Troubleshoot CodeChecker diffs being too large #45
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Copyright 2013-2019 High Fidelity, Inc. | |
| # Copyright 2020-2022 Vircadia contributors. | |
| # Copyright 2021-2026 Overte e.V. | |
| # SPDX-License-Identifier: Apache-2.0 | |
| # Use a linter like https://github.com/rhysd/actionlint to avoid silent failures when developing GitHub Actions workflows. | |
| # You can use https://github.com/nektos/act to test things locally. Example command: | |
| # act -W .github/workflows/build.yml "pull_request" --matrix id:codechecker --secret-file=.secret | |
| name: Overte CI Build | |
| on: | |
| # Keep in mind that GitHub Actions does not allow reading secrets during PR builds. | |
| pull_request: | |
| types: [opened, synchronize, reopened] | |
| push: | |
| tags: | |
| # Release tags. E.g. 2024.06.1 | |
| # https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#filter-pattern-cheat-sheet | |
| - "[0-9][0-9][0-9][0-9].[0-9][0-9].**" | |
| schedule: # Only applies to the default branch. | |
| # Nightly builds. | |
| # Run every day at 07:33 UTC, which is night in US east, where most of the CI Runners are located. | |
| - cron: "33 7 * * *" | |
| env: | |
| # Many environment variables are already set in our Docker images or in other Actions. | |
| BUILD_TYPE: Release | |
| UPLOAD_BUCKET: overte-public | |
| UPLOAD_REGION: fra1 | |
| UPLOAD_ENDPOINT: "https://fra1.digitaloceanspaces.com" | |
| # GITHUB_SHA points to the merge commit instead of the latest commit on the branch. | |
| PULL_REQUEST_SHA: ${{ github.event.pull_request.head.sha }} | |
| jobs: | |
| check_if_new_nightly_commit: | |
| runs-on: ubuntu-latest | |
| name: Check if there is a new commit | |
| outputs: | |
| skip_nightly_build: ${{ steps.check_latest_commit.outputs.skip_nightly_build }} | |
| steps: | |
| - uses: actions/checkout@v7 | |
| - name: Check if the latest commit was created less than a day ago. | |
| id: check_latest_commit | |
| run: | | |
| if git rev-list --after="24 hours 5 minutes" ${{ github.sha }} | grep -q "${{ github.sha }}"; then | |
| echo "Our latest commit is less than a day old. Continuing…" | |
| echo "skip_nightly_build=False" >> $GITHUB_OUTPUT | |
| elif [ "${{github.event_name}}" = "schedule" ]; then | |
| echo "Our latest commit is older than a day. Skipping Nightly build…" | |
| echo "skip_nightly_build=True" >> $GITHUB_OUTPUT | |
| else | |
| echo "Not a scheduled Nightly build. Continuing…" | |
| echo "skip_nightly_build=False" >> $GITHUB_OUTPUT | |
| fi | |
| build: | |
| # Skip Nightly build if there is no new commit. | |
| needs: check_if_new_nightly_commit | |
| if: ${{ needs.check_if_new_nightly_commit.outputs.skip_nightly_build != 'True' }} | |
| name: "${{matrix.job_name_prefix}}${{matrix.os}}, ${{matrix.rendering_backend}}, ${{matrix.arch}}, ${{matrix.cmake_build_type}}" | |
| strategy: | |
| matrix: | |
| include: | |
| # - id: windows | |
| # os: Windows 2022 | |
| # # We use a third-party runner hosted by depot.dev to avoid timing out in case Qt has to be built from source. | |
| # runner: depot-windows-2022-16 # Which GitHub Actions Runner to use. When using `image` this just needs to run the build container. | |
| # arch: x86_64 | |
| # cmake_build_type: Release | |
| # qt_source: source # Which Qt Conan package to use. `system`, `source`, or `aqt`. | |
| # rendering_backend: OpenGL # Which OVERTE_RENDERING_BACKEND to build. | |
| # - id: ubuntu-opengl-amd64 | |
| # os: Ubuntu 22.04 | |
| # image: docker.io/overte/overte-full-build:2026-06-12-ubuntu-22.04-amd64 # Container image used for building. Built from /tools/ci-script/linux-ci/Dockerfile_x | |
| # runner: ubuntu-latest | |
