{"id":18962605,"url":"https://github.com/jacobdomagala/staticanalysis","last_synced_at":"2026-03-16T10:01:18.899Z","repository":{"id":39182624,"uuid":"342726135","full_name":"JacobDomagala/StaticAnalysis","owner":"JacobDomagala","description":"GitHub action performs static analysis on C++/Python code, flags issues, and posts comments directly on PRs.","archived":false,"fork":false,"pushed_at":"2025-04-07T20:17:30.000Z","size":319,"stargazers_count":31,"open_issues_count":8,"forks_count":11,"subscribers_count":3,"default_branch":"master","last_synced_at":"2025-04-07T20:41:03.554Z","etag":null,"topics":["clang-tidy","cmake","cpp","cppcheck","githubaction-workflow","pylint","python","static-analysis"],"latest_commit_sha":null,"homepage":"","language":"Python","has_issues":true,"has_wiki":null,"has_pages":null,"mirror_url":null,"source_name":null,"license":"mit","status":null,"scm":"git","pull_requests_enabled":true,"icon_url":"https://github.com/JacobDomagala.png","metadata":{"files":{"readme":"README.md","changelog":null,"contributing":null,"funding":null,"license":"LICENSE","code_of_conduct":null,"threat_model":null,"audit":null,"citation":null,"codeowners":null,"security":null,"support":null,"governance":null,"roadmap":null,"authors":null,"dei":null,"publiccode":null,"codemeta":null}},"created_at":"2021-02-26T23:25:31.000Z","updated_at":"2025-03-13T16:08:04.000Z","dependencies_parsed_at":"2023-02-19T13:45:42.185Z","dependency_job_id":"630af212-398e-4f92-98bf-b24ced542293","html_url":"https://github.com/JacobDomagala/StaticAnalysis","commit_stats":{"total_commits":170,"total_committers":2,"mean_commits":85.0,"dds":0.02352941176470591,"last_synced_commit":"9ff39c97490510362a52ee2db0db3e11adf8ea88"},"previous_names":[],"tags_count":8,"template":false,"template_full_name":null,"repository_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis","tags_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis/tags","releases_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis/releases","manifests_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories/JacobDomagala%2FStaticAnalysis/manifests","owner_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners/JacobDomagala","download_url":"https://codeload.github.com/JacobDomagala/StaticAnalysis/tar.gz/refs/heads/master","host":{"name":"GitHub","url":"https://github.com","kind":"github","repositories_count":249201106,"owners_count":21229004,"icon_url":"https://github.com/github.png","version":null,"created_at":"2022-05-30T11:31:42.601Z","updated_at":"2022-07-04T15:15:14.044Z","host_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub","repositories_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repositories","repository_names_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/repository_names","owners_url":"https://repos.ecosyste.ms/api/v1/hosts/GitHub/owners"}},"keywords":["clang-tidy","cmake","cpp","cppcheck","githubaction-workflow","pylint","python","static-analysis"],"created_at":"2024-11-08T14:16:07.608Z","updated_at":"2026-03-16T10:01:18.892Z","avatar_url":"https://github.com/JacobDomagala.png","language":"Python","readme":"[![Linter](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/linter.yml/badge.svg?branch=master)](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/linter.yml?query=branch%3Amaster)\n[![Test Action](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/test_action.yml/badge.svg?branch=master)](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/test_action.yml?query=branch%3Amaster)\n[![Unit Tests](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/unit_tests.yml/badge.svg?branch=master)](https://github.com/JacobDomagala/StaticAnalysis/actions/workflows/unit_tests.yml?query=branch%3Amaster)\n\n# Static Analysis\n\nThis GitHub Action is designed for **C++ and Python projects** and performs static analysis using:\n* [cppcheck](http://cppcheck.sourceforge.net/) and [clang-tidy](https://clang.llvm.org/extra/clang-tidy/) for C++\n* [pylint](https://pylint.readthedocs.io/en/latest/index.html) for Python\n\nIt can be triggered by push and pull requests.\n\nFor further information and guidance on setup and various inputs, please see the sections dedicated to each language ([**C++**](https://github.com/JacobDomagala/StaticAnalysis?tab=readme-ov-file#c) and [**Python**](https://github.com/JacobDomagala/StaticAnalysis?tab=readme-ov-file#python)).\n\n---\n\n## Pull Request Comment\n\nThe created comment will include code snippets and issue descriptions. When this action runs for the first time on a pull request, it creates a comment with the initial analysis results. Subsequent runs will update this same comment with the latest status.\n\nNote that the number of detected issues might cause the comment's body to exceed GitHub's character limit (currently 65,536 characters) per PR comment. If this occurs, the comment will contain issues up to the limit and indicate that the character limit was reached.\n\n---\n\n## Output Example (C++)\n![output](https://github.com/JacobDomagala/StaticAnalysis/wiki/output_example.png)\n\n---\n\n## Non-Pull Request Events\n\nFor non-pull request events, the output will be printed directly to the GitHub Actions console. This behavior can also be forced using the `force_console_print` input.