diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-build.yml index 773b7ca2b..ff68b7e31 100644 --- a/.github/workflows/codeql-build.yml +++ b/.github/workflows/codeql-build.yml @@ -7,18 +7,26 @@ on: description: 'Build Prep' type: string default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs' + required: false make-prep: description: 'Make Prep' type: string - default: '' + default: 'make prep' + required: false make: - description: 'Make Copy' + description: 'Build Command' type: string - default: 'make' + default: '' #Typically `make` or `make install`. Default is blank for workflows that don't need to build source + required: false tests: - description: 'Tests' + description: 'Tests Command' type: string - default: '' + default: '' #Typically `make test` requires environment variable `ENABLE_UNIT_TEST=true` at `make prep` stage + required: false + component-path: + description: 'Path to repo being tested in a cFS bundle setup' + type: string + required: true env: SIMULATION: native @@ -40,7 +48,7 @@ jobs: concurrent_skipping: 'same_content' skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - + CodeQL-Security-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -48,40 +56,56 @@ jobs: runs-on: ubuntu-18.04 timeout-minutes: 15 + permissions: + security-events: write + steps: - # Checks out a copy of your repository - - name: Checkout code + # Checks out a copy of calling repository + - name: Checkout Main Repo uses: actions/checkout@v2 - with: - repository: nasa/cFS - submodules: true - - name: Check versions + - name: Clone cFS bundle run: | - git log -1 --pretty=oneline - git submodule - + cd .. + git clone https://github.com/nasa/cFS.git --recurse-submodules + cd cFS + git log -1 --pretty=oneline + git submodule + rm -r .git + + - name: Create symlink to current repo + run: | + cd ../cFS + rm -r ${{ inputs.component-path }} + ln -s ${{github.workspace}} ${{ inputs.component-path }} + + # Setup the build system + - name: cFS Build Setup + run: ${{ inputs.setup }} + working-directory: ../cFS + + - name: Prep Build + run: ${{ inputs.make-prep }} + working-directory: ../cFS + - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: languages: c config-file: nasa/cFS/.github/codeql/codeql-security.yml@main - - - name: Copy sample_defs - run: ${{ inputs.setup }} - - name: Make prep - run: ${{ inputs.make-prep }} - - - name: Make Install + - name: Build run: ${{ inputs.make }} + working-directory: ../cFS - - name: Run tests - run: ${{ inputs.tests }} + # - name: Run tests + # run: ${{ inputs.tests }} - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v1 - + with: + add-snippets: true + CodeQL-Coding-Standard-Build: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates @@ -89,24 +113,36 @@ jobs: runs-on: ubuntu-18.04 timeout-minutes: 15 + permissions: + security-events: write steps: - # Checks out a copy of your repository - - name: Checkout code + # Checks out a copy of calling repository + - name: Checkout Main Repo uses: actions/checkout@v2 - with: - repository: nasa/cFS - submodules: true - - name: Check versions + - name: Clone cFS bundle run: | - git log -1 --pretty=oneline - git submodule - - name: Checkout codeql code - uses: actions/checkout@v2 - with: - repository: github/codeql - submodules: true - path: codeql + cd .. + git clone https://github.com/nasa/cFS.git --recurse-submodules + cd cFS + git log -1 --pretty=oneline + git submodule + rm -r .git + + - name: Create symlink to current repo + run: | + cd ../cFS + rm -r ${{ inputs.component-path }} + ln -s ${{github.workspace}} ${{ inputs.component-path }} + + # Setup the build system + - name: cFS Build Setup + run: ${{ inputs.setup }} + working-directory: ../cFS + + - name: Prep Build + run: ${{ inputs.make-prep }} + working-directory: ../cFS - name: Initialize CodeQL uses: github/codeql-action/init@v1 @@ -114,17 +150,14 @@ jobs: languages: c config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main - - name: Copy sample_defs - run: ${{ inputs.setup }} - - - name: Make prep - run: ${{ inputs.make-prep }} - - - name: Make Install + - name: Build run: ${{ inputs.make }} + working-directory: ../cFS - - name: Run tests - run: ${{ inputs.tests }} + # - name: Run tests + # run: ${{ inputs.tests }} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 \ No newline at end of file + uses: github/codeql-action/analyze@v1 + with: + add-snippets: true