| # arch: amd64 | |
| # cmake_build_type: Release | |
| # qt_source: system | |
| # rendering_backend: OpenGL | |
| # - id: ubuntu-vulkan-amd64 | |
| # os: Ubuntu 22.04 | |
| # image: docker.io/overte/overte-full-build:2026-06-12-ubuntu-22.04-amd64 | |
| # runner: ubuntu-latest | |
| # arch: amd64 | |
| # cmake_build_type: Release | |
| # qt_source: system | |
| # rendering_backend: Vulkan | |
| # - id: ubuntu-opengl-aarch64 | |
| # os: Ubuntu 22.04 | |
| # image: docker.io/overte/overte-full-build:2026-06-12-ubuntu-22.04-aarch64 | |
| # runner: ubuntu-24.04-arm | |
| # arch: aarch64 | |
| # cmake_build_type: Release | |
| # qt_source: system | |
| # rendering_backend: OpenGL | |
| # - id: ubuntu-vulkan-aarch64 | |
| # os: Ubuntu 22.04 | |
| # image: docker.io/overte/overte-full-build:2026-06-12-ubuntu-22.04-aarch64 | |
| # runner: ubuntu-24.04-arm | |
| # arch: aarch64 | |
| # cmake_build_type: Release | |
| # qt_source: system | |
| # rendering_backend: Vulkan | |
| - id: codechecker | |
| os: Ubuntu 22.04 | |
| image: docker.io/overte/overte-full-build:2026-06-12-ubuntu-22.04-amd64 | |
| runner: depot-ubuntu-24.04-16 | |
| arch: amd64 | |
| cmake_build_type: Debug | |
| qt_source: system | |
| rendering_backend: OpenGL | |
| job_name_prefix: 'CodeChecker ' | |
| fail-fast: false | |
| runs-on: ${{matrix.runner}} | |
| container: ${{matrix.image}} | |
| steps: | |
| - uses: actions/checkout@v6 | |
| with: | |
| submodules: false | |
| fetch-depth: 1 | |
| - name: Prepare Windows environment | |
| if: startsWith(matrix.os, 'Windows') | |
| uses: ./.github/actions/setup-windows | |
| - name: Read image environment variables | |
| # Bring some environment variables out of the Runner (Docker) image's environment into the Job environment. | |
| if: ${{matrix.image}} | |
| shell: bash | |
| run: | | |
| echo "CONAN_HOME=$CONAN_HOME" >> $GITHUB_ENV | |
| echo "CONAN_PROFILE=$CONAN_PROFILE" >> $GITHUB_ENV | |
| echo "APP_TARGET_NAME=$APP_TARGET_NAME" >> $GITHUB_ENV | |
| - name: Configure build environment 1 | |
| shell: bash | |
| id: buildenv1 | |
| run: | | |
| # Use our United States cache instead of our origin to avoid extremely low download speeds on Depot runners. | |
| conan remote update overte --url https://us-east-artifactory.overte.org/artifactory/api/conan/overte | |
| conan remote update conancenter --url https://us-east-artifactory.overte.org/artifactory/api/conan/conan-center | |
| # Work around https://github.com/actions/runner/issues/2058 | |
| echo "GITHUB_WORKSPACE=$GITHUB_WORKSPACE" >> $GITHUB_ENV | |
| # Create envionment variable for later Bash Parameter Expansion | |
| echo "CMAKE_BUILD_TYPE=${{ matrix.cmake_build_type }}" >> $GITHUB_ENV | |
| if [ "${{github.event_name}}" = "pull_request" ]; then | |
| echo "OVERTE_RELEASE_TYPE=PR" >> $GITHUB_ENV | |
| echo "OVERTE_RELEASE_NUMBER=${{ github.event.number }}" >> $GITHUB_ENV | |
| echo "GIT_COMMIT_SHORT=${PULL_REQUEST_SHA::7}" >> $GITHUB_ENV | |
| elif [ "${{github.event_name}}" = "push" ] && [ "${{github.event.action}}" == "tag" ]; then | |
| echo "OVERTE_RELEASE_TYPE=RELEASE" >> $GITHUB_ENV | |
| echo "OVERTE_RELEASE_NUMBER=${{ github.ref_name }}" >> $GITHUB_ENV | |
| echo "GIT_COMMIT_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV | |
| if [[ "${{ github.ref_name }}" == *"rc"* ]]; then # release candidate | |
| # The uploader already creates a subfolder for each RELEASE_NUMBER. | |
| echo "UPLOAD_PREFIX=build/overte/release-candidate/" >> $GITHUB_ENV | |
| else # release | |
| echo "UPLOAD_PREFIX=build/overte/release/" >> $GITHUB_ENV | |
| fi | |
| elif [ "${{github.event_name}}" = "schedule" ]; then # Nightly | |
| echo "OVERTE_RELEASE_TYPE=NIGHTLY" >> $GITHUB_ENV | |