\n\n---\n\n## Output Example (C++)\n![output](https://github.com/JacobDomagala/StaticAnalysis/wiki/console_output_example.png)\n\n---\n\n# C++\n\nWhile it's recommended that your project is CMake-based, it's not strictly required (see the [**Inputs**](https://github.com/JacobDomagala/StaticAnalysis#inputs) section below). We also recommend using a `.clang-tidy` file in your repository's root directory. If your project requires additional packages, you can install them using the `apt_pckgs` and/or `init_script` input variables (see the [**Workflow example**](https://github.com/JacobDomagala/StaticAnalysis#workflow-example) or [**Inputs**](https://github.com/JacobDomagala/StaticAnalysis#inputs) sections below). If your repository allows contributions from forks, you must use this Action with the `pull_request_target` trigger event, as the GitHub API won't allow PR comments otherwise.\n\nBy default, **cppcheck** runs with the following flags:\n```--enable=all --suppress=missingIncludeSystem --inline-suppr --inconclusive```\nYou can use the `cppcheck_args` input to set your own flags.\n\n**Clang-Tidy** looks for a `.clang-tidy` file in your repository, but you can also specify checks using the `clang_tidy_args` input.\n\n---\n\n## Using a Custom `compile_commands.json` File\n\nYou can use a pre-generated `compile_commands.json` file with the `compile_commands` input. This is incredibly useful when you need **more control over your compilation database**, whether you're working with a complex build system, have a specific build configuration, or simply want to reuse a file generated elsewhere.\n\nWhen using a custom `compile_commands.json` with this GitHub Action, you'll encounter a common technical challenge: a **mismatch between the directory where the file was originally generated and the path used by this GitHub Action** (specifically, inside its Docker container). This means the source file paths listed in your `compile_commands.json` might not be valid from the container's perspective.\n\nTo resolve this, you have two main options:\n\n* **Manually replace the prefixes** in your `compile_commands.json` file (for example, change `/original/path/to/repo` to `/github/workspace`). This method gives you complete control over the path adjustments.\n* **Let the action try to replace the prefixes for you.** For simpler directory structures, you can enable this convenient feature using the `compile_commands_replace_prefix` input.\n\n---\n\nBeyond path adjustments, another important consideration when using a custom `compile_commands.json` file is **dependency resolution** for your static analysis tools. `clang-tidy` performs deep semantic analysis, which means it requires all necessary include files and headers to be found and accessible during its run. If these dependencies are missing or incorrectly referenced, `clang-tidy` may stop analyzing the affected file, leading to incomplete results. In contrast, `cppcheck` is generally more resilient to missing include paths, as it primarily focuses on lexical and syntactic analysis rather than full semantic parsing.\n\n---\n\n## Workflow Example\n\n```yml\nname: Static Analysis\n\non:\n  # Runs on 'push' events to specified branches. Output will be printed to the console.\n  push:\n    branches:\n      - develop\n      - master\n      - main\n\n  # Uses 'pull_request_target' to allow analysis of forked repositories.\n  # Output will be shown in PR comments (unless 'force_console_print' is used).\n  pull_request_target:\n    branches:\n      - \"*\"\n\njobs:\n  static_analysis:\n    runs-on: ubuntu-latest\n\n    steps:\n    - uses: actions/checkout@v2\n\n    - name: setup init_script\n      shell: bash\n      run: |\n        echo \"#!/bin/bash\n\n        # Input args provided by StaticAnalysis action\n        root_dir=\\${1}\n        build_dir=\\${2}\n        echo \\\"Hello from the init script! First arg=\\${root_dir} second arg=\\${build_dir}\\\"\n\n        add-apt-repository ppa:oibaf/graphics-drivers\n        apt update \u0026\u0026 apt upgrade -y\n        apt install -y libvulkan1 mesa-vulkan-drivers vulkan-utils\" \u003e init_script.sh\n\n    - name: Run Static Analysis\n      uses: JacobDomagala/StaticAnalysis@master\n      with:\n        language: c++\n\n        # Exclude any issues found in ${Project_root_dir}/lib\n        exclude_dir: lib\n\n        use_cmake: true\n\n        # Additional apt packages required before running CMake\n        apt_pckgs: software-properties-common libglu1-mesa-dev freeglut3-dev mesa-common-dev\n\n        # Optional shell script that runs AFTER 'apt_pckgs' and before CMake\n        init_script: init_script.sh\n\n        # Optional Clang-Tidy arguments\n        clang_tidy_args: -checks='*,fuchsia-*,google-*,zircon-*,abseil-*,modernize-use-trailing-return-type'\n\n        # Optional Cppcheck arguments\n        cppcheck_args: --enable=all --suppress=missingIncludeSystem\n```\n\n## Inputs\n\n| Name                    | Description                        | Default value |\n|-------------------------|------------------------------------|---------------|\n| `github_token`          | Github token used for Github API requests |`${{github.token}}`|\n| `pr_num`                | Pull