Skip to content

Coverity

Coverity #20

Workflow file for this run

name: Coverity
on:
schedule:
- cron: '0 3 * * 1'
# Mondays at 03:00
workflow_dispatch:
jobs:
build:
name: Coverity
runs-on: ubuntu-latest
environment: coverity
env:
TOKEN: ${{ secrets.COVERITY_TOKEN }}
PROJECT: libzip
SHORT_PROJECT: libzip
EMAIL: [email protected]
COV_TOOLS: cov-tools
COV_RESULTS: cov-int
steps:
- name: Check Secret
run: |
[ -n "${{ secrets.COVERITY_TOKEN }}" ]
- name: Checkout Code
uses: actions/checkout@v4
- name: Install Dependencies
run: |
sudo apt-get install libzstd-dev
- name: Configure
run: |
cmake -E make_directory ${{runner.workspace}}/build
cmake ${{ matrix.cmake_extra }} ${{github.workspace}}
- name: Download Coverity
run: |
wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=$TOKEN&project=$PROJECT" -O "$COV_TOOLS.tar.gz"
mkdir "$COV_TOOLS"
tar xzf "$COV_TOOLS.tar.gz" --strip 1 -C "$COV_TOOLS"
ls -l "$COV_TOOLS"
- name: Build with Coverity
run: |
export PATH="$(pwd)/$COV_TOOLS/bin:$PATH"
cov-build --dir $COV_RESULTS make -j ${{steps.cpu-cores.outputs.count}}
# Filter out private info
sed -E -i 's/TOKEN=([-_A-Za-z0-9]+)/TOKEN=XXX/g' cov-int/build-log.txt
- name: Upload build log
uses: actions/upload-artifact@v4
with:
name: build-log
path: cov-int/build-log.txt
retention-days: 10
- name: Submit Results
run: |
tar -czf $SHORT_PROJECT.tgz $COV_RESULTS
ls -lh $SHORT_PROJECT.tgz
git config --global --add safe.directory "$GITHUB_WORKSPACE"
GIT_HASH="$(git rev-parse --short HEAD)"
echo "HASH: $GIT_HASH"
GIT_DESC="$(git log -n1 --format="%s" $GIT_HASH)"
echo "DESC: $GIT_DESC"
curl --fail --output curl.log \
--form token=$TOKEN \
--form email=$EMAIL \
--form file=@$SHORT_PROJECT.tgz \
--form version="$GIT_HASH" \
--form description="$GIT_DESC" \
https://scan.coverity.com/builds?project=$PROJECT
# If we go over quota, alert the user
cat curl.log
grep -qv "quota.*reached" curl.log || false