
if: matrix.python-latest
run: |
shopt -s globstar
pylint --jobs $(nproc) --py-version 3.7 addons/**/*.py htmlreport/cppcheck-htmlreport htmlreport/**/*.py test/**/*.py tools/**/*.py
- name: check .json files
if: matrix.python-latest
run: |
find . -name '*.json' | xargs -n 1 python -m json.tool > /dev/null
- name: Validate
if: matrix.python-latest
run: |
make -j$(nproc) validateCFG validatePlatforms validateRules
- name: check python syntax
run: |
shopt -s globstar
python -m py_compile addons/**/*.py
python -m py_compile htmlreport/cppcheck-htmlreport
python -m py_compile htmlreport/**/*.py
python -m py_compile test/**/*.py
python -m py_compile tools/**/*.py
- name: compile addons
run: |
python -m compileall ./addons
- name: test matchcompiler
run: |
python test/tools/test_matchcompiler.py
env:
PYTHONPATH: ./tools
# TODO: run with "-n auto" when misra_test.py can be run in parallel
# we cannot specify -Werror since xml/etree/ElementTree.py in Python 3.9/3.10 contains an unclosed file
- name: test addons
if: matrix.python-version == '3.9' || matrix.python-version == '3.10'
run: |
python -m pytest --strict-markers -vv -n 1 addons/test
env:
PYTHONPATH: ./addons
# TODO: run with "-n auto" when misra_test.py can be run in parallel
- name: test addons
if: matrix.python-version != '3.9' && matrix.python-version != '3.10'
run: |
python -m pytest -Werror --strict-markers -vv -n 1 addons/test
env:
PYTHONPATH: ./addons
- name: test htmlreport (standalone)
run: |
test/tools/htmlreport/test_htmlreport.py
test/tools/htmlreport/check.sh
- name: test htmlreport (pip)
run: |
python -m venv venv
source venv/bin/activate
python -m pip install -U pip
pip install ./htmlreport/
which cppcheck-htmlreport
PIP_PACKAGE_TEST=1 test/tools/htmlreport/test_htmlreport.py
# TODO: does not test the pip binary
test/tools/htmlreport/check.sh
- name: test reduce
run: |
python -m pytest -Werror --strict-markers -vv test/tools/reduce_test.py
env:
PYTHONPATH: ./tools
- name: test donate_cpu_lib
run: |
python -m pytest -Werror --strict-markers -vv test/tools/donate_cpu_lib_test.py
env:
PYTHONPATH: ./tools
- name: test donate_cpu_server
run: |
python -m pytest -Werror --strict-markers -vv test/tools/donate_cpu_server_test.py
# TODO: why is this file generated? also should be in a temporary folder if possible
rm -f test/tools/donate-cpu-server.log
env:
PYTHONPATH: ./tools
- name: Show all ignored files
if: false # TODO: currently lists all the contents of ignored folders - we only need what actually matched
run: |
git ls-files --others --ignored --exclude-standard
- name: Check for changed and unversioned files
run: |
# TODO: how to do this with a single command?
git status --ignored=no
git status --ignored=no | grep -q 'working tree clean'
dmake:
strategy:
matrix:
os: [ubuntu-22.04, macos-15, windows-2025]
fail-fast: false
runs-on: ${{ matrix.os }}
steps:
- uses: actions/checkout@v4
with:
persist-credentials: false
- name: run dmake
run: |
make -j3 CXXOPTS="-Werror" run-dmake
- name: check diff
run: |
git diff --exit-code
|
