Fix nasa#386, Reuse CodeQL, Static Analysis, Format Check

Co-authored-by: Ariel Adams <ArielSAdamsNASA@users.noreply.github.com>

Author: astrogeco

.github/workflows/README.md

@@ -1,5 +1,15 @@
 # Our Workflows
 
+## Reusable Workflows
+
+To reduce duplication, the workflows CodeQL Analysis, Static Analysis, and Format Checker are placed in cFS to be reused in the subrepositories. 
+
+CodeQL Analysis and Static Analysis require inputs, therefore, they are called in an additional workflow in cFS to be utilized. Format checker does not need to be reused in cFS because it does not require inputs. 
+
+Provided is a diagram of the architecture of the reusable workflows.
+
+![Reusable Workflows Architecture](Reusable-Workflows-Architecture.PNG)
+
 ## Deprecated Build, Test, and Run
 [![Deprecated Build, Test, and Run](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml/badge.svg)](https://github.com/nasa/cfs/actions/workflows/build-cfs-deprecated.yml)
 

.github/workflows/Reusable-Workflows-Architecture.PNG

@@ -0,0 +1,10 @@
+name: Reuse CodeQl Analysis
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  codeql:
+    name: CodeQL Analysis
+    uses: nasa/cFS/.github/workflows/codeql-build.yml@main

.github/workflows/codeql-build-reuse.yml

@@ -1,37 +1,46 @@
 name: "CodeQL Analysis"
 
-# Only trigger, when the build workflow succeeded
 on:
-  workflow_run:
-    workflows: ["Build, Test, and Run \\[OMIT_DEPRECATED = true\\]"]
-    types:
-      - completed
-    branches: 
-      - '**'
+  workflow_call:
+    inputs:
+      setup:
+        description: 'Build Prep'
+        type: string
+        default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs'
+      make-prep:
+        description: 'Make Prep'
+        type: string
+        default: ''
+      make:
+        description: 'Make Copy'
+        type: string
+        default: 'make'      
+      tests: 
+        description: 'Tests'
+        type: string
+        default: ''  
+
 env:
   SIMULATION: native
   ENABLE_UNIT_TESTS: true
   OMIT_DEPRECATED: true
   BUILDTYPE: release
 
-
 jobs:
   #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. 
   check-for-duplicates:
     runs-on: ubuntu-latest
     # Map a step output to a job output
     outputs:
       should_skip: ${{ steps.skip_check.outputs.should_skip }}
-    if: ${{ github.event.workflow_run.conclusion == 'success' }}
     steps:
       - id: skip_check
         uses: fkirc/skip-duplicate-actions@master
         with:
           concurrent_skipping: 'same_content'
           skip_after_successful_duplicate: 'true'
           do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
-
-      
+          
   CodeQL-Security-Build:
     #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
     needs: check-for-duplicates
@@ -42,42 +51,37 @@ jobs:
     steps:
       # Checks out a copy of your repository
       - name: Checkout code
-        if: ${{ !steps.skip-workflow.outputs.skip }}
         uses: actions/checkout@v2
         with:
           repository: nasa/cFS
           submodules: true
 
       - name: Check versions
-        if: ${{ !steps.skip-workflow.outputs.skip }}
         run: |
            git log -1 --pretty=oneline
            git submodule
-
+           
       - name: Initialize CodeQL
-        if: ${{ !steps.skip-workflow.outputs.skip }}
         uses: github/codeql-action/init@v1
         with:
           languages: c
-          config-file: ./.github/codeql/codeql-security.yml
-
-      # Setup the build system
+          config-file: nasa/cFS/.github/codeql/codeql-security.yml@main
+          
       - name: Copy sample_defs
-        if: ${{ !steps.skip-workflow.outputs.skip }}
-        run: |
-          cp ./cfe/cmake/Makefile.sample Makefile
-          cp -r ./cfe/cmake/sample_defs sample_defs
+        run: ${{ inputs.setup }}
 
