File: coverity.yml

package info (click to toggle)
libzip 1.11.4-2
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 8,652 kB
  • sloc: ansic: 17,309; sh: 85; perl: 55; makefile: 5
file content (83 lines) | stat: -rw-r--r-- 2,329 bytes parent folder | download 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
 
name: Coverity

on:
  schedule:
    - cron: '0 3 * * 1'
      # Mondays at 03:00
  workflow_dispatch:

permissions:
  contents: read

jobs:
  build:
    name: Coverity
    runs-on: ubuntu-latest
    environment: coverity

    env:
      TOKEN: ${{ secrets.COVERITY_TOKEN }}
      PROJECT: libzip
      SHORT_PROJECT: libzip
      EMAIL: wiz@gatalith.at
      COV_TOOLS: cov-tools
      COV_RESULTS: cov-int

    steps:
    - name: Check Secret
      run: |
        [ -n "${{ secrets.COVERITY_TOKEN }}" ]

    - name: Checkout Code
      uses: actions/checkout@v4

    - name: Install Dependencies
      run: |
        sudo apt-get install libzstd-dev

    - name: Configure
      run: |
        cmake -E make_directory ${{runner.workspace}}/build
        cmake ${{ matrix.cmake_extra }} ${{github.workspace}}

    - name: Download Coverity
      run: |
        wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=$TOKEN&project=$PROJECT" -O "$COV_TOOLS.tar.gz"
        mkdir "$COV_TOOLS"
        tar xzf "$COV_TOOLS.tar.gz" --strip 1 -C "$COV_TOOLS"
        ls -l "$COV_TOOLS"

    - name: Build with Coverity
      run: |
        export PATH="$(pwd)/$COV_TOOLS/bin:$PATH"
        cov-build --dir $COV_RESULTS make -j ${{steps.cpu-cores.outputs.count}}
        # Filter out private info
        sed -E -i 's/TOKEN=([-_A-Za-z0-9]+)/TOKEN=XXX/g' cov-int/build-log.txt

    - name: Upload build log
      uses: actions/upload-artifact@v4
      with:
        name: build-log
        path: cov-int/build-log.txt
        retention-days: 10

    - name: Submit Results
      run: |
        tar -czf $SHORT_PROJECT.tgz $COV_RESULTS
        ls -lh $SHORT_PROJECT.tgz
        git config --global --add safe.directory "$GITHUB_WORKSPACE"
        GIT_HASH="$(git rev-parse --short HEAD)"
        echo "HASH: $GIT_HASH"
        GIT_DESC="$(git log -n1 --format="%s" $GIT_HASH)"
        echo "DESC: $GIT_DESC"
        curl --fail --output curl.log \
          --form token=$TOKEN \
          --form email=$EMAIL \
          --form file=@$SHORT_PROJECT.tgz \
          --form version="$GIT_HASH" \
          --form description="$GIT_DESC" \
          https://scan.coverity.com/builds?project=$PROJECT
        # If we go over quota, alert the user
        cat curl.log
        grep -qv "quota.*reached" curl.log || false