deep5050 / cppcheck-action Goto Github PK
View Code? Open in Web Editor NEWA github action to perform C/C++ security checks automatically
License: MIT License
A github action to perform C/C++ security checks automatically
License: MIT License
Hi there, thank you for this useful tool.
i have an issue while running static analysis task. max_ctu_depth is not recognized
Action: https://github.com/BaderEddineOuaich/Enigma/runs/1455710276
static-analysis.yml file
# Enigma Static Analysis task using CppCheck
# https://github.com/marketplace/actions/cppcheck-action
name: static-analysis
# analyse on pushs and pull requests on master branch
on:
push:
branches: [ master ]
pull_request:
branches: [ master ]
jobs:
build:
name: cppcheck
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v2
- name: cppcheck
uses: deep5050/cppcheck-action@master
with:
github_token: ${{ secrets.GITHUB_TOKEN}}
github_username: "BaderEddineOuaich"
github_email: "[email protected]"
#commit_msg: "<optional commit message>"
#check_library:
#skip_preprocessor:
enable: warning,portability,performance
exclude_check: ./Dependencies/
#inconclusive:
#inline_suppression:
force_language: c++
max_ctu_depth: 4
#platform:
output_file: ./Static-Analysis-Report.txt #(default cppcheck_report.txt)
Thank you
Hey! Nice action, thanks for the great work.
I have two questions:
cat cppcheck_report.txt
, but it shows file not found.I suggest to add new input option, quite (-q) with default value disabled.
Is it possible to update cppcheck 2.4.1 to latest version (2.7)?
'exclude_check' It seems can only specify one folder
Hello,
Thank you for making this awesome actions!
I see in entrypoint.py, that the action is not allowed to run on pull-requests. I am by no means a Github Actions expert, but I was wondering why this is the case?
Thank you in advance,
Mikkel
It would be more useful for the action to dump the error report to the the console and if there are errors to fail the action. Commiting the reports to the repo is less helpful since it won't fail the action and is inconsistent with other CI workflows.
Hi,
I was trying to use this action in my internal repo. It doesn't work and fails. The action didn't produce any failure logs which I analyze.
Run deep5050/cppcheck-action@main
with:
github_token: ***
enable: performance,portability,unusedFunction
exclude_check: ./external
check_library: disable
skip_preprocessor: disable
inconclusive: disable
inline_suppression: disable
force_language: c++
force: enable
max_ctu_depth: 2
std: c++17
platform: disable
other_options: --verbose --std=c++17 -i./tools/test
output_file: ./cppcheck_report.txt
/usr/bin/docker run --name b5709404637d544838a1844192f95754e_222d44 --label 94351b --workdir /github/workspace --rm -e "INPUT_GITHUB_TOKEN" -e "INPUT_ENABLE" -e "INPUT_EXCLUDE_CHECK" -e "INPUT_CHECK_LIBRARY" -e "INPUT_SKIP_PREPROCESSOR" -e "INPUT_INCONCLUSIVE" -e "INPUT_INLINE_SUPPRESSION" -e "INPUT_FORCE_LANGUAGE" -e "INPUT_FORCE" -e "INPUT_MAX_CTU_DEPTH" -e "INPUT_STD" -e "INPUT_PLATFORM" -e "INPUT_OTHER_OPTIONS" -e "INPUT_OUTPUT_FILE" -e "INPUT_TARGET_BRANCH" -e "INPUT_PULL_REQUEST_BRANCH" -e "INPUT_TARGET_REPOSITORY" -e "INPUT_PULL_REQUEST_REPOSITORY" -e "HOME" -e "GITHUB_JOB" -e "GITHUB_REF" -e "GITHUB_SHA" -e "GITHUB_REPOSITORY" -e "GITHUB_REPOSITORY_OWNER" -e "GITHUB_REPOSITORY_OWNER_ID" -e "GITHUB_RUN_ID" -e "GITHUB_RUN_NUMBER" -e "GITHUB_RETENTION_DAYS" -e "GITHUB_RUN_ATTEMPT" -e "GITHUB_REPOSITORY_ID" -e "GITHUB_ACTOR_ID" -e "GITHUB_ACTOR" -e "GITHUB_TRIGGERING_ACTOR" -e "GITHUB_WORKFLOW" -e "GITHUB_HEAD_REF" -e "GITHUB_BASE_REF" -e "GITHUB_EVENT_NAME" -e "GITHUB_SERVER_URL" -e "GITHUB_API_URL" -e "GITHUB_GRAPHQL_URL" -e "GITHUB_REF_NAME" -e "GITHUB_REF_PROTECTED" -e "GITHUB_REF_TYPE" -e "GITHUB_WORKFLOW_REF" -e "GITHUB_WORKFLOW_SHA" -e "GITHUB_WORKSPACE" -e "GITHUB_ACTION" -e "GITHUB_EVENT_PATH" -e "GITHUB_ACTION_REPOSITORY" -e "GITHUB_ACTION_REF" -e "GITHUB_PATH" -e "GITHUB_ENV" -e "GITHUB_STEP_SUMMARY" -e "GITHUB_STATE" -e "GITHUB_OUTPUT" -e "RUNNER_OS" -e "RUNNER_ARCH" -e "RUNNER_NAME" -e "RUNNER_ENVIRONMENT" -e "RUNNER_TOOL_CACHE" -e "RUNNER_TEMP" -e "RUNNER_WORKSPACE" -e "ACTIONS_RUNTIME_URL" -e "ACTIONS_RUNTIME_TOKEN" -e "ACTIONS_CACHE_URL" -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/devtools-external/devtools-external":"/github/workspace" 94351b:5709404637d544838a1844192f95754e
Out of curiosity and to corner the issue, I tried running the same action with the same configurations under public repo. It worked seamlessly.
