1*672d764fSchristosname: static code analysis 2*672d764fSchristos# Documentation: https://github.com/Yubico/yes-static-code-analysis 3*672d764fSchristos 4*672d764fSchristoson: 5*672d764fSchristos push: 6*672d764fSchristos schedule: 7*672d764fSchristos - cron: '0 0 * * 1' 8*672d764fSchristos 9*672d764fSchristosenv: 10*672d764fSchristos SCAN_IMG: 11*672d764fSchristos yubico-yes-docker-local.jfrog.io/static-code-analysis/c:v1 12*672d764fSchristos COMPILE_DEPS: "libfido2-dev xsltproc" 13*672d764fSchristos SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }} 14*672d764fSchristos 15*672d764fSchristosjobs: 16*672d764fSchristos build: 17*672d764fSchristos runs-on: ubuntu-latest 18*672d764fSchristos 19*672d764fSchristos steps: 20*672d764fSchristos - uses: actions/checkout@master 21*672d764fSchristos 22*672d764fSchristos - name: Scan and fail on warnings 23*672d764fSchristos run: | 24*672d764fSchristos if [ "${SECRET}" != "" ]; then 25*672d764fSchristos docker login yubico-yes-docker-local.jfrog.io/ \ 26*672d764fSchristos -u svc-static-code-analysis-reader -p ${SECRET} 27*672d764fSchristos docker pull ${SCAN_IMG} 28*672d764fSchristos docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ 29*672d764fSchristos -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \ 30*672d764fSchristos -e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG} 31*672d764fSchristos else 32*672d764fSchristos echo "No docker registry credentials, not scanning" 33*672d764fSchristos fi 34*672d764fSchristos 35*672d764fSchristos - uses: actions/upload-artifact@master 36*672d764fSchristos if: failure() 37*672d764fSchristos with: 38*672d764fSchristos name: suppression_files 39*672d764fSchristos path: suppression_files 40