Land #977

author: Theo Buehler <tb@openbsd.org> 2023-12-15 22:26:15 +0100
committer: Theo Buehler <tb@openbsd.org> 2023-12-15 22:26:15 +0100
commit: 541e39c955b9836ccf85dade83524c12799645cd (patch)
tree: c81ecd9ba31e90257e45fc295c3c6c496f95a3fa /.github
parent: fef71862bc53f95dc696fc3be4a71a336e234266 (diff)
parent: b5940135e8302915902ee7428e150089c1f7fe39 (diff)
download: portable-541e39c955b9836ccf85dade83524c12799645cd.tar.gz
portable-541e39c955b9836ccf85dade83524c12799645cd.tar.bz2
portable-541e39c955b9836ccf85dade83524c12799645cd.zip
1 files changed, 57 insertions, 40 deletions
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index e1bfcb0..7b01aa4 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -1,48 +1,65 @@
-name: Coverity
+# GitHub Actions workflow to run Coverity scans.
+name: "Coverity"
 on:
  workflow_dispatch:
  schedule:
-  - cron: "0 0 * * *"
+    - cron: "0 0 * * *" # At 00:00 daily.
 jobs:
  scan:
-    runs-on: ubuntu-latest
+    name: "Scan"
-    if: ${{ github.repository_owner == 'libressl' }}
+    runs-on: "ubuntu-latest"
+    if: github.repository_owner == 'libressl' # Prevent running on forks
+    permissions:
+      contents: read
    steps:
-    - uses: actions/checkout@main
+      - name: "Checkout repository"
-    - name: Install apt dependencies
+        uses: actions/checkout@v4
-      run: |
-        sudo apt-get update
+      - name: "Install dependencies"
-        sudo apt-get install -y cmake ninja-build
+        run: |
-    - name: Download Coverity build tool
+          sudo apt-get update
-      run: |
+          sudo apt-get install -y cmake ninja-build
-        wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=libressl-portable%2Fportable" -O coverity_tool.tar.gz
-        mkdir coverity_tool
+      - name: "Download Coverity build tool"
-        tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
+        env:
-    - name: Configure
+          PROJECT: "libressl-portable%2Fportable"
-      run: |
+          COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
-        ./autogen.sh
+        run: |
-        ./configure
+          wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$PROJECT" -O coverity_tool.tar.gz
-        make dist
+          mkdir coverity_tool
-        tar zxf libressl-*.tar.gz
+          tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
-        rm libressl-*.tar.gz
-        cd libressl-*
+      - name: "Setup"
-        mkdir build-static
+        run: |
-        mkdir build-shared 
+          ./autogen.sh
-        cmake -GNinja -DBUILD_SHARED_LIBS=ON ..
+          ./configure
-    - name: Build with Coverity build tool
+          make dist
-      run: |
+          tar zxf libressl-*.tar.gz
-        export PATH=`pwd`/coverity_tool/bin:$PATH
+          rm libressl-*.tar.gz
-        cd libressl-*
+          cd libressl-*
-        cov-build --dir cov-int ninja
+          mkdir build-static
-    - name: Submit build result to Coverity Scan
+          mkdir build-shared 
-      run: |
+          cmake -GNinja -DBUILD_SHARED_LIBS=ON ..
-        cd libressl-*
-        tar czvf cov.tar.gz cov-int
+      - name: "Build with Coverity build tool"
-        curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
+        run: |
-          --form email=libressl-security@openbsd.org \
+          export PATH=`pwd`/coverity_tool/bin:$PATH
-          --form file=@cov.tar.gz \
+          cd libressl-*
-          --form version="Commit $GITHUB_SHA" \
+          cov-build --dir cov-int ninja
-          --form description="Build submitted via CI" \
-          https://scan.coverity.com/builds?project=libressl-portable%2Fportable
+      - name: "Submit build result to Coverity Scan"
+        env:
+          EMAIL: "libressl-security@openbsd.org"
+          PROJECT: "libressl-portable%2Fportable"
+          COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
+        run: |
+          cd libressl-*
+          tar czvf cov.tar.gz cov-int
+          curl --form token=$COVERITY_SCAN_TOKEN \
+            --form email=$EMAIL \
+            --form file=@cov.tar.gz \
+            --form version="Commit $GITHUB_SHA" \
+            --form description="Build submitted via CI" \
+            https://scan.coverity.com/builds?project=$PROJECT
author	Theo Buehler <tb@openbsd.org>	2023-12-15 22:26:15 +0100
committer	Theo Buehler <tb@openbsd.org>	2023-12-15 22:26:15 +0100
commit	541e39c955b9836ccf85dade83524c12799645cd (patch)
tree	c81ecd9ba31e90257e45fc295c3c6c496f95a3fa /.github
parent	fef71862bc53f95dc696fc3be4a71a336e234266 (diff)
parent	b5940135e8302915902ee7428e150089c1f7fe39 (diff)
download	portable-541e39c955b9836ccf85dade83524c12799645cd.tar.gz portable-541e39c955b9836ccf85dade83524c12799645cd.tar.bz2 portable-541e39c955b9836ccf85dade83524c12799645cd.zip

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index e1bfcb0..7b01aa4 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml
@@ -1,48 +1,65 @@
1	name: Coverity	1	# GitHub Actions workflow to run Coverity scans.
