Adding a static code analysis github workflow

2024-11-29 00:24:11 +01:00 · 2019-12-09 13:12:37 +01:00 · 2019-12-09 13:12:37 +01:00 · 7286135399
commit 7286135399
parent 5803e4e578
1 changed files with 32 additions and 0 deletions
--- a/.github/workflows/scan.yml
+++ b/.github/workflows/scan.yml
@ -0,0 +1,32 @@
+name: static code analysis
+
+on: [push]
+env:
+  SCAN_IMG:
+    yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
+  COMPILE_DEPS: "libykclient-dev libykpers-1-dev libyubikey-dev"
+
+jobs:
+  build:
+    runs-on: ubuntu-latest
+
+    steps:
+    - uses: actions/checkout@master
+
+    - name: Prep scan
+      run: |
+        docker login yes-docker-local.artifactory.in.yubico.org/ \
+             -u svc-static-code-analysis-reader \
+             -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
+        docker pull ${SCAN_IMG}
+
+    - name: Scan and fail if warnings
+      run: |
+        docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
+          -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
+
+    - uses: actions/upload-artifact@master
+      if: failure()
+      with:
+        name: suppression_files
+        path: suppression_files