-      # Setup the build system
+      - name: Make prep
+        run: ${{ inputs.make-prep }}
+      
       - name: Make Install
-        if: ${{ !steps.skip-workflow.outputs.skip }}
-        run: make
+        run: ${{ inputs.make }}
+
+      - name: Run tests
+        run: ${{ inputs.tests }}
 
-      # Run CodeQL
       - name: Perform CodeQL Analysis
-        if: ${{ !steps.skip-workflow.outputs.skip }}
         uses: github/codeql-action/analyze@v1
-
+        
   CodeQL-Coding-Standard-Build:
     #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
     needs: check-for-duplicates
@@ -88,45 +92,39 @@ jobs:
     steps:
       # Checks out a copy of your repository
       - name: Checkout code
-        if: ${{ !steps.skip-workflow.outputs.skip }}
         uses: actions/checkout@v2
         with:
           repository: nasa/cFS
           submodules: true
 
       - name: Check versions
-        if: ${{ !steps.skip-workflow.outputs.skip }}
         run: |
            git log -1 --pretty=oneline
            git submodule
+      - name: Checkout codeql code      
+        uses: actions/checkout@v2
+        with:
+          repository: github/codeql 
+          submodules: true 
+          path: codeql
 
       - name: Initialize CodeQL
-        if: ${{ !steps.skip-workflow.outputs.skip }}
         uses: github/codeql-action/init@v1
         with:
           languages: c
-          config-file: ./.github/codeql/codeql-coding-standard.yml
+          config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main
 
-      # Setup the build system
       - name: Copy sample_defs
-        if: ${{ !steps.skip-workflow.outputs.skip }}
-        run: |
-          cp ./cfe/cmake/Makefile.sample Makefile
-          cp -r ./cfe/cmake/sample_defs sample_defs
- 
-      # Setup the build system
+        run: ${{ inputs.setup }}
+
+      - name: Make prep
+        run: ${{ inputs.make-prep }}
+
       - name: Make Install
-        if: ${{ !steps.skip-workflow.outputs.skip }}
-        run: make
+        run: ${{ inputs.make }}
+
+      - name: Run tests
+        run: ${{ inputs.tests }}
 
-      # Run CodeQL
       - name: Perform CodeQL Analysis
-        if: ${{ !steps.skip-workflow.outputs.skip }}
-        uses: github/codeql-action/analyze@v1
-        
-  on-failure:
-    runs-on: ubuntu-latest
-    if: ${{ github.event.workflow_run.conclusion == 'failure' }}
-    steps:
-      - name: Fail workflow
-        run: exit 1
+        uses: github/codeql-action/analyze@v1

.github/workflows/codeql-build.yml

@@ -0,0 +1,67 @@
+name: Format Check
+
+# Run on all push and pull requests
+on:
+  push:
+  pull_request:
+  workflow_call:
+  
+jobs:
+  #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. 
+  check-for-duplicates:
+    runs-on: ubuntu-latest
+    # Map a step output to a job output
+    outputs:
+      should_skip: ${{ steps.skip_check.outputs.should_skip }}
+    steps:
+      - id: skip_check
+        uses: fkirc/skip-duplicate-actions@master
+        with:
+          concurrent_skipping: 'same_content'
+          skip_after_successful_duplicate: 'true'
+          do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]'
+          
+  format-checker:
+    name: Run format check
+    #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests.
+    needs: check-for-duplicates
+    if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }}
+    runs-on: ubuntu-18.04
+    timeout-minutes: 15
+
+    steps:
+      - name: Install format checker
+        run: |
+          wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
+          sudo add-apt-repository 'deb http://apt.llvm.org/bionic/   llvm-toolchain-bionic-10 main'
+          sudo apt-get update && sudo apt-get install clang-format-10
+
+      - name: Checkout bundle
+        uses: actions/checkout@v2
+        with:
+          repository: nasa/cFS
+
+      - name: Checkout
+        uses: actions/checkout@v2
+        with:
+          path: repo
+
+      - name: Generate format differences
+        run: |
+          cd repo
+          find . -name "*.[ch]" -exec clang-format-10 -i -style=file {} +
+          git diff > $GITHUB_WORKSPACE/style_differences.txt
+
+      - name: Archive Static Analysis Artifacts
+        uses: actions/upload-artifact@v2
+        with:
+          name: style_differences
+          path: style_differences.txt
+
+      - name: Error on differences
+        run: |
+          if [[ -s style_differences.txt ]];
+          then
+            cat style_differences.txt
+            exit -1
+          fi

