MISRA regressions check #35
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Check against the set of MISRA rules that have already been | |
| # resolved to prevent regressions. | |
| name: "MISRA regressions check" | |
| on: | |
| push: | |
| branches: ["master"] | |
| pull_request: | |
| # The branches below must be a subset of the branches above | |
| branches: ["master"] | |
| schedule: | |
| - cron: "16 12 * * 3" | |
| jobs: | |
| analyze: | |
| name: Analyze | |
| runs-on: "ubuntu-latest" | |
| permissions: | |
| actions: read | |
| contents: read | |
| security-events: write | |
| strategy: | |
| fail-fast: false | |
| matrix: | |
| # CodeQL supports [ 'cpp', 'csharp', 'go', 'java', 'javascript', 'python', 'ruby' ] | |
| # Use only 'java' to analyze code written in Java, Kotlin or both | |
| # Use only 'javascript' to analyze code written in JavaScript, TypeScript or both | |
| # Learn more about CodeQL language support at https://aka.ms/codeql-docs/language-support | |
| language: ["cpp"] | |
| steps: | |
| - name: Checkout repository | |
| uses: actions/checkout@v3 | |
| # Pull in the codeql-coding-standards qlpack repository. | |
| # https://github.com/github/codeql-coding-standards | |
| - name: Checkout codeql-coding-standards | |
| uses: actions/checkout@v3 | |
| with: | |
| repository: github/codeql-coding-standards | |
| path: codeql-coding-standards/ | |
| ref: 39f8f9801307e058d6d9f07dcbe7c7d229c18dd0 | |
| # Initializes the CodeQL tools for scanning. | |
| - name: Initialize CodeQL | |
| uses: github/codeql-action/init@v2 | |
| with: | |
| languages: ${{ matrix.language }} | |
| # Points at the config file containing the MISRA rules that have been resolved. | |
| config-file: ./.github/codeql/resolved-misra-rules.yml | |
| # Autobuild attempts to build any compiled languages (C/C++, C#, Go, or Java). | |
| - name: Autobuild | |
| uses: github/codeql-action/autobuild@v2 | |
| - name: Perform CodeQL Analysis | |
| uses: github/codeql-action/analyze@v2 | |
| with: | |
| upload: False | |
| output: sarif-results | |
| - name: Filter Justified Results | |
| uses: advanced-security/filter-sarif@v1 | |
| with: | |
| # Description: Ignore files generated by Bison. | |
| # Justification: Based on the rationale presented by MISRA: | |
| # - The comment occurs within the Bison skeleton files that have | |
| # been checked to not have a missing `*/` ending sequence and | |
| # whose source is not within a repository we maintain. | |
| # - The `//` within a block comment is not as a result of a region | |
| # of code being commented out, but rather as a result of a URL of | |
| # the form "https://..." being present in the comment. | |
| # | |
| # In addition, introducing infrastructure to remove this in-flight | |
| # needlessly adds complexity. | |
| patterns: | | |
| -"**/src/idl/src/parser.{c,h}":c/misra/character-sequences-and-used-within-a-comment | |
| input: sarif-results/cpp.sarif | |
| output: sarif-results/cpp.sarif | |
| - name: Upload SARIF | |
| uses: github/codeql-action/upload-sarif@v2 | |
| with: | |
| sarif_file: sarif-results/cpp.sarif | |
| category: "MISRA" |