From 1d809959cc4feff0efdff30a80eb70d58f7d0510 Mon Sep 17 00:00:00 2001 From: "Gerardo E. Cruz-Ortiz" <59618057+astrogeco@users.noreply.github.com> Date: Tue, 1 Feb 2022 18:40:16 -0500 Subject: [PATCH 1/3] Fix nasa#412, Rename CodeQL workflows Renames workflows to better describe what each one does. The CodeQL "reusable" workflow is meant to be used by other workflows. The CodeQL "Analysis" workflow calls the "reusable" CodeQL workflow to execute the static analysis runs. Co-authored-by: Ariel Adams --- .github/workflows/{codeql-build-reuse.yml => codeql-analysis.yml} | 0 .github/workflows/{codeql-build.yml => codeql-reusable.yml} | 0 2 files changed, 0 insertions(+), 0 deletions(-) rename .github/workflows/{codeql-build-reuse.yml => codeql-analysis.yml} (100%) rename .github/workflows/{codeql-build.yml => codeql-reusable.yml} (100%) diff --git a/.github/workflows/codeql-build-reuse.yml b/.github/workflows/codeql-analysis.yml similarity index 100% rename from .github/workflows/codeql-build-reuse.yml rename to .github/workflows/codeql-analysis.yml diff --git a/.github/workflows/codeql-build.yml b/.github/workflows/codeql-reusable.yml similarity index 100% rename from .github/workflows/codeql-build.yml rename to .github/workflows/codeql-reusable.yml From 98e2ef8713270a00e1d5123c80a9dcfcd5cb5255 Mon Sep 17 00:00:00 2001 From: "Gerardo E. Cruz-Ortiz" <59618057+astrogeco@users.noreply.github.com> Date: Tue, 1 Feb 2022 18:19:42 -0500 Subject: [PATCH 2/3] Fix #412, resolve error in CodeQL Analyze Action Fixes errors in CodeQL results uploads step. Update parameters in CodeQL "reusable" workflow. BREAKING Interface changes: - Renames callable workflow to `codeql-reusable.yml`, submodules will have to be updated - Adds required `component-path` input parameter - Repurpose tests input to be a boolean tied to "ENABLE_UNIT_TESTS" flag Internal changes: - Use git clone instead of checkout@v2 for the cFS-Bundle - Use symlink to map calling repo workspace to expected cFS Bundle directory location - Enable "code snippets" option to CodeQL Analyze action - Archives sarif files from analysis output - Removes code duplication by using a matrix build for security and coding standard analyses - Alphabetizes workflow inputs and order based on "required" flag --- .github/workflows/codeql-analysis.yml | 18 ++- .github/workflows/codeql-reusable.yml | 163 +++++++++++++------------- 2 files changed, 98 insertions(+), 83 deletions(-) diff --git a/.github/workflows/codeql-analysis.yml b/.github/workflows/codeql-analysis.yml index ee5a9a66e..0cb8861c0 100644 --- a/.github/workflows/codeql-analysis.yml +++ b/.github/workflows/codeql-analysis.yml @@ -1,10 +1,22 @@ -name: Reuse CodeQl Analysis +name: "CodeQL Analysis: cFS-Bundle" on: push: + paths-ignore: + - '**/*.md' + - '**/*.txt' + - '**/*.dox' + pull_request: + paths-ignore: + - '**/*.md' + - '**/*.txt' + - '**/*.dox' jobs: codeql: - name: CodeQL Analysis - uses: nasa/cFS/.github/workflows/codeql-build.yml@main \ No newline at end of file + uses: nasa/cFS/.github/workflows/codeql-reusable.yml@main + with: + component-path: cFS + make: make -j8 + test: true diff --git a/.github/workflows/codeql-reusable.yml b/.github/workflows/codeql-reusable.yml index 773b7ca2b..091df690e 100644 --- a/.github/workflows/codeql-reusable.yml +++ b/.github/workflows/codeql-reusable.yml @@ -1,30 +1,51 @@ -name: "CodeQL Analysis" +name: "CodeQL Reusable Workflow" on: workflow_call: inputs: - setup: - description: 'Build Prep' + # REQUIRED Inputs + component-path: + description: 'Path to repo being tested in a cFS bundle setup' type: string - default: 'cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs' - make-prep: - description: 'Make Prep' + required: true + default: cFS + + # Optional inputs + category: + description: 'Analysis Category' + required: false type: string - default: '' + make: - description: 'Make Copy' + description: 'Build Command' + default: '' #Typically `make` or `make install`. Default is blank for workflows that don't need to build source + required: false type: string - default: 'make' - tests: - description: 'Tests' + + prep: + description: 'Make Prep' + default: make prep + required: false + type: string + + setup: + description: 'Build Prep Commands' + type: string + default: cp ./cfe/cmake/Makefile.sample Makefile && cp -r ./cfe/cmake/sample_defs sample_defs + required: false + + test: + description: 'Value for ENABLE_UNIT_TESTS flag' type: string - default: '' + default: false + required: false env: SIMULATION: native - ENABLE_UNIT_TESTS: true + ENABLE_UNIT_TESTS: ${{inputs.test}} OMIT_DEPRECATED: true BUILDTYPE: release + REPO: ${{github.event.repository.name}} jobs: #Checks for duplicate actions. Skips push actions if there is a matching or duplicate pull-request action. @@ -40,91 +61,73 @@ jobs: concurrent_skipping: 