Skip to content
Coverity Scan

Coverity Scan #33

Sign in to view logs

Coverity Scan

Coverity Scan #33

Workflow file for this run

.github/workflows/coverity.yml at 9b28d7b
---
name: Coverity Scan
on:
workflow_dispatch: # run whenever a contributor calls it
schedule:
- cron: '48 5 * * *' # Run at 05:48
# Coverity will let GRASS do a scan a maximum of twice per day, so this
# schedule will help GRASS fit within that limit with some additional space
# for manual runs
permissions:
contents: read
# action based off of
# https://github.com/OSGeo/PROJ/blob/905c9a6c2da3dc6b7aa2c89d3ab78d9d1a9cd070/.github/workflows/coverity-scan.yml
jobs:
coverity:
runs-on: ubuntu-22.04
if: github.repository == 'OSGeo/grass'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Get dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y wget git gawk findutils jq
xargs -a <(awk '! /^ *(#|$)/' ".github/workflows/apt.txt") -r -- \
sudo apt-get install -y --no-install-recommends --no-install-suggests
- name: Create installation directory
run: |
mkdir $HOME/install
- name: Download Coverity Build Tool
run: |
wget -q https://scan.coverity.com/download/cxx/linux64 \
--post-data "token=$TOKEN&project=grass" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}
- name: Set number of cores for compilation
run: |
echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV
- name: Set LD_LIBRARY_PATH for compilation
run: |
echo "LD_LIBRARY_PATH=$HOME/install/lib" >> $GITHUB_ENV
- name: Print build environment variables
run: |
printenv | sort
gcc --version
ldd --version
- name: Configure
run: |
echo "CFLAGS=${{ env.CFLAGS }}" >> $GITHUB_ENV
echo "CXXFLAGS=${{ env.CXXFLAGS }}" >> $GITHUB_ENV
./configure \
--prefix="$HOME/install/" \
--enable-largefile \
--with-cxx \
--with-zstd \
--with-bzlib \
--with-blas \
--with-lapack \
--with-readline \
--without-openmp \
--with-pdal \
--without-pthread \
--with-tiff \
--with-freetype \
--with-freetype-includes="/usr/include/freetype2/" \
--with-proj-share=/usr/share/proj \
--with-geos \
--with-sqlite \
--with-fftw \
--with-netcdf
env:
CFLAGS: -fPIC -g
CXXFLAGS: -fPIC -g
- name: Build with cov-build
run: |
pwd
export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int make
- name: Put results into Tarball
run: |
tar czvf grass.tgz cov-int
- name: Upload Artifact of Scan Results
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: grass.tgz
path: grass.tgz
- name: Initialize Build in Coverity Cloud
run: |
curl -X POST \
-d version="main" \
-d description="$(git rev-parse --abbrev-ref HEAD) $(git rev-parse --short HEAD)" \
-d email=$EMAIL \
-d token=$TOKEN \
-d file_name="grass.tgz" \
https://scan.coverity.com/projects/1038/builds/init \
| tee response
env:
TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}
EMAIL: ${{ secrets.COVERITY_USER }}
- name: Save Upload URL and Build ID from Initialization Response
run: |
echo "UPLOAD_URL=$(jq -r '.url' response)" >> $GITHUB_ENV
echo "BUILD_ID=$(jq -r '.build_id' response)" >> $GITHUB_ENV
- name: Upload the tarball to the Cloud
run: |
export COV_RES_PATH="$(pwd)/grass.tgz"
curl -X PUT \
--header 'Content-Type: application/json' \
--upload-file $COV_RES_PATH \
$UPLOAD_URL
- name: Trigger the build on Scan
run: |
curl -X PUT \
-d token=$TOKEN \
https://scan.coverity.com/projects/1038/builds/$BUILD_ID/enqueue
env:
TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}