From 48cc337688f0d4c5ec8677c27c312858f96cb8c1 Mon Sep 17 00:00:00 2001 From: ArielSAdamsNASA Date: Wed, 27 Oct 2021 10:38:25 -0500 Subject: [PATCH 1/3] Fix #382, Reuse CodeQL, Static Analysis, and Format Check --- .github/workflows/README.md | 16 +++- .github/workflows/cFS-Reusable-Workflows.PNG | Bin 0 -> 12526 bytes .github/workflows/codeql-build-reuse.yml | 11 +++ .github/workflows/codeql-build.yml | 84 +++++++++++-------- .github/workflows/format-check.yml | 67 +++++++++++++++ .github/workflows/static-analysis-reuse.yml | 9 ++ .github/workflows/static-analysis.yml | 64 +++++++------- 7 files changed, 182 insertions(+), 69 deletions(-) create mode 100644 .github/workflows/cFS-Reusable-Workflows.PNG create mode 100644 .github/workflows/codeql-build-reuse.yml create mode 100644 .github/workflows/format-check.yml create mode 100644 .github/workflows/static-analysis-reuse.yml diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 4a321cc83..eb1e3ed63 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -1,5 +1,15 @@ # Our Workflows +## Reusable Workflows + +To reduce duplication, CodeQL Analysis, Static Analysis, and Format Checker are placed in cFS to be reused in the subrepositories. + +CodeQL Analysis and Static Analysis require inputs, therefore, they are called in an additional workflow in cFS to be utilized. Format checker does not need to be reused in cFS because it does not require inputs. + +Provided is a diagram of the architecture of the reusable workflows. + +![Reusable Workflows Architecture](cFS-Reusable-Workflows.PNG) + ## Deprecated Build, Test, and Run [![Deprecated Build, Test, and Run](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml) @@ -25,8 +35,8 @@ For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-acti Our CodeQL action uses a configuration file to use specific queries, which can be found at [.github/codeql](https://github.com/nasa/cFS/tree/main/.github/codeql). -## Static Analaysis -[![Static Analaysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) +## Static Analysis +[![Static Analysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) This action runs a static analysis tool for C/C++ code known as cppcheck. Cppcheck is designed to be able to analyze C/C++ code even if it has non-standard syntax, which is common in embedded projects. @@ -58,6 +68,6 @@ This action creates a changelog file which documents all the issues in cFS. The Changelog action runs manually. ## Format Check -[![Format Check](https://github.com/nasa/osal/actions/workflows/format-check.yml/badge.svg)](https://github.com/nasa/osal/actions/workflows/format-check.yml) +[![Format Check](https://github.com/nasa/cfs/actions/workflows/format-check.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/format-check.yml) This action uses [clang-format-10](https://github.com/nasa/cFS/blob/main/.clang-format) to check for format errors. diff --git a/.github/workflows/cFS-Reusable-Workflows.PNG b/.github/workflows/cFS-Reusable-Workflows.PNG new file mode 100644 index 0000000000000000000000000000000000000000..02dc3ef36e2e64a1aa47439293aabcf57359b15d GIT binary patch literal 12526 zcmeHucT|(<)-UQPql_{tMMa3C(wmBcQW6_t14Md_f&m#yq(o^+92HPNu>cVfqaY|C ziG&geBym83+GpYf3LoD+&w~0ZbRhazh!;?kSIC1UDr<>J>(SSGu|s9D|KW~hRLqZ zyN-|n*23NLJ9 zLuS~(KL7B5-dFpAY+X8;uNLm|K26xGUoNfg>P3sc5I!NtW9Xe?gX*F};7fmd-^@pI zRCmPUN#xvf1S`Og%>R7+Pb%0oZj6=q3AqrvAMabry2*++(Fed zqGb<{akWt^f6`JLGJk`M0tq-JAQ4RE$E5} zsKR`{(=;skJZfm5LiBL=isU*EOI)E*1FuHU+F|CsN`l7=!?U7s#zwh4Jrlewz0k&H z>XnRJ#mUw!YMxNe*!&%B%!+$@e{5YYNDL6x#m!{}ux8}%z&3e9Se@RUN!Bc!DiIU; zl6;!nl6A$sWU^}oy2nES0g=m3UQ`ha0jsgpHkhqr(lYo4=-}R`kFh6e+WEF`hV@;( zOz_uU#V9=Ok%m9+LRfY;!`BTtq95ll=10HuIO9*vO3dqFsfvGYR)m1#hF<xE!5eK_n=!WkH zQ9ZKGZE;X5JLKLkUYOWkMFl!sm7oYOdXh>~lxsTz+Wk=niGJ>5>%gx^EOPn&YeH)T z`Z2k$&%J9UZRLwtlaQ3q7fuS2*C<+~Z0zlmKGJJJP^?VrjZHnwV6cNkO z+{E&dDipB_hq&@rKjsK>o%^Ck)muwyrp3aG4q5&S+{@_ucEQw6=Rw(ivy|ou-lZOK zxWt(QztS0laN}~gbCRI&Zxwx3eodAHz#L{+2&qA!Ql|C&2^}A?;h7*;xdO@ac^uJv;Q94=2zHjt&M|EodnI|goY1KB;nx6B5&Ol|*lu||3}}7w z^D{+9^p0JH0>DfcNVPhn5+QM&tz(7Pj)(`5N{H2rjH2S<^}=1?lqBwf;D)2X0Y!8aTP z-|#3+ITFVW65$MVeWGTCW0WwKG)P+!mwF&>;NDnFdbs3#h+84b6W17A^Vx!mDAffz zfQ}STksoeld<(KlkX!8})?FA|!-O_YKPZtVPmmS@El0g;Ub~S|ekJJHiUG>)pjduF zy2K2NdR}?C?vbygA}h(_!(eDv4ecRzcwc?Ocveo2J|)d2;QfrQg`OlSl%IOOD4@e8 z9i7ePXphX<|JXg$XK*8R^9un#h)@0wd{p+ri)v&=?vtB4bzKK|&4g>L8M;H=>L0j$ zjvPh~E0>pMziEb?!JlA0Zez}xPKg5{`fh|G<4SA z1l^^$zk2!K z*2kJQ-m-nOrheuAp4TKrH65Vhhb<-xDR=entlDL>F*JDlsvlL=jFnU^7FYCu$7c=` zE}q$?ZMr_<>36G=7xz+6L&p{l#_zuV*g1FnAvbGquTqHN|bceGY6>5d)stg@@l%YV_?z!c{G=xXMT zU$~A1H>}do)%zP3F^1z*2Nr$&`1Has5o<|J9Jc1U3INRut$Xu6l3E`Agc^d$faJE= zP2CA3*h;*l|GS^wJ&53@qUkqIKg!?hEplf1@{E6aaD&A2Nt5W_T)X|S)>;JquCNu< z?>jJ9ML7cdL%~0;-xH_<+(^OYgYmQOnSiW{z^?JVe)H~$BV6qZHGAVp_Tk?n=u}Xi zAJvZDIK71l{b?{yHw}INhz>Ar&Bb5q+P3{d>lxAN&BnH1)NVb@MH(}uN^e)K|LH*j z$^N&fz%>Z`(2q<^tb^#qHq)EmXYNfyA8t71r~~XwJR|B!2Bj}Kbo969&jcIy_&fp= z!h!#9B0Df^04{rAt_MiM$Hi4f$>4ZhJBhS@>~iU?C)yQpZcy<6cYr~kJHNS?K;T5& z0csW@P1MA=1mVlqZn{IgVvS2xqc&f`N+Kh@d!GqjGPX(V`uYR0J{g^Ot z?UahLE1{;s?R8{en6xH-qpcFW`Wz;5{^o*4@a;=wBA+nMxPp>cssJzslK8#kz7UTKL z+)@ivG;SxJIQgTW-$dX^4wEJdq}wO3r@KULjlm7mFa7wzPy7g(EFp>Trxnw-t5qQN zLTkqJ$0$|DHbw?V8&r#W9UsT`=hcINNMP6&V%TO*5B~7()W%|;#H7X=mZ~buyhNMQ zyL0m>P_~7Md9(x^CH-%N^0|EFae9QVQA}T2fZ1lX2YI@B!06+)5B;5ox#Y8FY!IeI zRC|eYDv=N533jYpayo~kI6rC5J?p~(TIIK=g|035avyp|oaDg{YDl5H7%l}AhQqB| zjA@pAQvYR-+T?;=<|XQy)STKu`hPG+ z-7KEvy};hNl%2y!OkIsX#jhRz;;|q(-;=)%0kbW`D(X*r5GAfXb748dG63eI$J42q zFWOOmYEoUtPFjJD3$%cX>KO54WmrS)9I9iNsn%i;1ZaO~L7g~VY4l+dCLV|q4i%Xo zeI?;mE{vyBn^ZK&3wx{?1!Ney@Pm|!Jk)Id#J*~I=~tvNNr$5iLy9<#z0KI$ zcu9nef2K?Z%s@Rf0P+tUv(0}7oz`uww+;cn?