| # Nightlies ignore OVERTE_RELEASE_NUMBER and instead use the build date. | |
| echo "OVERTE_RELEASE_NUMBER=''" >> $GITHUB_ENV | |
| echo "GIT_COMMIT_SHORT=${GITHUB_SHA::7}" >> $GITHUB_ENV | |
| else | |
| echo "Unexpected Action event! Failing…" | |
| exit 1; | |
| fi | |
| # Linux build variables | |
| if [[ "${{ matrix.os }}" = "Ubuntu"* ]]; then | |
| echo "CONAN_CPPSTD=gnu20" >> $GITHUB_ENV | |
| fi | |
| # Windows build variables | |
| if [[ "${{ matrix.os }}" = "Windows"* ]]; then | |
| echo "CONAN_CPPSTD=20" >> $GITHUB_ENV | |
| echo "CMAKE_EXTRA=-DJSDOC_ENABLED:BOOL=TRUE" >> $GITHUB_ENV | |
| fi | |
| - name: Cache conan | |
| if: ${{ !env.ACT }} # Don't run when testing locally. | |
| id: conan-cache | |
| uses: actions/cache@v5 | |
| with: | |
| key: conan-${{ matrix.os }}--${{ matrix.cmake_build_type }}-${{ matrix.arch }}-${{ hashFiles('conanfile.py') }} | |
| path: | | |
| ${{ env.CONAN_HOME }}/sources | |
| ${{ env.CONAN_HOME }}/p | |
| - name: Install Conan dependencies | |
| uses: ./.github/actions/conan-install | |
| with: | |
| qt_source: ${{matrix.qt_source}} | |
| build_type: ${{matrix.cmake_build_type}} | |
| cppstd: ${{env.CONAN_CPPSTD}} | |
| conan_profile: ${{env.CONAN_PROFILE}} | |
| - name: Upload dependency source backups | |
| if: github.event.action != 'tag' | |
| shell: bash | |
| env: | |
| # Token for uploading dependency source backups. | |
| CONAN_BUILD_DEPENDENCIES_BACKUP_UPLOAD_TOKEN: ${{ secrets.CONAN_BUILD_DEPENDENCIES_BACKUP_UPLOAD_TOKEN }} | |
| run: conan cache backup-upload || echo "Credentials cannot be accessed on remote Pull Request builds. Continuing…" | |
| - name: Upload Conan binary cache to Artifactory | |
| # Conan isn't glibc aware, so we need to be really careful what we upload to the binary cache on Linux. | |
| # Namely, we should never upload anything from a Linux system that is newer than our oldest Linux target. | |
| # See the upstream discussion: https://github.com/conan-io/conan/issues/7121 | |
| if: github.event_name != 'pull_request' && github.event.action != 'tag' | |
| continue-on-error: true | |
| uses: ./.github/actions/conan-upload-binaries | |
| with: | |
| CONAN_LOGIN_USERNAME_OVERTE: ${{ secrets.conan_login_username_overte }} | |
| CONAN_PASSWORD_OVERTE: ${{ secrets.conan_password_overte }} | |
| - name: Cleanup Conan dependencies | |
| if: always() && steps.conan-cache.outputs.cache-hit != 'true' | |
| run: conan cache clean "*" -sbdt | |
| shell: bash | |
| - name: Save Conan cache | |
| if: always() && steps.conan-cache.outputs.cache-hit != 'true' && env.ACT != 'true' | |
| uses: actions/cache/save@v5 | |
| with: | |
| key: conan-${{ matrix.os }}-${{ matrix.arch }}-${{ hashFiles('conanfile.py') }} | |
| path: | | |
| ${{ env.CONAN_HOME }}/sources | |
| ${{ env.CONAN_HOME }}/p | |
| - name: Configure CMake | |
| shell: bash | |
| run: | | |
| if [[ "${{ matrix.os }}" =~ "Windows" ]]; then | |
| cmake --preset conan-default -DOVERTE_RENDERING_BACKEND=${{ matrix.rendering_backend }} -DOVERTE_RELEASE_NUMBER=$OVERTE_RELEASE_NUMBER -DOVERTE_GIT_COMMIT_SHORT=$GIT_COMMIT_SHORT -DOVERTE_RELEASE_TYPE=$OVERTE_RELEASE_TYPE $CMAKE_EXTRA | |
| else | |
| cmake --preset conan-${CMAKE_BUILD_TYPE,,} -DOVERTE_RENDERING_BACKEND=${{ matrix.rendering_backend }} -DOVERTE_RELEASE_NUMBER=$OVERTE_RELEASE_NUMBER -DOVERTE_GIT_COMMIT_SHORT=$GIT_COMMIT_SHORT -DOVERTE_RELEASE_TYPE=$OVERTE_RELEASE_TYPE $CMAKE_EXTRA | |
| fi | |
| - name: Run CodeChecker static analysis | |
| uses: JulianGro/CodeChecker-Action@v1.0.4-overte | |
| if: matrix.id == 'codechecker' && github.event.action != 'tag' | |
| id: codechecker | |
| with: | |
| build-command: cmake --build --preset conan-debug --target codegen | |
