static-analysis.yml

name: "Static analysis"

on:
  push:
    branches: [ "master" ]

# Declare default permissions as read only.
permissions: read-all

jobs:
  static-analysis:
    name: Run ledger static analysis
    runs-on: ubuntu-20.04

    steps:
      - name: Checkout this repo
        uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 #v4.2.2

      - name: Build the ledger docker image
        run: docker/ledger/build

      - name: Run static analysis
        id: static-analysis
        continue-on-error: true
        run: |
          firmware/static-analysis/gen-static-analysis
      
      - name: Upload static analysis reports
        uses: actions/upload-artifact@65c4c4a1ddee5b72f698fdd19549f0f0fb45cf08 #v4.6.0
        with:
          name: static-analysis-reports
          path: firmware/static-analysis/output

      - name: Report static analysis findings
        if: steps.static-analysis.outcome != 'success'
        run: |
          echo "Static analysis reported findings. Check static-analysis-reports for a complete report." \
            > $GITHUB_STEP_SUMMARY