diff --git a/.github/workflows/sast.yaml b/.github/workflows/sast.yaml index b8c61b09..9b175637 100644 --- a/.github/workflows/sast.yaml +++ b/.github/workflows/sast.yaml @@ -1,26 +1,23 @@ name: Static analysis on: push + # Will run on push when merging to 'branches'. The output will be shown in the console + # push + + # 'pull_request_target' allows this Action to also run on forked repositories + # The output will be shown in PR comments (unless the 'force_console_print' flag is used) + # pull_request_target: + # branches: + # - "*" jobs: static_analysis: runs-on: ubuntu-latest steps: - - name: Checkout code - uses: actions/checkout@v2 - - - name: Clone libtins - run: | - git clone https://github.com/the-tcpdump-group/libtins.git vendor/libtins + - uses: actions/checkout@v2 - - name: Setup OpenSSL - run: | - wget https://www.openssl.org/source/openssl-1.1.1g.tar.gz - tar xzf openssl-1.1.1g.tar.gz - mv openssl-1.1.1g ./openssl-OpenSSL_1_1_1g - - - name: Setup init_script + - name: setup init_script shell: bash run: | echo "#!/bin/bash @@ -35,15 +32,25 @@ jobs: wget -qO /etc/apt/sources.list.d/lunarg-vulkan-focal.list http://packages.lunarg.com/vulkan/lunarg-vulkan-focal.list apt update && apt upgrade -y apt install -y libvulkan1 mesa-vulkan-drivers vulkan-tools" > init_script.sh - chmod +x init_script.sh - name: Run static analysis uses: JacobDomagala/StaticAnalysis@master with: language: c++ + + # Exclude any issues found in ${Project_root_dir}/lib exclude_dir: lib + use_cmake: true + + # Additional apt packages that need to be installed before running Cmake apt_pckgs: software-properties-common libglu1-mesa-dev freeglut3-dev mesa-common-dev + + # Additional script that will be run (sourced) AFTER 'apt_pckgs' and before running Cmake init_script: init_script.sh + + # (Optional) clang-tidy args clang_tidy_args: -checks='*,fuchsia-*,google-*,zircon-*,abseil-*,modernize-use-trailing-return-type' + + # (Optional) cppcheck args cppcheck_args: --enable=all --suppress=missingInclude