coverity.yaml (1973B)
1 name: Coverity scan 2 on: 3 schedule: 4 - cron: '0 18 * * 1' # Weekly at 18:00 UTC on Mondays 5 6 jobs: 7 latest: 8 runs-on: ubuntu-latest 9 container: debian:stable 10 steps: 11 - name: Checkout code 12 uses: actions/checkout@v3 13 - name: Install dependencies 14 run: | 15 apt update 16 DEBIAN_FRONTEND=noninteractive apt install -y --no-install-recommends curl ca-certificates make wget 17 - name: Cache musl toolchain 18 uses: actions/cache@v3 19 id: cache-musl 20 with: 21 path: x86_64-linux-musl-native 22 key: musl 23 - name: Downloading musl-based toolchain 24 if: steps.cache-musl.outputs.cache-hit != 'true' 25 run: wget --quiet https://musl.cc/x86_64-linux-musl-native.tgz 26 - name: Extracting musl-based toolchain 27 if: steps.cache-musl.outputs.cache-hit != 'true' 28 run: tar xzf ./x86_64-linux-musl-native.tgz 29 30 - name: Download Coverity Build Tool 31 run: | 32 curl https://scan.coverity.com/download/linux64 --form token=$TOKEN --form project=jvoisin/fortify-headers -o cov-analysis-linux64.tar.gz 33 mkdir cov-analysis-linux64 34 tar xzf cov-analysis-linux64.tar.gz --strip-components=1 -C cov-analysis-linux64 35 env: 36 TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} 37 - name: Build with cov-build 38 run: ./cov-analysis-linux64/bin/cov-build --dir cov-int make -C tests gcc 39 - name: Submit the result to Coverity Scan 40 run: | 41 tar czf fortify-headers.tgz cov-int 42 curl \ 43 --form project=jvoisin/fortify-headers \ 44 --form token=$TOKEN \ 45 --form file=@fortify-headers.tgz \ 46 --form version=master \ 47 --form email=julien.voisin+coverity@dustri.org \ 48 --form description=master \ 49 https://scan.coverity.com/builds?project=jvoisin/fortify-headers 50 env: 51 TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}