Skip to content

Commit

Permalink
Fix #1188, Reuse CodeQL, Static Analysis, Format Check
Browse files Browse the repository at this point in the history
  • Loading branch information
arielswalker committed Oct 27, 2021
1 parent 64a6b31 commit 2abd8e6
Show file tree
Hide file tree
Showing 4 changed files with 21 additions and 269 deletions.
110 changes: 7 additions & 103 deletions .github/workflows/codeql-cfe-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,107 +4,11 @@ on:
push:
pull_request:

env:
SIMULATION: native
ENABLE_UNIT_TESTS: true
OMIT_DEPRECATED: true
BUILDTYPE: release

jobs:
#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'

CodeQL-Security-Build:
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:
- name: Checkout bundle
uses: actions/checkout@v2
with:
repository: nasa/cFS
submodules: true

- name: Checkout submodule
uses: actions/checkout@v2
with:
path: osal

- name: Check versions
run: git submodule

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-security.yml@main

- name: Set up for build
run: |
cp ./cfe/cmake/Makefile.sample Makefile
cp -r ./cfe/cmake/sample_defs sample_defs
make prep
- name: Build
run: make -j native/default_cpu1/osal/

- name: Run tests
run: (cd build/native/default_cpu1/osal && make test)

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

CodeQL-Coding-Standard-Build:
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:
- name: Checkout bundle
uses: actions/checkout@v2
with:
repository: nasa/cFS
submodules: true

- name: Checkout submodule
uses: actions/checkout@v2
with:
path: osal

- name: Check versions
run: git submodule

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main

- name: Set up for build
run: |
cp ./cfe/cmake/Makefile.sample Makefile
cp -r ./cfe/cmake/sample_defs sample_defs
make prep
- name: Build
run: make -j native/default_cpu1/osal/

- name: Run tests
run: (cd build/native/default_cpu1/osal && make test)

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
codeql:
name: CodeQl Analysis
uses: nasa/cFS/.github/workflows/codeql-build.yml@main
with:
make-prep: 'make prep'
make: 'make -j native/default_cpu1/osal/'
tests: '(cd build/native/default_cpu1/osal && make test)'
84 changes: 7 additions & 77 deletions .github/workflows/codeql-osal-default.yml
Original file line number Diff line number Diff line change
Expand Up @@ -4,81 +4,11 @@ on:
push:
pull_request:

env:
SIMULATION: native
ENABLE_UNIT_TESTS: true
OMIT_DEPRECATED: true
BUILDTYPE: release
PERMISSIVE_MODE: true

jobs:

#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'

CodeQL-Security-Build:
#Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:
- name: Checkout submodule
uses: actions/checkout@v2

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-security.yml@main

- name: Set up for build
run: |
cp Makefile.sample Makefile
make prep
- name: Build
run: make -j

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

CodeQL-Coding-Standard-Build:
#Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:
- name: Checkout submodule
uses: actions/checkout@v2

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main

- name: Set up for build
run: |
cp Makefile.sample Makefile
make prep
- name: Build
run: make -j

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
codeql:
name: CodeQl Analysis
uses: nasa/cFS/.github/workflows/codeql-build.yml@main
with:
setup: 'cd osal && cp Makefile.sample Makefile'
make-prep: 'cd osal && make prep'
make: 'cd osal && make -j'
46 changes: 3 additions & 43 deletions .github/workflows/format-check.yml
Original file line number Diff line number Diff line change
@@ -1,53 +1,13 @@
name: Format Check

# Run on main push and pull requests
# Run on all push and pull requests
on:
push:
branches:
- main
pull_request:

jobs:

static-analysis:
format-check:
name: Run format check
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:

- name: Install format checker
run: |
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
sudo add-apt-repository 'deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main'
sudo apt-get update && sudo apt-get install clang-format-10
- name: Checkout bundle
uses: actions/checkout@v2
with:
repository: nasa/cFS

- name: Checkout
uses: actions/checkout@v2
with:
path: repo

- name: Generate format differences
run: |
cd repo
find . -name "*.[ch]" -exec clang-format-10 -i -style=file {} +
git diff > $GITHUB_WORKSPACE/style_differences.txt
- name: Archive Static Analysis Artifacts
uses: actions/upload-artifact@v2
with:
name: style_differences
path: style_differences.txt

- name: Error on differences
run: |
if [[ -s style_differences.txt ]];
then
cat style_differences.txt
exit -1
fi
uses: nasa/cFS/.github/workflows/format-check.yml@main
50 changes: 4 additions & 46 deletions .github/workflows/static-analysis.yml
Original file line number Diff line number Diff line change
@@ -1,55 +1,13 @@
name: Static Analysis

# Run this workflow every time a new commit pushed to your repository
# Run on all push and pull requests
on:
push:
branches:
- main
pull_request:

jobs:

static-analysis:
name: Run cppcheck
runs-on: ubuntu-18.04
timeout-minutes: 15

strategy:
fail-fast: false
matrix:
cppcheck: [all, osal]

steps:

- name: Install cppcheck
run: sudo apt-get install cppcheck -y

# Checks out a copy of the cfs bundle
- name: Checkout code
uses: actions/checkout@v2
with:
submodules: true

- name: Run bundle cppcheck
if: ${{matrix.cppcheck =='all'}}
run: cppcheck --force --inline-suppr . 2> ${{matrix.cppcheck}}_cppcheck_err.txt

# Run strict static analysis for embedded portions of osal
- name: osal strict cppcheck
if: ${{matrix.cppcheck =='osal'}}
run: |
cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ./${{matrix.cppcheck}}_cppcheck_err.txt
- name: Archive Static Analysis Artifacts
uses: actions/upload-artifact@v2
with:
name: ${{matrix.cppcheck}}-cppcheck-err
path: ./*cppcheck_err.txt

- name: Check for errors
run: |
if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]];
then
cat ${{matrix.cppcheck}}_cppcheck_err.txt
exit -1
fi
uses: nasa/cFS/.github/workflows/static-analysis.yml@main
with:
strict-dir-list: './src/bsp ./src/os'

0 comments on commit 2abd8e6

Please sign in to comment.