Add Validate Templates (#2387) #1661
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Adapted from https://github.com/nasa/cFS/blob/c36aa2c1df0fb47a3838577908af3d0d0ab0ef54/.github/workflows/static-analysis.yml | |
| name: "Cppcheck Scan" | |
| on: | |
| push: | |
| branches: [ devel, release/** ] | |
| pull_request: | |
| # The branches below must be a subset of the branches above | |
| branches: [ devel, release/** ] | |
| paths-ignore: | |
| - 'docs/**' | |
| - '**.md' | |
| - '.github/actions/spelling/**' | |
| - '.github/ISSUE_TEMPLATE/**' | |
| jobs: | |
| cppcheck: | |
| name: Cppcheck | |
| runs-on: ubuntu-22.04 | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| steps: | |
| - name: "Checkout F´ Repository" | |
| uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| submodules: true | |
| - uses: ./.github/actions/setup | |
| - name: Install cppcheck | |
| run: sudo apt-get install cppcheck xsltproc -y | |
| - name: Install sarif tool | |
| run: npm i -g @microsoft/sarif-multitool | |
| # With a CMake-based project, we get the list of files by setting up a build with CMAKE_EXPORT_COMPILE_COMMANDS=ON and | |
| # referencing the compile_commands.json file produced by the tool. This will capture the correct include paths and | |
| # compile definitions based on how the source is actually compiled. See https://cppcheck.sourceforge.io/manual.html | |
| - name: Generate & build F´ | |
| run: | | |
| fprime-util generate -DCMAKE_EXPORT_COMPILE_COMMANDS=ON | |
| fprime-util build --all --jobs "$(nproc || printf '%s\n' 1)" | |
| echo CPPCHECK_OPTS=--project="$GITHUB_WORKSPACE/build-fprime-automatic-native/compile_commands.json" >> $GITHUB_ENV | |
| - name: Run cppcheck | |
| run: cppcheck --force --relative-paths=$(pwd) --inline-suppr --std=c++11 -j "$(nproc || printf '%s\n' 1)" --max-ctu-depth=16 --enable=warning,performance,portability --suppress=variableScope --inconclusive --xml $CPPCHECK_OPTS 2> cppcheck_err.xml | |
| - name: Convert cppcheck results to SARIF | |
| run: npx "@microsoft/sarif-multitool" convert "cppcheck_err.xml" --tool "CppCheck" --output "cppcheck_err.sarif" | |
| - name: Convert cppcheck results to Markdown & Integrate them in the workflow summary | |
| run: xsltproc .github/scripts/cppcheck-xml2text.xslt cppcheck_err.xml | tee $GITHUB_STEP_SUMMARY cppcheck_err.txt | |
| - name: Upload SARIF file to GitHub Code Scanning Alerts | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: ${{ github.workspace }}/cppcheck_err.sarif | |
| category: "cppcheck" | |
| - name: Archive static analysis artifacts to download and view | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: cppcheck-errors | |
| path: ./*cppcheck_err.* | |
| # Make the whole step fail if there is an error detected by cppcheck. By default, GitHub Actions enables the set -e. | |
| # See https://stackoverflow.com/questions/73066461/github-actions-why-an-intermediate-command-failure-in-shell-script-would-cause. | |
| - name: Check for reported errors | |
| run: tail -n 1 cppcheck_err.txt | grep -q '^\*\*0 error(s) reported\*\*$' |