-
Notifications
You must be signed in to change notification settings - Fork 2
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #4 from samyarsadat/stage-1-workflow-experiments
Stage 1 Workflow Experiments
- Loading branch information
Showing
10 changed files
with
323 additions
and
324 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,17 @@ | ||
## CodeQL Analysis for MicroROS & Pico Source Code | ||
|
||
At the moment, CodeQL needs to be run in the same environment as the build steps. This means that it cannot analyze code that | ||
is built inside of a Docker container, unless CodeQL itself also runs inside of that container. This becomes a problem when you | ||
try to use the Pico Build Action and the MicroROS Build Action with CodeQL, as both Pico and MicroROS Build are Docker container | ||
actions. Until the developers of the CodeQL action add a way to analyze build that run in a Docker container or until I (maybe) | ||
somehow implement CodeQL into the Pico Build and MicroROS Build actions, I've come up with a temporary workaround.<br> | ||
<br> | ||
I've put modified versions of the build scripts from the build actions into the `codeql-pico-scripts` directory. I've also added | ||
two new re-usable actions (the reason I've decided to use resusable actions isn't because I use them in more than one place, but | ||
because I want them to be separated from everything else) for building and analyzing micro-ROS and the Pico source code using the | ||
aforementioned scripts. You may have also noticed that these re-usable actions use the same Docker images as the actual Pico Build | ||
Action and MicroROS Build Action.<br> | ||
<br> | ||
I have still left the original `pico-build.yml` workflow, as I want it to serve as a usage example for Pico Build Action and MicroROS | ||
Build Action, and also because `pico-codeql.yml` doesn't produce binaries for the Pico (well, it does internally, but they're not | ||
uploaded as artifacts, so they can't be accessed). |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,79 @@ | ||
# The ROS robot project - MicroROS CodeQL analysis workflow. | ||
# Copyright 2024 Samyar Sadat Akhavi | ||
# Written by Samyar Sadat Akhavi, 2024. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, either version 3 of the License, or | ||
# (at your option) any later version. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License | ||
# along with this program. If not, see <https: www.gnu.org/licenses/>. | ||
|
||
name: MicroROS CodeQL Analysis | ||
on: workflow_call | ||
|
||
jobs: | ||
analyze_uros: | ||
name: Analyze MicroROS library | ||
runs-on: ubuntu-latest | ||
container: samyarsadat/service_images:microros-build-action-latest | ||
|
||
permissions: | ||
security-events: write | ||
contents: read | ||
|
||
steps: | ||
- name: Checkout repository | ||
uses: actions/checkout@v4 | ||
with: | ||
submodules: recursive | ||
|
||
- name: Copy FreeRTOS Kernel Import File | ||
shell: bash | ||
run: | | ||
cp "Source Code/pico_ws/libfreertos/FreeRTOS-Kernel/portable/ThirdParty/GCC/RP2040/FreeRTOS_Kernel_import.cmake" \ | ||
"Source Code/pico_ws/FreeRTOS_Kernel_import.cmake" | ||
- name: Generate Pico SDK Headers | ||
uses: samyarsadat/Pico-Build-Action@v1 | ||
with: | ||
source_dir: "Source Code/pico_ws" | ||
output_dir: "build" | ||
cmake_config_only: "true" | ||
|
||
# This step is required because of a bug in micro_ros_setup's firmware workspace creation script. | ||
# This bug causes the script to fail if the path to the script's working directory contains spaces. | ||
- name: Rename Source Code Directory | ||
run: | | ||
mv "Source Code/" "source_code/" | ||
- name: Initialize CodeQL | ||
uses: github/codeql-action/init@v3 | ||
with: | ||
languages: c-cpp | ||
build-mode: manual | ||
queries: security-and-quality | ||
|
||
- name: Build MicroROS Library | ||
id: build | ||
shell: bash | ||
run: | | ||
bash ".github/workflows/codeql-pico-scripts/uros-build.sh" "source_code/pico_ws/libmicroros" | ||
- name: Perform CodeQL Analysis | ||
uses: github/codeql-action/analyze@v3 | ||
with: | ||
category: "/language:c-cpp" | ||
|
||
- name: Upload MicroROS Library Artifacts | ||
uses: actions/upload-artifact@v4 | ||
with: | ||
name: uros_library_artifacts | ||
path: ${{steps.build.outputs.library_build_dir}} | ||
if-no-files-found: error |
This file was deleted.
