From 72ad1f01d1caef09bd5539e845214391efe233dd Mon Sep 17 00:00:00 2001
From: Michael Jones <jonesmz@users.noreply.github.com>
Date: Tue, 16 Jan 2024 21:49:30 -0600
Subject: [PATCH] Add clang-tidy, include-what-you-use, and msvc-analyzer
 github actions (#1363)

---
 .clang-tidy                         | 16 ++++++
 .github/workflows/clang-tidy.yml    | 51 +++++++++++++++++++
 .github/workflows/msvc-analyzer.yml | 78 +++++++++++++++++++++++++++++
 iwyu-ubuntu.imp                     | 11 ++++
 4 files changed, 156 insertions(+)
 create mode 100644 .clang-tidy
 create mode 100644 .github/workflows/clang-tidy.yml
 create mode 100644 .github/workflows/msvc-analyzer.yml
 create mode 100644 iwyu-ubuntu.imp

diff --git a/.clang-tidy b/.clang-tidy
new file mode 100644
index 00000000..0b6f8e1d
--- /dev/null
+++ b/.clang-tidy
@@ -0,0 +1,16 @@
+---
+Checks: 'clang-diagnostic-*,
+	,clang-analyzer-*,
+	,-clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling,
+	,-clang-analyzer-security.insecureAPI.strcpy,
+	,bugprone-*,
+	,-bugprone-easily-swappable-parameters,
+	,performance-*,
+	,readability-*,
+	,-readability-braces-around-statements,
+	,-readability-identifier-length,
+	,-readability-else-after-return,
+	,-readability-magic-numbers,
+	,-readability-function-cognitive-complexity,
+	,modernize-*,
+'
diff --git a/.github/workflows/clang-tidy.yml b/.github/workflows/clang-tidy.yml
new file mode 100644
index 00000000..15acf055
--- /dev/null
+++ b/.github/workflows/clang-tidy.yml
@@ -0,0 +1,51 @@
+name: clang-tidy
+
+on:
+  push:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+jobs:
+  clang-tidy:
+    runs-on: ubuntu-latest
+
+    strategy:
+      matrix:
+        config: [Release]
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: Install dependencies
+      run: |
+        sudo apt-get update
+        sudo apt install -y clang clang-tidy clang-tools ninja-build iwyu
+        sudo apt install -y wget libevent-dev libssl-dev libpq-dev libmariadb-dev libsqlite3-dev libhiredis-dev libmongoc-dev libmicrohttpd-dev
+        wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libprom-dev-0.1.3-Linux.deb
+        wget https://github.com/digitalocean/prometheus-client-c/releases/download/v0.1.3/libpromhttp-dev-0.1.3-Linux.deb
+        sudo apt install -y ./libprom-dev-0.1.3-Linux.deb ./libpromhttp-dev-0.1.3-Linux.deb
+
+    - name: Configure
+      run: |
+        cmake -G Ninja -B build -DCMAKE_BUILD_TYPE=${{ matrix.config }} -DCMAKE_EXPORT_COMPILE_COMMANDS=true
+
+    - name: Compile
+      run: |
+        cmake --build build --parallel --config ${{ matrix.config }}
+
+    # Implicitly requires build/compile_commands.json to exist
+    - name: Run Clang Tidy
+      run: |
+        wget https://raw.githubusercontent.com/llvm/llvm-project/llvmorg-14.0.6/clang-tools-extra/clang-tidy/tool/run-clang-tidy.py
+        chmod +x run-clang-tidy.py
+        ./run-clang-tidy.py -j $(nproc) -p build
+
+    # Implicitly requires build/compile_commands.json to exist
+    - name: Run IWYU
+      run: |
+        wget https://raw.githubusercontent.com/include-what-you-use/include-what-you-use/clang_14/iwyu_tool.py
+        chmod +x iwyu_tool.py
+        # iwyu_tool.py returns non-zero if any executions returned nonzero. Which... happens to be useless unless the project is already IWYU clean.
