Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #2009, Reuse CodeQL, Static Analysis, and Format Check #2011

Closed
wants to merge 1 commit into from
Closed
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
118 changes: 7 additions & 111 deletions .github/workflows/codeql-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -3,115 +3,11 @@ name: "CodeQL Analysis"
on:
push:
pull_request:

env:
SIMULATION: native
ENABLE_UNIT_TESTS: true
OMIT_DEPRECATED: true
BUILDTYPE: release


jobs:
#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'

CodeQL-Security-Build:
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:
# Checks out a copy of your repository on the ubuntu-latest machine
- name: Checkout bundle
uses: actions/checkout@v2
with:
repository: nasa/cFS
submodules: true

- name: Checkout submodule
uses: actions/checkout@v2
with:
path: cfe

- name: Check versions
run: git submodule

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-security.yml@main

# Setup the build system
- name: Set up for build
run: |
cp ./cfe/cmake/Makefile.sample Makefile
cp -r ./cfe/cmake/sample_defs sample_defs
make prep

# Build the code
- name: Build
run: |
make -C build/native/default_cpu1 core_api core_private es evs fs msg resourceid sb sbr tbl time
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

CodeQL-Coding-Standard-Build:
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:
# Checks out a copy of your repository on the ubuntu-latest machine
- name: Checkout bundle
uses: actions/checkout@v2
with:
repository: nasa/cFS
submodules: true

- name: Checkout submodule
uses: actions/checkout@v2
with:
path: cfe

- name: Check versions
run: git submodule

- name: Checkout codeql code
uses: actions/checkout@v2
with:
repository: github/codeql
submodules: true
path: codeql

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main

# Setup the build system
- name: Set up for build
run: |
cp ./cfe/cmake/Makefile.sample Makefile
cp -r ./cfe/cmake/sample_defs sample_defs
make prep

# Build the code
- name: Build
run: |
make -C build/native/default_cpu1 core_api core_private es evs fs msg resourceid sb sbr tbl time
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
codeql:
name: CodeQL Analysis
uses: nasa/cFS/.github/workflows/codeql-build.yml@main
with:
make-prep: 'make prep'
make: 'make -C build/native/default_cpu1 core_api core_private es evs fs msg resourceid sb sbr tbl time'
46 changes: 3 additions & 43 deletions .github/workflows/format-check.yml
Original file line number Diff line number Diff line change
@@ -1,51 +1,11 @@
name: Format Check

# Run on main push and pull requests
# Run on all push and pull requests
on:
push:
pull_request:

jobs:

static-analysis:
format-check:
name: Run format check
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:

- name: Install format checker
run: |
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
sudo add-apt-repository 'deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main'
sudo apt-get update && sudo apt-get install clang-format-10

- name: Checkout bundle
uses: actions/checkout@v2
with:
repository: nasa/cFS

- name: Checkout
uses: actions/checkout@v2
with:
path: repo

- name: Generate format differences
run: |
cd repo
find . -name "*.[ch]" -exec clang-format-10 -i -style=file {} +
git diff > $GITHUB_WORKSPACE/style_differences.txt

- name: Archive Static Analysis Artifacts
uses: actions/upload-artifact@v2
with:
name: style_differences
path: style_differences.txt

- name: Error on differences
run: |
if [[ -s style_differences.txt ]];
then
cat style_differences.txt
exit -1
fi
uses: nasa/cFS/.github/workflows/format-check.yml@main
51 changes: 4 additions & 47 deletions .github/workflows/static-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,56 +1,13 @@
name: Static Analysis

# Run this workflow every time a new commit pushed to your repository
# Run on all push and pull requests
on:
push:
branches:
- main
pull_request:

jobs:

static-analysis:
name: Run cppcheck
runs-on: ubuntu-18.04
timeout-minutes: 15

strategy:
fail-fast: false
matrix:
cppcheck: [all, cfe]

steps:

- name: Install cppcheck
run: sudo apt-get install cppcheck -y

# Checks out a copy of the cfs bundle
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: true

- name: Run bundle cppcheck
if: ${{matrix.cppcheck =='all'}}
run: cppcheck --force --inline-suppr . 2> ${{matrix.cppcheck}}_cppcheck_err.txt

# Run strict static analysis for embedded portions of cfe
- name: cfe strict cppcheck
if: ${{matrix.cppcheck =='cfe'}}
run: |
all_fsw_modules="core_api core_private es evs fs msg resourceid sb sbr tbl time"
/bin/bash ./.github/workflows/run_fsw_cppcheck.sh ${all_fsw_modules} 2> ${{matrix.cppcheck}}_cppcheck_err.txt

- name: Archive Static Analysis Artifacts
uses: actions/upload-artifact@v2
with:
name: ${{matrix.cppcheck}}-cppcheck-err
path: ./*cppcheck_err.txt

- name: Check for errors
run: |
if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]];
then
cat ${{matrix.cppcheck}}_cppcheck_err.txt
exit -1
fi
uses: nasa/cFS/.github/workflows/static-analysis.yml@main
with:
strict-dir-list: './modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER'