Coverity Scan #22

Workflow file for this run

.github/workflows/coverity-scan.yml at 04e7cc2

	name: "Coverity Scan"

	# Requires repository secrets: COVERITY_SCAN_TOKEN, COVERITY_SCAN_EMAIL.
	# Optional variable COVERITY_PROJECT (Settings → Secrets and variables → Actions → Variables):
	# Coverity project slug, e.g. timfox/sturmgeist. Defaults to etlegacy/etlegacy when unset.
	# If secrets are missing (typical on forks), the scan job is skipped (workflow still succeeds).

	on:
	# push:
	# branches: [ main, master ]
	# pull_request:
	# branches: [ main, master ]
	workflow_dispatch:
	schedule:
	- cron: "0 0 * * FRI"

	jobs:
	coverity-gate:
	runs-on: ubuntu-latest
	outputs:
	run_coverity: ${{ steps.gate.outputs.run_coverity }}
	steps:
	- id: gate
	name: Check Coverity secrets are configured
	env:
	COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
	COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
	run: \|
	{
	echo "## Coverity Scan"
	echo
	} >> "$GITHUB_STEP_SUMMARY"
	if [ -n "$COVERITY_SCAN_TOKEN" ] && [ -n "$COVERITY_SCAN_EMAIL" ]; then
	echo "run_coverity=true" >> "$GITHUB_OUTPUT"
	echo "Secrets \`COVERITY_SCAN_TOKEN\` and \`COVERITY_SCAN_EMAIL\` are set — the scan job will run." >> "$GITHUB_STEP_SUMMARY"
	else
	echo "run_coverity=false" >> "$GITHUB_OUTPUT"
	echo "Skipped: add repository secrets \`COVERITY_SCAN_TOKEN\` and \`COVERITY_SCAN_EMAIL\` (and optional variable \`COVERITY_PROJECT\`) to enable uploads to Coverity Scan." >> "$GITHUB_STEP_SUMMARY"
	fi

	latest:
	runs-on: ubuntu-latest
	needs: [coverity-gate]
	if: needs.coverity-gate.outputs.run_coverity == 'true'
	env:
	COVERITY_PROJECT: ${{ vars.COVERITY_PROJECT }}
	steps:
	- name: Install Dependencies
	run: \|
	sudo apt-get update
	sudo apt-get install -y nasm libwayland-dev wayland-protocols libgl1-mesa-dev libglu1-mesa-dev libasound2-dev pulseaudio libpulse-dev libxext-dev

	- name: Checkout
	uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
	with:
	fetch-depth: 1
	submodules: recursive

	- name: Configure
	run: >
	cmake -S . -B build
	-DCMAKE_BUILD_TYPE='Debug' -DCMAKE_INSTALL_PREFIX=/
	-DCMAKE_LIBRARY_PATH=/usr/lib -DCMAKE_INCLUDE_PATH=/usr/include
	-DINSTALL_DEFAULT_BASEDIR=. -DINSTALL_DEFAULT_BINDIR=.
	-DINSTALL_DEFAULT_SHAREDIR=. -DINSTALL_DEFAULT_MODDIR=.
	-DCROSS_COMPILE32=0 -DBUNDLED_LIBS=1 -DINSTALL_EXTRA=0
	-DFEATURE_SSL=0 -DFEATURE_AUTH=0 -DFEATURE_CURL=0

	- name: Download Coverity Build Tool
	run: \|
	set -euo pipefail
	PROJECT="${COVERITY_PROJECT:-etlegacy/etlegacy}"
	wget -q https://scan.coverity.com/download/cxx/linux64 \
	--post-data "token=${TOKEN}&project=${PROJECT}" \
	-O cov-analysis-linux64.tar.gz
	mkdir cov-analysis-linux64
	tar -xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
	env:
	TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}

	- name: Build with cov-build
	run: \|
	export PATH="${PWD}/cov-analysis-linux64/bin:${PATH}"
	cd build
	cov-build --dir cov-int make

	- name: Submit result to Coverity Scan
	run: \|
	set -euo pipefail
	PROJECT="${COVERITY_PROJECT:-etlegacy/etlegacy}"
	PROJECT_QUERY="$(python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1], safe=''))" "$PROJECT")"
	version=$(git describe --always \| cut -d 'g' -f2- \| cut -c -7)
	cd build
	tar -czvf etlegacy.tgz cov-int
	curl -k \
	--form "project=${PROJECT}" \
	--form token="$TOKEN" \
	--form email="$EMAIL" \
	--form file=@etlegacy.tgz \
	--form version="$version" \
	--form description="development" \
	"https://scan.coverity.com/builds?project=${PROJECT_QUERY}"
	env:
	TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
	EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Coverity Scan #22

Workflow file

Coverity Scan #22

Uh oh!

Workflow file for this run