Add Active Phaser to Svc #3317
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Adapted from https://github.com/nasa/cFS/blob/c36aa2c1df0fb47a3838577908af3d0d0ab0ef54/.github/workflows/static-analysis.yml | |
| name: "Code Scan: CppCheck" | |
| on: | |
| push: | |
| branches: [ devel, release/** ] | |
| pull_request: | |
| # The branches below must be a subset of the branches above | |
| branches: [ devel, release/** ] | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| - '.github/actions/spelling/**' | |
| - '.github/ISSUE_TEMPLATE/**' | |
| # Cancel in-progress runs if a newer run is started on a given PR | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: ${{ !contains(github.ref, 'devel') && !contains(github.ref, 'release/')}} | |
| jobs: | |
| cppcheck: | |
| name: Cppcheck | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: "Checkout F´ Repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - uses: ./.github/actions/setup | |
| - name: Install cppcheck | |
| run: sudo apt-get update && sudo apt-get install cppcheck xsltproc -y | |
| - name: Install sarif tool | |
| run: npm i -g @microsoft/sarif-multitool | |
| # With a CMake-based project, we get the list of files by setting up a build with CMAKE_EXPORT_COMPILE_COMMANDS=ON and | |
| # referencing the compile_commands.json file produced by the tool. This will capture the correct include paths and | |
| # compile definitions based on how the source is actually compiled. See https://cppcheck.sourceforge.io/manual.html | |
| - name: Generate & build F´ | |
| run: | | |
| fprime-util generate -DCMAKE_EXPORT_COMPILE_COMMANDS=ON | |
| fprime-util build --all --jobs "$(nproc || printf '%s\n' 1)" | |
| # Since our subtopologies have EXCLUDE_FROM_ALL, we need to explicitly build them | |
| fprime-util build --target Svc_Subtopologies --jobs "$(nproc || printf '%s\n' 1)" | |
| echo CPPCHECK_OPTS=--project="$GITHUB_WORKSPACE/build-fprime-automatic-native/compile_commands.json" >> $GITHUB_ENV | |
| - name: Run cppcheck | |
| run: cppcheck --force --relative-paths=$(pwd) --inline-suppr --std=c++11 -j "$(nproc || printf '%s\n' 1)" --max-ctu-depth=16 --enable=warning,performance,portability --suppress=variableScope --inconclusive --xml $CPPCHECK_OPTS 2> cppcheck_err.xml | |
| - name: Convert cppcheck results to SARIF | |
| run: npx "@microsoft/sarif-multitool" convert "cppcheck_err.xml" --tool "CppCheck" --output "cppcheck_err.sarif" | |
| - name: Convert cppcheck results to Markdown & Integrate them in the workflow summary | |
| run: xsltproc .github/scripts/cppcheck-xml2text.xslt cppcheck_err.xml | tee $GITHUB_STEP_SUMMARY cppcheck_err.txt | |
| - name: Upload SARIF file to GitHub Code Scanning Alerts | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ github.workspace }}/cppcheck_err.sarif | |
| category: "cppcheck" | |
| - name: Archive static analysis artifacts to download and view | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cppcheck-errors | |
| path: ./*cppcheck_err.* | |
| # Make the whole step fail if there is an error detected by cppcheck. By default, GitHub Actions enables the set -e. | |
| # See https://stackoverflow.com/questions/73066461/github-actions-why-an-intermediate-command-failure-in-shell-script-would-cause. | |
| - name: Check for reported errors | |
| run: tail -n 1 cppcheck_err.txt | grep -q '^\*\*0 error(s) reported\*\*$' |