.github/workflows/codeql-build.yml

name: "CodeQL Analysis Script"

on:
  push:
  pull_request:
  workflow_dispatch:
  schedule:
    # 11:15 PM UTC every Sunday
    - cron:  '15 23 * * 0'

jobs:
  #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
  check-for-duplicates:
    runs-on: ubuntu-20.04
    # Map a step output to a job output
    outputs:
      should_skip: ${{ steps.skip_check.outputs.should_skip }}
    steps:
      - id: skip_check
        uses: fkirc/skip-duplicate-actions@master
        with:
          concurrent_skipping: 'same_content'
          skip_after_successful_duplicate: 'true'
          do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
          
  codeql:
    name: Run CodeQL
    runs-on: ${{ github.repository_owner == 'cFS' && 'linux' || 'ubuntu-latest' }}
    needs: check-for-duplicates
    strategy:
      matrix:
        target: ['coding-standard', 'security']
    steps:
    
      - name: Checkout bundle
        uses: actions/checkout@v3
        with:
          repository: arielswalker/cFS
          submodules: true
          
      - name: Set Unique Variables
        id: set-target
        run: |
          if [ "${{ matrix.target }}" == "coding-standard" ]; then
            echo "TARGET=coding-standard" >> $GITHUB_ENV
          elif [ "${{ matrix.target }}" == "security" ]; then
            echo "TARGET=security" >> $GITHUB_ENV
          fi   
          
      - name: Make the Script Executable
        run: chmod +x ./.github/scripts/codeql.sh
        
      - name: Run CodeQL Analysis Script
        run: ./.github/scripts/codeql.sh 
        env:
          TARGET: ${{ env.TARGET }}
          COMPONENT_PATH: 'cfe'
          MAKE_COMMAND: 'make -j8'
          TEST_FLAG: 'true'

      - name: filter-sarif
        uses: advanced-security/filter-sarif@v1
        with:
            patterns: |
                -**/*.md
                -**/*.txt
                -**/*.dox
            input: Codeql-${{ matrix.target }}.sarif
            output: Codeql-${{ matrix.target }}.sarif
            
      - name: Archive Sarif
        uses: actions/upload-artifact@v4
        with:
          name: CodeQL-Sarif-${{ matrix.target }}
          path: CodeQL-${{ matrix.target }}

      - name: Upload SARIF
        uses: github/codeql-action/upload-sarif@v3
        with:
          sarif_file: Codeql-${{ matrix.target }}.sarif