blob: 35f1ea50784be7b925c0e2e101b5e2e5c81032e9 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
|
name: coverity
on:
schedule:
# every day at 9:00 UTC
- cron: '0 9 * * *'
env:
CORES: 2
BUILD_MODE: normal
GPG_VERSION: stable
RNP_TESTS: ''
USE_STATIC_DEPENDENCIES: yes
jobs:
scan:
runs-on: ubuntu-latest
timeout-minutes: 20
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 1
submodules: true
- name: Setup environment
run: |
. ci/gha/setup-env.inc.sh
ci/install_noncacheable_dependencies.sh
- name: Cache
id: cache
uses: actions/cache@v3
with:
path: ${{ env.CACHE_DIR }}
key: ${{ github.workflow }}-${{ runner.os }}-${{ env.BUILD_MODE }}-gpg-${{ env.GPG_VERSION }}-${{ hashFiles('ci/**') }}-${{ hashFiles('.github/workflows/**') }}
- name: Build cache
if: steps.cache.outputs.cache-hit != 'true'
run: |
set -x
ci/install_cacheable_dependencies.sh botan jsonc
- name: Download Coverity
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
run: |
wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
- name: Build
run: |
set -x
export PATH="$PWD/cov-analysis-linux64/bin:$PATH"
cov-build --dir cov-int ci/main.sh
- name: Submit
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
run: |
tar czvf results.tgz cov-int
curl \
--form project=$GITHUB_REPOSITORY \
--form token=$TOKEN \
--form email=packaging@ribose.com \
--form file=@results.tgz \
--form version=$GITHUB_REF \
--form description=$GITHUB_SHA \
https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY
|