Skip to content

Commit

Permalink
Fix #146, Implement Coding Standard CodeQL
Browse files Browse the repository at this point in the history
  • Loading branch information
arielswalker committed May 26, 2021
1 parent 1c32ed4 commit 8daf5b4
Show file tree
Hide file tree
Showing 3 changed files with 90 additions and 3 deletions.
19 changes: 19 additions & 0 deletions .github/codeql/codeql-coding-standard.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,19 @@
name: "CodeQL Coding Standard Configuration File"

disable-default-queries: true

queries:
- name: JPL Rules
uses: ./codeql/cpp/ql/src/JPL_C
- name: MISRA Rule 9-5-1
uses: ./codeql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql
- name: MISRA Rule 5-18-1
uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql
- name: MISRA 6-2-2
uses: ./codeql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql
- name: MISRA Rule 5-14-1
uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
- name: MISRA Rule 5-3-2
uses: ./codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql
- name: MISRA Rule 7-5-2
uses: ./codeql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql
8 changes: 8 additions & 0 deletions .github/codeql/codeql-security.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,8 @@
name: "CodeQL Security Configuration File"

queries:
- name: Security and Quality
uses: security-and-quality
- name: Security Extended
uses: security-extended

66 changes: 63 additions & 3 deletions .github/workflows/codeql-build.yml
Original file line number Diff line number Diff line change
Expand Up @@ -2,9 +2,9 @@ name: "CodeQL Analysis"

on:
push:
pull_request:
branches:
- main
pull_request:

env:
SIMULATION: native
Expand All @@ -13,8 +13,67 @@ env:
BUILDTYPE: release

jobs:
#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'

CodeQL-Security-Build:
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

steps:
# Checks out a copy of your repository on the ubuntu-latest machine
- name: Checkout bundle
uses: actions/checkout@v2
with:
repository: nasa/cFS
submodules: true

- name: Checkout submodule
uses: actions/checkout@v2
with:
path: apps/sample_app

- name: Check versions
run: git submodule

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/sample_app/.github/codeql/codeql-security.yml@main

# Setup the build system
- name: Set up for build
run: |
cp ./cfe/cmake/Makefile.sample Makefile
cp -r ./cfe/cmake/sample_defs sample_defs
make prep
# Build the code
- name: Build
run: |
make sample_app
make native/default_cpu1/apps/sample_app/unit-test/
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

CodeQL-Build:
CodeQL-Coding-Standard-Build:
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

Expand All @@ -38,7 +97,7 @@ jobs:
uses: github/codeql-action/init@v1
with:
languages: c
queries: +security-extended, security-and-quality
config-file: nasa/sample_app/.github/codeql/codeql-coding-standard.yml@main

# Setup the build system
- name: Set up for build
Expand All @@ -55,3 +114,4 @@ jobs:
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1

0 comments on commit 8daf5b4

Please sign in to comment.