-
-
Notifications
You must be signed in to change notification settings - Fork 332
132 lines (118 loc) · 4.32 KB
/
coverity.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
---
name: Coverity Scan
on:
workflow_dispatch: # run whenever a contributor calls it
schedule:
- cron: '48 5 * * *' # Run at 05:48
# Coverity will let GRASS do a scan a maximum of twice per day, so this
# schedule will help GRASS fit within that limit with some additional space
# for manual runs
permissions:
contents: read
# action based off of
# https://github.com/OSGeo/PROJ/blob/905c9a6c2da3dc6b7aa2c89d3ab78d9d1a9cd070/.github/workflows/coverity-scan.yml
jobs:
coverity:
runs-on: ubuntu-22.04
if: github.repository == 'OSGeo/grass'
steps:
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1
- name: Get dependencies
run: |
sudo apt-get update -y
sudo apt-get install -y wget git gawk findutils jq
xargs -a <(awk '! /^ *(#|$)/' ".github/workflows/apt.txt") -r -- \
sudo apt-get install -y --no-install-recommends --no-install-suggests
- name: Create installation directory
run: |
mkdir $HOME/install
- name: Download Coverity Build Tool
run: |
wget -q https://scan.coverity.com/download/cxx/linux64 \
--post-data "token=$TOKEN&project=grass" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}
- name: Set number of cores for compilation
run: |
echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV
- name: Set LD_LIBRARY_PATH for compilation
run: |
echo "LD_LIBRARY_PATH=$HOME/install/lib" >> $GITHUB_ENV
- name: Print build environment variables
run: |
printenv | sort
gcc --version
ldd --version
- name: Configure
run: |
echo "CFLAGS=${{ env.CFLAGS }}" >> $GITHUB_ENV
echo "CXXFLAGS=${{ env.CXXFLAGS }}" >> $GITHUB_ENV
./configure \
--prefix="$HOME/install/" \
--enable-largefile \
--with-cxx \
--with-zstd \
--with-bzlib \
--with-blas \
--with-lapack \
--with-readline \
--without-openmp \
--with-pdal \
--without-pthread \
--with-tiff \
--with-freetype \
--with-freetype-includes="/usr/include/freetype2/" \
--with-proj-share=/usr/share/proj \
--with-geos \
--with-sqlite \
--with-fftw \
--with-netcdf
env:
CFLAGS: -fPIC -g
CXXFLAGS: -fPIC -g
- name: Build with cov-build
run: |
pwd
export PATH=`pwd`/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int make
- name: Put results into Tarball
run: |
tar czvf grass.tgz cov-int
- name: Upload Artifact of Scan Results
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1
with:
name: grass.tgz
path: grass.tgz
- name: Initialize Build in Coverity Cloud
run: |
curl -X POST \
-d version="main" \
-d description="$(git rev-parse --abbrev-ref HEAD) $(git rev-parse --short HEAD)" \
-d email=$EMAIL \
-d token=$TOKEN \
-d file_name="grass.tgz" \
https://scan.coverity.com/projects/1038/builds/init \
| tee response
env:
TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}
EMAIL: ${{ secrets.COVERITY_USER }}
- name: Save Upload URL and Build ID from Initialization Response
run: |
echo "UPLOAD_URL=$(jq -r '.url' response)" >> $GITHUB_ENV
echo "BUILD_ID=$(jq -r '.build_id' response)" >> $GITHUB_ENV
- name: Upload the tarball to the Cloud
run: |
export COV_RES_PATH="$(pwd)/grass.tgz"
curl -X PUT \
--header 'Content-Type: application/json' \
--upload-file $COV_RES_PATH \
$UPLOAD_URL
- name: Trigger the build on Scan
run: |
curl -X PUT \
-d token=$TOKEN \
https://scan.coverity.com/projects/1038/builds/$BUILD_ID/enqueue
env:
TOKEN: ${{ secrets.COVERITY_PASSPHRASE }}