.github/workflows/format-check.yml

@@ -0,0 +1,10 @@
+name: Reuse Static Analysis
+
+on:
+  push:
+  pull_request:
+
+jobs:
+  static-analysis:
+    name: Static Analysis
+    uses: nasa/cFS/.github/workflows/static-analysis.yml@main

.github/workflows/static-analysis-reuse.yml

@@ -1,9 +1,12 @@
 name: Static Analysis
 
-# Run this workflow every time a new commit pushed to your repository and for pull requests
 on:
-  push:
-  pull_request:
+  workflow_call:
+    inputs:
+      strict-dir-list:
+        description: 'Directory List'
+        type: string
+        default: ''
 
 jobs:
   #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. 
@@ -30,7 +33,7 @@ jobs:
     strategy:
       fail-fast: false
       matrix:
-        cppcheck: [bundle, cfe, osal, psp]
+        cppcheck: [non-strict, strict]
 
     steps:      
       - name: Install cppcheck
@@ -43,38 +46,25 @@ jobs:
           submodules: true
 
       - name: Run bundle cppcheck
-        if: ${{matrix.cppcheck =='bundle'}}
-        run: cppcheck --force --inline-suppr --quiet . 2> ${{matrix.cppcheck}}_cppcheck_err.txt
-
+        run: cppcheck --force --inline-suppr . 2> ${{matrix.cppcheck}}_cppcheck_err.txt
+          
         # Run strict static analysis for embedded portions of cfe, osal, and psp
-      - name: cfe strict cppcheck
-        if: ${{matrix.cppcheck =='cfe'}}
-        run: |
-          cd ${{matrix.cppcheck}}
-          cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./modules/core_api/fsw ./modules/core_private/fsw ./modules/es/fsw ./modules/evs/fsw ./modules/fs/fsw ./modules/msg/fsw ./modules/resourceid/fsw ./modules/sb/fsw ./modules/sbr/fsw ./modules/tbl/fsw ./modules/time/fsw -UCFE_PLATFORM_TIME_CFG_CLIENT -DCFE_PLATFORM_TIME_CFG_SERVER 2> ../${{matrix.cppcheck}}_cppcheck_err.txt
-
-      - name: osal strict cppcheck
-        if: ${{matrix.cppcheck =='osal'}}
-        run: |
-          cd ${{matrix.cppcheck}}
-          cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./src/bsp ./src/os 2> ../${{matrix.cppcheck}}_cppcheck_err.txt
-
-      - name: psp strict cppcheck
-        if: ${{matrix.cppcheck =='psp'}}
-        run: |
-          cd ${{matrix.cppcheck}}
-          cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive ./fsw 2> ../${{matrix.cppcheck}}_cppcheck_err.txt
+      - name: Strict cppcheck
+        if: ${{ inputs.strict-dir-list !='' }}
+        run: cppcheck --force --inline-suppr --std=c99 --language=c --enable=warning,performance,portability,style --suppress=variableScope --inconclusive .${{ inputs.strict-dir-list }} 2> ../${{matrix.cppcheck}}_cppcheck_err.txt
 
       - name: Archive Static Analysis Artifacts
+        if: ${{ inputs.strict-dir-list !='' || matrix.cppcheck == 'non-strict' }}
         uses: actions/upload-artifact@v2
         with:
           name: ${{matrix.cppcheck}}-cppcheck-err
           path: ./*cppcheck_err.txt
 
       - name: Check for errors
+        if: ${{ inputs.strict-dir-list !='' || matrix.cppcheck == 'non-strict' }}
         run: |
           if [[ -s ${{matrix.cppcheck}}_cppcheck_err.txt ]];
           then
             cat ${{matrix.cppcheck}}_cppcheck_err.txt
             exit -1
-          fi
+          fi