Skip to content
Static Analysis

add support for ED25519 signature scheme #585

Sign in to view logs

add support for ED25519 signature scheme

add support for ED25519 signature scheme #585

Workflow file for this run

.github/workflows/static-analysis.yml at f47651a
name: Static Analysis
on:
pull_request:
branches: [ main, master ]
push:
branches: [ main, master ]
jobs:
cppcheck:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Checkout wolfssl
uses: actions/checkout@v3
with:
repository: wolfssl/wolfssl
ref: v5.6.4-stable
path: wolfssl
- name: Install cppcheck
run: |
sudo apt-get update
sudo apt-get install -y cppcheck
- name: Run cppcheck
id: cppcheck
continue-on-error: true
run: |
chmod +x tools/static-analysis/run_cppcheck.sh
tools/static-analysis/run_cppcheck.sh
- name: Display errors and warnings
if: always()
run: |
if [ -f tools/static-analysis/reports/cppcheck_summary.txt ]; then
ERROR_COUNT=$(grep -c "error:" tools/static-analysis/reports/cppcheck_summary.txt 2>/dev/null) || ERROR_COUNT=0
WARNING_COUNT=$(grep -c "warning:" tools/static-analysis/reports/cppcheck_summary.txt 2>/dev/null) || WARNING_COUNT=0
STYLE_COUNT=$(grep -c "style:" tools/static-analysis/reports/cppcheck_summary.txt 2>/dev/null) || STYLE_COUNT=0
echo "## Static Analysis Summary"
echo "- Errors: $ERROR_COUNT"
echo "- Warnings: $WARNING_COUNT"
echo "- Style issues: $STYLE_COUNT (informational only)"
if [ "$ERROR_COUNT" -gt 0 ] || [ "$WARNING_COUNT" -gt 0 ]; then
echo ""
echo "### Issues that must be fixed:"
echo ""
# Show only errors and warnings, not style issues
grep -E "(error|warning):" tools/static-analysis/reports/cppcheck_summary.txt || true
fi
else
echo "⚠️ No cppcheck summary file found"
fi
- name: Fail if issues found
if: steps.cppcheck.outcome == 'failure'
run: |
echo "❌ Static analysis failed - errors or warnings were found"
exit 1
scan-build:
runs-on: ubuntu-latest
steps:
- name: Checkout wolfHSM
uses: actions/checkout@v4
with:
path: wolfHSM
- name: Checkout wolfssl
uses: actions/checkout@v4
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y clang build-essential clang-tools
- name: Run scan-build
id: scan-build
run:
cd wolfHSM && make scan
- name: Fail if scan-build issues found
if: steps.scan-build.outcome == 'failure'
run: |
echo "❌ scan-build analysis failed - errors or warnings were found"
exit 1
clang-tidy:
runs-on: ubuntu-latest
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Checkout wolfssl
uses: actions/checkout@v3
with:
repository: wolfssl/wolfssl
path: wolfssl
- name: Install dependencies
run: |
sudo apt-get update
sudo apt-get install -y clang clang-tidy build-essential
- name: Run clang-tidy
id: clang-tidy
run: |
chmod +x tools/static-analysis/run_clang_tidy_make.sh
chmod +x tools/static-analysis/clang-tidy-builder.sh
tools/static-analysis/run_clang_tidy_make.sh
- name: Display errors and warnings
if: always()
run: |
if [ -f tools/static-analysis/reports/clang_tidy_summary.txt ]; then
# Count issues from clang-tidy output
ERROR_COUNT=$(grep -c "error:" tools/static-analysis/reports/clang_tidy_summary.txt 2>/dev/null) || ERROR_COUNT=0
WARNING_COUNT=$(grep -c "warning:" tools/static-analysis/reports/clang_tidy_summary.txt 2>/dev/null) || WARNING_COUNT=0
echo "## Clang-Tidy Analysis Summary"
echo "- Errors: $ERROR_COUNT"
echo "- Warnings: $WARNING_COUNT"
if [ "$ERROR_COUNT" -gt 0 ] || [ "$WARNING_COUNT" -gt 0 ]; then
echo ""
echo "### Issues found:"
echo ""
# Show first 50 issues to avoid overwhelming output
head -50 tools/static-analysis/reports/clang_tidy_summary.txt
TOTAL_ISSUES=$((ERROR_COUNT + WARNING_COUNT))
if [ "$TOTAL_ISSUES" -gt 50 ]; then
echo ""
echo "... and $((TOTAL_ISSUES - 50)) more issues. See full report for details."
fi
fi
else
echo "⚠️ No clang-tidy summary file found"
fi
- name: Fail if issues found
if: steps.clang-tidy.outcome == 'failure'
run: |
echo "❌ Clang-tidy analysis failed - errors or warnings were found"
exit 1