GHA/linux: replace scan-build with clang-tidy

`scan-build` is a (Perl) wrapper around clang's built-in `--analyze` option. Which look similar or identical to clang-tidy checkers under the `clang-analyzer-*` namespace: https://clang.llvm.org/docs/ClangStaticAnalyzer.html Unless somebody has other information, it appears redundant to run scan-build in parallel with clang-tidy in CI, now that the latter is working reliably and with good performance for all curl components. Another scan-build issue is the lack of a markup to suppress false positives. It ignores `NOLINT`, yet finds the same false positives as clang-tidy. This happens with scan-build v20+. v18 is silent, but it's a blocker to upgrade to a newer version. scan-build may still be a useful when combined with autotools, where clang-tidy support is incomplete, slow (no parallelism), and uses a distinct make target, which does not build binaries in the same pass. But, scan-build also lacks extra checkers that are now enabled for clang-tidy. The clang-tidy job is also 30-40s faster than the one it replaced. Also: - drop scan-build job configured the same way as a clang-tidy one. CI time saved: 6m30s - bump to clang-20 (from 18) in the replacement job. - build tests in the replacement job. To verify a cmake command-line reconstruction issue only hit in this job in CI. CI time cost: 1m40s - replacement job caught a minor, new, issue. Ref: b2076d3c2f #20752 - drop unused scan-build logic. Bug: https://github.com/curl/curl/pull/20732#issuecomment-3963873838 Ref: https://github.com/curl/curl/pull/20732#issuecomment-3967479228 Closes #20751
2026-04-14 21:31:42 +03:00 · 2026-02-27 01:09:14 +01:00 · 2026-02-27 01:09:14 +01:00 · ce4db9c2ef
commit ce4db9c2ef
parent d9386a2f8e
1 changed files with 9 additions and 30 deletions
--- a/.github/workflows/linux.yml
+++ b/.github/workflows/linux.yml
@ -66,7 +66,6 @@ jobs:
      MATRIX_BUILD: ${{ matrix.build.generate && 'cmake' || 'autotools' }}
      MATRIX_INSTALL_PACKAGES: '${{ matrix.build.install_packages }}'
      MATRIX_INSTALL_STEPS: '${{ matrix.build.install_steps }}'
-      MATRIX_MAKE_PREFIX: '${{ matrix.build.make-prefix }}'
    strategy:
      fail-fast: false
      matrix:
@ -288,35 +287,18 @@ jobs:
              -DUSE_ECH=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON
              -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/usr/bin/clang-tidy-20

-          - name: 'scan-build'
-            install_packages: clang clang-tools libssl-dev libidn2-dev libssh2-1-dev libnghttp2-dev libldap-dev libgss-dev librtmp-dev libgnutls28-dev
-            install_steps: skipall mbedtls-latest-intel rustls wolfssl-opensslextra-intel
-            install_steps_brew: gsasl
-            CC: clang
-            configure-prefix: scan-build
-            make-prefix: scan-build --status-bugs
-            LDFLAGS: -Wl,-rpath,/home/runner/wolfssl-opensslextra/lib -Wl,-rpath,/home/runner/mbedtls/lib -Wl,-rpath,/home/runner/rustls/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/gsasl/lib
-            PKG_CONFIG_PATH: /home/runner/wolfssl-opensslextra/lib/pkgconfig:/home/runner/mbedtls/lib/pkgconfig:/home/runner/rustls/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/gsasl/lib/pkgconfig
-            generate: >-
-              -DCURL_USE_OPENSSL=ON -DCURL_USE_WOLFSSL=ON -DCURL_USE_GNUTLS=ON -DCURL_USE_MBEDTLS=ON -DCURL_USE_RUSTLS=ON
-              -DCURL_USE_GSASL=ON -DUSE_LIBRTMP=ON
-              -DUSE_ECH=ON -DCURL_USE_GSSAPI=ON -DUSE_SSLS_EXPORT=ON
-              -DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON
-
-          - name: 'scan-build H3 c-ares !examples'
-            install_packages: clang clang-tools libidn2-dev libssh-dev libnghttp2-dev
-            install_steps: skipall
+          - name: 'clang-tidy H3 c-ares !examples'
+            install_packages: clang-20 clang-tidy-20 libidn2-dev libssh-dev libnghttp2-dev
+            install_steps: skiprun
            install_steps_brew: openssl libngtcp2 libnghttp3 c-ares
-            CC: clang
-            configure-prefix: scan-build
-            make-prefix: scan-build --status-bugs
+            CC: clang-20
            LDFLAGS: -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/openssl/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libngtcp2/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib -Wl,-rpath,/home/linuxbrew/.linuxbrew/opt/c-ares/lib
            PKG_CONFIG_PATH: /home/linuxbrew/.linuxbrew/opt/libngtcp2/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/libnghttp3/lib/pkgconfig:/home/linuxbrew/.linuxbrew/opt/c-ares/lib/pkgconfig
            generate: >-
              -DCURL_USE_OPENSSL=ON -DOPENSSL_ROOT_DIR=/home/linuxbrew/.linuxbrew/opt/openssl -DUSE_NGTCP2=ON
              -DCURL_USE_LIBSSH2=OFF -DCURL_USE_LIBSSH=ON -DUSE_HTTPSRR=ON -DENABLE_ARES=ON
-              -DCMAKE_UNITY_BUILD=OFF -DCURL_DISABLE_TYPECHECK=ON
              -DCURL_DISABLE_VERBOSE_STRINGS=ON
+              -DCURL_CLANG_TIDY=ON -DCLANG_TIDY=/usr/bin/clang-tidy-20

