Skip to content

coverity-scan

coverity-scan #88

Workflow file for this run

name: coverity-scan
# Controls when the action will run.
on:
# Run this action on a schedule (we're allowed a maximum of two per day)
schedule:
- cron: '0 18 * * SUN' # Sunday at 18:00 UTC
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: read
jobs:
coverity_scan:
runs-on: ubuntu-latest
if: github.repository == 'OSGeo/gdal'
strategy:
fail-fast: false
matrix:
include:
- id: coverity_scan
container: ubuntu_20.04
build_script: build.sh
# Store the components of the container name as environment variables:
# ${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER}/${CONTAINER_NAME}
env:
CONTAINER_REGISTRY: ${{ vars.gdal_container_registry || 'ghcr.io' }}
CONTAINER_REGISTRY_USER: ${{ vars.gdal_container_registry_user || github.repository_owner }}
CONTAINER_NAME: gdal-deps
CONTAINER_TAG: ${{ matrix.container }}-${{ github.base_ref || github.ref_name }}
GDAL_SOURCE_DIR: /gdal # Directory to which workspace (source root) will be mounted inside container
defaults:
run:
# bash is needed to use ${CONTAINER_REGISTRY_USER,,}, which forces the
# username to lower-case as required by docker.
shell: bash
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Login to GHCR
if: env.CONTAINER_REGISTRY == 'ghcr.io'
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Set variables
shell: bash
# This logic needs to be kept in sync between linux_build.yml and converity_scan.yml
run: |
CONTAINER_TAG_CLEAN=$(echo ${CONTAINER_TAG} | tr -d -c "[:alnum:].-")
echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}"
echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV}
CACHE_CONTAINER_TAG_CLEAN=$(echo ${CACHE_CONTAINER_TAG} | tr -d -c "[:alnum:].-")
echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}"
echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV}
echo "CONTAINER_NAME_FULL=${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER,,}/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN}" >>${GITHUB_ENV}
- name: Build
run: |
mkdir -p build-${{ matrix.id }}
docker run --name gdal-build \
--rm \
-e COVERITY_SCAN_TOKEN -e COVERITY_SCAN_EMAIL \
-v $(pwd):/${GDAL_SOURCE_DIR}:rw \
-v ${{ github.workspace }}/.ccache:/root/.ccache:rw \
--workdir ${GDAL_SOURCE_DIR}/build-${{ matrix.id }} \
${CONTAINER_NAME_FULL} \
"${GDAL_SOURCE_DIR}/.github/workflows/${{ matrix.id }}/${{ matrix.build_script }}"
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}