Skip to content

CodeQL Analysis Script #80

CodeQL Analysis Script

CodeQL Analysis Script #80

Workflow file for this run

name: "CodeQL Analysis Script"
on:
push:
pull_request:
workflow_dispatch:
schedule:
# 11:15 PM UTC every Sunday
- cron: '15 23 * * 0'
jobs:
#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-20.04
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
codeql:
name: Run CodeQL
runs-on: ${{ github.repository_owner == 'cFS' && 'linux' || 'ubuntu-latest' }}
needs: check-for-duplicates
strategy:
matrix:
target: ['coding-standard', 'security']
fail-fast: false
steps:
- name: Checkout bundle
uses: actions/checkout@v3
with:
repository: arielswalker/cFS
submodules: true
- name: Checkout ${{ github.repository }}
uses: actions/checkout@v4
with:
submodules: recursive
path: cfe
- name: Make the Script Executable
run: chmod +x ./.github/scripts/codeql.sh
- name: Run CodeQL Analysis Script
run: ./.github/scripts/codeql.sh
env:
TARGET: ${{ matrix.target }}
COMPONENT_PATH: 'cfe'
MAKE_COMMAND: 'make -j8'
TEST_FLAG: 'true'
- name: Move Sarif
run: |
mv cfe/Codeql-${{ matrix.target }}.sarif .
- name: Filter Sarif
uses: advanced-security/filter-sarif@v1
with:
patterns: |
-**/*.md
-**/*.txt
-**/*.dox
input: Codeql-${{ matrix.target }}.sarif
output: Codeql-${{ matrix.target }}.sarif
- name: Archive Sarif
uses: actions/upload-artifact@v4
with:
name: CodeQL-Sarif-${{ matrix.target }}
path: Codeql-${{ matrix.target }}.sarif
- name: Upload SARIF
uses: github/codeql-action/upload-sarif@v3
with:
sarif_file: Codeql-${{ matrix.target }}.sarif
token: ${{ secrets.GITHUB_TOKEN }}
checkout_path: cfe