From 9c86dd4020327e52d894f1266d7b98d32dc6d34a Mon Sep 17 00:00:00 2001 From: ArielSAdamsNASA Date: Wed, 27 Oct 2021 12:59:23 -0500 Subject: [PATCH] Fix #2009, Reuse CodeQL, Static Analysis, and Format Check --- .github/workflows/codeql-build.yml | 118 ++------------------------ .github/workflows/format-check.yml | 46 +--------- .github/workflows/static-analysis.yml | 51 +---------- 3 files changed, 14 insertions(+), 201 deletions(-) diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index 3eb1cd3b6..21b4a1db4 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -3,115 +3,11 @@ name: "CodeQL Analysis" on: push: pull_request: - -env: - SIMULATION: native - ENABLE_UNIT_TESTS: true - OMIT_DEPRECATED: true - BUILDTYPE: release - + jobs: - #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. - check-for-duplicates: - runs-on: ubuntu-latest - # Map a step output to a job output - outputs: - should_skip: ${{ steps.skip_check.outputs.should_skip }} - steps: - - id: skip_check - uses: fkirc/skip-duplicate-actions@master - with: - concurrent_skipping: 'same_content' - skip_after_successful_duplicate: 'true' - do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - - CodeQL-Security-Build: - needs: check-for-duplicates - if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} - runs-on: ubuntu-18.04 - timeout-minutes: 15 - - steps: - # Checks out a copy of your repository on the ubuntu-latest machine - - name: Checkout bundle - uses: actions/checkout@v2 - with: - repository: nasa/cFS - submodules: true - - - name: Checkout submodule - uses: actions/checkout@v2 - with: - path: cfe - - - name: Check versions - run: git submodule - - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: c - config-file: nasa/cFS/.github/codeql/codeql-security.yml@main - - # Setup the build system - - name: Set up for build - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs - make prep - - # Build the code - - name: Build - run: | - make -C build/native/default_cpu1 core_api core_private es evs fs msg resourceid sb sbr tbl time - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 - - CodeQL-Coding-Standard-Build: - needs: check-for-duplicates - if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} - runs-on: ubuntu-18.04 - timeout-minutes: 15 - - steps: - # Checks out a copy of your repository on the ubuntu-latest machine - - name: Checkout bundle - uses: actions/checkout@v2 - with: - repository: nasa/cFS - submodules: true - - - name: Checkout submodule - uses: actions/checkout@v2 - with: - path: cfe - - - name: Check versions - run: git submodule - - - name: Checkout codeql code - uses: actions/checkout@v2 - with: - repository: github/codeql - submodules: true - path: codeql - - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: c - config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main - - # Setup the build system - - name: Set up for build - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs - make prep - - # Build the code - - name: Build - run: | - make -C build/native/default_cpu1 core_api core_private es evs fs msg resourceid sb sbr tbl time - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 \ No newline at end of file + codeql: + name: CodeQL Analysis + uses: nasa/cFS/.github/workflows/codeql-build.yml@main + with: + make-prep: 'make prep' + make: 'make -C build/native/default_cpu1 core_api core_private es evs fs msg resourceid sb sbr tbl time' \ No newline at end of file diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml index ec48a19f0..bf12f09e2 100644 --- a/.github/workflows/format-check.yml +++ b/.github/workflows/format-check.yml @@ -1,51 +1,11 @@ name: Format Check -# Run on main push and pull requests +# Run on all push and pull requests on: push: pull_request: jobs: - - static-analysis: + format-check: name: Run format check - runs-on: ubuntu-18.04 - timeout-minutes: 15 - - steps: - - - name: Install format checker - run: | - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - - sudo add-apt-repository 'deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main' - sudo apt-get update && sudo apt-get install clang-format-10 - - - name: Checkout bundle - uses: actions/checkout@v2 - with: - repository: nasa/cFS - - - name: Checkout - uses: actions/checkout@v2 - with: - path: repo - - - name: Generate format differences - run: | - cd repo - find . -name "*.[ch]" -exec clang-format-10 -i -style=file {} + - git diff > $GITHUB_WORKSPACE/style_differences.txt - - - name: Archive Static Analysis Artifacts - uses: actions/upload-artifact@v2 - with: - name: style_differences - path: style_differences.txt - - - name: Error on differences - run: | - if [[ -s style_differences.txt ]]; - then - cat style_differences.txt - exit -1 - fi + uses: nasa/cFS/.github/workflows/format-check.yml@main \ No newline at end of file diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 9baebd176..017f54bb8 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,56 +1,13 @@ name: Static Analysis -# Run this workflow every time a new commit pushed to your repository +# Run on all push and pull requests on: push: - branches: - - main pull_request: jobs: - static-analysis: name: Run cppcheck - runs-on: ubuntu-18.04 - timeout-minutes: 15 - - strategy: - fail-fast: false - matrix: - cppcheck: [all, cfe] - - steps: - - - name: Install cppcheck - run: sudo apt-get install cppcheck -y - - # Checks out a copy of the cfs bundle - - name: Checkout code - uses: actions/checkout@v2 - with: - submodules: true - - - name: Run bundle cppcheck - if: ${{matrix.cppcheck =='all'}} - run: cppcheck --force --inline-suppr . 2> ${{matrix.cppcheck}}_cppcheck_err.txt - - # Run strict static analysis for embedded portions of cfe - - name: cfe strict cppcheck - if: ${{matrix.cppcheck =='cfe'}} - run: | - all_fsw_modules="core_api core_private es evs fs msg resourceid sb sbr tbl time" - /bin/bash ./.github/workflows/run_fsw_cppcheck.sh ${all_fsw_modules} 2> ${{matrix.cppcheck}}_cppcheck_err.txt - - - name: Archive Static Analysis Artifacts - uses: actions/upload-artifact@v2 - with: - name: ${{matrix.cppcheck}}-cppcheck-err - path: ./*cppcheck_err.txt - - - name: Check for errors - run: | - if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]]; - then - cat ${{matrix.cppcheck}}_cppcheck_err.txt - exit -1 - fi + uses: nasa/cFS/.github/workflows/static-analysis.yml@main + with: + strict-dir-list: './modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER' \ No newline at end of file