>&D}%~r$J8|xiy@%ZT8XP@q0U3n@a ztw*On;^%7~Wxmm2ef0{-NJF2qgdX%co2rTHEvf0V@Hy@;eIlqwKC1iJtltC9>sK^{ z_asMV9#O#AMBtbkS|Ixn2%&pfTy)rck}`Vb(EzJ*J9bF1BEAlbk4XtlOr2rH1)9t5 zvzWwwyggY`L79Z}Uxqj)lJHvQH$RP{m(Y3nq*&OWI~?-O0qGe3*_gK=i8}i|!bj&7t zb3g^7lSTA)2sM)x7O_Uzd?7D2XYvSNQeyI0?a6{rktzIqZBo|xz)td)R+`lZvKff^FxU(Rl~7lWqw7dAUnJ5LL?z8 za;E1h$4dH&hv@{mu97!4S`rg@5m$A>23^59OyWu!N4g3pomaPX z@t;4GVeA&-{Efbc1J*ciXG=-9BD05b^x}KO;ePt?ucHtnDVrL2Q{qCqwWK+?P$q)< z#L+G|hfO18go?MT*w2OaRu#=Q{BrNg(;M%@qJq%-SBnu+Q7wX%6brHX{BG-`OOY9e z>)&7{UD`4*f&**YBo6Y|cEyCIr(ViDd5w9EPP|1icTcR}p2AEq+Wel&Iuw5_RYBo? zD6+RaucjEQPt`S_KDp36HpRcwZHnqXD`Keo;k` zB(Wz!h#$&jWP7`;!lARrJyD-;qxtgjCA*^^<=-cgh^_Dd0`IjB_+#bqwr*tYjX`Vj z6^OuisC!bv4ZSU&F1bX_8C}h2`*l=9Zv>9A<(ZmcXZ>-W;tXAwY{6~bZJgIHv>|Gm zYQ*_R1b2LPP7O3S6(g!eSaRh^0w3rs`oK4!hBBm9ab2le{U#yR^C9f}C%pury_U}Ps^_0ycK63cctCY7`%m0|ZDKBQ%>fCEN4Dl)L z!g#IIsGjx`AJM3JLw?w1djkq#PRa;?I-dlPGt=twtj<#iuUvi&Al{KpZ zZe`;yO#lk|&Rcy@dVPo^z|YM$ z?#zc76k<`Da;Fw z4l&PP+hd&Wz;LmG&j4%bcWA_wtc;mr#f`x1)N1_bT$TwB**5t0MM03r`HS;h)pKoi zCM}o5Yj;QATAQQ9=9VBS%X8r4LCf2Sqt3rejy{w9obw*S?W_3QNs1b)z}86Jj`NWy zeq_Q~h?$DrbMafb?023Omr-GyBV^pLe|^F}>I`yW`uO~(tm!7b{m?ARza5u11vo`EI0hV7mSrhgKX@he zu48G{P8u8R)jM5RVXMwUVDInljO22VWC98(Z@5Y*pq~FM_LZh{((vW#p}FW|KqaO^ zPhC$%ygBG`!Pbj{z^qHW&hoda)#&cYjUM?kv^R71gKQ2R&FP%pHz!m}D7mLqMe-3z zUbMWTM0;0dOB0>DCyVe6AdM!f4`b4DX7pOkK2V;yRYtnc%g~@2*}1d0*_r+0$nl6~VpUt!9vyqJQ(=GkWpD$Ef?xy!OM9_S$aMG>I4Wv6 z@G}^LULx(yezssXw`yy_$VxK9a>A7E`~)%NK&5j+`B-2w6(&Akb(;QD8*QqlhZxC& z9mAi_0~9SwO85WXP>|s~i$y0?HWXL1xfMy-H96>H@HPnFH%@|Gv{THL{0b>5qX*Gv z`KzpG6w3;4RHhM~y}$4C5W1d?Z`}I%%f7mhNFIG1{nexMj81ONol9PfJ5A!*_fZ^# zx!9b6F$YFN^=vcH-eh~OeIjXc$VpUeE%RHSzC2yl6~l5^mf65P(M<;t48lDdQ z+zl36UvZy06GLTZrc7atS~JFCE@Y!pic2>!p@DiKYHHW->w}c^j-?{dA`QJEnSd7I zj+FhBhHiE0HZ@(P=?YTaHcR!#m9KRgSl(6T2p*U(m3K6-HUz6Qu(*4t400svmvE-~ zQdzlJ+7Un&{La#~KKZq%1Pi-xYmn(#D(ujSOC=>(iT+)P#ex#7L%l%mU45wz<$WzD z!76kp3FKS8R-x;bib=2r{eLea=qBl^d(4TF5!OH_$L<*CUa24Vxu1bZa=$cJSo<&& z9j*-ctj^qPntS`Am!YekonSd$h4=40MxU)9-Stx5+mm0v$x^NjGiN zByqbM9{sv(!@+eAS*yuo$@@>#BsaTr6=mx7+)TAS)KquJ63+lDm{EK!VUg z)MG!GR4Q)DnObqtf{9to3Lp!MpyNdj*o+S`d-LOT#7&>$;p|P@k48^k!J1POM2N39a_#NIz*}{78=8sKz(k4hAq|-sv2Ih%HW^!2}KaTyva>c_N zCuzo#s|b*^2Qv*wWHO=n3oEu+N%L3y<7pir?*7`VUmkj%S4Y4WGZ)AKuh@Wq9E^G7 zS(PTA@#nTWfC&PR-gxk28rscN71t9HrzziUtY5KnG zJLx3C_eH`Z)qiqn?Jye*$-{3(K>oBG;G`ADojfa&NOF8T$YwU2^}d?Yru}(zb#O1c z&#MtI&~J}$6P>*puA5FF8+7lEgLL&D28FnQO$05yyIY@*=L+inkX5lr2e`QLsP<%j5I-2a4xFWi7=>qGmTl-g+4FI)#LM0Ly~uEHr*w%iREW z*p$0fi!^zOCZMebF1EcU5q(#>9bSr=mq)?Vfz7m#{ORLda)HM*dM^4`kP`(nfsJMo zN%2&nCcJ-xM%l7qHsMgf?EIgL){Be20ka2+Qca&)b}Q=xUbQQd|5P2=Rx1X(AW$tvCsa(X zCADZ;UR3yJa|O(>7Ztp~MPuwh3w-s!I=yimXrR@atp-I)`zFu0xJ4$t7HNr{=R@o#*IvACn!ecQr6`Xqwokq$Q18Vy$Hyp|n5g)-N0c#L zNB-C*$+r2qCx{;v5co2%P4SQ4mb}Z1)K8OK22rJH{9QM7uG2%8MYm%jD3*9fq0tfsQApj{P%)lwe-FWssL^}z|6ltqQu1E z5N$50o{fUW?0CuoD|bq}4X$Yp&}*Vh8n4(=Mt!1RbNXVJpAwyljYFZM=Gk?L6XW_o z38xs*!BGb%AnXPFc%n@Kfw<$}YZrfu$pxlkQ_5e7DUuL$2sM9d z--LzeAX1WVL3eDdjti@5){Y}k{=M!o*oA$79z}e;<7c63LAEVdkrNba1+Rn}$n@A9 zJe?bGn}Cj)hg0Pjd-srU!{LT9O7ZB_tRJ!3<9!{6%1)22=W#BJw@`}BmUo+8uAoo+ z7rMUeo1op62H6TBCzOV-g{Fupu z!iIt!_40U#KG@HSr;Q2=pbUM8rNhDiYmgmMt+eFLHa2-K0b?>pk`at2nJa!DQO{xlqb;6p20rDa z$}v(A6VMZOjGkS{B>eovvShq^!_wOlZSu@(G<@O@)MR+GD=ktYJo-J-?Uh9KXZj3vvlq} zbfKwqSiFJ(NgB+s3%WMw~N5RHnJJ(kioWT34%lemcFSUb=+2~(+Y z<;Czxy8m31Ea6-`UqqhyKq0as7G^=VZ)SMmN=#J+o1?%BZdd*zi8PO%0&h;Wr&vFU zr#@CX*ZwiDu3l?2-;r9=V2nTTx}F8jK>e-^hWhZYMrS{A|$p>(U^%`^p7A9t_H-yIbE`= zWB`)&IIHnm-lMiL*hY)awk3O$21kS_mvBz;d*rwiQZI^ZwT1F=Lw8pkg{dNyv zk|v1&Ru~}9`Z{}#ahgLF2@#T^ zBGsg5*C$o^@KiMyQTaqovZ~7Bpb%7?Bb&~il@4E=-%=;DrE0uD^k243B=PLd&x;V% z&2z+kdYD+{ilw_Y9j(l&5**nXvOqVshFLK&@oVyP2JBn?E8=-b<3;IG^e7%?f=0|f zb2TDkYaA34m}>m#eB=S!C~xUXoPl0Ov8UAoHCI)ZHhsU#x6nD)P}im zSmE!9zF<(Xe|6+k5_>2mU9?!wu-=ApDmd&Y&7zy1^{PH^JI{Dc8IdM5@ssCWeH@=e zr-l&Uf;6vvbM%nSY&sb$YOzT^MW~@v#>_CMTh-AUT29VBTHwFu$&aCWqk3%XLoATv z*(<;BQLFD6wN#-P#lrz!L^pc=hX$;n)eC5RK*yC%74l@a2h_e2v*nq<&(!HRrwN9x zZ;7NSW>wQhZ`sYhDt|YwVthS*36g2D^-r`X^|3)u?LV_2^I}Fu&%&3I=?DTHI~O~gbv+lBIsY6V7*9&2EZTCjlc-v{ zo*K~<%!0o62dCatzQQ&eZ(ks5=53NWXyw^6A~rY({P!g=^!j(iXoDlGOH+qm@g%xk zvx4rv7z3cCs=x^`aAC!@JasHP2%OpiM~_b@f5pAIMoXy=9NYpYmh-X{%7T>Exz!