f33e7def06
It performs differential ShellCheck scans and report results directly in pull request. documentation: https://github.com/redhat-plumbers-in-action/differential-shellcheck Signed-off-by: Jan Macku <jamacku@redhat.com>
61 lines
1.4 KiB
YAML
61 lines
1.4 KiB
YAML
name: "Static code analysis"
|
|
on:
|
|
push:
|
|
branches: [master]
|
|
pull_request:
|
|
branches: [master]
|
|
schedule:
|
|
# Everyday at midnight
|
|
- cron: '0 0 * * *'
|
|
jobs:
|
|
codeql:
|
|
runs-on: ubuntu-latest
|
|
permissions:
|
|
security-events: write
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v2
|
|
|
|
- name: Install dependencies
|
|
id: dependencies
|
|
uses: ./.github/actions/install-dependencies
|
|
|
|
- name: Initialize CodeQL
|
|
uses: github/codeql-action/init@v2
|
|
with:
|
|
languages: cpp
|
|
queries: +security-and-quality
|
|
|
|
- name: Configure shadow-utils
|
|
run: ./autogen.sh --without-selinux --disable-man
|
|
|
|
- name: Build shadow-utils
|
|
run: |
|
|
PROCESSORS=$(/usr/bin/getconf _NPROCESSORS_ONLN)
|
|
make -j$PROCESSORS
|
|
|
|
- name: Perform CodeQL Analysis
|
|
uses: github/codeql-action/analyze@v2
|
|
|
|
differential-shellcheck:
|
|
if: github.event_name == 'pull_request'
|
|
runs-on: ubuntu-latest
|
|
|
|
permissions:
|
|
contents: read
|
|
security-events: write
|
|
pull-requests: write
|
|
|
|
steps:
|
|
- name: Checkout repository
|
|
uses: actions/checkout@v3
|
|
with:
|
|
fetch-depth: 0
|
|
|
|
# Doc: https://github.com/redhat-plumbers-in-action/differential-shellcheck#usage
|
|
- name: Differential ShellCheck
|
|
uses: redhat-plumbers-in-action/differential-shellcheck@v3
|
|
with:
|
|
severity: warning
|
|
token: ${{ secrets.GITHUB_TOKEN }}
|