Oops, something went wrong.
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Original file line number | Diff line number | Diff line change |
---|---|---|
@@ -0,0 +1,75 @@ | ||
#!/bin/bash | ||
# The ROS Robot Project - Raspberry Pi Pico build script for CodeQL analysis. | ||
# This is a modified version of the script from the Pico Build Action. | ||
# This workaround is necessary because CodeQL needs run in the same environment as the build script. | ||
# | ||
# Copyright 2024 Samyar Sadat Akhavi | ||
# Written by Samyar Sadat Akhavi, 2024. | ||
# | ||
# This program is free software: you can redistribute it and/or modify | ||
# it under the terms of the GNU General Public License as published by | ||
# the Free Software Foundation, either version 3 of the License, or | ||
# (at your option) any later version. | ||
# | ||
# This program is distributed in the hope that it will be useful, | ||
# but WITHOUT ANY WARRANTY; without even the implied warranty of | ||
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the | ||
# GNU General Public License for more details. | ||
# | ||
# You should have received a copy of the GNU General Public License | ||
# along with this program. If not, see <https: www.gnu.org/licenses/>. | ||
|
||
set -e | ||
|
||
# Get arguments | ||
SOURCE_DIR=$1 | ||
OUTPUT_DIR="build" | ||
BOARD_NAME="pico" | ||
CMAKE_ARGS="" | ||
MAKEFILES_GENERATOR="Unix Makefiles" | ||
|
||
# Validate arguments | ||
if [ -z "$SOURCE_DIR" ]; then | ||
echo "ERROR: Source directory not provided." | ||
exit 1 | ||
fi | ||
|
||
if [ -z "$OUTPUT_DIR" ]; then | ||
echo "ERROR: Output directory not provided." | ||
exit 1 | ||
fi | ||
|
||
if [ -z "$BOARD_NAME" ]; then | ||
BOARD_NAME="pico" | ||
fi | ||
|
||
if [ -z "$MAKEFILES_GENERATOR" ]; then | ||
MAKEFILES_GENERATOR="Ninja" | ||
fi | ||
|
||
# Check if the source directory exists | ||
if [ ! -d "$SOURCE_DIR" ]; then | ||
echo "ERROR: Source directory does not exist." | ||
exit 1 | ||
fi | ||
|
||
# Make paths absolute | ||
OUTPUT_DIR_RELATIVE="$SOURCE_DIR/$OUTPUT_DIR" | ||
SOURCE_DIR="$GITHUB_WORKSPACE/$SOURCE_DIR" | ||
OUTPUT_DIR="$SOURCE_DIR/$OUTPUT_DIR" | ||
|
||
# Echo arguments | ||
echo "Configuration:" | ||
echo "SOURCE_DIR=$SOURCE_DIR" | ||
echo "OUTPUT_DIR=$OUTPUT_DIR" | ||
echo "BOARD_NAME=$BOARD_NAME" | ||
echo "CMAKE_ARGS=$CMAKE_ARGS" | ||
echo "MAKEFILES_GENERATOR=$MAKEFILES_GENERATOR" | ||
|
||
# Build the project | ||
echo "Generating build files..." | ||
mkdir "$OUTPUT_DIR" && cd "$OUTPUT_DIR" | ||
cmake -DPICO_BOARD="$BOARD_NAME" -S "$SOURCE_DIR" -B "$OUTPUT_DIR" -G "$MAKEFILES_GENERATOR" $CMAKE_ARGS | ||
|
||
echo "Building project..." | ||
cd "$OUTPUT_DIR" && make -j$(nproc) |
Oops, something went wrong.