name: "CodeQL" on: workflow_dispatch: push: branches: [ develop ] paths: - 'CMSIS/Core/**' - 'CMSIS/Core_A/**' - 'CMSIS/CoreValidation/**' - 'Device/ARM/**' pull_request: branches: [ develop ] paths: - '.github/workflows/codeql-analysis.yml' - 'CMSIS/Core/**' - 'CMSIS/Core_A/**' - 'CMSIS/CoreValidation/**' - 'Device/ARM/**' jobs: analyze: name: Analyze runs-on: ubuntu-latest permissions: actions: read contents: read security-events: write env: CMSIS_PACK_ROOT: /tmp/.packs-${{ github.run_id }} steps: - name: Checkout repository uses: actions/checkout@v3 - name: Install build dependencies run: | sudo apt install gcc-arm-none-eabi ninja-build cmake - name: Cache pack folder id: cache-packs uses: actions/cache@v3 with: key: packs-${{ github.run_id }} restore-keys: | packs- path: /tmp/.packs-${{ github.run_id }} - name: Install CMSIS-Toolbox run: | wget https://github.com/Open-CMSIS-Pack/cmsis-toolbox/releases/download/1.5.0/cmsis-toolbox.sh chmod +x cmsis-toolbox.sh sudo ./cmsis-toolbox.sh </dev/null)) EOI echo "/opt/ctools/bin" >> $GITHUB_PATH echo "cpackget : $(which cpackget)" echo "csolution: $(which csolution)" echo "cbuild : $(which cbuild)" - name: Initialize packs folder if: steps.cache-packs.outputs.cache-hit != 'true' run: cpackget init https://www.keil.com/pack/index.pidx - name: Update pack index if: steps.cache-packs.outputs.cache-hit == 'true' run: cpackget update-index - name: Install build.py requirements run: pip install -r requirements.txt working-directory: CMSIS/CoreValidation/Project # Initializes the CodeQL tools for scanning. - name: Initialize CodeQL uses: github/codeql-action/init@v2 with: languages: cpp queries: security-and-quality - name: Build projects working-directory: CMSIS/CoreValidation/Project run: | pip install -r requirements.txt cpackget add -a -f cpacklist.txt python build.py --verbose -c GCC -d "CM[047]*" -d "CM[23]3*" -o low build || echo "Something failed!" - name: Perform CodeQL Analysis uses: github/codeql-action/analyze@v2