+        ./iwyu_tool.py -j $(nproc) -p build -- -Xiwyu --mapping_file=${GITHUB_WORKSPACE}/iwyu-ubuntu.imp || exit 0
diff --git a/.github/workflows/msvc-analyzer.yml b/.github/workflows/msvc-analyzer.yml
new file mode 100644
index 00000000..b24012e3
--- /dev/null
+++ b/.github/workflows/msvc-analyzer.yml
@@ -0,0 +1,78 @@
+name: msvc-analyzer
+
+on:
+  push:
+  pull_request:
+    types: [ opened, reopened, synchronize ]
+
+jobs:
+  msvc-analyzer:
+    runs-on: windows-latest
+
+    permissions:
+      # required for all codeql to report detected outcomes
+      security-events: write
+
+    strategy:
+      matrix:
+        BUILD_TYPE: [Release]
+        BUILD_SHARED_LIBS: [OFF]
+        VCPKG_PLATFORM_TOOLSET: [v143]
+        CMAKE_GENERATOR_PLATFORM: [x64]
+
+    env:
+      SOURCE_DIR:  ${{github.workspace}}\.cache\source
+      TOOLS_DIR:   ${{github.workspace}}\.cache\tools
+      INSTALL_DIR: ${{github.workspace}}\.cache\install_msvc_x64-windows_${{matrix.BUILD_TYPE}}
+      VCPKGGITCOMMITID: 53bef8994c541b6561884a8395ea35715ece75db
+      VCPKG_PLATFORM_TOOLSET: ${{matrix.VCPKG_PLATFORM_TOOLSET}}
+      CMAKE_GENERATOR_PLATFORM: ${{matrix.CMAKE_GENERATOR_PLATFORM}}
+
+    defaults:
+      run:
+        shell: cmd
+
+    steps:
+    - uses: actions/checkout@v4
+      with:
+        fetch-depth: 0
+
+    - name: make directory
+      run: |
+        cmake -E make_directory ${{env.SOURCE_DIR}}
+        cmake -E make_directory ${{env.TOOLS_DIR}}
+        cmake -E make_directory ${{env.INSTALL_DIR}}
+
+    - name: run-vcpkg
+      uses: lukka/run-vcpkg@v11
+      with:
+        # If not using a submodule for vcpkg sources, this specifies which commit
+        # id must be checkout from a Git repo. It must not set if using a submodule
+        # for vcpkg.
+        vcpkgGitCommitId: '${{ env.VCPKGGITCOMMITID }}'
+
+    - name: Configure (MSVC)
+      run: |
+        cmake -B build ^
+            -A ${{matrix.CMAKE_GENERATOR_PLATFORM}} ^
+            -T ${{matrix.VCPKG_PLATFORM_TOOLSET}} ^
+            -DWITH_MYSQL=OFF ^
+            -DBUILD_SHARED_LIBS=${{matrix.BUILD_SHARED_LIBS}} ^
+            -DCMAKE_BUILD_TYPE=${{matrix.BUILD_TYPE}} ^
+            -DCMAKE_TOOLCHAIN_FILE=${{env.VCPKG_ROOT}}/scripts/buildsystems/vcpkg.cmake
+
+    - name: Initialize MSVC Code Analysis
+      uses: microsoft/msvc-code-analysis-action@v0.1.1
+      # Provide a unique ID to access the sarif output path
+      id: run-analysis
+      with:
+        cmakeBuildDirectory: build
+        buildConfiguration: ${{ matrix.BUILD_TYPE }}
+        # Ruleset file that will determine what checks will be run
+        ruleset: NativeRecommendedRules.ruleset
+
+      # Upload SARIF file to GitHub Code Scanning Alerts
+    - name: Upload SARIF to GitHub
+      uses: github/codeql-action/upload-sarif@v2
+      with:
+        sarif_file: ${{ steps.run-analysis.outputs.sarif }}
diff --git a/iwyu-ubuntu.imp b/iwyu-ubuntu.imp
new file mode 100644
index 00000000..aadb5a47
--- /dev/null
+++ b/iwyu-ubuntu.imp
@@ -0,0 +1,11 @@
+[
+    { ref: /usr/share/include-what-you-use/gcc.libc.imp }
+  , { ref: /usr/share/include-what-you-use/gcc.symbols.imp }
+  , { ref: /usr/share/include-what-you-use/gcc.stl.headers.imp }
+  , { ref: /usr/share/include-what-you-use/stl.c.headers.imp }
+  , { include: [ "<ext/alloc_traits.h>", private, "<memory>", public ] }
+  , { include: [ "<ext/alloc_traits.h>", private, "<string>", public ] }
+  , { include: [ "<ext/alloc_traits.h>", private, "<vector>", public ] }
+  , { include: [ "<ext/alloc_traits.h>", private, "<map>", public ] }
+  , { include: [ "<ext/alloc_traits.h>", private, "<set>", public ] }
+]