diff --git a/.github/codeql/codeql-coding-standard.yml b/.github/codeql/codeql-coding-standard.yml index 718b750e9..f68d01b42 100644 --- a/.github/codeql/codeql-coding-standard.yml +++ b/.github/codeql/codeql-coding-standard.yml @@ -3,5 +3,17 @@ name: "CodeQL Coding Standard Configuration File" disable-default-queries: true queries: - - name: JPL and MISRA - uses: ./.github/codeql/jpl-misra.qls \ No newline at end of file + - name: JPL Rules + uses: github/codeql/cpp/ql/src/JPL_C@main + - name: MISRA Rule 9-5-1 + uses: github/codeql/cpp/ql/src/jsf/4.20 Unions and Bit Fields/AV Rule 153.ql@main + - name: MISRA Rule 5-18-1 + uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 168.ql@main + - name: MISRA 6-2-2 + uses: github/codeql/cpp/ql/src/jsf/4.25 Expressions/AV Rule 202.ql@main + - name: MISRA Rule 5-14-1 + uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql@main + - name: MISRA Rule 5-3-2 + uses: github/codeql/cpp/ql/src/jsf/4.21 Operators/AV Rule 165.ql@main + - name: MISRA Rule 7-5-2 + uses: github/codeql/cpp/ql/src/jsf/4.22 Pointers and References/AV Rule 173.ql@main \ No newline at end of file diff --git a/.github/codeql/jpl-misra.qls b/.github/codeql/jpl-misra.qls deleted file mode 100644 index cfb114031..000000000 --- a/.github/codeql/jpl-misra.qls +++ /dev/null @@ -1,21 +0,0 @@ -# Start with all the queries in the codeql/cpp-queries pack. -- queries: . - from: codeql/cpp-queries -# Restrict to only the queries with the following ID patterns. -- include: - id: - # Regular expression matching all query IDs that start with `cpp/jpl-c/` - # This covers all queries in the `JPL_C` directory, - # but matching on query ID is more stable. - - /cpp/jpl-c/*/ - # Specific JSF queries, identified by query ID. - # MISRA Rule 9-5-1 - - cpp/jsf/av-rule-153 - # MISRA Rule 5-18-1 - - cpp/jsf/av-rule-168 - # MISRA 6-2-2 - - cpp/jsf/av-rule-202 - # MISRA Rule 5-14-1 - - cpp/jsf/av-rule-165 - # MISRA Rule 5-3-2 - - cpp/jsf/av-rule-173 \ No newline at end of file diff --git a/.github/workflows/README.md b/.github/workflows/README.md index 2187c24eb..0c8326e55 100644 --- a/.github/workflows/README.md +++ b/.github/workflows/README.md @@ -35,8 +35,8 @@ For the CodeQL GitHub Actions setup, visit https://github.com/github/codeql-acti Our CodeQL action uses a configuration file to use specific queries, which can be found at [.github/codeql](https://github.com/nasa/cFS/tree/main/.github/codeql). -## Static Analysis -[![Static Analysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) +## Static Analaysis +[![Static Analaysis](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/static-analysis.yml) This action runs a static analysis tool for C/C++ code known as cppcheck. Cppcheck is designed to be able to analyze C/C++ code even if it has non-standard syntax, which is common in embedded projects. @@ -68,6 +68,6 @@ This action creates a changelog file which documents all the issues in cFS. The Changelog action runs manually. ## Format Check -[![Format Check](https://github.com/nasa/cfs/actions/workflows/format-check.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/format-check.yml) +[![Format Check](https://github.com/nasa/osal/actions/workflows/format-check.yml/badge.svg)](https://github.com/nasa/osal/actions/workflows/format-check.yml) This action uses [clang-format-10](https://github.com/nasa/cFS/blob/main/.clang-format) to check for format errors. diff --git a/.github/workflows/build-documentation.yml b/.github/workflows/build-documentation.yml index 0fa0fd3ef..28b2d6fe3 100644 --- a/.github/workflows/build-documentation.yml +++ b/.github/workflows/build-documentation.yml @@ -7,9 +7,11 @@ on: env: SIMULATION: native + REPO_NAME: ${{ github.event.repository.name }} jobs: - #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. + # Checks for duplicate actions. Skips push actions if there is a matching or + # duplicate pull-request action. checks-for-duplicates: runs-on: ubuntu-latest # Map a step output to a job output @@ -24,7 +26,8 @@ jobs: do_not_skip: '["push", "workflow_dispatch", "schedule"]' build-docs: - #Continue if checks-for-duplicates found no duplicates. Always runs for pull-requests. + # Continue if checks-for-duplicates found no duplicates. Always runs for + # pull-requests. needs: checks-for-duplicates if: ${{ needs.checks-for-duplicates.outputs.should_skip != 'true' }} name: cFE Documentation @@ -92,7 +95,7 @@ jobs: cp ./cfe/cmake/Makefile.sample Makefile cp -r ./cfe/cmake/sample_defs sample_defs - # Setup the build system + # Setup the build system - name: Make Prep run: make prep @@ -126,21 +129,34 @@ jobs: exit -1 fi - pdf-usersguide: + - name: Cache cFS Build Environment for usersguide + id: cache-bundle + uses: actions/cache@v2 + with: + path: /home/runner/work/${{ env.REPO_NAME }}/${{ env.REPO_NAME }}/build/* + key: usersguide-buildnum-${{ github.run_number }} + + deploy-usersguide: needs: build-usersguide # Name the Job - name: PDF Users Guide + name: Deploy Users Guide # Set the type of machine to run on runs-on: ubuntu-18.04 steps: - - - name: PDF generation installs + - name: Install Dependencies if: ${{ github.event_name == 'push' && contains(github.ref, 'main')}} run: | sudo apt-get install texlive-latex-base texlive-fonts-recommended texlive-fonts-extra texlive-latex-extra - - name: PDF generation + - name: Cache cFS Build Environment for usersguide + id: cache-bundle + uses: actions/cache@v2 + with: + path: /home/runner/work/${{ env.REPO_NAME }}/${{ env.REPO_NAME }}/build/* + key: usersguide-buildnum-${{ github.run_number }} + + - name: Generate PDF if: ${{ github.event_name == 'push' && contains(github.ref, 'main')}} run: | set -x @@ -151,7 +167,7 @@ jobs: # Could add pandoc and convert to github markdown # pandoc CFE_Users_Guide.pdf -t gfm - - name: Deploy + - name: Deploy to GitHub if: ${{ github.event_name == 'push' && contains(github.ref, 'main')}} uses: JamesIves/github-pages-deploy-action@3.7.1 with: @@ -164,9 +180,7 @@ jobs: build-osalguide: needs: checks-for-duplicates if: ${{ needs.checks-for-duplicates.outputs.should_skip != 'true' }} - # Name the Job name: Osal Guide - # Set the type of machine to run on runs-on: ubuntu-18.04 steps: @@ -183,7 +197,7 @@ jobs: cp ./cfe/cmake/Makefile.sample Makefile cp -r ./cfe/cmake/sample_defs sample_defs - # Setup the build system + # Setup the build system - name: Make Prep run: make prep @@ -204,33 +218,46 @@ jobs: make_osalguide_stderr.txt osal-apiguide-warnings.log - - name: Error Check + - name: Check for Errors run: | if [[ -s make_osalguide_stderr.txt ]]; then cat make_osalguide_stderr.txt exit -1 fi - - name: Warning Check + - name: Check for Warnings run: | if [[ -s osal-apiguide-warnings.log ]]; then cat osal-apiguide-warnings.log exit -1 fi - pdf-osalguide: + - name: Cache cFS Build Environment for osalguide + id: cache-bundle + uses: actions/cache@v2 + with: + path: /home/runner/work/${{ env.REPO_NAME }}/${{ env.REPO_NAME }}/build/* + key: osalguide-buildnum-${{ github.run_number }} + + deploy-osalguide: needs: build-osalguide - # Name the Job - name: PDF Osal Guide - # Set the type of machine to run on + name: Deploy Osal Guide runs-on: ubuntu-18.04 + steps: - - name: PDF generation installs + - name: Install Dependencies if: ${{ github.event_name == 'push' && contains(github.ref, 'main')}} run: | sudo apt-get install texlive-latex-base texlive-fonts-recommended texlive-fonts-extra texlive-latex-extra - - name: PDF generation + - name: Cache cFS Build Environment for osalguide + id: cache-bundle + uses: actions/cache@v2 + with: + path: /home/runner/work/${{ env.REPO_NAME }}/${{ env.REPO_NAME }}/build/* + key: osalguide-buildnum-${{ github.run_number }} + + - name: Generate PDF if: ${{ github.event_name == 'push' && contains(github.ref, 'main')}} run: | mkdir deploy @@ -240,7 +267,7 @@ jobs: # Could add pandoc and convert to github markdown # pandoc CFE_Users_Guide.pdf -t gfm - - name: Deploy + - name: Deploy to GitHub if: ${{ github.event_name == 'push' && contains(github.ref, 'main')}} uses: JamesIves/github-pages-deploy-action@3.7.1 with: @@ -248,4 +275,4 @@ jobs: BRANCH: gh-pages FOLDER: deploy CLEAN: false - SINGLE_COMMIT: true \ No newline at end of file + SINGLE_COMMIT: true diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index 655a09c25..6144fffe1 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -1,9 +1,9 @@ -name: CodeQL Analysis +name: "CodeQL Analysis" on: workflow_call: inputs: - sample-defs: + setup: description: 'Build Prep' type: string default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs' @@ -12,7 +12,7 @@ on: type: string default: '' make: - description: 'Make Code' + description: 'Make Copy' type: string default: 'make' tests: @@ -60,19 +60,19 @@ jobs: run: | git log -1 --pretty=oneline git submodule - + - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: languages: c config-file: nasa/cFS/.github/codeql/codeql-security.yml@main - + - name: Copy sample_defs run: ${{ inputs.sample-defs }} - name: Make prep run: ${{ inputs.make-prep }} - + - name: Make Install run: ${{ inputs.make }} diff --git a/.github/workflows/static-analysis.yml b/.github/workflows/static-analysis.yml index 4f2396e11..34c7b0dc1 100644 --- a/.github/workflows/static-analysis.yml +++ b/.github/workflows/static-analysis.yml @@ -1,17 +1,10 @@ name: Static Analysis -# Run on all push and pull requests on: - push: - pull_request: workflow_call: inputs: - module: - description: 'GitHub Module' - type: string - default: 'bundle' - cppcheck-code: - description: 'Cppcheck Code' + strict-dir-list: + description: 'Directory List' type: string default: '' @@ -39,6 +32,8 @@ jobs: strategy: fail-fast: false + matrix: + cppcheck: [non-strict, strict] steps: - name: Install cppcheck @@ -51,39 +46,25 @@ jobs: submodules: true - name: Run bundle cppcheck - run: cppcheck --force --inline-suppr --quiet . 2> ${{ inputs.module }}_cppcheck_err.txt - - - name: Archive static analysis artifacts for bundle - uses: actions/upload-artifact@v2 - with: - name: bundle-cppcheck-err - path: ./*cppcheck_err.txt - - - name: Check for errors for bundle - run: | - if [[ -s bundle_cppcheck_err.txt ]]; - then - cat $bundle_cppcheck_err.txt - exit -1 - fi + run: cppcheck --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt # Run strict static analysis for embedded portions of cfe, osal, and psp - name: Strict cppcheck - if: ${{ inputs.module !='bundle' }} - run: | - ${{ inputs.cppcheck-code }} - - name: Archive static analysis artifacts - if: ${{ inputs.module !='bundle' }} + if: ${{ inputs.strict-dir-list !='' }} + run: cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive .${{ inputs.strict-dir-list }} 2> ../${{matrix.cppcheck}}_cppcheck_err.txt + + - name: Archive Static Analysis Artifacts + if: ${{ inputs.strict-dir-list =='' && matrix.cppcheck == 'non-strict' }} uses: actions/upload-artifact@v2 with: - name: ${{ inputs.module }}-cppcheck-err + name: ${{matrix.cppcheck}}-cppcheck-err path: ./*cppcheck_err.txt - name: Check for errors - if: ${{ inputs.module !='bundle' }} + if: ${{ inputs.strict-dir-list =='' && matrix.cppcheck == 'non-strict' }} run: | - if [[ -s ${{ inputs.module }}_cppcheck_err.txt ]]; + if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]]; then - cat ${{ inputs.module }}_cppcheck_err.txt + cat ${{matrix.cppcheck}}_cppcheck_err.txt exit -1 fi \ No newline at end of file