diff options
Diffstat (limited to '.github/workflows/coverity.yml')
-rw-r--r-- | .github/workflows/coverity.yml | 83 |
1 files changed, 83 insertions, 0 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000..290f7e4 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,83 @@ +name: Coverity +on: + schedule: + - cron: '42 0 * * *' # Run once per day, to avoid Coverity's submission limits + workflow_dispatch: + +permissions: + contents: read # to fetch code (actions/checkout) + +jobs: + scan: + runs-on: ubuntu-22.04 + + env: + CC: gcc + DEBIAN_FRONTEND: noninteractive + TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + + steps: + - name: Checkout repository from github + if: env.TOKEN + uses: actions/checkout@v4 + + - name: Download Coverity + if: env.TOKEN + run: | + wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz + mkdir cov-scan + tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan + + - name: Install packages + if: env.TOKEN + run: | + sudo apt-get update && sudo apt-get install -y \ + autoconf \ + gettext \ + libcanberra-dev \ + libperl-dev \ + python2-dev \ + python3-dev \ + liblua5.4-dev \ + lua5.4 \ + ruby-dev \ + tcl-dev \ + libgtk2.0-dev \ + desktop-file-utils \ + libtool-bin \ + libsodium-dev + + - name: Set up environment + if: env.TOKEN + run: | + echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH + ( + echo "NPROC=$(getconf _NPROCESSORS_ONLN)" + echo "CONFOPT=--enable-perlinterp --enable-pythoninterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp" + ) >> $GITHUB_ENV + + - name: Configure + if: env.TOKEN + run: | + ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing + # Append various warning flags to CFLAGS. + sed -i -f ci/config.mk.sed src/auto/config.mk + sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk + + - name: Build/scan vim + if: env.TOKEN + run: | + cov-build --dir cov-int make -j${NPROC} + + - name: Submit results + if: env.TOKEN + run: | + tar zcf cov-scan.tgz cov-int + curl --form token=$TOKEN \ + --form email=$EMAIL \ + --form file=@cov-scan.tgz \ + --form version="$(git rev-parse HEAD)" \ + --form description="Automatic GHA scan" \ + 'https://scan.coverity.com/builds?project=vim' + env: + EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} |