11name : Codechecker
22on :
3+ pull_request :
4+ branches :
5+ - main
36 push :
47 branches :
58 - main
@@ -15,6 +18,9 @@ concurrency:
1518jobs :
1619 Codechecker :
1720 if : github.repository_owner == 'zephyrproject-rtos'
21+ permissions :
22+ pull-requests : write # to create/update pull request comments
23+ security-events : write
1824 runs-on :
1925 group : zephyr-runner-v2-linux-x64-4xlarge
2026 container :
2733 CCACHE_IGNOREOPTIONS : ' -specs=* --specs=*'
2834 LLVM_TOOLCHAIN_PATH : /usr/lib/llvm-16
2935 BASE_REF : ${{ github.base_ref }}
30- permissions :
31- security-events : write
3236 steps :
3337 - name : Apply container owner mismatch workaround
3438 run : |
@@ -100,13 +104,26 @@ jobs:
100104 sudo apt-get install -y jq
101105 export PATH=/usr/lib/llvm-16/bin/:$PATH
102106
103- ./scripts/twister -i --force-color -N -v --build-only --timeout-multiplier 2 -p qemu_x86 -T tests/kernel/threads -T tests/lib/heap
107+ ./scripts/twister -i --force-color -N -v --build-only --timeout-multiplier 2 -p qemu_x86 -T tests/kernel/threads/thread_apis/
104108
105109 #sarif copy --output results.sarif $(find twister-out -name "codechecker.sarif")
106110 jq -s '{ "$schema": "https://json.schemastore.org/sarif-2.1.0", "version": "2.1.0", "runs": map(.runs) | add }' $(find twister-out -name "codechecker.sarif") > results.sarif
107111
112+ name : Post SARIF findings in the pull request
113+ if : github.event_name == 'pull_request'
114+ uses :
sett-and-hive/[email protected] 115+ with :
116+ token : ${{ secrets.GITHUB_TOKEN }}
117+ branch : ${{ github.head_ref }}
118+ pr-number : ${{ github.event.number }}
119+ repository : ${{ github.repository }}
120+ sarif-file : " ./results.sarif"
121+ title : My security issue
122+ dry-run : ' false'
123+ odc-sarif : true
124+
108125 - name : Upload SARIF as artifact
109- if : always()
126+ if : always() && github.event_name == 'push'
110127 uses : actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1
111128 with :
112129 name : sarif
0 commit comments