Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Fix #416, Display cppcheck in Code Scanning Alerts Dashboard #514

Merged
merged 1 commit into from
Oct 11, 2022
Merged

Fix #416, Display cppcheck in Code Scanning Alerts Dashboard #514

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
54 changes: 46 additions & 8 deletions .github/workflows/static-analysis-misra.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -41,7 +41,7 @@ jobs:
with:
submodules: true

- name: get MISRA addon
- name: Get MISRA addon
run: |
sudo apt-get install git -y
git clone https://github.com/danmar/cppcheck.git
Expand All @@ -52,32 +52,70 @@ jobs:
- name: Run bundle cppcheck
if: ${{matrix.cppcheck =='bundle'}}
run: |
cppcheck --addon=misra --force --inline-suppr --quiet . --xml 2> ${{matrix.cppcheck}}_cppcheck_err.xml
cppcheck --addon=misra --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt

# Run strict static analysis for embedded portions of cfe, osal, and psp
- name: cfe strict cppcheck
if: ${{matrix.cppcheck =='cfe'}}
run: |
cd ${{matrix.cppcheck}}
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ../${{matrix.cppcheck}}_cppcheck_err.txt
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER --xml 2> ${{matrix.cppcheck}}_cppcheck_err.xml
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ${{matrix.cppcheck}}_cppcheck_err.txt

- name: osal strict cppcheck
if: ${{matrix.cppcheck =='osal'}}
run: |
cd ${{matrix.cppcheck}}
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ../${{matrix.cppcheck}}_cppcheck_err.txt
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os --xml 2> ${{matrix.cppcheck}}_cppcheck_err.xml
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ${{matrix.cppcheck}}_cppcheck_err.txt

- name: psp strict cppcheck
if: ${{matrix.cppcheck =='psp'}}
run: |
cd ${{matrix.cppcheck}}
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ../${{matrix.cppcheck}}_cppcheck_err.txt
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw --xml 2> ${{matrix.cppcheck}}_cppcheck_err.xml
cppcheck --addon=misra --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ${{matrix.cppcheck}}_cppcheck_err.txt

- name: Convert bundle cppcheck to sarif
uses: airtower-luna/convert-to-sarif@v0.2.0
if: ${{matrix.cppcheck =='bundle'}}
with:
tool: 'CppCheck'
input_file: '${{matrix.cppcheck}}_cppcheck_err.xml'
sarif_file: '${{matrix.cppcheck}}_cppcheck_err.sarif'

- name: Archive Static Analysis Artifacts
uses: actions/upload-artifact@v2
- name: Convert cfe, osal, psp cppcheck to sarif
uses: airtower-luna/convert-to-sarif@v0.2.0
if: ${{matrix.cppcheck !='bundle'}}
with:
tool: 'CppCheck'
input_file: '${{matrix.cppcheck}}/${{matrix.cppcheck}}_cppcheck_err.xml'
sarif_file: '${{matrix.cppcheck}}_cppcheck_err.sarif'

- name: Define workspace
run: |
echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}

- name: Archive bundle static analysis artifacts
uses: actions/upload-artifact@v3
if: ${{matrix.cppcheck =='bundle'}}
with:
name: ${{matrix.cppcheck}}-cppcheck-err
path: ./*cppcheck_err.txt
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Might be worth keeping this to flag errors at the end of the workflow run

path: ./*cppcheck_err.*

- name: Archive osal, cfe, and psp static analysis artifacts
uses: actions/upload-artifact@v3
if: ${{matrix.cppcheck !='bundle'}}
with:
name: ${{matrix.cppcheck}}-cppcheck-err
path: ./${{matrix.cppcheck}}/*cppcheck_err.*

- name: Upload sarif results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: '${{matrix.cppcheck}}_cppcheck_err.sarif'
checkout_path: ${{ env.CONTAINER_WORKSPACE }}

- name: Check for errors
run: |
Expand Down
63 changes: 49 additions & 14 deletions .github/workflows/static-analysis.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -43,22 +43,63 @@ jobs:
with:
submodules: true

- name: Run general cppcheck
run: cppcheck --force --inline-suppr . 2> general_cppcheck_err.txt
- name: Run general cppcheck
run: |
cppcheck --force --inline-suppr . --xml 2> general_cppcheck_err.xml
cppcheck --force --inline-suppr . 2> general_cppcheck_err.txt

- name: Convert general cppcheck
uses: airtower-luna/convert-to-sarif@v0.2.0
with:
tool: 'CppCheck'
input_file: 'general_cppcheck_err.xml'
sarif_file: 'general_cppcheck_err.sarif'

- name: Define workspace
run: |
echo "CONTAINER_WORKSPACE=${PWD}" >> ${GITHUB_ENV}

- name: Upload general SARIF results
uses: github/codeql-action/upload-sarif@v2
with:
sarif_file: 'general_cppcheck_err.sarif'
checkout_path: ${{ env.CONTAINER_WORKSPACE }}

# Run strict static analysis for embedded portions of cfe, osal, and psp
- name: Strict cppcheck
if: ${{ inputs.strict-dir-list !='' }}
run: |
cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ${{ inputs.strict-dir-list }} --xml 2> strict_cppcheck_err.xml
cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ${{ inputs.strict-dir-list }} 2> strict_cppcheck_err.txt

- name: Convert strict cppcheck
uses: airtower-luna/convert-to-sarif@v0.2.0
if: ${{ inputs.strict-dir-list !='' }}
with:
tool: 'CppCheck'
input_file: 'strict_cppcheck_err.xml'
sarif_file: 'strict_cppcheck_err.sarif'

- name: Archive static analysis artifacts
uses: actions/upload-artifact@v3
with:
name: cppcheck-errors
path: ./*cppcheck_err.*

- name: Upload strict SARIF results
uses: github/codeql-action/upload-sarif@v2
if: ${{ inputs.strict-dir-list !='' }}
with:
sarif_file: 'strict_cppcheck_err.sarif'
checkout_path: ${{ env.CONTAINER_WORKSPACE }}

- name: Check for general errors
run: |
if [[ -s general_cppcheck_err.txt ]];
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Keep this check with the xml file instead to alert users when cppcheck flags errors.

then
cat general_cppcheck_err.txt
exit -1
fi

# Run strict static analysis for embedded portions of cfe, osal, and psp
- name: Strict cppcheck
if: ${{ inputs.strict-dir-list !='' }}
run: cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ${{ inputs.strict-dir-list }} 2> strict_cppcheck_err.txt

- name: Check for strict errors
if: ${{ inputs.strict-dir-list !='' }}
run: |
Expand All @@ -67,9 +108,3 @@ jobs:
cat strict_cppcheck_err.txt
exit -1
fi

- name: Archive Static Analysis Artifacts
uses: actions/upload-artifact@v2
with:
name: cppcheck-errors
path: ./*cppcheck_err.txt