forked from etlegacy/etlegacy
-
Notifications
You must be signed in to change notification settings - Fork 0
105 lines (96 loc) · 4.08 KB
/
coverity-scan.yml
File metadata and controls
105 lines (96 loc) · 4.08 KB
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
name: "Coverity Scan"
# Requires repository secrets: COVERITY_SCAN_TOKEN, COVERITY_SCAN_EMAIL.
# Optional variable COVERITY_PROJECT (Settings → Secrets and variables → Actions → Variables):
# Coverity project slug, e.g. timfox/sturmgeist. Defaults to etlegacy/etlegacy when unset.
# If secrets are missing (typical on forks), the scan job is skipped (workflow still succeeds).
on:
# push:
# branches: [ main, master ]
# pull_request:
# branches: [ main, master ]
workflow_dispatch:
schedule:
- cron: "0 0 * * FRI"
jobs:
coverity-gate:
runs-on: ubuntu-latest
outputs:
run_coverity: ${{ steps.gate.outputs.run_coverity }}
steps:
- id: gate
name: Check Coverity secrets are configured
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
run: |
{
echo "## Coverity Scan"
echo
} >> "$GITHUB_STEP_SUMMARY"
if [ -n "$COVERITY_SCAN_TOKEN" ] && [ -n "$COVERITY_SCAN_EMAIL" ]; then
echo "run_coverity=true" >> "$GITHUB_OUTPUT"
echo "Secrets \`COVERITY_SCAN_TOKEN\` and \`COVERITY_SCAN_EMAIL\` are set — the scan job will run." >> "$GITHUB_STEP_SUMMARY"
else
echo "run_coverity=false" >> "$GITHUB_OUTPUT"
echo "Skipped: add repository secrets \`COVERITY_SCAN_TOKEN\` and \`COVERITY_SCAN_EMAIL\` (and optional variable \`COVERITY_PROJECT\`) to enable uploads to Coverity Scan." >> "$GITHUB_STEP_SUMMARY"
fi
latest:
runs-on: ubuntu-latest
needs: [coverity-gate]
if: needs.coverity-gate.outputs.run_coverity == 'true'
env:
COVERITY_PROJECT: ${{ vars.COVERITY_PROJECT }}
steps:
- name: Install Dependencies
run: |
sudo apt-get update
sudo apt-get install -y nasm libwayland-dev wayland-protocols libgl1-mesa-dev libglu1-mesa-dev libasound2-dev pulseaudio libpulse-dev libxext-dev
- name: Checkout
uses: actions/checkout@34e114876b0b11c390a56381ad16ebd13914f8d5 # v4
with:
fetch-depth: 1
submodules: recursive
- name: Configure
run: >
cmake -S . -B build
-DCMAKE_BUILD_TYPE='Debug' -DCMAKE_INSTALL_PREFIX=/
-DCMAKE_LIBRARY_PATH=/usr/lib -DCMAKE_INCLUDE_PATH=/usr/include
-DINSTALL_DEFAULT_BASEDIR=. -DINSTALL_DEFAULT_BINDIR=.
-DINSTALL_DEFAULT_SHAREDIR=. -DINSTALL_DEFAULT_MODDIR=.
-DCROSS_COMPILE32=0 -DBUNDLED_LIBS=1 -DINSTALL_EXTRA=0
-DFEATURE_SSL=0 -DFEATURE_AUTH=0 -DFEATURE_CURL=0
- name: Download Coverity Build Tool
run: |
set -euo pipefail
PROJECT="${COVERITY_PROJECT:-etlegacy/etlegacy}"
wget -q https://scan.coverity.com/download/cxx/linux64 \
--post-data "token=${TOKEN}&project=${PROJECT}" \
-O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar -xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: Build with cov-build
run: |
export PATH="${PWD}/cov-analysis-linux64/bin:${PATH}"
cd build
cov-build --dir cov-int make
- name: Submit result to Coverity Scan
run: |
set -euo pipefail
PROJECT="${COVERITY_PROJECT:-etlegacy/etlegacy}"
PROJECT_QUERY="$(python3 -c "import urllib.parse,sys; print(urllib.parse.quote(sys.argv[1], safe=''))" "$PROJECT")"
version=$(git describe --always | cut -d 'g' -f2- | cut -c -7)
cd build
tar -czvf etlegacy.tgz cov-int
curl -k \
--form "project=${PROJECT}" \
--form token="$TOKEN" \
--form email="$EMAIL" \
--form file=@etlegacy.tgz \
--form version="$version" \
--form description="development" \
"https://scan.coverity.com/builds?project=${PROJECT_QUERY}"
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}