diff --git a/.github/workflows/build.yml b/.github/workflows/build.yml index becbc5069..0495ba6a9 100644 --- a/.github/workflows/build.yml +++ b/.github/workflows/build.yml @@ -219,7 +219,7 @@ jobs: uses: actions/checkout@v4 - name: Download Artifacts - uses: actions/download-artifact@v4 + uses: actions/download-artifact@v5 with: path: cmake-build merge-multiple: true diff --git a/.github/workflows/build_util.yml b/.github/workflows/build_util.yml index a2c96f3c0..d52924efd 100644 --- a/.github/workflows/build_util.yml +++ b/.github/workflows/build_util.yml @@ -20,6 +20,10 @@ on: required: false default: false type: boolean + analyze-pvs: + required: false + default: false + type: boolean os: required: false type: string @@ -68,6 +72,28 @@ jobs: fi shell: bash + - name: PVS-Studio analyze + if: ${{ inputs.analyze-pvs }} + run: | + wget -q -O - https://files.pvs-studio.com/etc/pubkey.txt | sudo apt-key add - + sudo wget -O /etc/apt/sources.list.d/viva64.list https://files.pvs-studio.com/etc/viva64.list + sudo apt update + sudo apt install pvs-studio + pvs-studio-analyzer credentials ${{ secrets.PVS_STUDIO_CREDENTIALS }} + mkdir -p sarif-reports + for build_dir in cmake-build/cmake-build-*; do + BOARD=${build_dir#cmake-build/cmake-build-} + pvs-studio-analyzer analyze -f ${build_dir}/compile_commands.json -j -o ${build_dir}/pvs-report.log --exclude-path hw/mcu/ --exclude-path lib/ + plog-converter -t sarif -o sarif-reports/${BOARD}.sarif ${build_dir}/pvs-report.log + done + + - name: PVS-Studio upload SARIF + if: ${{ inputs.analyze-pvs }} + uses: github/codeql-action/upload-sarif@v4 + with: + sarif_file: sarif-reports/ + category: PVS-Studio + - name: Upload Artifacts for Hardware Testing if: ${{ inputs.upload-artifacts }} uses: actions/upload-artifact@v4 diff --git a/.github/workflows/static_analysis.yml b/.github/workflows/static_analysis.yml new file mode 100644 index 000000000..3ace5cf99 --- /dev/null +++ b/.github/workflows/static_analysis.yml @@ -0,0 +1,43 @@ +name: Static Analysis +on: + workflow_dispatch: + push: + branches: + - master + pull_request: + types: [opened, synchronize, reopened] +jobs: +# SonarQube: +# name: Build and analyze +# runs-on: ubuntu-latest +# env: +# BUILD_WRAPPER_OUT_DIR: build_wrapper_output_directory # Directory where build-wrapper output will be placed +# steps: +# - uses: actions/checkout@v4 +# with: +# fetch-depth: 0 # Shallow clones should be disabled for a better relevancy of analysis +# - name: Install Build Wrapper +# uses: SonarSource/sonarqube-scan-action/install-build-wrapper@v6 +# - name: Run Build Wrapper +# run: | +# build-wrapper-linux-x86-64 --out-dir ${{ env.BUILD_WRAPPER_OUT_DIR }} cmake --build --preset ${{ env.BOARD }} -t ${{ env.EXAMPLE }} +# - name: SonarQube Scan +# uses: SonarSource/sonarqube-scan-action@v6 +# env: +# SONAR_TOKEN: ${{ secrets.SONAR_TOKEN }} +# with: +# args: > +# --define "sonar.cfamily.compile-commands=${{ env.BUILD_WRAPPER_OUT_DIR }}/compile_commands.json" + PVS-Studio: + uses: ./.github/workflows/build_util.yml + strategy: + fail-fast: false + matrix: + board: + - 'stm32h743eval' + with: + build-system: 'cmake' + toolchain: 'arm-gcc' + build-args: '-b${{ matrix.board }}' + one-per-family: true + analyze-pvs: true diff --git a/examples/device/cdc_msc/src/msc_disk.c b/examples/device/cdc_msc/src/msc_disk.c index 9a43d321e..b39f5efa1 100644 --- a/examples/device/cdc_msc/src/msc_disk.c +++ b/examples/device/cdc_msc/src/msc_disk.c @@ -45,10 +45,11 @@ enum { DISK_BLOCK_SIZE = 512 }; +static #ifdef CFG_EXAMPLE_MSC_READONLY const #endif -static uint8_t msc_disk[DISK_BLOCK_NUM][DISK_BLOCK_SIZE] = { +uint8_t msc_disk[DISK_BLOCK_NUM][DISK_BLOCK_SIZE] = { //------------- Block0: Boot Sector -------------// // byte_per_sector = DISK_BLOCK_SIZE; fat12_sector_num_16 = DISK_BLOCK_NUM; // sector_per_cluster = 1; reserved_sectors = 1; diff --git a/examples/device/cdc_msc_freertos/src/msc_disk.c b/examples/device/cdc_msc_freertos/src/msc_disk.c index 996be738d..29ff86281 100644 --- a/examples/device/cdc_msc_freertos/src/msc_disk.c +++ b/examples/device/cdc_msc_freertos/src/msc_disk.c @@ -76,10 +76,11 @@ enum { DISK_BLOCK_SIZE = 512 }; +static #ifdef CFG_EXAMPLE_MSC_READONLY const #endif -static uint8_t msc_disk[DISK_BLOCK_NUM][DISK_BLOCK_SIZE] = +uint8_t msc_disk[DISK_BLOCK_NUM][DISK_BLOCK_SIZE] = { //------------- Block0: Boot Sector -------------// // byte_per_sector = DISK_BLOCK_SIZE; fat12_sector_num_16 = DISK_BLOCK_NUM; diff --git a/examples/device/dynamic_configuration/src/msc_disk.c b/examples/device/dynamic_configuration/src/msc_disk.c index 95bf8e45f..ab71b02d6 100644 --- a/examples/device/dynamic_configuration/src/msc_disk.c +++ b/examples/device/dynamic_configuration/src/msc_disk.c @@ -43,10 +43,11 @@ enum DISK_BLOCK_SIZE = 512 }; +static #ifdef CFG_EXAMPLE_MSC_READONLY const #endif -static uint8_t msc_disk[DISK_BLOCK_NUM][DISK_BLOCK_SIZE] = +uint8_t msc_disk[DISK_BLOCK_NUM][DISK_BLOCK_SIZE] = { //------------- Block0: Boot Sector -------------// // byte_per_sector = DISK_BLOCK_SIZE; fat12_sector_num_16 = DISK_BLOCK_NUM;