From 54938293f5126c9eadbae95778669e0e6e16d244 Mon Sep 17 00:00:00 2001 From: ArielSAdamsNASA Date: Tue, 8 Jun 2021 13:41:56 -0500 Subject: [PATCH] Fix #1025, Implement Coding Standard CodeQL --- .github/workflows/codeql-cfe-build.yml | 46 ++++++++++++++++++++++- .github/workflows/codeql-osal-default.yml | 31 ++++++++++++++- 2 files changed, 73 insertions(+), 4 deletions(-) diff --git a/.github/workflows/codeql-cfe-build.yml b/.github/workflows/codeql-cfe-build.yml index 59265d882..62b6e6a0b 100644 --- a/.github/workflows/codeql-cfe-build.yml +++ b/.github/workflows/codeql-cfe-build.yml @@ -25,7 +25,7 @@ jobs: skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - CodeQL-Build: + CodeQL-Security-Build: needs: check-for-duplicates if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} runs-on: ubuntu-18.04 @@ -50,7 +50,49 @@ jobs: uses: github/codeql-action/init@v1 with: languages: c - queries: +security-extended, security-and-quality + config-file: nasa/cFS/.github/codeql/codeql-security.yml@main + + - name: Set up for build + run: | + cp ./cfe/cmake/Makefile.sample Makefile + cp -r ./cfe/cmake/sample_defs sample_defs + make prep + + - name: Build + run: make -j native/default_cpu1/osal/ + + - name: Run tests + run: (cd build/native/default_cpu1/osal && make test) + + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 + + CodeQL-Coding-Standard-Build: + needs: check-for-duplicates + if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} + runs-on: ubuntu-18.04 + timeout-minutes: 15 + + steps: + - name: Checkout bundle + uses: actions/checkout@v2 + with: + repository: nasa/cFS + submodules: true + + - name: Checkout submodule + uses: actions/checkout@v2 + with: + path: osal + + - name: Check versions + run: git submodule + + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: c + config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main - name: Set up for build run: | diff --git a/.github/workflows/codeql-osal-default.yml b/.github/workflows/codeql-osal-default.yml index 207c844f8..3cb8146e3 100644 --- a/.github/workflows/codeql-osal-default.yml +++ b/.github/workflows/codeql-osal-default.yml @@ -26,9 +26,36 @@ jobs: concurrent_skipping: 'same_content' skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' + + CodeQL-Security-Build: + #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. + needs: check-for-duplicates + if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} + runs-on: ubuntu-18.04 + timeout-minutes: 15 + + steps: + - name: Checkout submodule + uses: actions/checkout@v2 + + - name: Initialize CodeQL + uses: github/codeql-action/init@v1 + with: + languages: c + config-file: nasa/cFS/.github/codeql/codeql-security.yml@main + + - name: Set up for build + run: | + cp Makefile.sample Makefile + make prep + + - name: Build + run: make -j + - name: Perform CodeQL Analysis + uses: github/codeql-action/analyze@v1 - CodeQL-Build: + CodeQL-Coding-Standard-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} @@ -43,7 +70,7 @@ jobs: uses: github/codeql-action/init@v1 with: languages: c - queries: +security-extended, security-and-quality + config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main - name: Set up for build run: |