request number for which the comment will be created |`${{github.event.pull_request.number}}`|\n| `comment_title`         | Title for comment with the raport. This should be an unique name | `Static analysis result` |\n| `exclude_dir`           | Directory which should be excluded from the raport | `\u003cempty\u003e` |\n| `apt_pckgs`             | Additional (space separated) packages that need to be installed in order for project to compile | `\u003cempty\u003e` |\n| `init_script`           | Optional shell script that will be run before configuring project (i.e. running CMake command). This should be used, when the project requires some environmental set-up beforehand. Script will be run with 2 arguments: `root_dir`(root directory of user's code) and `build_dir`(build directory created for running SA). Note. `apt_pckgs` will run before this script, just in case you need some packages installed. Also this script will be run in the root of the project (`root_dir`) | `\u003cempty\u003e` |\n| `cppcheck_args`         | Cppcheck (space separated) arguments that will be used |`--enable=all --suppress=missingIncludeSystem --inline-suppr --inconclusive`|\n| `clang_tidy_args`       | clang-tidy arguments that will be used (example: `-checks='*,fuchsia-*,google-*,zircon-*'` |`\u003cempty\u003e`|\n| `report_pr_changes_only`| Only post the issues found within the changes introduced in this Pull Request. This means that only the issues found within the changed lines will po posted. Any other issues caused by these changes in the repository, won't be reported, so in general you should run static analysis on entire code base  |`false`|\n| `use_cmake`             | Determines wether CMake should be used to generate compile_commands.json file | `true` |\n| `cmake_args`            | Additional CMake arguments |`\u003cempty\u003e`|\n| `force_console_print`   | Output the action result to console, instead of creating the comment |`false`|\n| `compile_commands`   | User generated compile_commands.json |`\u003cempty\u003e`|\n| `compile_commands_replace_prefix`   | Whether we should replace the prefix of files inside user generated compile_commands.json file |`false`|\n\n**NOTE: `apt_pckgs` will run before `init_script`, just in case you need some packages installed before running the script**\n\n\u003cbr\u003e\u003cbr\u003e\n\n# Python\n\n\n## Workflow example\n\n```yml\nname: Static analysis\n\non:\n  push:\n    branches:\n      - master\n  pull_request:\n\njobs:\n  check:\n    name: Run Linter\n    runs-on: ubuntu-20.04\n    steps:\n      - uses: actions/checkout@v3\n\n      - name: CodeQuality\n        uses: JacobDomagala/StaticAnalysis@master\n        with:\n          language: \"Python\"\n          pylint_args: \"--rcfile=.pylintrc --recursive=true\"\n          python_dirs: \"src test\"\n```\n\n## Inputs\n\n| Name                    | Description                        | Default value |\n|-------------------------|------------------------------------|---------------|\n| `github_token`          | Github token used for Github API requests |`${{github.token}}`|\n| `pr_num`                | Pull request number for which the comment will be created |`${{github.event.pull_request.number}}`|\n| `comment_title`         | Title for comment with the raport. This should be an unique name | `Static analysis result` |\n| `exclude_dir`           | Directory which should be excluded from the raport | `\u003cempty\u003e` |\n| `apt_pckgs`             | Additional (space separated) packages that need to be installed in order for project to compile | `\u003cempty\u003e` |\n| `init_script`           | Optional shell script that will be run before configuring project (i.e. running CMake command). This should be used, when the project requires some environmental set-up beforehand. Script will be run with 2 arguments: `root_dir`(root directory of user's code) and `build_dir`(build directory created for running SA). Note. `apt_pckgs` will run before this script, just in case you need some packages installed. Also this script will be run in the root of the project (`root_dir`) | `\u003cempty\u003e` |\n| `pylint_args`         | Pylint (space separated) arguments that will be used |`\u003cempty\u003e`|\n| `python_dirs`     | Directories that contain python files to be checked | `\u003cempty\u003e` |\n| `report_pr_changes_only`| Only post the issues found within the changes introduced in this Pull Request. This means that only the issues found within the changed lines will po posted. Any other issues caused by these changes in the repository, won't be reported, so in general you should run static analysis on entire code base  |`false`|\n| `force_console_print`   | Output the action result to console, instead of creating the comment |`false`|\n\n**NOTE: `apt_pckgs` will run before `init_script`, just in case you need some packages installed before running the script**\n","funding_links":[],"categories":[],"sub_categories":[],"project_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjacobdomagala%2Fstaticanalysis","html_url":"https://awesome.ecosyste.ms/projects/github.com%2Fjacobdomagala%2Fstaticanalysis","lists_url":"https://awesome.ecosyste.ms/api/v1/projects/github.com%2Fjacobdomagala%2Fstaticanalysis/lists"}