[Code Analysis] Coverity (C/C++) #2
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| --- | |
| # SPDX-FileCopyrightText: (C) 2025 Intel Corporation | |
| # SPDX-License-Identifier: Apache-2.0 | |
| name: "[Code Analysis] Coverity (C/C++)" | |
| run-name: "[Code Analysis] Coverity (C/C++)" | |
| on: | |
| workflow_dispatch: {} | |
| push: | |
| branches: | |
| - main | |
| - release-* | |
| permissions: {} | |
| # Only run at most 1 workflow concurrently per PR or per branch to keep costs down | |
| concurrency: | |
| group: ${{ github.workflow }}-${{ github.event.pull_request.number || github.ref }} | |
| cancel-in-progress: true | |
| jobs: | |
| detect-languages: | |
| name: "Detect Changed Languages (C/C++)" | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| outputs: | |
| run-analysis: ${{ steps.changes.outputs.cpp }} | |
| steps: | |
| - name: "Checkout code" | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 # Fetch all history for accurate diff | |
| ref: 4b2b119568189314f3e9a21015725f765ae49026 | |
| - name: Detect C/C++ changes | |
| id: changes | |
| uses: dorny/paths-filter@de90cc6fb38fc0963ad72b210f1f284cd68cea36 # v3.0.2 | |
| with: | |
| filters: | | |
| cpp: | |
| - '**/*.cpp' | |
| - '**/*.c' | |
| - '**/*.h' | |
| - '**/*.hpp' | |
| coverity-scan: | |
| name: "Coverity Scan" | |
| needs: detect-languages | |
| if: ${{ github.event_name == 'workflow_dispatch' || needs.detect-languages.outputs.run-analysis == 'true' }} | |
| runs-on: ubuntu-latest | |
| permissions: | |
| contents: read | |
| steps: | |
| - name: "Checkout code" | |
| uses: actions/checkout@de0fac2e4500dabe0009e67214ff5f5447ce83dd #6.0.2 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 | |
| - name: "Setup dependencies" | |
| run: | | |
| sudo apt-get update | |
| sudo apt-get install -y --no-install-recommends cmake curl g++ git libeigen3-dev libgtest-dev make \ | |
| pkg-config python3-dev pybind11-dev python3-pip python3-scipy python-is-python3 libopencv-dev python3-venv | |
| pip3 install --use-pep517 -r .github/resources/coverity-requirements.txt | |
| sudo make -C tracker install-deps | |
| make -C tracker install-tools | |
| conan profile detect --force | |
| - name: "Download Coverity Scan Tool" | |
| run: | | |
| wget --quiet https://scan.coverity.com/download/linux64 \ | |
| --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ secrets.COVERITY_PROJECT }}" \ | |
| -O coverity_tool.tgz | |
| mkdir coverity | |
| tar xzf coverity_tool.tgz --strip-components=1 -C coverity | |
| - name: "Add Coverity to PATH" | |
| run: | | |
| echo "$PWD/coverity/bin" >> $GITHUB_PATH | |
| - name: "Show Coverity version" | |
| run: | | |
| coverity --version | |
| - name: "Run Coverity build" | |
| run: | | |
| cov-build --dir cov-int make build-coverity | |
| - name: "Create Coverity results tarball" | |
| run: | | |
| tar czvf scenescape-coverity.tgz cov-int | |
| - name: "Print Coverity build log" | |
| if: always() | |
| run: | | |
| echo "Coverity results:" | |
| cat cov-int/build-log.txt | |
| - name: Upload to Coverity Scan | |
| env: | |
| GIT_BRANCH: ${{ github.ref_name }} | |
| run: | | |
| curl --form token=${{ secrets.COVERITY_TOKEN }} \ | |
| --form email=${{ secrets.COVERITY_EMAIL }} \ | |
| --form file=@scenescape-coverity.tgz \ | |
| --form version="$GIT_BRANCH-`date +%Y%m%d%H%M%S`" \ | |
| --form description="GitHub Action upload" \ | |
| https://scan.coverity.com/builds?project=${{ secrets.COVERITY_PROJECT }} | |
| - name: Upload coverity results | |
| uses: actions/upload-artifact@b7c566a772e6b6bfb58ed0dc250532a479d7789f # v6.0.0 | |
| with: | |
| name: coverity-results-${{ github.run_id }} | |
| path: ./scenescape-coverity.tgz |