summaryrefslogtreecommitdiff
path: root/.github/workflows/scan.yml
blob: 008961b0d713c18a641ab32534e33ecd616dbe4d (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
name: static code analysis

on:
  push:
  schedule:
    - cron: '0 0 * * 1'

env:
  SCAN_IMG:
    yes-docker-local.artifactory.in.yubico.org/static-code-analysis/c:v1
  SECRET: ${{ secrets.ARTIFACTORY_READER_TOKEN }}

jobs:
  build:
    runs-on: ubuntu-latest

    steps:
    - uses: actions/checkout@master

    - name: Scan but do not fail on warnings
      run: |
        if [ "${SECRET}" != "" ]; then
          docker login yes-docker-local.artifactory.in.yubico.org/ \
             -u svc-static-code-analysis-reader \
             -p ${{ secrets.ARTIFACTORY_READER_TOKEN }}
          docker pull ${SCAN_IMG}
          docker run -v${PWD}:/k -e COMPILE_DEPS="${COMPILE_DEPS}" \
             -e PROJECT_NAME=${GITHUB_REPOSITORY#Yubico/} -t ${SCAN_IMG}
        fi
      continue-on-error: true

    - uses: actions/upload-artifact@master
      if: failure()
      with:
        name: suppression_files
        path: suppression_files