diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 4a321cc83..cf9ea0dc2 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -1,5 +1,14 @@ # Our Workflows +## Reusable Workflows + +To reduce duplication, CodeQL Analysis, Static Analysis, and Format Checker are placed in cFS to be reused in the subrepositories. + +CodeQL Analysis and Static Analysis require inputs, therefore, they are called in an additional workflow in cFS to be utilized. Format checker does not need to be reused in cFS because it does not require inputs. + +Provided is a diagram of the architecture of the reusable workflows. +![Reusable Workflows Architecture](“cFS-Reusable-Worflows.png”) + ## Deprecated Build, Test, and Run [![Deprecated Build, Test, and Run](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml) @@ -25,8 +34,8 @@ For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-acti Our CodeQL action uses a configuration file to use specific queries, which can be found at [.github/codeql](https://github.com/nasa/cFS/tree/main/.github/codeql). -## Static Analaysis -[![Static Analaysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) +## Static Analysis +[![Static Analysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) This action runs a static analysis tool for C/C++ code known as cppcheck. Cppcheck is designed to be able to analyze C/C++ code even if it has non-standard syntax, which is common in embedded projects. @@ -58,6 +67,6 @@ This action creates a changelog file which documents all the issues in cFS. The Changelog action runs manually. ## Format Check -[![Format Check](https://github.com/nasa/osal/actions/workflows/format-check.yml/badge.svg)](https://github.com/nasa/osal/actions/workflows/format-check.yml) +[![Format Check](https://github.com/nasa/cfs/actions/workflows/format-check.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/format-check.yml) This action uses [clang-format-10](https://github.com/nasa/cFS/blob/main/.clang-format) to check for format errors. diff --git a/.github/workflows/cFS-Reusable-Workflows.PNG b/.github/workflows/cFS-Reusable-Workflows.PNG new file mode 100644 index 000000000..02dc3ef36 Binary files /dev/null and b/.github/workflows/cFS-Reusable-Workflows.PNG differ diff --git a/.github/workflows/codeql-build-reuse.yml b/.github/workflows/codeql-build-reuse.yml new file mode 100644 index 000000000..1b46be8d2 --- /dev/null +++ b/.github/workflows/codeql-build-reuse.yml @@ -0,0 +1,11 @@ +name: Reuse CodeQl Analysis + +on: + push: + pull_request: + + +jobs: + codeql: + name: CodeQL Analysis + uses: nasa/cFS/.github/workflows/codeql-build.yml@main \ No newline at end of file diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index 0fc0edda9..c565874e3 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -1,10 +1,24 @@ -name: "CodeQL Analysis" +name: CodeQL Analysis on: - push: - pull_request: - branches: - - main + workflow_call: + inputs: + sample-defs: + description: 'Build Prep' + type: string + default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs' + make-prep: + description: 'Make Prep' + type: string + default: '' + make: + description: 'Make Code' + type: string + default: 'make' + tests: + description: 'Tests' + type: string + default: '' env: SIMULATION: native @@ -26,8 +40,7 @@ jobs: concurrent_skipping: 'same_content' skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - - + CodeQL-Security-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -38,42 +51,37 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions - if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule - + - name: Initialize CodeQL - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: ./.github/codeql/codeql-security.yml - - # Setup the build system + config-file: nasa/cFS/.github/codeql/codeql-security.yml@main + - name: Copy sample_defs - if: ${{ !steps.skip-workflow.outputs.skip }} - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs + run: ${{ inputs.sample-defs }} - # Setup the build system + - name: Make prep + run: ${{ inputs.make-prep }} + - name: Make Install - if: ${{ !steps.skip-workflow.outputs.skip }} - run: make + run: ${{ inputs.make }} + + - name: Run tests + run: ${{ inputs.tests }} - # Run CodeQL - name: Perform CodeQL Analysis - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/analyze@v1 - + CodeQL-Coding-Standard-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -84,38 +92,39 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions - if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule + - name: Checkout codeql code + uses: actions/checkout@v2 + with: + repository: github/codeql + submodules: true + path: codeql - name: Initialize CodeQL - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: ./.github/codeql/codeql-coding-standard.yml + config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main - # Setup the build system - name: Copy sample_defs - if: ${{ !steps.skip-workflow.outputs.skip }} - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs + run: ${{ inputs.sample-defs }} - # Setup the build system + - name: Make