name: Coverity on: schedule: - cron: '0 3 * * 1' # Mondays at 03:00 workflow_dispatch: jobs: build: name: Coverity runs-on: ubuntu-latest environment: coverity env: TOKEN: ${{ secrets.COVERITY_TOKEN }} PROJECT: libzip SHORT_PROJECT: libzip EMAIL: wiz@gatalith.at COV_TOOLS: cov-tools COV_RESULTS: cov-int steps: - name: Check Secret run: | [ -n "${{ secrets.COVERITY_TOKEN }}" ] - name: Checkout Code uses: actions/checkout@v4 - name: Install Dependencies run: | sudo apt-get install libzstd-dev - name: Configure run: | cmake -E make_directory ${{runner.workspace}}/build cmake ${{ matrix.cmake_extra }} ${{github.workspace}} - name: Download Coverity run: | wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=$TOKEN&project=$PROJECT" -O "$COV_TOOLS.tar.gz" mkdir "$COV_TOOLS" tar xzf "$COV_TOOLS.tar.gz" --strip 1 -C "$COV_TOOLS" ls -l "$COV_TOOLS" - name: Build with Coverity run: | export PATH="$(pwd)/$COV_TOOLS/bin:$PATH" cov-build --dir $COV_RESULTS make -j ${{steps.cpu-cores.outputs.count}} # Filter out private info sed -E -i 's/TOKEN=([-_A-Za-z0-9]+)/TOKEN=XXX/g' cov-int/build-log.txt - name: Upload build log uses: actions/upload-artifact@v4 with: name: build-log path: cov-int/build-log.txt retention-days: 10 - name: Submit Results run: | tar -czf $SHORT_PROJECT.tgz $COV_RESULTS ls -lh $SHORT_PROJECT.tgz git config --global --add safe.directory "$GITHUB_WORKSPACE" GIT_HASH="$(git rev-parse --short HEAD)" echo "HASH: $GIT_HASH" GIT_DESC="$(git log -n1 --format="%s" $GIT_HASH)" echo "DESC: $GIT_DESC" curl --fail --output curl.log \ --form token=$TOKEN \ --form email=$EMAIL \ --form file=@$SHORT_PROJECT.tgz \ --form version="$GIT_HASH" \ --form description="$GIT_DESC" \ https://scan.coverity.com/builds?project=$PROJECT # If we go over quota, alert the user cat curl.log grep -qv "quota.*reached" curl.log || false