- z7E=O_IPDzz(kJ&^xrcL{ynIo1aCrSUrT={V@2cRe!vglsaW`lC(^#{`{||7&+U_Xf I@VRUM3s>N{XaE2J literal 0 HcmV?d00001 diff --git a/.github/workflows/codeql-build-reuse.yml b/.github/workflows/codeql-build-reuse.yml new file mode 100644 index 000000000..1b46be8d2 --- /dev/null +++ b/.github/workflows/codeql-build-reuse.yml @@ -0,0 +1,11 @@ +name: Reuse CodeQl Analysis + +on: + push: + pull_request: + + +jobs: + codeql: + name: CodeQL Analysis + uses: nasa/cFS/.github/workflows/codeql-build.yml@main \ No newline at end of file diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index 0fc0edda9..6695f785d 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -1,10 +1,24 @@ -name: "CodeQL Analysis" +name: CodeQL Analysis on: - push: - pull_request: - branches: - - main + workflow_call: + inputs: + sample-defs: + description: 'Build Prep' + type: string + default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs' + make-prep: + description: 'Make Prep' + type: string + default: '' + make: + description: 'Make Code' + type: string + default: 'make' + tests: + description: 'Tests' + type: string + default: '' env: SIMULATION: native @@ -26,8 +40,7 @@ jobs: concurrent_skipping: 'same_content' skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - - + CodeQL-Security-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -38,42 +51,37 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions - if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule - name: Initialize CodeQL - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: ./.github/codeql/codeql-security.yml + config-file: nasa/cFS/.github/codeql/codeql-security.yml@main - # Setup the build system - name: Copy sample_defs - if: ${{ !steps.skip-workflow.outputs.skip }} - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs + run: ${{ inputs.sample-defs }} + + - name: Make prep + run: ${{ inputs.make-prep }} - # Setup the build system - name: Make Install - if: ${{ !steps.skip-workflow.outputs.skip }} - run: make + run: ${{ inputs.make }} + + - name: Run tests + run: ${{ inputs.tests }} - # Run CodeQL - name: Perform CodeQL Analysis - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/analyze@v1 - + CodeQL-Coding-Standard-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -84,38 +92,40 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code - if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions - if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule + - name: Checkout codeql code + uses: actions/checkout@v2 + with: + repository: github/codeql + submodules: true + path: codeql + - name: Initialize CodeQL - if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: ./.github/codeql/codeql-coding-standard.yml + config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main - # Setup the build system - name: Copy sample_defs - if: ${{ !steps.skip-workflow.outputs.skip }} - run: | - cp ./cfe/cmake/Makefile.sample Makefile - cp -r ./cfe/cmake/sample_defs sample_defs + run: ${{ inputs.sample-defs }} + + - name: Make prep + run: ${{ inputs.make-prep }} - # Setup the build system - name: Make Install - if: ${{ !steps.skip-workflow.outputs.skip }} - run: make + run: ${{ inputs.make }} + + - name: Run tests + run: ${{ inputs.tests }} - # Run CodeQL - name: Perform CodeQL Analysis - if: ${{ !steps.skip-workflow.outputs.skip }} - uses: github/codeql-action/analyze@v1 + uses: github/codeql-action/analyze@v1 \ No newline at end of file diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml new file mode 100644 index 000000000..ec83cc943 --- /dev/null +++ b/.github/workflows/format-check.yml @@ -0,0 +1,67 @@ +name: Format Check + +# Run on all push and pull requests +on: + push: + pull_request: + workflow_call: + +jobs: + #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. + check-for-duplicates: + runs-on: ubuntu-latest + # Map a step output to a job output + outputs: + should_skip: ${{ steps.skip_check.outputs.should_skip }} + steps: + - id: skip_check + uses: fkirc/skip-duplicate-actions@master + with: + concurrent_skipping: 'same_content' + skip_after_successful_duplicate: 'true' + do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' + + format-checker: + name: Run format check + #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. + needs: check-for-duplicates + if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} + runs-on: ubuntu-18.04 + timeout-minutes: 15 + + steps: + - name: Install format checker + run: | + wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - + sudo add-apt-repository 'deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main' + sudo apt-get update && sudo apt-get install clang-format-10 + + - name: Checkout bundle + uses: actions/checkout@v2 + with: + repository: nasa/cFS + + - name: Checkout + uses: actions/checkout@v2 + with: + path: repo + + - name: Generate format differences + run: | + cd repo + find . -name "*.[ch]" -exec clang-format-10 -i -style=file {} + + git diff > $GITHUB_WORKSPACE/style_differences.txt + + - name: Archive Static Analysis Artifacts + uses: actions/upload-artifact@v2 + with: + name: style_differences + path: style_differences.txt + + - name: Error on differences + run: | + if [[ -s style_differences.txt ]]; + then + cat style_differences.txt + exit -1 + fi \ No newline at end of file diff --git a/.github/workflows/static-analysis-reuse.yml b/.github/workflows/static-analysis-reuse.yml new file mode 100644 index 000000000..50ded549c --- /dev/null +++ b/.github/workflows/static-analysis-reuse.yml @@ -0,0 +1,9 @@ +name: Reuse Static Analysis + +on: + push: + +jobs: + static-analysis: + name: Static Analysis + uses: nasa/cFS/.github/workflows/static-analysis.yml@main \ No newline at end of file diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index d7405dcf6..0926de7af 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,9 +1,16 @@ name: Static Analysis -# Run this workflow every time a new commit pushed to your repository and for pull requests on: - push: - pull_request: + workflow_call: + inputs: + module: + description: 'GitHub Module' + type: string + default: 'bundle' + cppcheck-code: + description: 'Cppcheck Code' + type: string + default: '' jobs: #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. @@ -29,8 +36,6 @@ jobs: strategy: fail-fast: false - matrix: - cppcheck: [bundle, cfe, osal, psp] steps: - name: Install cppcheck @@ -43,38 +48,39 @@ jobs: submodules: true - name: Run bundle cppcheck - if: ${{matrix.cppcheck =='bundle'}} - run: cppcheck --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt - - # Run strict static analysis for embedded portions of cfe, osal, and psp - - name: cfe strict cppcheck - if: ${{matrix.cppcheck =='cfe'}} - run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + run: cppcheck --force --inline-suppr --quiet . 2> ${{ inputs.module }}_cppcheck_err.txt + + - name: Archive static analysis artifacts for bundle + uses: actions/upload-artifact@v2 + with: + name: bundle-cppcheck-err + path: ./*cppcheck_err.txt - - name: osal strict cppcheck - if: ${{matrix.cppcheck =='osal'}} + - name: Check for errors for bundle run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - - - name: psp strict cppcheck - if: ${{matrix.cppcheck =='psp'}} + if [[ -s bundle_cppcheck_err.txt ]]; + then + cat $bundle_cppcheck_err.txt + exit -1 + fi + + # Run strict static analysis for embedded portions of cfe, osal, and psp + - name: Strict cppcheck + if: ${{ inputs.module !='bundle' }} run: | - cd ${{matrix.cppcheck}} - cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ../${{matrix.cppcheck}}_cppcheck_err.txt - - - name: Archive Static Analysis Artifacts + ${{ inputs.cppcheck-code }} + - name: Archive static analysis artifacts + if: ${{ inputs.module !='bundle' }} uses: actions/upload-artifact@v2 with: - name: ${{matrix.cppcheck}}-cppcheck-err + name: ${{ inputs.module }}-cppcheck-err path: ./*cppcheck_err.txt - name: Check for errors + if: ${{ inputs.module !='bundle' }} run: | - if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]]; + if [[ -s ${{ inputs.module }}_cppcheck_err.txt ]]; then - cat ${{matrix.cppcheck}}_cppcheck_err.txt + cat ${{ inputs.module }}_cppcheck_err.txt exit -1 - fi + fi \ No newline at end of file From 0ef821896717d827dab5bf4e385de0b9b0f33385 Mon Sep 17 00:00:00 2001 From: Ariel Adams <69638935+ArielSAdamsNASA@users.noreply.github.com> Date: Wed, 27 Oct 2021 11:45:02 -0500 Subject: [PATCH 2/3] Revert "Fix #382, Reuse CodeQL, Static Analysis, and Format Check" --- .github/codeql/codeql-coding-standard.yml | 16 +++- .github/codeql/jpl-misra.qls | 21 ----- .github/workflows/README.md | 16 +--- .github/workflows/cFS-Reusable-Workflows.PNG | Bin 12526 -> 0 bytes .github/workflows/codeql-build-reuse.yml | 11 --- .github/workflows/codeql-build.yml | 78 +++++++++---------- .github/workflows/format-check.yml | 67 ---------------- .github/workflows/static-analysis-reuse.yml | 9 --- .github/workflows/static-analysis.yml | 64 +++++++-------- 9 files changed, 84 insertions(+), 198 deletions(-) delete mode 100644 .github/codeql/jpl-misra.qls delete mode 100644 .github/workflows/cFS-Reusable-Workflows.PNG delete mode 100644 .github/workflows/codeql-build-reuse.yml delete mode 100644 .github/workflows/format-check.yml delete mode 100644 .github/workflows/static-analysis-reuse.yml diff --git a/.github/codeql/codeql-coding-standard.yml b/.github/codeql/codeql-coding-standard.yml index 718b750e9..f68d01b42 100644 --- a/.github/codeql/codeql-coding-standard.yml +++ b/.github/codeql/codeql-coding-standard.yml @@ -3,5 +3,17 @@ name: "CodeQL Coding Standard Configuration File" disable-default-queries: true queries: - - name: JPL and MISRA - uses: ./.github/codeql/jpl-misra.qls \ No newline at end of file + - name: JPL Rules + uses: github/codeql/cpp/ql/src/JPL_C@main + - name: MISRA Rule 9-5-1 + uses: github/codeql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql@main + - name: MISRA Rule 5-18-1 + uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql@main + - name: MISRA 6-2-2 + uses: github/codeql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql@main + - name: MISRA Rule 5-14-1 + uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql@main + - name: MISRA Rule 5-3-2 + uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql@main + - name: MISRA Rule 7-5-2 + uses: github/codeql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql@main \ No newline at end of file diff --git a/.github/codeql/jpl-misra.qls b/.github/codeql/jpl-misra.qls deleted file mode 100644 index cfb114031..000000000 --- a/.github/codeql/jpl-misra.qls +++ /dev/null @@ -1,21 +0,0 @@ -# Start with all the queries in the codeql/cpp-queries pack. -- queries: . - from: codeql/cpp-queries -# Restrict to only the queries with the following ID patterns. -- include: - id: - # Regular expression matching all query IDs that start with `cpp/jpl-c/` - # This covers all queries in the `JPL_C` directory, - # but matching on query ID is more stable. - - /cpp/jpl-c/*/ - # Specific JSF queries, identified by query ID. - # MISRA Rule 9-5-1 - - cpp/jsf/av-rule-153 - # MISRA Rule 5-18-1 - - cpp/jsf/av-rule-168 - # MISRA 6-2-2 - - cpp/jsf/av-rule-202 - # MISRA Rule 5-14-1 - - cpp/jsf/av-rule-165 - # MISRA Rule 5-3-2 - - cpp/jsf/av-rule-173 \ No newline at end of file diff --git a/.github/workflows/README.md b/.github/workflows/README.md index eb1e3ed63..4a321cc83 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -1,15 +1,5 @@ # Our Workflows -## Reusable Workflows - -To reduce duplication, CodeQL Analysis, Static Analysis, and Format Checker are placed in cFS to be reused in the subrepositories. - -CodeQL Analysis and Static Analysis require inputs, therefore, they are called in an additional workflow in cFS to be utilized. Format checker does not need to be reused in cFS because it does not require inputs. - -Provided is a diagram of the architecture of the reusable workflows. - -![Reusable Workflows Architecture](cFS-Reusable-Workflows.PNG) - ## Deprecated Build, Test, and Run [![Deprecated Build, Test, and Run](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml) @@ -35,8 +25,8 @@ For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-acti Our CodeQL action uses a configuration file to use specific queries, which can be found at [.github/codeql](https://github.com/nasa/cFS/tree/main/.github/codeql). -## Static Analysis -[![Static Analysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) +## Static Analaysis +[![Static Analaysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) This action runs a static analysis tool for C/C++ code known as cppcheck. Cppcheck is designed to be able to analyze C/C++ code even if it has non-standard syntax, which is common in embedded projects. @@ -68,6 +58,6 @@ This action creates a changelog file which documents all the issues in cFS. The Changelog action runs manually. ## Format Check -[![Format Check](https://github.com/nasa/cfs/actions/workflows/format-check.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/format-check.yml) +[![Format Check](https://github.com/nasa/osal/actions/workflows/format-check.yml/badge.svg)](https://github.com/nasa/osal/actions/workflows/format-check.yml) This action uses [clang-format-10](https://github.com/nasa/cFS/blob/main/.clang-format) to check for format errors. diff --git a/.github/workflows/cFS-Reusable-Workflows.PNG b/.github/workflows/cFS-Reusable-Workflows.PNG deleted file mode 100644 index 02dc3ef36e2e64a1aa47439293aabcf57359b15d..0000000000000000000000000000000000000000 GIT binary patch literal 0 HcmV?d00001 literal 12526 zcmeHucT|(<)-UQPql_{tMMa3C(wmBcQW6_t14Md_f&m#yq(o^+92HPNu>cVfqaY|C ziG&geBym83+GpYf3LoD+&w~0ZbRhazh!;?kSIC1UDr<>J>(SSGu|s9D|KW~hRLqZ zyN-|n*23NLJ9 zLuS~(KL7B5-dFpAY+X8;uNLm|K26xGUoNfg>P3sc5I!NtW9Xe?gX*F};7fmd-^@pI zRCmPUN#xvf1S`Og%>R7+Pb%0oZj6=q3AqrvAMabry2*++(Fed zqGb<{akWt^f6`JLGJk`M0tq-JAQ4RE$E5} zsKR`{(=;skJZfm5LiBL=isU*EOI)E*1FuHU+F|CsN`l7=!?U7s#zwh4Jrlewz0k&H z>XnRJ#mUw!YMxNe*!&%B%!+$@e{5YYNDL6x#m!{}ux8}%z&3e9Se@RUN!Bc!DiIU; zl6;!nl6A$sWU^}oy2nES0g=m3UQ`ha0jsgpHkhqr(lYo4=-}R`kFh6e+WEF`hV@;( zOz_uU#V9=Ok%m9+LRfY;!`BTtq95ll=10HuIO9*vO3dqFsfvGYR)m1#hF<xE!5eK_n=!WkH zQ9ZKGZE;X5JLKLkUYOWkMFl!sm7oYOdXh>~lxsTz+Wk=niGJ>5>%gx^EOPn&YeH)T z`Z2k$&%J9UZRLwtlaQ3q7fuS2*C<+~Z0zlmKGJJJP^?VrjZHnwV6cNkO z+{E&dDipB_hq&@rKjsK>o%^Ck)muwyrp3aG4q5&S+{@_ucEQw6=Rw(ivy|ou-lZOK zxWt(QztS0laN}~gbCRI&Zxwx3eodAHz#L{+2&qA!Ql|C&2^}A?;h7*;xdO@ac^uJv;Q94=2zHjt&M|EodnI|goY1KB;nx6B5&Ol|*lu||3}}7w z^D{+9^p0JH0>DfcNVPhn5+QM&tz(7Pj)(`5N{H2rjH2S<^}=1?lqBwf;D)2X0Y!8aTP z-|#3+ITFVW65$MVeWGTCW0WwKG)P+!mwF&>;NDnFdbs3#h+84b6W17A^Vx!mDAffz zfQ}STksoeld<(KlkX!8})?FA|!-O_YKPZtVPmmS@El0g;Ub~S|ekJJHiUG>)pjduF zy2K2NdR}?C?vbygA}h(_!(eDv4ecRzcwc?Ocveo2J|)d2;QfrQg`OlSl%IOOD4@e8 z9i7ePXphX<|JXg$XK*8R^9un#h)@0wd{p+ri)v&=?vtB4bzKK|&4g>L8M;H=>L0j$ zjvPh~E0>pMziEb?!JlA0Zez}xPKg5{`fh|G<4SA z1l^^$zk2!K z*2kJQ-m-nOrheuAp4TKrH65Vhhb<-xDR=entlDL>F*JDlsvlL=jFnU^7FYCu$7c=` zE}q$?ZMr_<>36G=7xz+6L&p{l#_zuV*g1FnAvbGquTqHN|bceGY6>5d)stg@@l%YV_?z!c{G=xXMT zU$~A1H>}do)%zP3F^1z*2Nr$&`1Has5o<|J9Jc1U3INRut$Xu6l3E`Agc^d$faJE= zP2CA3*h;*l|GS^wJ&53@qUkqIKg!?hEplf1@{E6aaD&A2Nt5W_T)X|S)>;JquCNu< z?>jJ9ML7cdL%~0;-xH_<+(^OYgYmQOnSiW{z^?JVe)H~$BV6qZHGAVp_Tk?n=u}Xi zAJvZDIK71l{b?{yHw}INhz>Ar&Bb5q+P3{d>lxAN&BnH1)NVb@MH(}uN^e)K|LH*j z$^N&fz%>Z`(2q<^tb^#qHq)EmXYNfyA8t71r~~XwJR|B!2Bj}Kbo969&jcIy_&fp= z!h!#9B0Df^04{rAt_MiM$Hi4f$>4ZhJBhS@>~iU?C)yQpZcy<6cYr~kJHNS?K;T5& z0csW@P1MA=1mVlqZn{IgVvS2xqc&f`N+Kh@d!GqjGPX(V`uYR0J{g^Ot z?UahLE1{;s?R8{en6xH-qpcFW`Wz;5{^o*4@a;=wBA+nMxPp>cssJzslK8#kz7UTKL z+)@ivG;SxJIQgTW-$dX^4wEJdq}wO3r@KULjlm7mFa7wzPy7g(EFp>Trxnw-t5qQN zLTkqJ$0$|DHbw?V8&r#W9UsT`=hcINNMP6&V%TO*5B~7()W%|;#H7X=mZ~buyhNMQ zyL0m>P_~7Md9(x^CH-%N^0|EFae9QVQA}T2fZ1lX2YI@B!06+)5B;5ox#Y8FY!IeI zRC|eYDv=N533jYpayo~kI6rC5J?p~(TIIK=g|035avyp|oaDg{YDl5H7%l}AhQqB| zjA@pAQvYR-+T?;=<|XQy)STKu`hPG+ z-7KEvy};hNl%2y!OkIsX#jhRz;;|q(-;=)%0kbW`D(X*r5GAfXb748dG63eI$J42q zFWOOmYEoUtPFjJD3$%cX>KO54WmrS)9I9iNsn%i;1ZaO~L7g~VY4l+dCLV|q4i%Xo zeI?;mE{vyBn^ZK&3wx{?1!Ney@Pm|!Jk)Id#J*~I=~tvNNr$5iLy9<#z0KI$ zcu9nef2K?Z%s@Rf0P+tUv(0}7oz`uww+;cn?>&D}%~r$J8|xiy@%ZT8XP@q0U3n@a ztw*On;^%7~Wxmm2ef0{-NJF2qgdX%co2rTHEvf0V@Hy@;eIlqwKC1iJtltC9>sK^{ z_asMV9#O#AMBtbkS|Ixn2%&pfTy)rck}`Vb(EzJ*J9bF1BEAlbk4XtlOr2rH1)9t5 zvzWwwyggY`L79Z}Uxqj)lJHvQH$RP{m(Y3nq*&OWI~?