diff options
author | Theo Buehler <tb@openbsd.org> | 2023-12-15 22:26:15 +0100 |
---|---|---|
committer | Theo Buehler <tb@openbsd.org> | 2023-12-15 22:26:15 +0100 |
commit | 541e39c955b9836ccf85dade83524c12799645cd (patch) | |
tree | c81ecd9ba31e90257e45fc295c3c6c496f95a3fa /.github | |
parent | fef71862bc53f95dc696fc3be4a71a336e234266 (diff) | |
parent | b5940135e8302915902ee7428e150089c1f7fe39 (diff) | |
download | portable-541e39c955b9836ccf85dade83524c12799645cd.tar.gz portable-541e39c955b9836ccf85dade83524c12799645cd.tar.bz2 portable-541e39c955b9836ccf85dade83524c12799645cd.zip |
Land #977
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/coverity.yml | 97 |
1 files changed, 57 insertions, 40 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index e1bfcb0..7b01aa4 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml | |||
@@ -1,48 +1,65 @@ | |||
1 | name: Coverity | 1 | # GitHub Actions workflow to run Coverity scans. |
2 | name: "Coverity" | ||
2 | 3 | ||
3 | on: | 4 | on: |
4 | workflow_dispatch: | 5 | workflow_dispatch: |
5 | schedule: | 6 | schedule: |
6 | - cron: "0 0 * * *" | 7 | - cron: "0 0 * * *" # At 00:00 daily. |
7 | 8 | ||
8 | jobs: | 9 | jobs: |
9 | scan: | 10 | scan: |
10 | runs-on: ubuntu-latest | 11 | name: "Scan" |
11 | if: ${{ github.repository_owner == 'libressl' }} | 12 | runs-on: "ubuntu-latest" |
13 | if: github.repository_owner == 'libressl' # Prevent running on forks | ||
14 | permissions: | ||
15 | contents: read | ||
12 | steps: | 16 | steps: |
13 | - uses: actions/checkout@main | 17 | - name: "Checkout repository" |
14 | - name: Install apt dependencies | 18 | uses: actions/checkout@v4 |
15 | run: | | 19 | |
16 | sudo apt-get update | 20 | - name: "Install dependencies" |
17 | sudo apt-get install -y cmake ninja-build | 21 | run: | |
18 | - name: Download Coverity build tool | 22 | sudo apt-get update |
19 | run: | | 23 | sudo apt-get install -y cmake ninja-build |
20 | wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=libressl-portable%2Fportable" -O coverity_tool.tar.gz | 24 | |
21 | mkdir coverity_tool | 25 | - name: "Download Coverity build tool" |
22 | tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool | 26 | env: |
23 | - name: Configure | 27 | PROJECT: "libressl-portable%2Fportable" |
24 | run: | | 28 | COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" |
25 | ./autogen.sh | 29 | run: | |
26 | ./configure | 30 | wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$PROJECT" -O coverity_tool.tar.gz |
27 | make dist | 31 | mkdir coverity_tool |
28 | tar zxf libressl-*.tar.gz | 32 | tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool |
29 | rm libressl-*.tar.gz | 33 | |
30 | cd libressl-* | 34 | - name: "Setup" |
31 | mkdir build-static | 35 | run: | |
32 | mkdir build-shared | 36 | ./autogen.sh |
33 | cmake -GNinja -DBUILD_SHARED_LIBS=ON .. | 37 | ./configure |
34 | - name: Build with Coverity build tool | 38 | make dist |
35 | run: | | 39 | tar zxf libressl-*.tar.gz |
36 | export PATH=`pwd`/coverity_tool/bin:$PATH | 40 | rm libressl-*.tar.gz |
37 | cd libressl-* | 41 | cd libressl-* |
38 | cov-build --dir cov-int ninja | 42 | mkdir build-static |
39 | - name: Submit build result to Coverity Scan | 43 | mkdir build-shared |
40 | run: | | 44 | cmake -GNinja -DBUILD_SHARED_LIBS=ON .. |
41 | cd libressl-* | 45 | |
42 | tar czvf cov.tar.gz cov-int | 46 | - name: "Build with Coverity build tool" |
43 | curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \ | 47 | run: | |
44 | --form email=libressl-security@openbsd.org \ | 48 | export PATH=`pwd`/coverity_tool/bin:$PATH |
45 | --form file=@cov.tar.gz \ | 49 | cd libressl-* |
46 | --form version="Commit $GITHUB_SHA" \ | 50 | cov-build --dir cov-int ninja |
47 | --form description="Build submitted via CI" \ | 51 | |
48 | https://scan.coverity.com/builds?project=libressl-portable%2Fportable | 52 | - name: "Submit build result to Coverity Scan" |
53 | env: | ||
54 | EMAIL: "libressl-security@openbsd.org" | ||
55 | PROJECT: "libressl-portable%2Fportable" | ||
56 | COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" | ||
57 | run: | | ||
58 | cd libressl-* | ||
59 | tar czvf cov.tar.gz cov-int | ||
60 | curl --form token=$COVERITY_SCAN_TOKEN \ | ||
61 | --form email=$EMAIL \ | ||
62 | --form file=@cov.tar.gz \ | ||
63 | --form version="Commit $GITHUB_SHA" \ | ||
64 | --form description="Build submitted via CI" \ | ||
65 | https://scan.coverity.com/builds?project=$PROJECT | ||