blob: fc1b9dedcbdcc2491e3c672be812561d35f4bde2 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
|
name: Coverity scan
on:
schedule:
- cron: '0 18 * * 1' # Weekly at 18:00 UTC on Mondays
jobs:
latest:
runs-on: ubuntu-latest
container: debian:stable
steps:
- name: Checkout code
uses: actions/checkout@v3
- name: Install dependencies
run: |
apt update
DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends curl ca-certificates make
- name: Cache musl toolchain
uses: actions/cache@v3
id: cache-musl
with:
path: x86_64-linux-musl-native
key: musl
- name: Downloading musl-based toolchain
if: steps.cache-musl.outputs.cache-hit != 'true'
run: wget --quiet https://musl.cc/x86_64-linux-musl-native.tgz
- name: Extracting musl-based toolchain
if: steps.cache-musl.outputs.cache-hit != 'true'
run: tar xzf ./x86_64-linux-musl-native.tgz
- name: Download Coverity Build Tool
run: |
curl https://scan.coverity.com/download/linux64 --form token=$TOKEN --form project=jvoisin/fortify-headers -o cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip-components=1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: Build with cov-build
run: ./cov-analysis-linux64/bin/cov-build --dir cov-int make -C tests gcc
- name: Submit the result to Coverity Scan
run: |
tar czf fortify-headers.tgz cov-int
curl \
--form project=jvoisin/fortify-headers \
--form token=$TOKEN \
--form file=@fortify-headers.tgz \
--form version=master \
--form email=julien.voisin+coverity@dustri.org \
--form description=master \
https://scan.coverity.com/builds?project=jvoisin/fortify-headers
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
|
