CppMicroServices/.github/workflows/code-analysis.yml at development · kkumar45/CppMicroServices · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
# This workflow is based on the examples from the default CodeQL and MSVC Code Analysis
# workflow templates.
#
name: "CodeQL/MSVC Code Analysis"

on:
  push:
    branches: [ development ]
  pull_request:
    branches: [ development ]
  schedule:
    - cron: '28 10 * * 0'

jobs:
  analyze_codeql:
    name: Analyze (CodeQL)
    runs-on: ubuntu-latest

    strategy:
      fail-fast: false
      matrix:
        language: [ 'cpp' ]

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
        submodules: true

    - name: Initialize CodeQL
      uses: github/codeql-action/init@v2
      with:
        languages: ${{ matrix.language }}

    - name: Autobuild
      uses: github/codeql-action/autobuild@v2

    - name: Perform CodeQL Analysis
      uses: github/codeql-action/analyze@v2

  analyze_msvc:
    name: Analyze (MSVC Code Analysis)
    runs-on: windows-latest
    env:
      build: '${{ github.workspace }}/build'
      config: 'Debug'

    strategy:
      fail-fast: false
      matrix:
        language: [ 'cpp' ]

    steps:
    - name: Checkout repository
      uses: actions/checkout@v2
      with:
        submodules: true

    # We won't do the analysis on any test-related code (test bundles, unittest files, etc.)
    - name: Configure with CMake
      run: cmake -B ${{ env.build }} -DCMAKE_BUILD_TYPE=${{ env.config }} -DUS_ENABLE_THREADING_SUPPORT=ON

    # Because certain files are auto-generated during the build, we need to build
    - name: Build with CMake
      run: cmake --build ${{ env.build }} --config ${{ env.config }}

    - name: Run MSVC Code Analysis
      uses: microsoft/msvc-code-analysis-action@v0.1.0
      # Provide a unique ID to access the sarif output path
      id: run-msvc-analysis
      with:
        cmakeBuildDirectory: ${{ env.build }}
        buildConfiguration: ${{ env.config }}
        # Ruleset file that will determine what checks will be run
        ruleset: NativeRecommendedRules.ruleset
        # Paths to ignore analysis of CMake targets and includes
        ignoredPaths: ${{ github.workspace }}/framework/test/bundles;${{ github.workspace }}/compendium/test_bundles;${{ github.workspace }}/third_party

    # Upload SARIF file to GitHub Code Scanning Alerts
    - name: Upload SARIF to GitHub
      uses: github/codeql-action/upload-sarif@v2
      with:
        sarif_file: ${{ steps.run-msvc-analysis.outputs.sarif }}

    # Upload SARIF file as an Artifact to download and view
    - name: Upload SARIF as an Artifact
      uses: actions/upload-artifact@v2
      with:
        name: sarif-file
        path: ${{ steps.run-msvc-analysis.outputs.sarif }}