Skip to content

Bump ossf/scorecard-action from 2.3.1 to 2.4.0 #4005

Bump ossf/scorecard-action from 2.3.1 to 2.4.0

Bump ossf/scorecard-action from 2.3.1 to 2.4.0 #4005

Workflow file for this run

name: Code Checks
on:
push:
paths-ignore:
- 'doc/**'
branches-ignore:
- 'backport**'
- 'dependabot**'
pull_request:
paths-ignore:
- 'doc/**'
concurrency:
group: ${{ github.workflow }}-${{ github.head_ref || github.ref }}
cancel-in-progress: true
permissions:
contents: read
jobs:
cppcheck_2004:
runs-on: ubuntu-20.04
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Requirements
run: |
sudo apt update
sudo apt install -y cppcheck libsqlite3-dev ccache sqlite3 libproj-dev cmake
- name: Run cmake
run: |
mkdir build
cd build
cmake ..
- name: Run cppcheck test
run: |
cd build
../scripts/cppcheck.sh
cppcheck_2404:
runs-on: ubuntu-latest
container: ubuntu:24.04
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Requirements
run: |
apt update
apt install -y cppcheck libsqlite3-dev ccache sqlite3 libproj-dev cmake g++ make
- name: Run cmake
run: |
mkdir build
cd build
cmake ..
- name: Run cppcheck test
run: |
cd build
../scripts/cppcheck.sh
code_quality_checks:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Detect tabulations
run: ./scripts/detect_tabulations.sh
- name: Detect printf
run: ./scripts/detect_printf.sh
- name: Detect self assignments
run: ./scripts/detect_self_assignment.sh
- name: Detect suspicious char digit zero
run: ./scripts/detect_suspicious_char_digit_zero.sh
- name: Detect missing includes
run: ./scripts/detect_missing_include.sh
# Helps detecting updates of internal libjson-c where replacement
# of strtod() -> CPLStrtod() is missing. The later function is not
# locale sensitive. An alternative would be to make sure that HAVE_USELOCALE
# or HAVE_SETLOCALE are passed on Windows, but avoiding to mess with
# locale seems to be a better option
- name: Detect invalid use of atof() or strtod() in internal libjson
run: |
grep -e "CPLStrtod(" ../ogr/ogrsf_frmts/geojson/libjson/*.c >/dev/null && echo "CPLStrtod() found as expected"
if grep -e "strtod(" ogr/ogrsf_frmts/geojson/libjson/*.c; then echo "Unexpected use of strtod(). Use CPLStrtod() instead"; /bin/false; fi
if grep -e "atof(" ogr/ogrsf_frmts/geojson/libjson/*.c; then echo "Unexpected use of atof()."; /bin/false; fi
- name: Shellcheck
# SC2129: (style): Consider using { cmd1; cmd2; } >> file instead of individual redirects
run: shellcheck -e SC2086,SC2046,SC2164,SC2054,SC2129 $(find . -name '*.sh' -a -not -name ltmain.sh -a -not -wholename "./autotest/*" -a -not -wholename "./.github/*")
linting:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
- uses: pre-commit/action@2c7b3805fd2a0fd8c1884dcaebf91fc102a13ecd # v3.0.1
doxygen:
runs-on: ubuntu-latest
container: ghcr.io/osgeo/proj-docs
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Run doxygen
run: |
cd doc
make doxygen_check_warnings
other_checks:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install Requirements
run: |
sudo apt install python3-pip wget
sudo pip3 install cffconvert
- name: Validate citation file
run: |
cffconvert --validate
cffconvert -f bibtex
cffconvert -f apalike
cmake-lint:
# Disabled because of https://github.com/OSGeo/gdal/pull/5326#issuecomment-1042617407
if: false
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Set up Python
uses: actions/setup-python@82c7e631bb3cdc910f68e0081d67478d79c6982d # v5.1.0
with:
python-version: 3.8
- name: Install lint tool
run: |
python -m pip install --upgrade pip
pip install cmake-format pyyaml
- name: Check cmakelist
run: find . -name CMakeLists.txt |xargs cmake-format --check
validate_xml:
runs-on: ubuntu-latest
steps:
- name: Checkout
uses: actions/checkout@0ad4b8fadaa221de15dcec353f45205ec38ea70b # v4.1.4
- name: Install requirements
run: |
sudo apt update
sudo apt install -y libxml2-utils
- name: Run xmllint checks
run: |
xmllint --schema ./frmts/nitf/data/nitf_spec.xsd ./frmts/nitf/data/nitf_spec.xml --noout
xmllint --schema ./ogr/ogrsf_frmts/vdv/data/vdv452.xsd ./ogr/ogrsf_frmts/vdv/data/vdv452.xml --noout
xmllint --schema ./ogr/ogrsf_frmts/gmlas/data/gmlasconf.xsd ./ogr/ogrsf_frmts/gmlas/data/gmlasconf.xml --noout