| skipfile: ${{ env.GITHUB_WORKSPACE }}/.github/codechecker/skipfile.txt | |
| # Allow static analyzers to analyze across files instead of one file at a time. | |
| ctu: true | |
| # Update CodeChecker master branch results. | |
| store: ${{ github.event_name == 'schedule' }} | |
| store-url: "https://codechecker.overte.org/overte" | |
| store-username: ${{ secrets.CODECHECKER_STORE_USER }} | |
| store-password: ${{ secrets.CODECHECKER_STORE_PASSWORD }} | |
| # Use clang and clang-tidy from our Docker image. | |
| llvm-version: "ignore" | |
| # Use the same CodeChecker versions as installed in the Docker image. | |
| version: "6.28.0" | |
| store-run-name: "main" | |
| # Compare Pull Request against master branch, to see if there are any new warnings. | |
| diff: ${{ github.event_name == 'pull_request' }} | |
| diff-url: 'https://codechecker.overte.org/overte' | |
| # We cannot use secrets on Pull Requests, so we use a separate read-only account. | |
| diff-username: github_actions_read | |
| diff-password: "xDylatsf@3Jcyz$" | |
| # Which result to compare against. | |
| diff-run-name: "main" | |
| - name: Upload CodeChecker analysis warnings | |
| uses: actions/upload-artifact@v7 | |
| if: steps.codechecker.outcome != 'skipped' && env.ACT != 'true' | |
| with: | |
| name: "CodeChecker_analysis_warnings_${{ env.GIT_COMMIT_SHORT }}.zip" | |
| path: ${{ steps.codechecker.outputs.result-html-dir }} | |
| if-no-files-found: error | |
| - name: Upload new CodeChecker analysis warnings | |
| uses: actions/upload-artifact@v7 | |
| if: steps.codechecker.outputs.warnings-in-diff == 'true' && env.ACT != 'true' | |
| with: | |
| name: "Newly_introduced_analysis_warnings_${{ env.GIT_COMMIT_SHORT }}.zip" | |
| path: ${{ steps.codechecker.outputs.diff-html-dir }} | |
| if-no-files-found: error | |
| - name: "Fail the job if new findings are introduced" | |
| if: ${{ steps.codechecker.outputs.warnings-in-diff == 'true' }} | |
| shell: bash | |
| run: | | |
| echo "::error title=New static analysis warnings::Analysed commit would introduce new static analysis warnings and potential bugs to the project." | |
| # Fail the build, after results were collected and uploaded. | |
| exit 1 | |
| - name: Build application | |
| shell: bash | |
| run: cmake --build --target $APP_TARGET_NAME --preset conan-${CMAKE_BUILD_TYPE,,} | |
| - name: Build domain server | |
| shell: bash | |
| run: cmake --build --target domain-server --preset conan-${CMAKE_BUILD_TYPE,,} | |
| - name: Build assignment client | |
| shell: bash | |
| run: cmake --build --target assignment-client --preset conan-${CMAKE_BUILD_TYPE,,} | |
| - name: Build console | |
| shell: bash | |
| run: cmake --build --target packaged-server-console --preset conan-${CMAKE_BUILD_TYPE,,} | |
| - name: Build installer | |
| shell: bash | |
| run: | | |
| cmake --build --target package --preset conan-${CMAKE_BUILD_TYPE,,} | |
| rm build/Overte-*.json || true # Remove JSON created by CPack External Generator to avoid it landing in the CI Artifacts. | |
| - name: Upload artifact to GitHub | |
| if: ${{ !env.ACT }} # Don't run when testing locally. | |
| uses: actions/upload-artifact@v7 | |
| with: | |
| archive: false | |
| path: build/Overte-* | |
| if-no-files-found: error | |
| - name: Upload artifact to S3 | |
| if: github.event.action == 'tag' | |
| shell: bash | |
| working-directory: build | |
| env: | |
| AWS_ACCESS_KEY_ID: ${{ secrets.s3_access_key_id }} | |
| AWS_SECRET_ACCESS_KEY: ${{ secrets.s3_secret_access_key }} | |
| RELEASE_NUMBER: ${{ github.ref_name }} | |
| run: $PYTHON_EXEC $GITHUB_WORKSPACE/tools/ci-scripts/upload.py | |
| - name: Output debug information | |
| if: always() | |
| uses: ./.github/actions/debug-info |