From 824825e911c365a351f60172f7c11ff11a65e4e8 Mon Sep 17 00:00:00 2001 From: Dennis Klein Date: Tue, 9 Jun 2026 17:10:09 +0200 Subject: [PATCH] ci: make the static-analysis warning gate actually fail - the gate did `grep -q warning: build.log`, but build.log was never produced by the cmake-action build, so under `set -e` the grep in the `if` condition just reported "no match" and the job always passed - as a result ~4961 clang-tidy warnings were silently ignored - build manually and capture output to build.log with pipefail, and fail explicitly if the log is missing or contains a warning --- .github/workflows/ci.yml | 26 +++++++++++++++----------- 1 file changed, 15 insertions(+), 11 deletions(-) diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml index 9b6430e7..8a27ff92 100644 --- a/.github/workflows/ci.yml +++ b/.github/workflows/ci.yml @@ -149,21 +149,25 @@ jobs: key: ${{ github.job }} max-size: 500M - - name: Configure and Build - uses: threeal/cmake-action@v2 - with: - generator: Ninja - options: | - CMAKE_BUILD_TYPE=Debug - BUILD_TESTING=ON - RUN_STATIC_ANALYSIS=ON - CMAKE_C_COMPILER_LAUNCHER=ccache - CMAKE_CXX_COMPILER_LAUNCHER=ccache + - name: Configure + run: | + cmake -S . -B build -G Ninja \ + -DCMAKE_BUILD_TYPE=Debug \ + -DBUILD_TESTING=ON \ + -DRUN_STATIC_ANALYSIS=ON \ + -DCMAKE_C_COMPILER_LAUNCHER=ccache \ + -DCMAKE_CXX_COMPILER_LAUNCHER=ccache + + - name: Build + run: | + set -o pipefail + cmake --build build 2>&1 | tee build.log - name: Check for warnings run: | + test -f build.log || { echo "::error::build.log was not produced"; exit 1; } if grep -q "warning:" build.log; then - echo "::warning::Static analysis found warnings" + echo "::error::Static analysis found warnings" grep "warning:" build.log exit 1 fi