Coverity Scan #32

Summary
Jobs
- coverity
Run details
- Usage
- Workflow file

Workflow file for this run

.github/workflows/coverity.yml at 31a3c77

	---
	name: Coverity Scan

	on:
	workflow_dispatch: # run whenever a contributor calls it
	schedule:
	- cron: '48 5 * * *' # Run at 05:48
	# Coverity will let GRASS do a scan a maximum of twice per day, so this
	# schedule will help GRASS fit within that limit with some additional space
	# for manual runs
	permissions:
	contents: read
	# action based off of
	# https://github.com/OSGeo/PROJ/blob/905c9a6c2da3dc6b7aa2c89d3ab78d9d1a9cd070/.github/workflows/coverity-scan.yml
	jobs:
	coverity:
	runs-on: ubuntu-22.04
	if: github.repository == 'OSGeo/grass'
	steps:
	- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1

	- name: Get dependencies
	run: \|
	sudo apt-get update -y
	sudo apt-get install -y wget git gawk findutils jq
	xargs -a <(awk '! /^ *(#\|$)/' ".github/workflows/apt.txt") -r -- \
	sudo apt-get install -y --no-install-recommends --no-install-suggests

	- name: Create installation directory
	run: \|
	mkdir $HOME/install

	- name: Download Coverity Build Tool
	run: \|
	wget -q https://scan.coverity.com/download/cxx/linux64 \
	--post-data "token=$TOKEN&project=grass" -O cov-analysis-linux64.tar.gz
	mkdir cov-analysis-linux64
	tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
	env:
	TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}

	- name: Set number of cores for compilation
	run: \|
	echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV

	- name: Set LD_LIBRARY_PATH for compilation
	run: \|
	echo "LD_LIBRARY_PATH=$HOME/install/lib" >> $GITHUB_ENV

	- name: Print build environment variables
	run: \|
	printenv \| sort
	gcc --version
	ldd --version

	- name: Configure
	run: \|
	echo "CFLAGS=${{ env.CFLAGS }}" >> $GITHUB_ENV
	echo "CXXFLAGS=${{ env.CXXFLAGS }}" >> $GITHUB_ENV
	./configure \
	--prefix="$HOME/install/" \
	--enable-largefile \
	--with-cxx \
	--with-zstd \
	--with-bzlib \
	--with-blas \
	--with-lapack \
	--with-readline \
	--without-openmp \
	--with-pdal \
	--without-pthread \
	--with-tiff \
	--with-freetype \
	--with-freetype-includes="/usr/include/freetype2/" \
	--with-proj-share=/usr/share/proj \
	--with-geos \
	--with-sqlite \
	--with-fftw \
	--with-netcdf
	env:
	CFLAGS: -fPIC -g
	CXXFLAGS: -fPIC -g

	- name: Build with cov-build
	run: \|
	pwd
	export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
	cov-build --dir cov-int make

	- name: Put results into Tarball
	run: \|
	tar czvf grass.tgz cov-int

	- name: Upload Artifact of Scan Results
	uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
	with:
	name: grass.tgz
	path: grass.tgz

	- name: Initialize Build in Coverity Cloud
	run: \|
	curl -X POST \
	-d version="main" \
	-d description="$(git rev-parse --abbrev-ref HEAD) $(git rev-parse --short HEAD)" \
	-d email=$EMAIL \
	-d token=$TOKEN \
	-d file_name="grass.tgz" \
	https://scan.coverity.com/projects/1038/builds/init \
	\| tee response
	env:
	TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}
	EMAIL: ${{ secrets.COVERITY_USER }}

	- name: Save Upload URL and Build ID from Initialization Response
	run: \|
	echo "UPLOAD_URL=$(jq -r '.url' response)" >> $GITHUB_ENV
	echo "BUILD_ID=$(jq -r '.build_id' response)" >> $GITHUB_ENV

	- name: Upload the tarball to the Cloud
	run: \|
	export COV_RES_PATH="$(pwd)/grass.tgz"
	curl -X PUT \
	--header 'Content-Type: application/json' \
	--upload-file $COV_RES_PATH \
	$UPLOAD_URL
	- name: Trigger the build on Scan
	run: \|
	curl -X PUT \
	-d token=$TOKEN \
	https://scan.coverity.com/projects/1038/builds/$BUILD_ID/enqueue
	env:
	TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Coverity Scan #32

Workflow file

Coverity Scan #32

Jobs

Run details

Workflow file for this run