-
Notifications
You must be signed in to change notification settings - Fork 20
84 lines (74 loc) · 3.37 KB
/
one-line-cr-bot.yml
File metadata and controls
84 lines (74 loc) · 3.37 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
# Author: Norbert Manthey <nmanthey@amazon.de>
#
# This workflow will present introduced defects of a pull request to a given
# branch of a package.
#
# The workflow has locations labeled '[ACTION REQUIRED]' where adaptation for
# your build might be required, as well as where to compare the findings to.
#
# To learn more about the available options, check the CLI parameters of the
# script 'one-line-cr-bot.sh' in https://github.com/awslabs/one-line-scan.git
name: One Line CR Bot
on:
pull_request_target:
# [ACTION REQUIRED] Set the branch you want to analyze PRs for
branches:
- '**'
# [ACTION REQUIRED] Use this, if you want analysis for push to repository as well
push:
branches: [ mainline ]
jobs:
build:
runs-on: ubuntu-latest
steps:
# This is to address CVE-2020-15228 proactively. We do not rely on stdout.
- name: Disable workflow commands
run: echo "::stop-commands::`echo -n ${{ github.token }} | sha256sum | head -c 64`"
# Get the code, fetch the full history to make sure we have the compare commit as well
- uses: actions/checkout@v2
with:
fetch-depth: 0
ref: ${{github.event.pull_request.head.ref}}
repository: ${{github.event.pull_request.head.repo.full_name}}
# one-line-cr-bot.sh will get infer and cppcheck, if not available
- name: Install Required Packages
env:
# This is needed in addition to -yq to prevent apt-get from asking for user input
DEBIAN_FRONTEND: noninteractive
# [ACTION REQUIRED] Add your build dependencies here
run: |
sudo apt-get install -y python3-github
# Get the compare remote
- name: Setup Compare Remote
# [ACTION REQUIRED] Add the https URL of your repository
run: git remote add compare https://github.com/awslabs/ktf.git
- name: Fetch Compare Remote
run: git fetch compare
# Get one-line-scan, the tool we will use for analysis
- name: Get OneLineScan
run: git clone -b comment-prs https://github.com/nmanthey/one-line-scan.git ../one-line-scan
# Run the analysis, parameterized for this package
- name: one-line-cr-analysis
env:
# [ACTION REQUIRED] Adapt the values below accordingly
# 'compare' is the name of the remote to use
BASE_COMMIT: "compare/mainline"
BUILD_COMMAND: "make -B all"
CLEAN_COMMAND: "make clean"
# Parameters to be forwarded to used tools in one-line-scan for customization
# Additional CppCheck parameters, do not use e.g. --inconclusive
CPPCHECK_EXTRA_ARG: "--enable=style --enable=performance --enable=information --enable=portability"
# Additional Infer parameters, do not use e.g. --pulse
INFER_ANALYSIS_EXTRA_ARGS: "--bufferoverrun"
# These settings are more preferences, and not directly related to your project
# Set INSTALL_MISSING to false, if ALL targeted tools are already present
IGNORE_ERRORS: false
INSTALL_MISSING: true
OVERRIDE_ANALYSIS_ERROR: true
POST_TO_GITHUB_PR_ONLY: true
REPORT_NEW_ONLY: true
VERBOSE: 0 # >0 shows all currently present defects as well
# We need access to the github token to be able to comment on the PR
GITHUB_TOKEN: "${{ secrets.GITHUB_TOKEN }}"
# Be explicit about the tools to be used
run: ../one-line-scan/one-line-cr-bot.sh -E infer -E cppcheck