Skip to content

Modify: Workflows & CMake for Toolchains, Add WASM, CFL & LibFuzzer #589

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
xsscx merged 8 commits into from
Feb 17, 2026
Merged

Modify: Workflows & CMake for Toolchains, Add WASM, CFL & LibFuzzer #589

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
e692d57
Squash: CI, CFL, CMake, WASM
xsscx Feb 17, 2026
0d69451
Verify: Expected Outputs on Releases
xsscx Feb 17, 2026
fb26eeb
Verify: Expected Outputs on Releases (2)
xsscx Feb 17, 2026
e6f0ba6
Verify: Expected Outputs on Releases (3)
xsscx Feb 17, 2026
084af54
Verify: Expected Outputs for Builds
xsscx Feb 17, 2026
267be54
Modify: build.md
xsscx Feb 17, 2026
bbf5659
Update version and baseline in vcpkg.json
xsscx Feb 17, 2026
58f94f1
Update version and baseline in vcpkg.json
xsscx Feb 17, 2026
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
178 changes: 104 additions & 74 deletions .github/workflows/ScanBuild.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,141 +1,171 @@
###############################################################
#
## Copyright (©) 2025 International Color Consortium.
## All rights reserved.
## https://color.org
#
#
## Intent: iccDEV Scan Build Runner for Matrix OS
#
## Last Updated: 28-NOV-2025 0000Z by David Hoyt
## Add Read Permission Block
## TODO: Push binary releases, tags etc..
#
##
#
# Copyright (©) 2025 International Color Consortium.
# All rights reserved.
# https://color.org
#
#
# Intent: iccDEV Scan Build Runner
#
# Last Updated: 2026-02-17 16:14:17 UTC by David Hoyt
# Parallel build, hardened shells, sanitizer,
# dynamic LLVM path, libjpeg-dev dependency.
#
###############################################################

name: "Scan Build"

permissions:
contents: read

on:
workflow_dispatch:

jobs:
build-linux:
name: Build and Test Linux with scan-build
runs-on: ubuntu-latest
timeout-minutes: 20
permissions:
contents: read

timeout-minutes: 30
strategy:
fail-fast: false

steps:
- name: 📥 Checkout master
- name: Checkout
uses: actions/checkout@c2d88d3ecc89a9ef08eebf45d9637801dcee7eb5
with:
fetch-depth: 0
persist-credentials: false

# Install dependencies
- name: Install dependencies
shell: bash
shell: bash --noprofile --norc {0}
env:
BASH_ENV: /dev/null
BASH_ENV: /dev/null
run: |
set -euo pipefail
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git config --global credential.helper ""

# Clear the in-shell GITHUB_TOKEN
unset GITHUB_TOKEN || true

sudo apt-get update
sudo apt-get install -y build-essential cmake gcc g++ clang clang-tools libpng-dev libxml2 libxml2-dev libtiff-dev nlohmann-json3-dev libwxgtk3.2-dev wx-common python3 python3-pip curl git llvm
# Ensure scan-build is in PATH
- name: Ensure scan-build is installed and accessible
shell: bash
env:
BASH_ENV: /dev/null
run: |
set -euo pipefail
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git config --global credential.helper ""

# Clear the in-shell GITHUB_TOKEN
unset GITHUB_TOKEN || true
sudo apt-get update -qq
sudo apt-get install -y \
build-essential cmake gcc g++ clang clang-tools \
libpng-dev libxml2-dev libtiff-dev libjpeg-dev \
nlohmann-json3-dev libwxgtk3.2-dev wx-common \
python3 curl git llvm

echo "### Environment" >> "$GITHUB_STEP_SUMMARY"
echo "| Tool | Version |" >> "$GITHUB_STEP_SUMMARY"
echo "|------|---------|" >> "$GITHUB_STEP_SUMMARY"
echo "| scan-build | $(scan-build --version 2>&1 | head -1) |" >> "$GITHUB_STEP_SUMMARY"
echo "| clang | $(clang --version 2>&1 | head -1) |" >> "$GITHUB_STEP_SUMMARY"
echo "| cmake | $(cmake --version | head -1) |" >> "$GITHUB_STEP_SUMMARY"
echo "| nproc | $(nproc) |" >> "$GITHUB_STEP_SUMMARY"
echo "" >> "$GITHUB_STEP_SUMMARY"

which scan-build || echo "? scan-build not found"
scan-build --version || echo "? scan-build version check failed"
# Configure the build with scan-build
- name: Configure the build with scan-build
shell: bash
- name: Configure with scan-build
shell: bash --noprofile --norc {0}
env:
BASH_ENV: /dev/null
BASH_ENV: /dev/null
CC: clang
CXX: clang++
run: |
set -euo pipefail
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git config --global credential.helper ""

