-
Notifications
You must be signed in to change notification settings - Fork 1
130 lines (109 loc) · 3.48 KB
/
codeql-build.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
name: "CodeQL Analysis"
on:
workflow_call:
inputs:
setup:
description: 'Build Prep'
type: string
default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs'
make-prep:
description: 'Make Prep'
type: string
default: ''
make:
description: 'Make Copy'
type: string
default: 'make'
tests:
description: 'Tests'
type: string
default: ''
env:
SIMULATION: native
ENABLE_UNIT_TESTS: true
OMIT_DEPRECATED: true
BUILDTYPE: release
jobs:
#Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action.
check-for-duplicates:
runs-on: ubuntu-latest
# Map a step output to a job output
outputs:
should_skip: ${{ steps.skip_check.outputs.should_skip }}
steps:
- id: skip_check
uses: fkirc/skip-duplicate-actions@master
with:
concurrent_skipping: 'same_content'
skip_after_successful_duplicate: 'true'
do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
CodeQL-Security-Build:
#Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15
steps:
# Checks out a copy of your repository
- name: Checkout code
uses: actions/checkout@v2
with:
repository: nasa/cFS
submodules: true
- name: Check versions
run: |
git log -1 --pretty=oneline
git submodule
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-security.yml@main
- name: Copy sample_defs
run: ${{ inputs.setup }}
- name: Make prep
run: ${{ inputs.make-prep }}
- name: Make Install
run: ${{ inputs.make }}
- name: Run tests
run: ${{ inputs.tests }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1
CodeQL-Coding-Standard-Build:
#Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
needs: check-for-duplicates
if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
runs-on: ubuntu-18.04
timeout-minutes: 15
steps:
# Checks out a copy of your repository
- name: Checkout code
uses: actions/checkout@v2
with:
repository: nasa/cFS
submodules: true
- name: Check versions
run: |
git log -1 --pretty=oneline
git submodule
- name: Checkout codeql code
uses: actions/checkout@v2
with:
repository: github/codeql
submodules: true
path: codeql
- name: Initialize CodeQL
uses: github/codeql-action/init@v1
with:
languages: c
config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main
- name: Copy sample_defs
run: ${{ inputs.setup }}
- name: Make prep
run: ${{ inputs.make-prep }}
- name: Make Install
run: ${{ inputs.make }}
- name: Run tests
run: ${{ inputs.tests }}
- name: Perform CodeQL Analysis
uses: github/codeql-action/analyze@v1