          - name: 'address-sanitizer'
            install_packages: clang-20 libssl-dev libssh-dev libidn2-dev libnghttp2-dev libubsan1 libasan8 libtsan2
@ -793,14 +775,12 @@ jobs:
          LDFLAGS: '${{ matrix.build.LDFLAGS }}'
          LIBS: '${{ matrix.build.LIBS }}'
          MATRIX_CONFIGURE: '${{ matrix.build.configure }}'
-          MATRIX_CONFIGURE_PREFIX: '${{ matrix.build.configure-prefix }}'
          MATRIX_GENERATE: '${{ matrix.build.generate }}'
          MATRIX_PKG_CONFIG_PATH: '${{ matrix.build.PKG_CONFIG_PATH }}'
        run: |
          [[ "${MATRIX_INSTALL_STEPS}" = *'awslc'* ]] && sudo apt-get -o Dpkg::Use-Pty=0 purge libssl-dev
          [ -n "${MATRIX_PKG_CONFIG_PATH}" ] && export PKG_CONFIG_PATH="${MATRIX_PKG_CONFIG_PATH}"
          if [ "${MATRIX_BUILD}" = 'cmake' ]; then
-            ${MATRIX_CONFIGURE_PREFIX} \
            cmake -B bld -G Ninja \
              -DCMAKE_INSTALL_PREFIX="$HOME"/curl-install \
              -DCMAKE_C_COMPILER_TARGET="$(uname -m)-pc-linux-gnu" -DBUILD_STATIC_LIBS=ON \
@ -808,7 +788,6 @@ jobs:
              ${MATRIX_GENERATE}
          else
            mkdir bld && cd bld && \
-            ${MATRIX_CONFIGURE_PREFIX} \
            ../configure --prefix="$HOME"/curl-install --enable-unity --enable-warnings --enable-werror --disable-static \
              --disable-dependency-tracking --enable-option-checking=fatal \
              ${MATRIX_CONFIGURE}
@ -829,9 +808,9 @@ jobs:
      - name: 'build'
        run: |
          if [ "${MATRIX_BUILD}" = 'cmake' ]; then
-            ${MATRIX_MAKE_PREFIX} cmake --build bld --verbose
+            cmake --build bld --verbose
          else
-            ${MATRIX_MAKE_PREFIX} make -C bld V=1
+            make -C bld V=1
          fi

      - name: 'single-use function check'
@ -933,7 +912,7 @@ jobs:
        if: ${{ !contains(matrix.build.install_packages, 'valgrind') && !contains(matrix.build.name, '!examples') }}
        run: |
          if [ "${MATRIX_BUILD}" = 'cmake' ]; then
-            ${MATRIX_MAKE_PREFIX} cmake --build bld --verbose --target curl-examples-build
+            cmake --build bld --verbose --target curl-examples-build
          else
-            ${MATRIX_MAKE_PREFIX} make -C bld V=1 examples
+            make -C bld V=1 examples
          fi