diff --git a/.clang-tidy b/.clang-tidy new file mode 100644 index 0000000..730eec2 --- /dev/null +++ b/.clang-tidy @@ -0,0 +1,4 @@ +Checks: '-*,readability-*,performance-*' +WarningsAsErrors: '' +HeaderFilterRegex: '.*' +AnalyzeTemporaryDtors: false diff --git a/.github/workflows/codacy.yml b/.github/workflows/codacy.yml index 87c15e6..d4d0774 100644 --- a/.github/workflows/codacy.yml +++ b/.github/workflows/codacy.yml @@ -38,9 +38,15 @@ jobs: - name: Checkout code uses: actions/checkout@v4 + - name: Configure and Build CMake + run: | + cmake -B build + cmake --build build + # Execute Codacy Analysis CLI and generate a SARIF output with the security issues identified during the analysis - name: Run Codacy Analysis CLI uses: codacy/codacy-analysis-cli-action@d840f886c4bd4edc059706d09c6a1586111c540b + continue-on-error: true with: # Check https://github.com/codacy/codacy-analysis-cli#project-token to get your project token from your Codacy repository # You can also omit the token and run the tools that support default configurations @@ -54,9 +60,10 @@ jobs: # This will handover control about PR rejection to the GitHub side max-allowed-issues: 2147483647 - # Upload the SARIF file generated in the previous step - - name: Upload SARIF results file - uses: github/codeql-action/upload-sarif@v3 - with: - sarif_file: results.sarif - category: 'codacy' + # # Upload the SARIF file generated in the previous step + # - name: Upload SARIF results file + # uses: github/codeql-action/upload-sarif@v4 + # if: always() + # with: + # sarif_file: results.sarif + # category: '${{ github.workflow }}-codacy' diff --git a/.github/workflows/codeql.yml b/.github/workflows/codeql.yml index 804f33e..1ec97d4 100644 --- a/.github/workflows/codeql.yml +++ b/.github/workflows/codeql.yml @@ -90,8 +90,3 @@ jobs: uses: github/codeql-action/analyze@v3 with: category: '/language:${{matrix.language}}' - - - name: Upload Results - uses: github/codeql-action/upload-sarif@v3 - with: - category: 'codeql-${{matrix.language}}-${{ matrix.build-mode }}' diff --git a/.github/workflows/msvc.yml b/.github/workflows/msvc.yml index c1244e9..533110a 100644 --- a/.github/workflows/msvc.yml +++ b/.github/workflows/msvc.yml @@ -39,9 +39,8 @@ jobs: - name: Configure CMake run: cmake -B ${{ env.build }} - # Build is not required unless generated source files are used - # - name: Build CMake - # run: cmake --build ${{ env.build }} + - name: Build CMake + run: cmake --build ${{ env.build }} - name: Initialize MSVC Code Analysis uses: microsoft/msvc-code-analysis-action@04825f6d9e00f87422d6bf04e1a38b1f3ed60d99 @@ -52,12 +51,43 @@ jobs: # Ruleset file that will determine what checks will be run ruleset: NativeRecommendedRules.ruleset + - name: Consolidate SARIF + shell: powershell + run: | + $sarif = Get-Content "${{ steps.run-analysis.outputs.sarif }}" -Raw | ConvertFrom-Json + + # Merge all runs into the first run + if ($sarif.runs.Count -gt 1) { + $firstRun = $sarif.runs[0] + for ($i = 1; $i -lt $sarif.runs.Count; $i++) { + $firstRun.results += $sarif.runs[$i].results + } + $sarif.runs = @($firstRun) + } + + $sarif | ConvertTo-Json -Depth 100 | Set-Content "${{ steps.run-analysis.outputs.sarif }}" + + # - name: Merge SARIF runs + # run: | + # pip install sarif-tools + # python -c " + # import json, glob + # merged = {'version':'2.1.0','runs':[]} + # for f in glob.glob('build/*.sarif'): + # with open(f) as s: + # merged['runs'] += json.load(s)['runs'] + # with open('build/results.sarif','w') as out: + # json.dump(merged, out) + # " + + # Upload SARIF file to GitHub Code Scanning Alerts - name: Upload SARIF to GitHub - uses: github/codeql-action/upload-sarif@v3 + uses: github/codeql-action/upload-sarif@v4 with: sarif_file: ${{ steps.run-analysis.outputs.sarif }} category: 'msvc-cpp' + # Upload SARIF file as an Artifact to download and view # - name: Upload SARIF as an Artifact