Skip to content

Update static-analysis.yml #30

Update static-analysis.yml

Update static-analysis.yml #30

Workflow file for this run

name: "CodeQL Analysis Script"
on:
push:
pull_request:
workflow_dispatch:
schedule:
# 11:15 PM UTC every Sunday
- cron: '15 23 * * 0'
jobs:
#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-20.04
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
codeql:
name: Run CodeQL
runs-on: ${{ github.repository_owner == 'cFS' && 'linux' || 'ubuntu-latest' }}
needs: check-for-duplicates
strategy:
matrix:
target: ['coding-standard', 'security']
steps:
- name: Checkout bundle
uses: actions/checkout@v3
with:
repository: arielswalker/cFS
submodules: true
- name: Set Unique Variables
id: set-target
run: |
if [ "${{ matrix.target }}" == "coding-standard" ]; then
echo "TARGET=coding-standard" >> $GITHUB_ENV
elif [ "${{ matrix.target }}" == "security" ]; then
echo "TARGET=security" >> $GITHUB_ENV
fi
- name: Make the Script Executable
run: chmod +x ./.github/scripts/codeql.sh
- name: Run CodeQL Analysis Script
run: ./.github/scripts/codeql.sh
env:
TARGET: ${{ env.TARGET }}
COMPONENT_PATH: 'cfe'
MAKE_COMMAND: 'make -j8'
TEST_FLAG: 'true'
- name: filter-sarif
uses: advanced-security/filter-sarif@v1
with:
patterns: |
-**/*.md
-**/*.txt
-**/*.dox
input: Codeql-${{ matrix.target }}.sarif
output: Codeql-${{ matrix.target }}.sarif
- name: Archive Sarif
uses: actions/upload-artifact@v4
with:
name: CodeQL-Sarif-${{ matrix.target }}
path: CodeQL-${{ matrix.target }}
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: Codeql-${{ matrix.target }}.sarif