Skip to content

coverity-scan

coverity-scan #79

Workflow file for this run

name: coverity-scan
# Controls when the action will run.
on:
# Run this action on a schedule (we're allowed a maximum of two per day)
schedule:
- cron: '0 18 * * SUN' # Sunday at 18:00 UTC
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: read
jobs:
coverity_scan:
runs-on: ubuntu-latest
if: github.repository == 'OSGeo/gdal'
strategy:
fail-fast: false
matrix:
include:
- id: coverity_scan
container: ubuntu_20.04
build_script: build.sh
# Store the components of the container name as environment variables:
# ${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER}/${CONTAINER_NAME}
env:
CONTAINER_REGISTRY: ${{ vars.gdal_container_registry || 'ghcr.io' }}
CONTAINER_REGISTRY_USER: ${{ vars.gdal_container_registry_user || github.repository_owner }}
CONTAINER_NAME: gdal-deps:${{ matrix.container}}-${{ github.base_ref || github.ref_name }}
GDAL_SOURCE_DIR: /gdal # Directory to which workspace (source root) will be mounted inside container
defaults:
run:
# bash is needed to use ${CONTAINER_REGISTRY_USER,,}, which forces the
# username to lower-case as required by docker.
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to GHCR
if: env.CONTAINER_REGISTRY == 'ghcr.io'
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Pull build environment
shell: bash
run: |
export CONTAINER_NAME_FULL="${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER,,}/${CONTAINER_NAME}"
docker pull ${CONTAINER_REGISTRY}/osgeo/${CONTAINER_NAME} || true
docker pull ${CONTAINER_NAME_FULL} || true
echo "CONTAINER_NAME_FULL=${CONTAINER_NAME_FULL}" >>${GITHUB_ENV}
- name: Build
run: |
mkdir -p build-${{ matrix.id }}
docker run --name gdal-build \
--rm \
-e COVERITY_SCAN_TOKEN -e COVERITY_SCAN_EMAIL \
-v $(pwd):/${GDAL_SOURCE_DIR}:rw \
-v ${{ github.workspace }}/.ccache:/root/.ccache:rw \
--workdir ${GDAL_SOURCE_DIR}/build-${{ matrix.id }} \
${CONTAINER_NAME_FULL} \
"${GDAL_SOURCE_DIR}/.github/workflows/${{ matrix.id }}/${{ matrix.build_script }}"
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}