Skip to content
Coverity Scan Cron Job

Coverity Scan Cron Job #264

Sign in to view logs

Coverity Scan Cron Job

Coverity Scan Cron Job #264

Workflow file for this run

.github/workflows/coverity-scan.yml at abac0b5
name: Coverity Scan Cron Job
on:
schedule:
- cron: '0 0 * * 1,3,5'
permissions:
contents: read
jobs:
scan:
if: github.repository == 'zeek/zeek'
runs-on: ubuntu-24.04
steps:
- uses: actions/checkout@v4
with:
submodules: "recursive"
- name: Fetch Dependencies
run: |
sudo apt-get update
sudo apt-get -y install \
bison \
bsdmainutils \
cmake \
curl \
flex \
g++ \
gcc \
git \
jq \
libfl-dev \
libfl2 \
libkrb5-dev \
libmaxminddb-dev \
libpcap-dev \
libssl-dev \
libzmq3-dev \
make \
python3 \
python3-dev \
python3-pip \
sqlite3 \
swig \
zlib1g-dev
- name: Configure
run: ./configure --build-type=debug --disable-broker-tests
- name: Fetch Coverity Tools
env:
COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
run: |
curl \
-o coverity_tool.tgz \
-d token=${COVERITY_TOKEN} \
-d project=Bro \
https://scan.coverity.com/download/cxx/linux64
tar xzf coverity_tool.tgz
rm coverity_tool.tgz
mv cov-analysis* coverity-tools
- name: Build
run: |
export PATH=$(pwd)/coverity-tools/bin:$PATH
( cd build && cov-build --dir cov-int make -j "$(nproc)" )
cat build/cov-int/build-log.txt
- name: Submit
env:
COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
run: |
( cd build && tar czf myproject.tgz cov-int )
curl -X POST \
-d version=$(cat VERSION) \
-d description=$(git rev-parse HEAD) \
-d email=zeek-commits-internal@zeek.org \
-d token=${COVERITY_TOKEN} \
-d file_name=myproject.tgz \
-o response \
https://scan.coverity.com/projects/641/builds/init
upload_url=$(jq -r '.url' response)
build_id=$(jq -r '.build_id' response)
curl -X PUT \
--header 'Content-Type: application/json' \
--upload-file build/myproject.tgz \
${upload_url}
curl -X PUT \
-d token=${COVERITY_TOKEN} \
https://scan.coverity.com/projects/641/builds/${build_id}/enqueue