wx_wherigo/libs/wxWidgets-3.3.1/3rdparty/pcre/.github/workflows/clang-analyzer.yml

name: Clang Static Analyzer
on:
  workflow_dispatch:
  push:
    branches: [ master, "release/**" ]
  pull_request:
    branches: [ master ]

permissions:
  contents: read

jobs:
  Analyze:
    runs-on: ubuntu-latest

    permissions:
      # Needed to upload the results to code-scanning dashboard.
      security-events: write
      contents: read

    env:
      # The @microsoft/sarif-multitool tool actually uses DotnetCore, which in
      # turn aborts when it finds that GitHub's CI machine doesn't have ICU.
      # Just turn off localisation. A future version of the ubuntu-24.04 or
      # ubuntu-latest runners might not need this workaround.
      DOTNET_SYSTEM_GLOBALIZATION_INVARIANT: 1

    steps:
      - name: Setup
        run: |
          sudo apt-get -qq update
          sudo apt-get -qq install ninja-build clang-tools

      - name: Checkout
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
        with:
          submodules: true

      - name: Configure
        run: |
          mkdir build
          cd build
          scan-build cmake -G Ninja -DPCRE2_SUPPORT_JIT=ON -DCMAKE_BUILD_TYPE=Debug ..

      - name: Build
        run: |
          # Inefficiently run clang scan twice; once to generate HTML, and secondly
          # to generate SARIF files. Ideally we would have some way to scan once and
          # generate one of those outputs from the other, but I don't know a good way
          # to do that.
          cd build
          scan-build -o clang-report/ ninja

          ninja clean
          scan-build -o clang-sarif -sarif ninja
          # Work around issue in GitHub's SARIF ingestion - merge all SARIF files into one
          npx -y @microsoft/sarif-multitool merge clang-sarif/*/*.sarif --output-file=clang.sarif

      # Upload the browsable HTML report as an artifact.
      - name: Upload report
        uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
        with:
          name: "Clang Static Analyzer report"
          path: './build/clang-report'

      # Upload the results to GitHub's code scanning dashboard.
      - name: "Upload to code-scanning"
        uses: github/codeql-action/upload-sarif@aa578102511db1f4524ed59b8cc2bae4f6e88195 # v3.27.6
        with:
          sarif_file: build/clang.sarif
          category: clang-analyzer