prep + run: ${{ inputs.make-prep }} + - name: Make Install - if: ${{ !steps.skip-workflow.outputs.skip }} - run: make + run: ${{ inputs.make }} - # Run CodeQL + - name: Run tests + run: ${{ inputs.tests }} + - name: Perform CodeQL Analysis - if: ${{ !steps.skip-workflow.outputs.skip }} - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v1 \ No newline at end of file diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml new file mode 100644 index 000000000..ec83cc943 --- /dev/null +++ b/.github/workflows/format-check.yml @@ -0,0 +1,67 @@ +name: Format Check + +# Run on all push and pull requests +on: + push: + pull_request: + workflow_call: + +jobs: + #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. + check-for-duplicates: + runs-on: ubuntu-latest + # Map a step output to a job output + outputs: + should_skip: ${{ steps.skip_check.outputs.should_skip }} + steps: + - id: skip_check + uses: fkirc/skip-duplicate-actions@master + with: + concurrent_skipping: 'same_content' + skip_after_successful_duplicate: 'true' + do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' + + format-checker: + name: Run format check + #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. + needs: check-for-duplicates + if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} + runs-on: ubuntu-18.04 + timeout-minutes: 15 + + steps: + - name: Install format checker + run: | + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - + sudo add-apt-repository 'deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main' + sudo apt-get update && sudo apt-get install clang-format-10 + + - name: Checkout bundle + uses: actions/checkout@v2 + with: + repository: nasa/cFS + + - name: Checkout + uses: actions/checkout@v2 + with: + path: repo + + - name: Generate format differences + run: | + cd repo + find . -name "*.[ch]" -exec clang-format-10 -i -style=file {} + + git diff > $GITHUB_WORKSPACE/style_differences.txt + + - name: Archive Static Analysis Artifacts + uses: actions/upload-artifact@v2 + with: + name: style_differences + path: style_differences.txt + + - name: Error on differences + run: | + if [[ -s style_differences.txt ]]; + then + cat style_differences.txt + exit -1 + fi \ No newline at end of file diff --git a/.github/workflows/static-analysis-reuse.yml b/.github/workflows/static-analysis-reuse.yml new file mode 100644 index 000000000..50ded549c --- /dev/null +++ b/.github/workflows/static-analysis-reuse.yml @@ -0,0 +1,9 @@ +name: Reuse Static Analysis + +on: + push: + +jobs: + static-analysis: + name: Static Analysis + uses: nasa/cFS/.github/workflows/static-analysis.yml@main \ No newline at end of file diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index d7405dcf6..0926de7af 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,9 +1,16 @@ name: Static Analysis -# Run this workflow every time a new commit pushed to your repository and for pull requests on: - push: - pull_request: + workflow_call: + inputs: + module: + description: 'GitHub Module' + type: string + default: 'bundle' + cppcheck-code: + description: 'Cppcheck Code' + type: string + default: '' jobs: #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. @@ -29,8 +36,6 @@ jobs: strategy: fail-fast: false - matrix: - cppcheck: [bundle, cfe, osal, psp] steps: - name: Install cppcheck @@ -43,38 +48,39 @@ jobs: submodules: true - name: Run bundle cppcheck - if: ${{matrix.cppcheck =='bundle'}} - run: cppcheck --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt - - # Run strict static analysis for embedded portions of cfe, osal, and psp - - name: cfe strict cppcheck - if: ${{matrix.cppcheck =='cfe'}} - run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + run: cppcheck --force --inline-suppr --quiet . 2> ${{ inputs.module }}_cppcheck_err.txt + + - name: Archive static analysis artifacts for bundle + uses: actions/upload-artifact@v2 + with: + name: bundle-cppcheck-err + path: ./*cppcheck_err.txt - - name: osal strict cppcheck - if: ${{matrix.cppcheck =='osal'}} + - name: Check for errors for bundle run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - - - name: psp strict cppcheck - if: ${{matrix.cppcheck =='psp'}} + if [[ -s bundle_cppcheck_err.txt ]]; + then + cat $bundle_cppcheck_err.txt + exit -1 + fi + + # Run strict static analysis for embedded portions of cfe, osal, and psp + - name: Strict cppcheck + if: ${{ inputs.module !='bundle' }} run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - - - name: Archive Static Analysis Artifacts + ${{ inputs.cppcheck-code }} + - name: Archive static analysis artifacts + if: ${{ inputs.module !='bundle' }} uses: actions/upload-artifact@v2 with: - name: ${{matrix.cppcheck}}-cppcheck-err + name: ${{ inputs.module }}-cppcheck-err path: ./*cppcheck_err.txt - name: Check for errors + if: ${{ inputs.module !='bundle' }} run: | - if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]]; + if [[ -s ${{ inputs.module }}_cppcheck_err.txt ]]; then - cat ${{matrix.cppcheck}}_cppcheck_err.txt + cat ${{ inputs.module }}_cppcheck_err.txt exit -1 - fi + fi \ No newline at end of file