Skip to content

fixing Covscan PR target #329

fixing Covscan PR target

fixing Covscan PR target #329

Workflow file for this run

---
name: Coverity Scan
on:
pull_request:
branches: ["main"]
types:
- labeled
schedule:
- cron: '41 3 * * 0'
jobs:
scheduled:
if: ${{ github.event_name == 'schedule' }}
name: Recurrent Coverity Scan
runs-on: ubuntu-22.04
container: fedora:latest
steps:
- name: Install Dependencies
run: |
dnf -y install git gcc meson pkgconf-pkg-config \
openssl-devel openssl \
nss-softokn nss-tools nss-softokn-devel
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup
run: |
meson setup builddir
env:
CC: gcc
- name: Check for changes
run: |
echo "RUN_COV=0" >> $GITHUB_ENV;
git config --global --add safe.directory \
/__w/pkcs11-provider/pkcs11-provider
DIFF=`git log --since=1week | wc -l`
if [ x${DIFF} != "x0" ]; then
echo "RUN_COV=1" >> $GITHUB_ENV;
fi
- name: Coverity Scan
if: env.RUN_COV == 1
uses: vapier/coverity-scan-action@v1
with:
project: "PKCS%2311+Provider"
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
on-labeled-pr:
if: ${{ contains(github.event.*.labels.*.name, 'covscan') }}
name: Coverity Scan on PR
runs-on: ubuntu-latest
permissions:
pull-requests: write
container: fedora:latest
steps:
- name: Install Dependencies
run: |
dnf -y install git gcc meson pkgconf-pkg-config \
openssl-devel openssl \
nss-softokn nss-tools nss-softokn-devel \
gh
- name: Find PR
run: |
echo "Base ${{ github.event.pull_request.base.ref }} - ${{ github.event.pull_request.base.sha }}"
echo "Head ${{ github.event.pull_request.head.ref }} - ${{ github.event.pull_request.head.sha }}"
- name: Checkout Repository
uses: actions/checkout@v4
with:
ref: ${{steps.get-pr.outputs.merge_commit_sha}}
- name: Setup
run: |
meson setup builddir
env:
CC: gcc
- name: Coverity Scan
uses: vapier/coverity-scan-action@v1
with:
project: "PKCS%2311+Provider"
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: Remove Label
if: always()
run: gh pr edit "$NUMBER" --remove-label "covscan"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.number }}
on-no-covscan-labeled-pr:
if: ${{ contains(github.event.*.labels.*.name, 'no-covscan') }}
name: Coverity Scan on PR
runs-on: ubuntu-latest
steps:
- name: All covered
run: echo "Dummy action to report all ok and mark covscan as handled"