diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 6c256c0ef..86328d99a 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -1,5 +1,15 @@ # Our Workflows +## Reusable Workflows + +To reduce duplication, the workflows CodeQL Analysis, Static Analysis, and Format Checker are placed in cFS to be reused in the subrepositories. + +CodeQL Analysis and Static Analysis require inputs, therefore, they are called in an additional workflow in cFS to be utilized. Format checker does not need to be reused in cFS because it does not require inputs. + +Provided is a diagram of the architecture of the reusable workflows. + +![Reusable Workflows Architecture](Reusable-Workflows-Architecture.PNG) + ## Deprecated Build, Test, and Run [![Deprecated Build, Test, and Run](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml) diff --git a/.github/workflows/Reusable-Workflows-Architecture.PNG b/.github/workflows/Reusable-Workflows-Architecture.PNG new file mode 100644 index 000000000..d3d5e12cd Binary files /dev/null and b/.github/workflows/Reusable-Workflows-Architecture.PNG differ diff --git a/.github/workflows/codeql-build-reuse.yml b/.github/workflows/codeql-build-reuse.yml new file mode 100644 index 000000000..ee5a9a66e --- /dev/null +++ b/.github/workflows/codeql-build-reuse.yml @@ -0,0 +1,10 @@ +name: Reuse CodeQl Analysis + +on: + push: + pull_request: + +jobs: + codeql: + name: CodeQL Analysis + uses: nasa/cFS/.github/workflows/codeql-build.yml@main \ No newline at end of file diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index 2241b2d17..773b7ca2b 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -1,20 +1,31 @@ name: "CodeQL Analysis" -# Only trigger, when the build workflow succeeded on: - workflow_run: - workflows: ["Build, Test, and Run \\[OMIT_DEPRECATED = true\\]"] - types: - - completed - branches: - - '**' + workflow_call: + inputs: + setup: + description: 'Build Prep' + type: string + default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs' + make-prep: + description: 'Make Prep' + type: string + default: '' + make: + description: 'Make Copy' + type: string + default: 'make' + tests: + description: 'Tests' + type: string + default: '' + env: SIMULATION: native ENABLE_UNIT_TESTS: true OMIT_DEPRECATED: true BUILDTYPE: release - jobs: #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. check-for-duplicates: @@ -22,7 +33,6 @@ jobs: # Map a step output to a job output outputs: should_skip: ${{ steps.skip_check.outputs.should_skip }} - if: ${{ github.event.workflow_run.conclusion == 'success' }} steps: - id: skip_check uses: fkirc/skip-duplicate-actions@master @@ -30,8 +40,7 @@ jobs: concurrent_skipping: 'same_content' skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - - + CodeQL-Security-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -42,42 +51,37 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions - if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule - + - name: Initialize CodeQL - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: ./.github/codeql/codeql-security.yml - - # Setup the build system + config-file: nasa/cFS/.github/codeql/codeql-security.yml@main + - name: Copy sample_defs - if: ${{ !steps.skip-workflow.outputs.skip }} - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs + run: ${{ inputs.setup }} - # Setup the build system + - name: Make prep + run: ${{ inputs.make-prep }} + - name: Make Install - if: ${{ !steps.skip-workflow.outputs.skip }} - run: make + run: ${{ inputs.make }} + + - name: Run tests + run: ${{ inputs.tests }} - # Run CodeQL - name: Perform CodeQL Analysis - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/analyze@v1 - + CodeQL-Coding-Standard-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -88,45 +92,39 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions - if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule + - name: Checkout codeql code + uses: actions/checkout@v2 + with: + repository: github/codeql + submodules: true + path: codeql - name: Initialize CodeQL - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: ./.github/codeql/codeql-coding-standard.yml + config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main - # Setup the build system - name: Copy sample_defs - if: ${{ !steps.skip-workflow.outputs.skip }} - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs - - # Setup the build system + run: ${{ inputs.setup }} + + - name: Make prep + run: ${{ inputs.make-prep }} + - name: Make Install - if: ${{ !steps.skip-workflow.outputs.skip }} - run: make + run: ${{ inputs.make }} + + - name: Run tests + run: ${{ inputs.tests }} - # Run CodeQL - name: Perform CodeQL Analysis - if: ${{ !steps.skip-workflow.outputs.skip }} - uses: github/codeql-action/analyze@v1 - - on-failure: - runs-on: ubuntu-latest - if: ${{ github.event.workflow_run.conclusion == 'failure' }} - steps: - - name: Fail workflow - run: exit 1 + uses: github/codeql-action/analyze@v1 \ No newline at end of file diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml new file mode 100644 index 000000000..cb003b6e7 --- /dev/null +++ b/.github/workflows/format-check.yml @@ -0,0 +1,67 @@ +name: Format Check + +# Run on all push and pull requests +on: + push: + pull_request: + workflow_call: + +jobs: + #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. + check-for-duplicates: + runs-on: ubuntu-latest + # Map a step output to a job output + outputs: + should_skip: ${{ steps.skip_check.outputs.should_skip }} + steps: + - id: skip_check + uses: fkirc/skip-duplicate-actions@master + with: + concurrent_skipping: 'same_content' + skip_after_successful_duplicate: 'true' + do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' + + format-checker: + name: Run format check + #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. + needs: check-for-duplicates + if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} + runs-on: ubuntu-18.04 + timeout-minutes: 15 + + steps: + - name: Install format checker + run: | + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - + sudo add-apt-repository 'deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main' + sudo apt-get update && sudo apt-get install clang-format-10 + + - name: Checkout bundle + uses: actions/checkout@v2 + with: + repository: nasa/cFS + + - name: Checkout + uses: actions/checkout@v2 + with: + path: repo + + - name: Generate format differences + run: | + cd repo + find . -name "*.[ch]" -exec clang-format-10 -i -style=file {} + + git diff > $GITHUB_WORKSPACE/style_differences.txt + + - name: Archive Static Analysis Artifacts + uses: actions/upload-artifact@v2 + with: + name: style_differences + path: style_differences.txt + + - name: Error on differences + run: | + if [[ -s style_differences.txt ]]; + then + cat style_differences.txt + exit -1 + fi diff --git a/.github/workflows/static-analysis-reuse.yml b/.github/workflows/static-analysis-reuse.yml new file mode 100644 index 000000000..44688b621 --- /dev/null +++ b/.github/workflows/static-analysis-reuse.yml @@ -0,0 +1,10 @@ +name: Reuse Static Analysis + +on: + push: + pull_request: + +jobs: + static-analysis: + name: Static Analysis + uses: nasa/cFS/.github/workflows/static-analysis.yml@main \ No newline at end of file diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index d7405dcf6..31a3b0d93 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,9 +1,12 @@ name: Static Analysis -# Run this workflow every time a new commit pushed to your repository and for pull requests on: - push: - pull_request: + workflow_call: + inputs: + strict-dir-list: + description: 'Directory List' + type: string + default: '' jobs: #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. @@ -30,7 +33,7 @@ jobs: strategy: fail-fast: false matrix: - cppcheck: [bundle, cfe, osal, psp] + cppcheck: [non-strict, strict] steps: - name: Install cppcheck @@ -43,38 +46,25 @@ jobs: submodules: true - name: Run bundle cppcheck - if: ${{matrix.cppcheck =='bundle'}} - run: cppcheck --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt - + run: cppcheck --force --inline-suppr . 2> ${{matrix.cppcheck}}_cppcheck_err.txt + # Run strict static analysis for embedded portions of cfe, osal, and psp - - name: cfe strict cppcheck - if: ${{matrix.cppcheck =='cfe'}} - run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - - - name: osal strict cppcheck - if: ${{matrix.cppcheck =='osal'}} - run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - - - name: psp strict cppcheck - if: ${{matrix.cppcheck =='psp'}} - run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + - name: Strict cppcheck + if: ${{ inputs.strict-dir-list !='' }} + run: cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive .${{ inputs.strict-dir-list }} 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - name: Archive Static Analysis Artifacts + if: ${{ inputs.strict-dir-list !='' || matrix.cppcheck == 'non-strict' }} uses: actions/upload-artifact@v2 with: name: ${{matrix.cppcheck}}-cppcheck-err path: ./*cppcheck_err.txt - name: Check for errors + if: ${{ inputs.strict-dir-list !='' || matrix.cppcheck == 'non-strict' }} run: | if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]]; then cat ${{matrix.cppcheck}}_cppcheck_err.txt exit -1 - fi + fi \ No newline at end of file