cmake-tutorial/.github/workflows/codeql.yml at 91bed127acd64782f5404cde64b5ea9f5fd4da19 · iarsystems/cmake-tutorial · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
name: Code Analysis

on:
  push:
    paths-ignore:
    - 'README.md'
  workflow_dispatch:
  schedule:
  - cron: '30 16 * * *'

# Set a new GitHub Actions Secret named IAR_LMS_BEARER_TOKEN
# for your repository. The secret is then propagated to an
# Environment variable used for all jobs within this workflow
env:
  IAR_LMS_BEARER_TOKEN: ${{ secrets.IAR_LMS_BEARER_TOKEN }}

# Set default permissions for the workflow jobs
permissions:
  contents: read

jobs:
  tutorial:
    name: Analyze tutorial
    runs-on: ubuntu-24.04
    container: ghcr.io/iarsystems/arm
    permissions:
      security-events: write
      actions: read
      contents: read
      packages: read
    steps:
    - name: Checkout project
      uses: actions/checkout@v6

    - name: IAR C-STAT Static Analysis
      working-directory: tutorial
      run: |
        ichecks --all --output checks.manifest
        icstat --checks checks.manifest --db cstat.db --sarif_dir . analyze -- iccarm tutorial.c

    - name: Upload SARIF
      uses: github/codeql-action/upload-sarif@v3
      with:
        sarif_file: tutorial/tutorial.c.sarif
        category: cstat-analysis