[ci] Add CodeChecker analyze to GitHub Actions

Analyze CodeChecker code with CodeChecker when creating pull-request and compare to master. Fail PR if new issues introduced.

Author: gulyasgergely902

.github/workflows/codechecker_master_analysis.yml

@@ -0,0 +1,40 @@
+name: codechecker-master-analysis
+
+# Triggers the workflow on push or pull request events.
+on:
+  push:
+    branches:
+      - master
+
+jobs:
+  codechecker-master-analyis:
+    name: CodeChecker analyze master
+
+    runs-on: ubuntu-24.04
+    env:
+      PR_NUMBER: ${{ github.event.number }}
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+      - name: Install dependencies
+        run: |
+          pip install $(grep -iE "pylint|pycodestyle" analyzer/requirements_py/dev/requirements.txt)
+          pip install codechecker==6.25.1
+          sh .github/workflows/install-deps.sh
+      - name: Build the CodeChecker package
+        run: |
+          make pip_dev_deps
+          BUILD_UI_DIST=NO make package
+      - name: Run CodeChecker analysis
+        env:
+          CODECHECKER_TOKEN: ${{ secrets.CODECHECKER_STORE_TOKEN }}
+          PR_NUMBER: ${{ github.event.number }}
+        run: |
+          pwd
+          ls
+          touch ~/.codechecker.passwords.json
+          chmod 0600 ~/.codechecker.passwords.json
+          echo "{\"client_autologin\" : true,\"credentials\": {\"*\": \"store:$CODECHECKER_TOKEN\"}}" > ~/.codechecker.passwords.json
+          bash ./ci/github_analysis/codechecker_gate_master.sh

.github/workflows/codechecker_pr_analysis.yml

@@ -0,0 +1,39 @@
+name: codechecker-pr-analysis
+
+# Triggers the workflow on push or pull request events.
+on: [push, pull_request]
+
+jobs:
+  codechecker-pr-analyis:
+    name: CodeChecker analyze PR
+
+    runs-on: ubuntu-24.04
+    env:
+      PR_NUMBER: ${{ github.event.number }}
+    steps:
+      - uses: actions/checkout@v2
+      - uses: actions/setup-python@v4
+        with:
+          python-version: '3.9'
+      - name: Install dependencies
+        run: |
+          pip install $(grep -iE "pylint|pycodestyle" analyzer/requirements_py/dev/requirements.txt)
+          pip install codechecker==6.25.1
+          sh .github/workflows/install-deps.sh
+      - name: Build the CodeChecker package
+        run: |
+          make pip_dev_deps
+          BUILD_UI_DIST=NO make package
+      - name: Run CodeChecker analysis
+        env:
+          CODECHECKER_TOKEN: ${{ secrets.TEST }}
+          PR_NUMBER: ${{ github.event.number }}
+        run: |
+          pwd
+          ls
+          CodeChecker version
+          touch ~/.codechecker.passwords.json
+          chmod 0600 ~/.codechecker.passwords.json
+          echo "{\"client_autologin\" : true,\"credentials\": {\"https://codechecker-demo.eastus.cloudapp.azure.com\": \"store:${{ secrets.TEST }}\"}}" > ~/.codechecker.passwords.json
+          cat ~/.codechecker.passwords.json
+          bash ./ci/github_analysis/codechecker_gate_pr.sh $GITHUB_REF

.gitmessage

@@ -9,6 +9,7 @@
 # --- COMMIT END ---
 # Tag can be
 #    analyzer      (Analyzer related changes)
+#    ci            (CI/CD related changes)
 #    clang         (Clang Static Analyzer related changes)
 #    clang-tidy    (Clang Tidy related changes)
 #    cmd           (Command line changes)

ci/github_analysis/codechecker_gate_master.sh

@@ -0,0 +1,17 @@
+#!/bin/bash
+
+CC_URL="https://codechecker-demo.eastus.cloudapp.azure.com/codechecker"
+
+./ci/github_analysis/pylint_analyze.sh
+
+report-converter -c -t pylint -o ./reports-pylint ./pylint-reports.json
+CodeChecker version
+CodeChecker store ./reports-pylint --url "$CC_URL" --trim-path-prefix "$(pwd)" -n master
+new_finding_count=$(CodeChecker cmd results --url "$CC_URL" master --detection-status 'NEW' 'REOPENED' --review-status 'UNREVIEWED' 'CONFIRMED' | grep -c "NEW\|REOPENED")
+if [ "$new_finding_count" -ne "0" ]; then
+   echo "ERROR. This PUSH introduced $new_finding_count new findings to the master branch! Please check them at $CC_URL/reports?review-status=Unreviewed&review-status=Confirmed%20bug&detection-status=New&run=master&is-unique=off&diff-type=New"
+   exit 1
+else
+   echo "SUCCESS. No new reports introduced"
+   exit 0
+fi

ci/github_analysis/codechecker_gate_pr.sh

@@ -0,0 +1,18 @@
+#!/bin/bash
+
+CC_URL="https://codechecker-demo.eastus.cloudapp.azure.com/codechecker"
+
+if [ "$#" -ne 1 ]; then
+    echo "<PR_NAME> is missing"
+fi
+
+./ci/github_analysis/pylint_analyze.sh
+report-converter -c -t pylint -o ./reports-pylint ./pylint-reports.json
+CodeChecker store -f ./reports-pylint --url "$CC_URL" --trim-path-prefix "$(pwd)" -n "$1"
+CodeChecker cmd diff --url "$CC_URL" -b master -n "$1" --new
+if [ "$?" -ne 0 ]; then
+    echo "ERROR. YOUR PR FAILED GATING! Please check new reports at $CC_URL/reports?run=master&newcheck=$1"
+    exit 1
+else
+    echo "Gating successful. No new report found. Your PR is ready to be merged."
+fi

ci/github_analysis/pylint_analyze.sh

@@ -0,0 +1,5 @@
+#!/bin/bash
+
+pylint --version
+disabled_checkers="duplicate-code,fixme,consider-using-get,too-many-instance-attributes"
+pylint --rcfile=.pylintrc -j0 --disable $disabled_checkers -f json --output ./pylint-reports.json ./build/CodeChecker/lib/python3/*