# Clear the in-shell GITHUB_TOKEN
unset GITHUB_TOKEN || true

ls
LLVM_BIN=$(llvm-config --bindir 2>/dev/null || echo "/usr/lib/llvm-$(llvm-config --version 2>/dev/null | cut -d. -f1)/bin")
export PATH="${LLVM_BIN}:${PATH}"

cd Build
pwd
ls
export CC=clang
export CXX=clang++
export PATH="/usr/lib/llvm-17/bin:$PATH"
scan-build cmake -DCMAKE_INSTALL_PREFIX=$HOME/.local -DCMAKE_BUILD_TYPE=Release -DENABLE_TOOLS=ON -Wno-dev Cmake/
# Run scan-build for static analysis
- name: Run scan-build for static analysis
shell: bash
scan-build cmake \
-DCMAKE_INSTALL_PREFIX=$HOME/.local \
-DCMAKE_BUILD_TYPE=Release \
-DENABLE_TOOLS=ON \
-Wno-dev \
Cmake/

- name: Run scan-build with all processors
shell: bash --noprofile --norc {0}
env:
BASH_ENV: /dev/null
BASH_ENV: /dev/null
run: |
set -euo pipefail
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git config --global credential.helper ""

# Clear the in-shell GITHUB_TOKEN
unset GITHUB_TOKEN || true

pwd
ls
LLVM_BIN=$(llvm-config --bindir 2>/dev/null || echo "/usr/lib/llvm-$(llvm-config --version 2>/dev/null | cut -d. -f1)/bin")
export PATH="${LLVM_BIN}:${PATH}"

NPROC=$(nproc)
echo "Running scan-build with $NPROC parallel jobs"
cd Build
pwd
ls
export PATH="/usr/lib/llvm-17/bin:$PATH"
scan-build --status-bugs --keep-going -o scan-build-reports make -j$(nproc) || true
continue-on-error: true # Allow the step to complete even if issues are found
scan-build --status-bugs --keep-going -o scan-build-reports \
make -j"$NPROC" 2>&1 | tee scan-build-output.log || true

# Count findings
BUGS=$({ grep -c 'warning:' scan-build-output.log 2>/dev/null || true; })
echo "scan-build found $BUGS warnings"
echo "SCAN_BUGS=$BUGS" >> "$GITHUB_ENV"
continue-on-error: true

# Upload scan-build reports
- name: Upload scan-build reports
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
with:
name: scan-build-reports
path: Build/scan-build-reports
if-no-files-found: warn

# Upload built binaries as artifacts
- name: Upload build artifacts
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
with:
name: master-build-linux
path: Build
path: |
Build/**/*.so
Build/**/*.a
Build/**/Icc*
LICENSE.md
if-no-files-found: warn

# Upload build logs
- name: Upload build logs
uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4
with:
name: build-logs
path: Build/CMakeCache.txt
path: |
Build/CMakeCache.txt
Build/scan-build-output.log

- name: Summary Report
if: always()
shell: bash --noprofile --norc {0}
env:
BASH_ENV: /dev/null
run: |
echo "### Build Summary" >> $GITHUB_STEP_SUMMARY
echo "- Build Directory: Build/" >> $GITHUB_STEP_SUMMARY
echo "- Artifacts Uploaded: iccdev-linux-clang" >> $GITHUB_STEP_SUMMARY
echo "- Status: Success" >> $GITHUB_STEP_SUMMARY
set -euo pipefail
git config --global --add safe.directory "$GITHUB_WORKSPACE"
git config --global credential.helper ""
unset GITHUB_TOKEN || true

SANITIZER=".github/scripts/sanitize-sed.sh"
if [[ -f "$SANITIZER" ]]; then
# shellcheck disable=SC1090
source "$SANITIZER"
else
sanitize_line() { printf '%s' "$1"; }
fi

BUGS="${SCAN_BUGS:-0}"
REPORT_COUNT=$(find Build/scan-build-reports -name '*.html' 2>/dev/null | wc -l | tr -d ' ')

{
echo "### 🧠 Scan-Build Summary"
echo ""
echo "| Metric | Value |"
echo "|--------|-------|"
echo "| Parallel jobs | $(nproc) |"
echo "| Warnings logged | $(sanitize_line "$BUGS") |"
echo "| HTML reports | $(sanitize_line "$REPORT_COUNT") |"
echo "| Status | ${{ job.status }} |"
echo ""
} >> "$GITHUB_STEP_SUMMARY"
Loading
Loading