FYI, I ran the action using the highest permissions on the internal repo i.e. permissions: write-all
just to see if this could be the issue. But no help.
Any input would be highly appreciated.
Thanks
Anytime I try to run the latest version of cppcheck-action v2.0.0, I receive the error:
Error: Container action is only supported on Linux
Despite that I force run on the win64 platform for my hosted runner machine which runs Windows 10 64-bit
This is a test to check the greet
workflow.
I have added this cppcheck action to one of my workflows, and I've noticed that the job executes on push, but it doesn't execute on pull request. In both cases its the exact same job - one runs, the other doesn't.
My job definition:
cppcheck_analysis:
runs-on: ubuntu-18.04
steps:
- name: Checkout
uses: actions/checkout@v2
with:
fetch-depth: 0
- name: cppcheck
uses: deep5050/[email protected]
with:
github_token: ${{ secrets.GITHUB_TOKEN }}
platform: 'unix64'
std: 'c++14'
output_file: cppcheck_report.txt
When the job executes as part of a push
, I get the full output and everything works.
When the job executes as part of a pull_request
I only get the following in the log:
##[group]Run deep5050/[email protected]
with:
github_token: ***
platform: unix64
std: c++14
output_file: cppcheck_report.txt
check_library: disable
skip_preprocessor: disable
enable: all
exclude_check: disable
inconclusive: enable
inline_suppression: disable
force_language: disable
force: disable
max_ctu_depth: disable
other_options: disable
env:
BUILD_TYPE: Release
##[endgroup]
##[command]/usr/bin/docker run --name a33c132b95d7e10cf45b2a9e9d9ead91e9eeb_dab94e --label 8a33c1 --workdir /github/workspace --rm -e BUILD_TYPE -e INPUT_GITHUB_TOKEN -e INPUT_PLATFORM -e INPUT_STD -e INPUT_OUTPUT_FILE -e INPUT_CHECK_LIBRARY -e INPUT_SKIP_PREPROCESSOR -e INPUT_ENABLE -e INPUT_EXCLUDE_CHECK -e INPUT_INCONCLUSIVE -e INPUT_INLINE_SUPPRESSION -e INPUT_FORCE_LANGUAGE -e INPUT_FORCE -e INPUT_MAX_CTU_DEPTH -e INPUT_TARGET_BRANCH -e INPUT_OTHER_OPTIONS -e INPUT_PULL_REQUEST_BRANCH -e INPUT_TARGET_REPOSITORY -e INPUT_PULL_REQUEST_REPOSITORY -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/PVP/PVP":"/github/workspace" 8a33c1:32b95d7e10cf45b2a9e9d9ead91e9eeb
Post job cleanup.
[command]/usr/bin/git version
git version 2.31.1
[command]/usr/bin/git config --local --name-only --get-regexp core.sshCommand
[command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'core.sshCommand' && git config --local --unset-all 'core.sshCommand' || :
[command]/usr/bin/git config --local --name-only --get-regexp http.https://github.com/.extraheader
http.https://github.com/.extraheader
[command]/usr/bin/git config --local --unset-all http.https://github.com/.extraheader
[command]/usr/bin/git submodule foreach --recursive git config --local --name-only --get-regexp 'http.https://github.com/.extraheader' && git config --local --unset-all 'http.https://github.com/.extraheader' || :
Uploading runner diagnostic logs
Completed runner diagnostic log upload
Cleaning up orphan processes
I would imagine this is a bug? There shouldn't be a reason why it runs on commit but not on PR?
