File: coverity.yml

package info (click to toggle)
duckdb 1.5.1-2
  • links: PTS, VCS
  • area: main
  • in suites:
  • size: 299,196 kB
  • sloc: cpp: 865,414; ansic: 57,292; python: 18,871; sql: 12,663; lisp: 11,751; yacc: 7,412; lex: 1,682; sh: 747; makefile: 558
file content (52 lines) | stat: -rw-r--r-- 2,509 bytes parent folder | download | duplicates (4) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
 
# Creates and uploads a Coverity build on a schedule
# Requires that two secrets be created:
# COVERITY_SCAN_EMAIL, with the email address that should be notified with scan results
# COVERITY_SCAN_TOKEN, with the token from the Coverity project page (e.g., https://scan.coverity.com/projects/moshekaplan-duckdb?tab=project_settings )
# Also, ensure that the 'github.repository' comparison and 'COVERITY_PROJECT_NAME' values below are accurate
name: Coverity Scan
on:
  repository_dispatch:
  # Run once daily (via repository_dispatch), duckdb is at ~900k LOC
  # Scan frequency limits from https://scan.coverity.com/faq#frequency :
  # Up to 28 builds per week, with a maximum of 4 builds per day, for projects with fewer than 100K lines of code
  # Up to 21 builds per week, with a maximum of 3 builds per day, for projects with 100K to 500K lines of code
  # Up to 14 builds per week, with a maximum of 2 build per day, for projects with 500K to 1 million lines of code
  # Up to 7 builds per week, with a maximum of 1 build per day, for projects with more than 1 million lines of code
  # Support manual execution
  workflow_dispatch:

jobs:
  coverity:
    # So it doesn't try to run on forks
    if: github.repository == 'duckdb/duckdb'
    runs-on: ubuntu-latest
    env:
      COVERITY_PROJECT_NAME: DuckDB
    steps:
    - uses: actions/checkout@v4
    - name: Download and extract the Coverity Build Tool
      run: |
          wget https://scan.coverity.com/download/cxx/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=${{ env.COVERITY_PROJECT_NAME  }}" -O cov-analysis-linux64.tar.gz
          mkdir cov-analysis-linux64
          tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
    - name: Install dependencies
      run: sudo apt update -y -qq && sudo apt install -y git g++ cmake ninja-build libssl-dev default-jdk

    - uses: actions/setup-python@v5
      with:
        python-version: '3.12'

    - name: Build with cov-build
      run: cov-analysis-linux64/bin/cov-build --dir cov-int make
      env:
        CORE_EXTENSIONS: "autocomplete;icu;tpcds;tpch;fts;httpfs;json;inet"

    - name: Upload the result
      run: |
          tar czvf cov-int.tgz cov-int
          curl \
            --form project=${{ env.COVERITY_PROJECT_NAME }} \
            --form email=${{ secrets.COVERITY_SCAN_EMAIL }} \
            --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
            --form file=@cov-int.tgz \
            https://scan.coverity.com/builds