-
-
Notifications
You must be signed in to change notification settings - Fork 327
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
CI: configure Coverity Scan for larger scans and artifact (#3606)
Updated the coverity.yml action with two things: 1: Changed the upload commands to match the commands for uploading analyses over 500MB. 2: Added in extra step to output the scan results as an artifact.
- Loading branch information
1 parent
23c0db5
commit 31a3c77
Showing
1 changed file
with
44 additions
and
10 deletions.
There are no files selected for viewing
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
|
|
@@ -22,9 +22,10 @@ jobs: | |
| - name: Get dependencies | ||
| run: | | ||
| sudo apt-get update -y | ||
| sudo apt-get install -y wget git gawk findutils | ||
| sudo apt-get install -y wget git gawk findutils jq | ||
| xargs -a <(awk '! /^ *(#|$)/' ".github/workflows/apt.txt") -r -- \ | ||
| sudo apt-get install -y --no-install-recommends --no-install-suggests | ||
| - name: Create installation directory | ||
| run: | | ||
| mkdir $HOME/install | ||
|
|
@@ -37,6 +38,7 @@ jobs: | |
| tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 | ||
| env: | ||
| TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} | ||
|
|
||
| - name: Set number of cores for compilation | ||
| run: | | ||
| echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV | ||
|
|
@@ -50,6 +52,7 @@ jobs: | |
| printenv | sort | ||
| gcc --version | ||
| ldd --version | ||
| - name: Configure | ||
| run: | | ||
| echo "CFLAGS=${{ env.CFLAGS }}" >> $GITHUB_ENV | ||
|
|
@@ -77,22 +80,53 @@ jobs: | |
| env: | ||
| CFLAGS: -fPIC -g | ||
| CXXFLAGS: -fPIC -g | ||
|
|
||
| - name: Build with cov-build | ||
| run: | | ||
| pwd | ||
| export PATH=`pwd`/cov-analysis-linux64/bin:$PATH | ||
| cov-build --dir cov-int make | ||
| - name: Submit to Coverity Scan | ||
| - name: Put results into Tarball | ||
| run: | | ||
| tar czvf grass.tgz cov-int | ||
| curl \ | ||
| --form project=grass \ | ||
| --form token=$TOKEN \ | ||
| --form email=$EMAIL \ | ||
| --form [email protected] \ | ||
| --form version=main \ | ||
| --form description="`git rev-parse --abbrev-ref HEAD` `git rev-parse --short HEAD`" \ | ||
| https://scan.coverity.com/builds?project=grass | ||
| - name: Upload Artifact of Scan Results | ||
| uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | ||
| with: | ||
| name: grass.tgz | ||
| path: grass.tgz | ||
|
|
||
| - name: Initialize Build in Coverity Cloud | ||
| run: | | ||
| curl -X POST \ | ||
| -d version="main" \ | ||
| -d description="$(git rev-parse --abbrev-ref HEAD) $(git rev-parse --short HEAD)" \ | ||
| -d email=$EMAIL \ | ||
| -d token=$TOKEN \ | ||
| -d file_name="grass.tgz" \ | ||
| https://scan.coverity.com/projects/1038/builds/init \ | ||
| | tee response | ||
| env: | ||
| TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} | ||
| EMAIL: ${{ secrets.COVERITY_USER }} | ||
|
|
||
| - name: Save Upload URL and Build ID from Initialization Response | ||
| run: | | ||
| echo "UPLOAD_URL=$(jq -r '.url' response)" >> $GITHUB_ENV | ||
| echo "BUILD_ID=$(jq -r '.build_id' response)" >> $GITHUB_ENV | ||
| - name: Upload the tarball to the Cloud | ||
| run: | | ||
| export COV_RES_PATH="$(pwd)/grass.tgz" | ||
| curl -X PUT \ | ||
| --header 'Content-Type: application/json' \ | ||
| --upload-file $COV_RES_PATH \ | ||
| $UPLOAD_URL | ||
| - name: Trigger the build on Scan | ||
| run: | | ||
| curl -X PUT \ | ||
| -d token=$TOKEN \ | ||
| https://scan.coverity.com/projects/1038/builds/$BUILD_ID/enqueue | ||
| env: | ||
| TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} | ||