'same_content' skip_after_successful_duplicate: 'true' do_not_skip: '["pull_request", "workflow_dispatch", "schedule"]' - - CodeQL-Security-Build: + + Analysis: #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. needs: check-for-duplicates if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} runs-on: ubuntu-18.04 timeout-minutes: 15 - steps: - # Checks out a copy of your repository - - name: Checkout code - uses: actions/checkout@v2 - with: - repository: nasa/cFS - submodules: true + strategy: + fail-fast: false + matrix: + scan-type: [security, coding-standard] + + permissions: + security-events: write - - name: Check versions + steps: + # Setup Bundle directory + - name: Setup cFS-Bundle directory (component-path = cFS) + if: inputs.component-path == 'cFS' + run: + echo "BUILD_DIRECTORY=${{github.workspace}}" >> $GITHUB_ENV + + - name: Setup cFS-Bundle directory (component-path != cFS) + if: inputs.component-path != 'cFS' run: | - git log -1 --pretty=oneline - git submodule - - - name: Initialize CodeQL - uses: github/codeql-action/init@v1 - with: - languages: c - config-file: nasa/cFS/.github/codeql/codeql-security.yml@main - - - name: Copy sample_defs - run: ${{ inputs.setup }} + cd .. + git clone https://github.com/nasa/cFS.git --recurse-submodules + cd cFS + echo "BUILD_DIRECTORY=$(pwd)" >> $GITHUB_ENV + git log -1 --pretty=oneline + git submodule + rm -r .git + rm -r ${{ inputs.component-path }} + ln -s ${{github.workspace}} ${{ inputs.component-path }} - - name: Make prep - run: ${{ inputs.make-prep }} - - name: Make Install - run: ${{ inputs.make }} - - - name: Run tests - run: ${{ inputs.tests }} - - - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 - - CodeQL-Coding-Standard-Build: - #Continue if check-for-duplicates found no duplicates. Always runs for pull-requests. - needs: check-for-duplicates - if: ${{ needs.check-for-duplicates.outputs.should_skip != 'true' }} - runs-on: ubuntu-18.04 - timeout-minutes: 15 - - steps: - # Checks out a copy of your repository - - name: Checkout code + - name: Checkout ${{ github.repository }} uses: actions/checkout@v2 - with: - repository: nasa/cFS - submodules: true + with: + submodules: recursive - - name: Check versions - run: | - git log -1 --pretty=oneline - git submodule - - name: Checkout codeql code - uses: actions/checkout@v2 - with: - repository: github/codeql - submodules: true - path: codeql + # Setup the build system + - name: cFS Build Setup + run: | + ${{ inputs.setup }} + ${{ inputs.prep }} + working-directory: ${{env.BUILD_DIRECTORY}} - name: Initialize CodeQL uses: github/codeql-action/init@v1 with: languages: c - config-file: nasa/cFS/.github/codeql/codeql-coding-standard.yml@main - - - name: Copy sample_defs - run: ${{ inputs.setup }} - - - name: Make prep - run: ${{ inputs.make-prep }} + config-file: nasa/cFS/.github/codeql/codeql-${{matrix.scan-type}}.yml@main - - name: Make Install + - name: Build run: ${{ inputs.make }} - - - name: Run tests - run: ${{ inputs.tests }} + working-directory: ${{env.BUILD_DIRECTORY}} - name: Perform CodeQL Analysis - uses: github/codeql-action/analyze@v1 \ No newline at end of file + uses: github/codeql-action/analyze@v1 + with: + add-snippets: true + category: ${{matrix.scan-type}} + + - name: Archive Sarif + uses: actions/upload-artifact@v2 + with: + name: CodeQL-Sarif-${{ matrix.scan-type }} + path: /home/runner/work/${{env.REPO}}/results/cpp.sarif From 267cb8ac1b0efd4fcebbcc394beb07b9dc087f8f Mon Sep 17 00:00:00 2001 From: "Gerardo E. Cruz-Ortiz" <59618057+astrogeco@users.noreply.github.com> Date: Thu, 3 Feb 2022 14:34:31 -0500 Subject: [PATCH 3/3] cFS Integration Candidate: Caelum+dev3 *cFE v7.0.0-rc4+dev70* nasa/cFE#2041, Improve CFE_SB_IsValidMsgId handler nasa/cFE#2034, Update CodeQL workflow nasa/cFE#2042, Replace CFE_SB_ValueToMsgId(0) with CFE_SB_INVALID_MSG_ID *osal v6.0.0-rc4+dev32* nasa/osal#1209, typesafe definition of osal_id_t *sample_app v1.3.0-rc4+dev9* nasa/sample_app#165, Use preferred UT patterns Co-authored-by: Jacob Hageman Co-authored-by: Paul Co-authored-by: Ariel Adams --- apps/sample_app | 2 +- cfe | 2 +- osal | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/apps/sample_app b/apps/sample_app index 2d1bd4b91..7edda31af 160000 --- a/apps/sample_app +++ b/apps/sample_app @@ -1 +1 @@ -Subproject commit 2d1bd4b915dca67c5af5cd25aa0b7a4b498993b5 +Subproject commit 7edda31affdcd70f438717d89b26115447de78f3 diff --git a/cfe b/cfe index 07fb34854..a022e0f2a 160000 --- a/cfe +++ b/cfe @@ -1 +1 @@ -Subproject commit 07fb34854af9667c31216f6cfe615843952f0821 +Subproject commit a022e0f2aec9af93040b91aeb6e68990cc8c02e4 diff --git a/osal b/osal index f75f67cc4..b09585837 160000 --- a/osal +++ b/osal @@ -1 +1 @@ -Subproject commit f75f67cc4a1076430459cfcdf07ac7c29b4e3077 +Subproject commit b0958583748eedd776622f0a873c769b7c554d48