pdns/.github/workflows/coverity.yml at master · Kiterepo/pdns · GitHub

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
name: Coverity scan

on:
  workflow_call:
    inputs:
      product:
        required: true
        description: Product to build
        type: string
    secrets:
      COVERITY_TOKEN:
        required: true
      COVERITY_EMAIL:
        required: true

permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
  contents: read

env:
  CLANG_VERSION: '12'

jobs:
  coverity-auth:
    name: coverity scan of the auth
    if: ${{ inputs.product == 'authoritative' }}
    runs-on: ubuntu-22.04
    env:
      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
      FUZZING_TARGETS: no
      SANITIZERS:
      UNIT_TESTS: no
    steps:
      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
      - uses: actions/checkout@v6
        with:
          fetch-depth: 5
          submodules: recursive
          persist-credentials: false
      - uses: actions/setup-python@v6
        with:
          python-version: '3.13'
      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
      - run: inv install-clang
      - run: inv install-auth-build-deps
      - run: inv install-coverity-tools PowerDNS
      - run: inv coverity-clang-configure
      - run: inv ci-autoconf
      - run: inv ci-auth-configure
      - run: inv coverity-make
      - run: inv coverity-tarball auth.tar.bz2
      - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} PowerDNS auth.tar.bz2

  coverity-dnsdist:
    name: coverity scan of dnsdist
    if: ${{ inputs.product == 'dnsdist' }}
    runs-on: ubuntu-22.04
    env:
      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
      SANITIZERS:
      UNIT_TESTS: no
      CARGO_USE_DEV: 1
      REPO_HOME: ${{ github.workspace }}
    steps:
      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
      - uses: actions/checkout@v6
        with:
          fetch-depth: 5
          submodules: recursive
          persist-credentials: false
      - uses: actions/setup-python@v6
        with:
          python-version: '3.13'
      # installing the python3-package does not work because of actions/setup-python which installs a different version in /opt/hostedtoolcache/Python
      - name: Install python yaml
        run: |
          pip install pyyaml
      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
      - run: inv install-clang
      - run: inv install-lld-linker-if-needed
      - run: inv install-dnsdist-build-deps --skipXDP
      - run: inv install-coverity-tools dnsdist
      - run: inv coverity-clang-configure
      - run: inv ci-autoconf
        working-directory: ./pdns/dnsdistdist/
      - run: inv ci-install-rust $REPO_HOME
        working-directory: ./pdns/dnsdistdist/
      - run: inv ci-build-and-install-quiche $REPO_HOME
        working-directory: ./pdns/dnsdistdist/
      - run: inv ci-dnsdist-configure full build
        working-directory: ./pdns/dnsdistdist/
      - run: inv coverity-ninja
        working-directory: ./pdns/dnsdistdist/
      - run: inv coverity-tarball build/dnsdist.tar.bz2
        working-directory: ./pdns/dnsdistdist/
      - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} dnsdist build/dnsdist.tar.bz2
        working-directory: ./pdns/dnsdistdist/

  coverity-rec:
    name: coverity scan of the rec
    if: ${{ inputs.product == 'recursor' }}
    runs-on: ubuntu-22.04
    env:
      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
      SANITIZERS:
      UNIT_TESTS: no
      CARGO_USE_DEV: 1
    steps:
      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
      - uses: actions/checkout@v6
        with:
          fetch-depth: 5
          submodules: recursive
          persist-credentials: false
      - uses: actions/setup-python@v6
        with:
          python-version: '3.13'
      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
      - run: inv install-clang
      - run: inv install-rec-build-deps
      - run: inv install-coverity-tools 'PowerDNS+Recursor'
      - run: inv coverity-clang-configure
      - run: inv ci-autoconf
        working-directory: ./pdns/recursordist/
      - run: inv ci-rec-configure full
        working-directory: ./pdns/recursordist/
      - run: inv coverity-make
        working-directory: ./pdns/recursordist/
      - run: inv coverity-tarball recursor.tar.bz2
        working-directory: ./pdns/recursordist/
      - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} 'PowerDNS+Recursor' recursor.tar.bz2
        working-directory: ./pdns/recursordist/