diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index f14074e6f..210014710 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -1,10 +1,24 @@ name: "CodeQL Analysis" on: - push: - pull_request: - branches: - - main + workflow_call: + inputs: + sample-defs: + description: 'Build Prep' + type: string + default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs' + make-prep: + description: 'Make Prep' + type: string + default: '' + make: + description: 'Make Copy' + type: string + default: 'make' + tests: + description: 'Tests' + type: string + default: '' env: SIMULATION: native @@ -26,8 +40,7 @@ jobs: concurrent_skipping: 'same_content' skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - - + CodeQL-Security-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -38,40 +51,35 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions - if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule - name: Initialize CodeQL - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c config-file: ./.github/codeql/codeql-security.yml - # Setup the build system - name: Copy sample_defs - if: ${{ !steps.skip-workflow.outputs.skip }} - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs + run: ${{ inputs.sample-defs }} + + - name: Make prep + run: ${{ inputs.make-prep }} - # Setup the build system - name: Make Install - if: ${{ !steps.skip-workflow.outputs.skip }} - run: make + run: ${{ inputs.make }} + + - name: Run tests + run: ${{ inputs.tests }} - # Run CodeQL - name: Perform CodeQL Analysis - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/analyze@v1 CodeQL-Coding-Standard-Build: @@ -84,20 +92,16 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions - if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule - - name: Checkout codeql code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: github/codeql @@ -105,24 +109,22 @@ jobs: path: codeql - name: Initialize CodeQL - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: ./.github/codeql/codeql-coding-standard.yml + config-file: ArielSAdamsNASA/cFS/.github/codeql/codeql-coding-standard.yml@Rule1 - # Setup the build system - name: Copy sample_defs - if: ${{ !steps.skip-workflow.outputs.skip }} - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs + run: ${{ inputs.sample-defs }} + + - name: Make prep + run: ${{ inputs.make-prep }} - # Setup the build system - name: Make Install - if: ${{ !steps.skip-workflow.outputs.skip }} - run: make + run: ${{ inputs.make }} + + - name: Run tests + run: ${{ inputs.tests }} - # Run CodeQL - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v1 \ No newline at end of file diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index d7405dcf6..4f2396e11 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,9 +1,19 @@ name: Static Analysis -# Run this workflow every time a new commit pushed to your repository and for pull requests +# Run on all push and pull requests on: push: pull_request: + workflow_call: + inputs: + module: + description: 'GitHub Module' + type: string + default: 'bundle' + cppcheck-code: + description: 'Cppcheck Code' + type: string + default: '' jobs: #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. @@ -29,8 +39,6 @@ jobs: strategy: fail-fast: false - matrix: - cppcheck: [bundle, cfe, osal, psp] steps: - name: Install cppcheck @@ -43,38 +51,39 @@ jobs: submodules: true - name: Run bundle cppcheck - if: ${{matrix.cppcheck =='bundle'}} - run: cppcheck --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt - - # Run strict static analysis for embedded portions of cfe, osal, and psp - - name: cfe strict cppcheck - if: ${{matrix.cppcheck =='cfe'}} - run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + run: cppcheck --force --inline-suppr --quiet . 2> ${{ inputs.module }}_cppcheck_err.txt + + - name: Archive static analysis artifacts for bundle + uses: actions/upload-artifact@v2 + with: + name: bundle-cppcheck-err + path: ./*cppcheck_err.txt - - name: osal strict cppcheck - if: ${{matrix.cppcheck =='osal'}} + - name: Check for errors for bundle run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - - - name: psp strict cppcheck - if: ${{matrix.cppcheck =='psp'}} + if [[ -s bundle_cppcheck_err.txt ]]; + then + cat $bundle_cppcheck_err.txt + exit -1 + fi + + # Run strict static analysis for embedded portions of cfe, osal, and psp + - name: Strict cppcheck + if: ${{ inputs.module !='bundle' }} run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - - - name: Archive Static Analysis Artifacts + ${{ inputs.cppcheck-code }} + - name: Archive static analysis artifacts + if: ${{ inputs.module !='bundle' }} uses: actions/upload-artifact@v2 with: - name: ${{matrix.cppcheck}}-cppcheck-err + name: ${{ inputs.module }}-cppcheck-err path: ./*cppcheck_err.txt - name: Check for errors + if: ${{ inputs.module !='bundle' }} run: | - if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]]; + if [[ -s ${{ inputs.module }}_cppcheck_err.txt ]]; then - cat ${{matrix.cppcheck}}_cppcheck_err.txt + cat ${{ inputs.module }}_cppcheck_err.txt exit -1 - fi + fi \ No newline at end of file