		2	name: "Coverity"
2		3
3	on:	4	on:
4	workflow_dispatch:	5	workflow_dispatch:
5	schedule:	6	schedule:
6	- cron: "0 0 * * *"	7	- cron: "0 0 * * *" # At 00:00 daily.
7		8
8	jobs:	9	jobs:
9	scan:	10	scan:
10	runs-on: ubuntu-latest	11	name: "Scan"
11	if: ${{ github.repository_owner == 'libressl' }}	12	runs-on: "ubuntu-latest"
		13	if: github.repository_owner == 'libressl' # Prevent running on forks
		14	permissions:
		15	contents: read
12	steps:	16	steps:
13	- uses: actions/checkout@main	17	- name: "Checkout repository"
14	- name: Install apt dependencies	18	uses: actions/checkout@v4
15	run: \|	19
16	sudo apt-get update	20	- name: "Install dependencies"
17	sudo apt-get install -y cmake ninja-build	21	run: \|
18	- name: Download Coverity build tool	22	sudo apt-get update
19	run: \|	23	sudo apt-get install -y cmake ninja-build
20	wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=libressl-portable%2Fportable" -O coverity_tool.tar.gz	24
21	mkdir coverity_tool	25	- name: "Download Coverity build tool"
22	tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool	26	env:
23	- name: Configure	27	PROJECT: "libressl-portable%2Fportable"
24	run: \|	28	COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
25	./autogen.sh	29	run: \|
26	./configure	30	wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$PROJECT" -O coverity_tool.tar.gz
27	make dist	31	mkdir coverity_tool
28	tar zxf libressl-*.tar.gz	32	tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
29	rm libressl-*.tar.gz	33
30	cd libressl-*	34	- name: "Setup"
31	mkdir build-static	35	run: \|
32	mkdir build-shared	36	./autogen.sh
33	cmake -GNinja -DBUILD_SHARED_LIBS=ON ..	37	./configure
34	- name: Build with Coverity build tool	38	make dist
35	run: \|	39	tar zxf libressl-*.tar.gz
36	export PATH=`pwd`/coverity_tool/bin:$PATH	40	rm libressl-*.tar.gz
37	cd libressl-*	41	cd libressl-*
38	cov-build --dir cov-int ninja	42	mkdir build-static
39	- name: Submit build result to Coverity Scan	43	mkdir build-shared
40	run: \|	44	cmake -GNinja -DBUILD_SHARED_LIBS=ON ..
41	cd libressl-*	45
42	tar czvf cov.tar.gz cov-int	46	- name: "Build with Coverity build tool"
43	curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \	47	run: \|
44	--form email=libressl-security@openbsd.org \	48	export PATH=`pwd`/coverity_tool/bin:$PATH
45	--form file=@cov.tar.gz \	49	cd libressl-*
46	--form version="Commit $GITHUB_SHA" \	50	cov-build --dir cov-int ninja
47	--form description="Build submitted via CI" \	51
48	https://scan.coverity.com/builds?project=libressl-portable%2Fportable	52	- name: "Submit build result to Coverity Scan"
		53	env:
		54	EMAIL: "libressl-security@openbsd.org"
		55	PROJECT: "libressl-portable%2Fportable"
		56	COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}"
		57	run: \|
		58	cd libressl-*
		59	tar czvf cov.tar.gz cov-int
		60	curl --form token=$COVERITY_SCAN_TOKEN \
		61	--form email=$EMAIL \
		62	--form file=@cov.tar.gz \
		63	--form version="Commit $GITHUB_SHA" \
		64	--form description="Build submitted via CI" \
		65	https://scan.coverity.com/builds?project=$PROJECT