Hello there,
Thanks again for this useful tool!
I had an issue running with skip_preprocessor option enabled, it adds an option --E which is not recognized by cppcheck.
here some info may help fixing this issue:
Logs
cppcheck Run deep5050/cppcheck-action@main with: github_token: *** skip_preprocessor: enable enable: all exclude_check: ./Dependencies/ force_language: c++ max_ctu_depth: 9 output_file: ./CppCheck-Static-Analysis-Report.txt check_library: disable inconclusive: enable inline_suppression: disable platform: disable /usr/bin/docker run --name c0654dccb4854943dbf8bf480d7be_9f9d24 --label 179394 --workdir /github/workspace --rm -e INPUT_GITHUB_TOKEN -e INPUT_SKIP_PREPROCESSOR -e INPUT_ENABLE -e INPUT_EXCLUDE_CHECK -e INPUT_FORCE_LANGUAGE -e INPUT_MAX_CTU_DEPTH -e INPUT_OUTPUT_FILE -e INPUT_CHECK_LIBRARY -e INPUT_INCONCLUSIVE -e INPUT_INLINE_SUPPRESSION -e INPUT_PLATFORM -e INPUT_TARGET_BRANCH -e INPUT_PULL_REQUEST_BRANCH -e INPUT_TARGET_REPOSITORY -e INPUT_PULL_REQUEST_REPOSITORY -e HOME -e GITHUB_JOB -e GITHUB_REF -e GITHUB_SHA -e GITHUB_REPOSITORY -e GITHUB_REPOSITORY_OWNER -e GITHUB_RUN_ID -e GITHUB_RUN_NUMBER -e GITHUB_RETENTION_DAYS -e GITHUB_ACTOR -e GITHUB_WORKFLOW -e GITHUB_HEAD_REF -e GITHUB_BASE_REF -e GITHUB_EVENT_NAME -e GITHUB_SERVER_URL -e GITHUB_API_URL -e GITHUB_GRAPHQL_URL -e GITHUB_WORKSPACE -e GITHUB_ACTION -e GITHUB_EVENT_PATH -e GITHUB_ACTION_REPOSITORY -e GITHUB_ACTION_REF -e GITHUB_PATH -e GITHUB_ENV -e RUNNER_OS -e RUNNER_TOOL_CACHE -e RUNNER_TEMP -e RUNNER_WORKSPACE -e ACTIONS_RUNTIME_URL -e ACTIONS_RUNTIME_TOKEN -e ACTIONS_CACHE_URL -e GITHUB_ACTIONS=true -e CI=true -v "/var/run/docker.sock":"/var/run/docker.sock" -v "/home/runner/work/_temp/_github_home":"/github/home" -v "/home/runner/work/_temp/_github_workflow":"/github/workflow" -v "/home/runner/work/_temp/_runner_file_commands":"/github/file_commands" -v "/home/runner/work/Enigma/Enigma":"/github/workspace" 179394:684c0654dccb4854943dbf8bf480d7be Cppcheck 2.3 cppcheck: error: unrecognized command line option: "--E". given command cppcheck --E --enable=all -i ./Dependencies/ --inconclusive --language=c++ --max-ctu-depth=9 --output-file=./CppCheck-Static-Analysis-Report.txt . checking version
I'd really like to have more control over the commit messages in this action, for example in a clang-format action I use, this is how they expose the parameters.
author_name: Clang Robot
author_email: [email protected]
message: 'Committing clang-format changes'
Does this seem like something worth integrating?
Per kind request in recent PR #20 discussion:
Let me ask you something, would you please take some time to add a little feature to it once I merge this?
Let users specify custom options ( without checking them inside my code). As many >options are added to the cppcheck tool on every new release, It's not possible to cover >all of them. so I was planning to add an environment variable like
other_options
where >users can add options on their own.
Originally posted by @deep5050 in #20 (comment)
Add support for cppcheck run on pull requests.
Comment back with report.
A declarative, efficient, and flexible JavaScript library for building user interfaces.
๐ Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
An Open Source Machine Learning Framework for Everyone
The Web framework for perfectionists with deadlines.
A PHP framework for web artisans
Bring data to life with SVG, Canvas and HTML. ๐๐๐
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
Some thing interesting about web. New door for the world.
A server is a program made to process requests and deliver data to clients.
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
Some thing interesting about visualization, use data art
Some thing interesting about game, make everyone happy.
We are working to build community through open source technology. NB: members must have two-factor auth.
Open source projects and samples from Microsoft.
Google โค๏ธ Open Source for everyone.
Alibaba Open Source for everyone
Data-Driven Documents codes.
China tencent open source team.