-
Notifications
You must be signed in to change notification settings - Fork 225
131 lines (112 loc) · 5.89 KB
/
static-analysis-misra.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
name: Static Analysis with MISRA
# Run this workflow manually from the Actions tab
on:
workflow_dispatch:
# Force bash to apply pipefail option so pipeline failures aren't masked
defaults:
run:
shell: bash
jobs:
#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
misra-analysis:
#Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
name: Run cppcheck with misra
runs-on: ubuntu-latest
strategy:
fail-fast: false
matrix:
cppcheck: [bundle, cfe, osal, psp]
steps:
- name: Install cppcheck
run: sudo apt-get install cppcheck -y
# Checks out a copy of the cfs bundle
- name: Checkout code
uses: actions/checkout@v4
with:
submodules: true
- name: Get MISRA addon
run: |
sudo apt-get install git -y
git clone https://github.com/danmar/cppcheck.git
cp cppcheck/addons/misra.py misra.py
cp cppcheck/addons/cppcheckdata.py cppcheckdata.py
cp cppcheck/addons/misra_9.py misra_9.py
- name: Run bundle cppcheck
if: ${{matrix.cppcheck =='bundle'}}
run: |
cppcheck --addon=misra --force --inline-suppr --quiet . --xml 2> ${{matrix.cppcheck}}_cppcheck_err.xml
cppcheck --addon=misra --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt
# Run strict static analysis for embedded portions of cfe, osal, and psp
- name: cfe strict cppcheck
if: ${{matrix.cppcheck =='cfe'}}
run: |
cd ${{matrix.cppcheck}}
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER --xml 2> ${{matrix.cppcheck}}_cppcheck_err.xml
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ${{matrix.cppcheck}}_cppcheck_err.txt
- name: osal strict cppcheck
if: ${{matrix.cppcheck =='osal'}}
run: |
cd ${{matrix.cppcheck}}
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os --xml 2> ${{matrix.cppcheck}}_cppcheck_err.xml
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ${{matrix.cppcheck}}_cppcheck_err.txt
- name: psp strict cppcheck
if: ${{matrix.cppcheck =='psp'}}
run: |
cd ${{matrix.cppcheck}}
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw --xml 2> ${{matrix.cppcheck}}_cppcheck_err.xml
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ${{matrix.cppcheck}}_cppcheck_err.txt
- name: Convert bundle cppcheck to sarif
uses: airtower-luna/[email protected]
if: ${{matrix.cppcheck =='bundle'}}
with:
tool: 'CppCheck'
input_file: '${{matrix.cppcheck}}_cppcheck_err.xml'
sarif_file: '${{matrix.cppcheck}}_cppcheck_err.sarif'
- name: Convert cfe, osal, psp cppcheck to sarif
uses: airtower-luna/[email protected]
if: ${{matrix.cppcheck !='bundle'}}
with:
tool: 'CppCheck'
input_file: '${{matrix.cppcheck}}/${{matrix.cppcheck}}_cppcheck_err.xml'
sarif_file: '${{matrix.cppcheck}}_cppcheck_err.sarif'
- name: Define workspace
run: |
echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}
- name: Archive bundle static analysis artifacts
uses: actions/upload-artifact@v4
if: ${{matrix.cppcheck =='bundle'}}
with:
name: ${{matrix.cppcheck}}-cppcheck-err
path: ./*cppcheck_err.*
- name: Archive osal, cfe, and psp static analysis artifacts
uses: actions/upload-artifact@v4
if: ${{matrix.cppcheck !='bundle'}}
with:
name: ${{matrix.cppcheck}}-cppcheck-err
path: ./${{matrix.cppcheck}}/*cppcheck_err.*
- name: Upload sarif results
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: '${{matrix.cppcheck}}_cppcheck_err.sarif'
checkout_path: ${{ env.CONTAINER_WORKSPACE }}
- name: Check for errors
run: |
if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]];
then
cat ${{matrix.cppcheck}}_cppcheck_err.txt
exit -1
fi