Fix first instance rule being used as rule description for all violations of that rule and other SARIF improvements #7730
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # Syntax reference https://help.github.com/en/actions/reference/workflow-syntax-for-github-actions | |
| # Environment reference https://help.github.com/en/actions/reference/virtual-environments-for-github-hosted-runners | |
| name: cppcheck-premium | |
| on: | |
| push: | |
| branches: | |
| - 'main' | |
| - 'releases/**' | |
| - '2.*' | |
| tags: | |
| - '2.*' | |
| pull_request: | |
| workflow_dispatch: | |
| inputs: | |
| premium_version: | |
| description: 'Cppcheck Premium version' | |
| permissions: | |
| contents: read | |
| security-events: write | |
| jobs: | |
| build: | |
| runs-on: ubuntu-24.04 # run on the latest image only | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| - name: Download cppcheckpremium release | |
| run: | | |
| premium_version=${{ inputs.premium_version }} | |
| if [ -z $premium_version ]; then | |
| premium_version=25.8.3 | |
| #wget https://files.cppchecksolutions.com/devdrop/cppcheckpremium-$premium_version-amd64.tar.gz -O cppcheckpremium.tar.gz | |
| wget https://files.cppchecksolutions.com/$premium_version/ubuntu-24.04/cppcheckpremium-$premium_version-amd64.tar.gz -O cppcheckpremium.tar.gz | |
| else | |
| wget https://files.cppchecksolutions.com/$premium_version/ubuntu-24.04/cppcheckpremium-$premium_version-amd64.tar.gz -O cppcheckpremium.tar.gz | |
| fi | |
| tar xzf cppcheckpremium.tar.gz | |
| mv cppcheckpremium-$premium_version cppcheckpremium | |
| - name: Generate a license file | |
| run: | | |
| echo cppcheck > cppcheck.lic | |
| echo 251231 >> cppcheck.lic | |
| echo 80000 >> cppcheck.lic | |
| echo 4f8dc8e7c8bb288f >> cppcheck.lic | |
| echo path:lib >> cppcheck.lic | |
| - name: Check | |
| run: | | |
| cppcheckpremium/premiumaddon --check-loc-license cppcheck.lic > cppcheck-premium-loc | |
| cppcheckpremium/cppcheck --premium=safety-off -j$(nproc) -D__GNUC__ -D__CPPCHECK__ --suppressions-list=cppcheckpremium-suppressions --platform=unix64 --enable=style --premium=misra-c++-2023 --premium=cert-c++-2016 --inline-suppr lib --error-exitcode=0 --output-format=sarif 2> results.sarif | |
| - name: Cat results | |
| run: | | |
| #sed -i 's|"security-severity":.*||' results.sarif | |
| cat results.sarif | |
| - uses: actions/upload-artifact@v4 | |
| with: | |
| name: results | |
| path: results.sarif | |
| - name: Upload report | |
| uses: github/codeql-action/upload-sarif@v3 | |
| with: | |
| sarif_file: results.sarif | |
| category: cppcheckpremium |