begriffs open source - cmsis/blob - .github/workflows/codeql-analysis.yml

   1 name: "CodeQL"
   2
   3 on:
   4   workflow_dispatch:
   5   push:
   6     branches: [ develop ]
   7     paths:
   8       - 'CMSIS/Core/**'
   9       - 'CMSIS/Core_A/**'
  10       - 'CMSIS/CoreValidation/**'
  11       - 'Device/ARM/**'
  12   pull_request:
  13     branches: [ develop ]
  14     paths:
  15       - '.github/workflows/codeql-analysis.yml'
  16       - 'CMSIS/Core/**'
  17       - 'CMSIS/Core_A/**'
  18       - 'CMSIS/CoreValidation/**'
  19       - 'Device/ARM/**'
  20 jobs:
  21   analyze:
  22     name: Analyze
  23     runs-on: ubuntu-latest
  24     permissions:
  25       actions: read
  26       contents: read
  27       security-events: write
  28     env:
  29       CMSIS_PACK_ROOT: /tmp/.packs-${{ github.run_id }}
  30
  31     steps:
  32     - name: Checkout repository
  33       uses: actions/checkout@v3
  34
  35     - name: Install build dependencies
  36       run: |
  37         sudo apt install gcc-arm-none-eabi ninja-build cmake
  38
  39     - name: Cache pack folder
  40       id: cache-packs
  41       uses: actions/cache@v3
  42       with:
  43         key: packs-${{ github.run_id }}
  44         restore-keys: |
  45           packs-
  46         path: /tmp/.packs-${{ github.run_id }}
  47
  48     - name: Install CMSIS-Toolbox
  49       run: |
  50         wget https://github.com/Open-CMSIS-Pack/cmsis-toolbox/releases/download/1.5.0/cmsis-toolbox.sh
  51         chmod +x cmsis-toolbox.sh
  52         sudo ./cmsis-toolbox.sh <<EOI
  53         /opt/ctools
  54         $CMSIS_PACK_ROOT
  55
  56
  57         $(dirname $(which arm-none-eabi-gcc 2>/dev/null))
  58
  59         EOI
  60         echo "/opt/ctools/bin" >> $GITHUB_PATH
  61         echo "cpackget : $(which cpackget)"
  62         echo "csolution: $(which csolution)"
  63         echo "cbuild   : $(which cbuild)"
  64
  65     - name: Initialize packs folder
  66       if: steps.cache-packs.outputs.cache-hit != 'true'
  67       run: cpackget init https://www.keil.com/pack/index.pidx
  68
  69     - name: Update pack index
  70       if: steps.cache-packs.outputs.cache-hit == 'true'
  71       run: cpackget update-index
  72
  73     - name: Install build.py requirements
  74       run: pip install -r requirements.txt
  75       working-directory: CMSIS/CoreValidation/Project
  76
  77     # Initializes the CodeQL tools for scanning.
  78     - name: Initialize CodeQL
  79       uses: github/codeql-action/init@v2
  80       with:
  81         languages: cpp
  82         queries: security-and-quality
  83
  84     - name: Build projects
  85       working-directory: CMSIS/CoreValidation/Project
  86       run: |
  87         pip install -r requirements.txt
  88         cpackget add -a -f cpacklist.txt
  89         python build.py --verbose -c GCC -d "CM[047]*" -d "CM[23]3*" -o low build || echo "Something failed!"
  90
  91     - name: Perform CodeQL Analysis
  92       uses: github/codeql-action/analyze@v2