summaryrefslogtreecommitdiffstats
path: root/.github/workflows/coverity.yml
diff options
context:
space:
mode:
Diffstat (limited to '.github/workflows/coverity.yml')
-rw-r--r--.github/workflows/coverity.yml83
1 files changed, 83 insertions, 0 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000..290f7e4
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,83 @@
+name: Coverity
+on:
+ schedule:
+ - cron: '42 0 * * *' # Run once per day, to avoid Coverity's submission limits
+ workflow_dispatch:
+
+permissions:
+ contents: read # to fetch code (actions/checkout)
+
+jobs:
+ scan:
+ runs-on: ubuntu-22.04
+
+ env:
+ CC: gcc
+ DEBIAN_FRONTEND: noninteractive
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+ steps:
+ - name: Checkout repository from github
+ if: env.TOKEN
+ uses: actions/checkout@v4
+
+ - name: Download Coverity
+ if: env.TOKEN
+ run: |
+ wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz
+ mkdir cov-scan
+ tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan
+
+ - name: Install packages
+ if: env.TOKEN
+ run: |
+ sudo apt-get update && sudo apt-get install -y \
+ autoconf \
+ gettext \
+ libcanberra-dev \
+ libperl-dev \
+ python2-dev \
+ python3-dev \
+ liblua5.4-dev \
+ lua5.4 \
+ ruby-dev \
+ tcl-dev \
+ libgtk2.0-dev \
+ desktop-file-utils \
+ libtool-bin \
+ libsodium-dev
+
+ - name: Set up environment
+ if: env.TOKEN
+ run: |
+ echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH
+ (
+ echo "NPROC=$(getconf _NPROCESSORS_ONLN)"
+ echo "CONFOPT=--enable-perlinterp --enable-pythoninterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp"
+ ) >> $GITHUB_ENV
+
+ - name: Configure
+ if: env.TOKEN
+ run: |
+ ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing
+ # Append various warning flags to CFLAGS.
+ sed -i -f ci/config.mk.sed src/auto/config.mk
+ sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk
+
+ - name: Build/scan vim
+ if: env.TOKEN
+ run: |
+ cov-build --dir cov-int make -j${NPROC}
+
+ - name: Submit results
+ if: env.TOKEN
+ run: |
+ tar zcf cov-scan.tgz cov-int
+ curl --form token=$TOKEN \
+ --form email=$EMAIL \
+ --form file=@cov-scan.tgz \
+ --form version="$(git rev-parse HEAD)" \
+ --form description="Automatic GHA scan" \
+ 'https://scan.coverity.com/builds?project=vim'
+ env:
+ EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}