-O0qGe3*_gK=i8}i|!bj&7t zb3g^7lSTA)2sM)x7O_Uzd?7D2XYvSNQeyI0?a6{rktzIqZBo|xz)td)R+`lZvKff^FxU(Rl~7lWqw7dAUnJ5LL?z8 za;E1h$4dH&hv@{mu97!4S`rg@5m$A>23^59OyWu!N4g3pomaPX z@t;4GVeA&-{Efbc1J*ciXG=-9BD05b^x}KO;ePt?ucHtnDVrL2Q{qCqwWK+?P$q)< z#L+G|hfO18go?MT*w2OaRu#=Q{BrNg(;M%@qJq%-SBnu+Q7wX%6brHX{BG-`OOY9e z>)&7{UD`4*f&**YBo6Y|cEyCIr(ViDd5w9EPP|1icTcR}p2AEq+Wel&Iuw5_RYBo? zD6+RaucjEQPt`S_KDp36HpRcwZHnqXD`Keo;k` zB(Wz!h#$&jWP7`;!lARrJyD-;qxtgjCA*^^<=-cgh^_Dd0`IjB_+#bqwr*tYjX`Vj z6^OuisC!bv4ZSU&F1bX_8C}h2`*l=9Zv>9A<(ZmcXZ>-W;tXAwY{6~bZJgIHv>|Gm zYQ*_R1b2LPP7O3S6(g!eSaRh^0w3rs`oK4!hBBm9ab2le{U#yR^C9f}C%pury_U}Ps^_0ycK63cctCY7`%m0|ZDKBQ%>fCEN4Dl)L z!g#IIsGjx`AJM3JLw?w1djkq#PRa;?I-dlPGt=twtj<#iuUvi&Al{KpZ zZe`;yO#lk|&Rcy@dVPo^z|YM$ z?#zc76k<`Da;Fw z4l&PP+hd&Wz;LmG&j4%bcWA_wtc;mr#f`x1)N1_bT$TwB**5t0MM03r`HS;h)pKoi zCM}o5Yj;QATAQQ9=9VBS%X8r4LCf2Sqt3rejy{w9obw*S?W_3QNs1b)z}86Jj`NWy zeq_Q~h?$DrbMafb?023Omr-GyBV^pLe|^F}>I`yW`uO~(tm!7b{m?ARza5u11vo`EI0hV7mSrhgKX@he zu48G{P8u8R)jM5RVXMwUVDInljO22VWC98(Z@5Y*pq~FM_LZh{((vW#p}FW|KqaO^ zPhC$%ygBG`!Pbj{z^qHW&hoda)#&cYjUM?kv^R71gKQ2R&FP%pHz!m}D7mLqMe-3z zUbMWTM0;0dOB0>DCyVe6AdM!f4`b4DX7pOkK2V;yRYtnc%g~@2*}1d0*_r+0$nl6~VpUt!9vyqJQ(=GkWpD$Ef?xy!OM9_S$aMG>I4Wv6 z@G}^LULx(yezssXw`yy_$VxK9a>A7E`~)%NK&5j+`B-2w6(&Akb(;QD8*QqlhZxC& z9mAi_0~9SwO85WXP>|s~i$y0?HWXL1xfMy-H96>H@HPnFH%@|Gv{THL{0b>5qX*Gv z`KzpG6w3;4RHhM~y}$4C5W1d?Z`}I%%f7mhNFIG1{nexMj81ONol9PfJ5A!*_fZ^# zx!9b6F$YFN^=vcH-eh~OeIjXc$VpUeE%RHSzC2yl6~l5^mf65P(M<;t48lDdQ z+zl36UvZy06GLTZrc7atS~JFCE@Y!pic2>!p@DiKYHHW->w}c^j-?{dA`QJEnSd7I zj+FhBhHiE0HZ@(P=?YTaHcR!#m9KRgSl(6T2p*U(m3K6-HUz6Qu(*4t400svmvE-~ zQdzlJ+7Un&{La#~KKZq%1Pi-xYmn(#D(ujSOC=>(iT+)P#ex#7L%l%mU45wz<$WzD z!76kp3FKS8R-x;bib=2r{eLea=qBl^d(4TF5!OH_$L<*CUa24Vxu1bZa=$cJSo<&& z9j*-ctj^qPntS`Am!YekonSd$h4=40MxU)9-Stx5+mm0v$x^NjGiN zByqbM9{sv(!@+eAS*yuo$@@>#BsaTr6=mx7+)TAS)KquJ63+lDm{EK!VUg z)MG!GR4Q)DnObqtf{9to3Lp!MpyNdj*o+S`d-LOT#7&>$;p|P@k48^k!J1POM2N39a_#NIz*}{78=8sKz(k4hAq|-sv2Ih%HW^!2}KaTyva>c_N zCuzo#s|b*^2Qv*wWHO=n3oEu+N%L3y<7pir?*7`VUmkj%S4Y4WGZ)AKuh@Wq9E^G7 zS(PTA@#nTWfC&PR-gxk28rscN71t9HrzziUtY5KnG zJLx3C_eH`Z)qiqn?Jye*$-{3(K>oBG;G`ADojfa&NOF8T$YwU2^}d?Yru}(zb#O1c z&#MtI&~J}$6P>*puA5FF8+7lEgLL&D28FnQO$05yyIY@*=L+inkX5lr2e`QLsP<%j5I-2a4xFWi7=>qGmTl-g+4FI)#LM0Ly~uEHr*w%iREW z*p$0fi!^zOCZMebF1EcU5q(#>9bSr=mq)?Vfz7m#{ORLda)HM*dM^4`kP`(nfsJMo zN%2&nCcJ-xM%l7qHsMgf?EIgL){Be20ka2+Qca&)b}Q=xUbQQd|5P2=Rx1X(AW$tvCsa(X zCADZ;UR3yJa|O(>7Ztp~MPuwh3w-s!I=yimXrR@atp-I)`zFu0xJ4$t7HNr{=R@o#*IvACn!ecQr6`Xqwokq$Q18Vy$Hyp|n5g)-N0c#L zNB-C*$+r2qCx{;v5co2%P4SQ4mb}Z1)K8OK22rJH{9QM7uG2%8MYm%jD3*9fq0tfsQApj{P%)lwe-FWssL^}z|6ltqQu1E z5N$50o{fUW?0CuoD|bq}4X$Yp&}*Vh8n4(=Mt!1RbNXVJpAwyljYFZM=Gk?L6XW_o z38xs*!BGb%AnXPFc%n@Kfw<$}YZrfu$pxlkQ_5e7DUuL$2sM9d z--LzeAX1WVL3eDdjti@5){Y}k{=M!o*oA$79z}e;<7c63LAEVdkrNba1+Rn}$n@A9 zJe?bGn}Cj)hg0Pjd-srU!{LT9O7ZB_tRJ!3<9!{6%1)22=W#BJw@`}BmUo+8uAoo+ z7rMUeo1op62H6TBCzOV-g{Fupu z!iIt!_40U#KG@HSr;Q2=pbUM8rNhDiYmgmMt+eFLHa2-K0b?>pk`at2nJa!DQO{xlqb;6p20rDa z$}v(A6VMZOjGkS{B>eovvShq^!_wOlZSu@(G<@O@)MR+GD=ktYJo-J-?Uh9KXZj3vvlq} zbfKwqSiFJ(NgB+s3%WMw~N5RHnJJ(kioWT34%lemcFSUb=+2~(+Y z<;Czxy8m31Ea6-`UqqhyKq0as7G^=VZ)SMmN=#J+o1?%BZdd*zi8PO%0&h;Wr&vFU zr#@CX*ZwiDu3l?2-;r9=V2nTTx}F8jK>e-^hWhZYMrS{A|$p>(U^%`^p7A9t_H-yIbE`= zWB`)&IIHnm-lMiL*hY)awk3O$21kS_mvBz;d*rwiQZI^ZwT1F=Lw8pkg{dNyv zk|v1&Ru~}9`Z{}#ahgLF2@#T^ zBGsg5*C$o^@KiMyQTaqovZ~7Bpb%7?Bb&~il@4E=-%=;DrE0uD^k243B=PLd&x;V% z&2z+kdYD+{ilw_Y9j(l&5**nXvOqVshFLK&@oVyP2JBn?E8=-b<3;IG^e7%?f=0|f zb2TDkYaA34m}>m#eB=S!C~xUXoPl0Ov8UAoHCI)ZHhsU#x6nD)P}im zSmE!9zF<(Xe|6+k5_>2mU9?!wu-=ApDmd&Y&7zy1^{PH^JI{Dc8IdM5@ssCWeH@=e zr-l&Uf;6vvbM%nSY&sb$YOzT^MW~@v#>_CMTh-AUT29VBTHwFu$&aCWqk3%XLoATv z*(<;BQLFD6wN#-P#lrz!L^pc=hX$;n)eC5RK*yC%74l@a2h_e2v*nq<&(!HRrwN9x zZ;7NSW>wQhZ`sYhDt|YwVthS*36g2D^-r`X^|3)u?LV_2^I}Fu&%&3I=?DTHI~O~gbv+lBIsY6V7*9&2EZTCjlc-v{ zo*K~<%!0o62dCatzQQ&eZ(ks5=53NWXyw^6A~rY({P!g=^!j(iXoDlGOH+qm@g%xk zvx4rv7z3cCs=x^`aAC!@JasHP2%OpiM~_b@f5pAIMoXy=9NYpYmh-X{%7T>Exz!- z7E=O_IPDzz(kJ&^xrcL{ynIo1aCrSUrT={V@2cRe!vglsaW`lC(^#{`{||7&+U_Xf I@VRUM3s>N{XaE2J diff --git a/.github/workflows/codeql-build-reuse.yml b/.github/workflows/codeql-build-reuse.yml deleted file mode 100644 index 1b46be8d2..000000000 --- a/.github/workflows/codeql-build-reuse.yml +++ /dev/null @@ -1,11 +0,0 @@ -name: Reuse CodeQl Analysis - -on: - push: - pull_request: - - -jobs: - codeql: - name: CodeQL Analysis - uses: nasa/cFS/.github/workflows/codeql-build.yml@main \ No newline at end of file diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index 6695f785d..e52049a07 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -1,24 +1,10 @@ -name: CodeQL Analysis +name: "CodeQL Analysis" on: - workflow_call: - inputs: - sample-defs: - description: 'Build Prep' - type: string - default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs' - make-prep: - description: 'Make Prep' - type: string - default: '' - make: - description: 'Make Code' - type: string - default: 'make' - tests: - description: 'Tests' - type: string - default: '' + push: + pull_request: + branches: + - main env: SIMULATION: native @@ -40,7 +26,8 @@ jobs: concurrent_skipping: 'same_content' skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - + + CodeQL-Security-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -51,37 +38,42 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code + if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions + if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule - name: Initialize CodeQL + if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: nasa/cFS/.github/codeql/codeql-security.yml@main + config-file: ./.github/codeql/codeql-security.yml + # Setup the build system - name: Copy sample_defs - run: ${{ inputs.sample-defs }} - - - name: Make prep - run: ${{ inputs.make-prep }} + if: ${{ !steps.skip-workflow.outputs.skip }} + run: | + cp ./cfe/cmake/Makefile.sample Makefile + cp -r ./cfe/cmake/sample_defs sample_defs + # Setup the build system - name: Make Install - run: ${{ inputs.make }} - - - name: Run tests - run: ${{ inputs.tests }} + if: ${{ !steps.skip-workflow.outputs.skip }} + run: make + # Run CodeQL - name: Perform CodeQL Analysis + if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/analyze@v1 - + CodeQL-Coding-Standard-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -92,17 +84,20 @@ jobs: steps: # Checks out a copy of your repository - name: Checkout code + if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: nasa/cFS submodules: true - name: Check versions + if: ${{ !steps.skip-workflow.outputs.skip }} run: | git log -1 --pretty=oneline git submodule - name: Checkout codeql code + if: ${{ !steps.skip-workflow.outputs.skip }} uses: actions/checkout@v2 with: repository: github/codeql @@ -110,22 +105,25 @@ jobs: path: codeql - name: Initialize CodeQL + if: ${{ !steps.skip-workflow.outputs.skip }} uses: github/codeql-action/init@v1 with: languages: c - config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main + config-file: ./.github/codeql/codeql-coding-standard.yml + # Setup the build system - name: Copy sample_defs - run: ${{ inputs.sample-defs }} - - - name: Make prep - run: ${{ inputs.make-prep }} + if: ${{ !steps.skip-workflow.outputs.skip }} + run: | + cp ./cfe/cmake/Makefile.sample Makefile + cp -r ./cfe/cmake/sample_defs sample_defs + # Setup the build system - name: Make Install - run: ${{ inputs.make }} - - - name: Run tests - run: ${{ inputs.tests }} + if: ${{ !steps.skip-workflow.outputs.skip }} + run: make + # Run CodeQL - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 \ No newline at end of file + if: ${{ !steps.skip-workflow.outputs.skip }} + uses: github/codeql-action/analyze@v1 diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml deleted file mode 100644 index ec83cc943..000000000 --- a/.github/workflows/format-check.yml +++ /dev/null @@ -1,67 +0,0 @@ -name: Format Check - -# Run on all push and pull requests -on: - push: - pull_request: - workflow_call: - -jobs: - #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. - check-for-duplicates: - runs-on: ubuntu-latest - # Map a step output to a job output - outputs: - should_skip: ${{ steps.skip_check.outputs.should_skip }} - steps: - - id: skip_check - uses: fkirc/skip-duplicate-actions@master - with: - concurrent_skipping: 'same_content' - skip_after_successful_duplicate: 'true' - do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - - format-checker: - name: Run format check - #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. - needs: check-for-duplicates - if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} - runs-on: ubuntu-18.04 - timeout-minutes: 15 - - steps: - - name: Install format checker - run: | - wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add - - sudo add-apt-repository 'deb http://apt.llvm.org/bionic/ llvm-toolchain-bionic-10 main' - sudo apt-get update && sudo apt-get install clang-format-10 - - - name: Checkout bundle - uses: actions/checkout@v2 - with: - repository: nasa/cFS - - - name: Checkout - uses: actions/checkout@v2 - with: - path: repo - - - name: Generate format differences - run: | - cd repo - find . -name "*.[ch]" -exec clang-format-10 -i -style=file {} + - git diff > $GITHUB_WORKSPACE/style_differences.txt - - - name: Archive Static Analysis Artifacts - uses: actions/upload-artifact@v2 - with: - name: style_differences - path: style_differences.txt - - - name: Error on differences - run: | - if [[ -s style_differences.txt ]]; - then - cat style_differences.txt - exit -1 - fi \ No newline at end of file diff --git a/.github/workflows/static-analysis-reuse.yml b/.github/workflows/static-analysis-reuse.yml deleted file mode 100644 index 50ded549c..000000000 --- a/.github/workflows/static-analysis-reuse.yml +++ /dev/null @@ -1,9 +0,0 @@ -name: Reuse Static Analysis - -on: - push: - -jobs: - static-analysis: - name: Static Analysis - uses: nasa/cFS/.github/workflows/static-analysis.yml@main \ No newline at end of file diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 0926de7af..d7405dcf6 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,16 +1,9 @@ name: Static Analysis +# Run this workflow every time a new commit pushed to your repository and for pull requests on: - workflow_call: - inputs: - module: - description: 'GitHub Module' - type: string - default: 'bundle' - cppcheck-code: - description: 'Cppcheck Code' - type: string - default: '' + push: + pull_request: jobs: #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. @@ -36,6 +29,8 @@ jobs: strategy: fail-fast: false + matrix: + cppcheck: [bundle, cfe, osal, psp] steps: - name: Install cppcheck @@ -48,39 +43,38 @@ jobs: submodules: true - name: Run bundle cppcheck - run: cppcheck --force --inline-suppr --quiet . 