name: static code analysis # Documentation: https://github.com/Yubico/yes-static-code-analysis on: push: schedule: - cron: '0 0 * * 1' env: SCAN_IMG: yubico-yes-docker-local.jfrog.io/static-code-analysis/c:v1 COMPILE_DEPS: "libfido2-dev xsltproc" SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }} jobs: build: runs-on: ubuntu-latest steps: - uses: actions/checkout@master - name: Scan and fail on warnings run: | if [ "${SECRET}" != "" ]; then docker login yubico-yes-docker-local.jfrog.io/ \ -u svc-static-code-analysis-reader -p ${SECRET} docker pull ${SCAN_IMG} docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \ -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} \ -e PVS_IGNORE_WARNINGS=${PVS_IGNORE_WARNINGS} -t ${SCAN_IMG} else echo "No docker registry credentials, not scanning" fi - uses: actions/upload-artifact@master if: failure() with: name: suppression_files path: suppression_files