Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #412, git error in CodeQL Analyze Action #413

Merged
merged 2 commits into from
Feb 3, 2022
Merged
Show file tree
Hide file tree
Changes from all commits
Commits
File filter

Filter by extension

Filter by extension


Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
22 changes: 22 additions & 0 deletions .github/workflows/codeql-analysis.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,22 @@
name: "CodeQL Analysis: cFS-Bundle"

on:
push:
paths-ignore:
- '**/*.md'
- '**/*.txt'
- '**/*.dox'

pull_request:
paths-ignore:
- '**/*.md'
- '**/*.txt'
- '**/*.dox'

jobs:
codeql:
uses: nasa/cFS/.github/workflows/codeql-reusable.yml@main
with:
component-path: cFS
make: make -j8
test: true
10 changes: 0 additions & 10 deletions .github/workflows/codeql-build-reuse.yml

This file was deleted.

130 changes: 0 additions & 130 deletions .github/workflows/codeql-build.yml

This file was deleted.

133 changes: 133 additions & 0 deletions .github/workflows/codeql-reusable.yml
Original file line number Diff line number Diff line change
@@ -0,0 +1,133 @@
name: "CodeQL Reusable Workflow"

on:
workflow_call:
inputs:
# REQUIRED Inputs
component-path:
description: 'Path to repo being tested in a cFS bundle setup'
type: string
required: true
default: cFS

# Optional inputs
category:
description: 'Analysis Category'
required: false
type: string

make:
description: 'Build Command'
default: '' #Typically `make` or `make install`. Default is blank for workflows that don't need to build source
required: false
type: string

prep:
description: 'Make Prep'
default: make prep
required: false
type: string

setup:
description: 'Build Prep Commands'
type: string
default: cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs
required: false

test:
description: 'Value for ENABLE_UNIT_TESTS flag'
type: string
default: false
required: false

env:
SIMULATION: native
ENABLE_UNIT_TESTS: ${{inputs.test}}
OMIT_DEPRECATED: true
BUILDTYPE: release
REPO: ${{github.event.repository.name}}

jobs:
#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'

Analysis:
#Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15

strategy:
fail-fast: false
matrix:
scan-type: [security, coding-standard]

permissions:
security-events: write

steps:
# Setup Bundle directory
- name: Setup cFS-Bundle directory (component-path = cFS)
if: inputs.component-path == 'cFS'
run:
echo "BUILD_DIRECTORY=${{github.workspace}}" >> $GITHUB_ENV

- name: Setup cFS-Bundle directory (component-path != cFS)
if: inputs.component-path != 'cFS'
run: |
cd ..
git clone https://github.com/nasa/cFS.git --recurse-submodules
cd cFS
echo "BUILD_DIRECTORY=$(pwd)" >> $GITHUB_ENV
git log -1 --pretty=oneline
git submodule
rm -r .git
rm -r ${{ inputs.component-path }}
ln -s ${{github.workspace}} ${{ inputs.component-path }}


- name: Checkout ${{ github.repository }}
uses: actions/checkout@v2
with:
submodules: recursive

# Setup the build system
- name: cFS Build Setup
run: |
${{ inputs.setup }}
${{ inputs.prep }}
working-directory: ${{env.BUILD_DIRECTORY}}

- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-${{matrix.scan-type}}.yml@main

- name: Build
run: ${{ inputs.make }}
working-directory: ${{env.BUILD_DIRECTORY}}

- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
with:
add-snippets: true
category: ${{matrix.scan-type}}

- name: Archive Sarif
uses: actions/upload-artifact@v2
with:
name: CodeQL-Sarif-${{ matrix.scan-type }}
path: /home/runner/work/${{env.REPO}}/results/cpp.sarif