2> ${{ inputs.module }}_cppcheck_err.txt - - - name: Archive static analysis artifacts for bundle - uses: actions/upload-artifact@v2 - with: - name: bundle-cppcheck-err - path: ./*cppcheck_err.txt + if: ${{matrix.cppcheck =='bundle'}} + run: cppcheck --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt - - name: Check for errors for bundle - run: | - if [[ -s bundle_cppcheck_err.txt ]]; - then - cat $bundle_cppcheck_err.txt - exit -1 - fi - # Run strict static analysis for embedded portions of cfe, osal, and psp - - name: Strict cppcheck - if: ${{ inputs.module !='bundle' }} + - name: cfe strict cppcheck + if: ${{matrix.cppcheck =='cfe'}} run: | - ${{ inputs.cppcheck-code }} - - name: Archive static analysis artifacts - if: ${{ inputs.module !='bundle' }} + cd ${{matrix.cppcheck}} + cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + + - name: osal strict cppcheck + if: ${{matrix.cppcheck =='osal'}} + run: | + cd ${{matrix.cppcheck}} + cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + + - name: psp strict cppcheck + if: ${{matrix.cppcheck =='psp'}} + run: | + cd ${{matrix.cppcheck}} + cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + + - name: Archive Static Analysis Artifacts uses: actions/upload-artifact@v2 with: - name: ${{ inputs.module }}-cppcheck-err + name: ${{matrix.cppcheck}}-cppcheck-err path: ./*cppcheck_err.txt - name: Check for errors - if: ${{ inputs.module !='bundle' }} run: | - if [[ -s ${{ inputs.module }}_cppcheck_err.txt ]]; + if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]]; then - cat ${{ inputs.module }}_cppcheck_err.txt + cat ${{matrix.cppcheck}}_cppcheck_err.txt exit -1 - fi \ No newline at end of file + fi From a7ecfc64c017f85b3c15e39e2e9b2215b3bbd278 Mon Sep 17 00:00:00 2001 From: ArielSAdamsNASA Date: Wed, 27 Oct 2021 11:53:36 -0500 Subject: [PATCH 3/3] Fix #381, Reuse CodeQL, Static Analysis, Format Check Fix #381, Reuse CodeQL, Static Analysis, Format Check --- .github/workflows/README.md | 4 ++-- ...lows.PNG => Reusable-Workflows-Architecture.PNG} | Bin .github/workflows/codeql-build-reuse.yml | 1 - .github/workflows/codeql-build.yml | 1 - .github/workflows/format-check.yml | 4 ++-- .github/workflows/static-analysis-reuse.yml | 1 + .github/workflows/static-analysis.yml | 3 +++ 7 files changed, 8 insertions(+), 6 deletions(-) rename .github/workflows/{cFS-Reusable-Workflows.PNG => Reusable-Workflows-Architecture.PNG} (100%) diff --git a/.github/workflows/README.md b/.github/workflows/README.md index eb1e3ed63..2187c24eb 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -2,13 +2,13 @@ ## Reusable Workflows -To reduce duplication, CodeQL Analysis, Static Analysis, and Format Checker are placed in cFS to be reused in the subrepositories. +To reduce duplication, the workflows CodeQL Analysis, Static Analysis, and Format Checker are placed in cFS to be reused in the subrepositories. CodeQL Analysis and Static Analysis require inputs, therefore, they are called in an additional workflow in cFS to be utilized. Format checker does not need to be reused in cFS because it does not require inputs. Provided is a diagram of the architecture of the reusable workflows. -![Reusable Workflows Architecture](cFS-Reusable-Workflows.PNG) +![Reusable Workflows Architecture](Reusable-Workflows-Architecture.PNG) ## Deprecated Build, Test, and Run [![Deprecated Build, Test, and Run](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml) diff --git a/.github/workflows/cFS-Reusable-Workflows.PNG b/.github/workflows/Reusable-Workflows-Architecture.PNG similarity index 100% rename from .github/workflows/cFS-Reusable-Workflows.PNG rename to .github/workflows/Reusable-Workflows-Architecture.PNG diff --git a/.github/workflows/codeql-build-reuse.yml b/.github/workflows/codeql-build-reuse.yml index 1b46be8d2..ee5a9a66e 100644 --- a/.github/workflows/codeql-build-reuse.yml +++ b/.github/workflows/codeql-build-reuse.yml @@ -3,7 +3,6 @@ name: Reuse CodeQl Analysis on: push: pull_request: - jobs: codeql: diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index 6695f785d..655a09c25 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -101,7 +101,6 @@ jobs: run: | git log -1 --pretty=oneline git submodule - - name: Checkout codeql code uses: actions/checkout@v2 with: diff --git a/.github/workflows/format-check.yml b/.github/workflows/format-check.yml index ec83cc943..cb003b6e7 100644 --- a/.github/workflows/format-check.yml +++ b/.github/workflows/format-check.yml @@ -5,7 +5,7 @@ on: push: pull_request: workflow_call: - + jobs: #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. check-for-duplicates: @@ -64,4 +64,4 @@ jobs: then cat style_differences.txt exit -1 - fi \ No newline at end of file + fi diff --git a/.github/workflows/static-analysis-reuse.yml b/.github/workflows/static-analysis-reuse.yml index 50ded549c..44688b621 100644 --- a/.github/workflows/static-analysis-reuse.yml +++ b/.github/workflows/static-analysis-reuse.yml @@ -2,6 +2,7 @@ name: Reuse Static Analysis on: push: + pull_request: jobs: static-analysis: diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 0926de7af..4f2396e11 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,6 +1,9 @@ name: Static Analysis +# Run on all push and pull requests on: + push: + pull_request: workflow_call: inputs: module: