-
Notifications
You must be signed in to change notification settings - Fork 47
91 lines (87 loc) · 2.68 KB
/
coverity-scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
---
name: Coverity Scan
on:
pull_request_target:
branches: ["main"]
types:
- labeled
schedule:
- cron: '41 3 * * 0'
jobs:
scheduled:
if: ${{ github.event_name == 'schedule' }}
name: Recurrent Coverity Scan
runs-on: ubuntu-22.04
container: fedora:latest
steps:
- name: Install Dependencies
run: |
dnf -y install git gcc meson pkgconf-pkg-config \
openssl-devel openssl \
nss-softokn nss-tools nss-softokn-devel
- name: Checkout Repository
uses: actions/checkout@v4
- name: Setup
run: |
meson setup builddir
env:
CC: gcc
- name: Check for changes
run: |
echo "RUN_COV=0" >> $GITHUB_ENV;
git config --global --add safe.directory \
/__w/pkcs11-provider/pkcs11-provider
DIFF=`git log --since=1week | wc -l`
if [ x${DIFF} != "x0" ]; then
echo "RUN_COV=1" >> $GITHUB_ENV;
fi
- name: Coverity Scan
if: env.RUN_COV == 1
uses: vapier/coverity-scan-action@v1
with:
project: "PKCS%2311+Provider"
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
on-labeled-pr:
if: ${{ contains(github.event.*.labels.*.name, 'covscan') }}
name: Coverity Scan on PR
runs-on: ubuntu-latest
permissions:
pull-requests: write
container: fedora:latest
steps:
- name: Install Dependencies
run: |
dnf -y install git gcc meson pkgconf-pkg-config \
openssl-devel openssl \
nss-softokn nss-tools nss-softokn-devel \
gh
- name: Checkout Repository
uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.sha}}
- name: Setup
run: |
meson setup builddir
env:
CC: gcc
- name: Coverity Scan
uses: vapier/coverity-scan-action@v1
with:
project: "PKCS%2311+Provider"
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: Remove Label
if: always()
run: gh pr edit "$NUMBER" --remove-label "covscan"
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.number }}
on-no-covscan-labeled-pr:
if: ${{ contains(github.event.*.labels.*.name, 'no-covscan') }}
name: Coverity Scan on PR
runs-on: ubuntu-latest
steps:
- name: Coverity Scan not needed
run: echo "Dummy action to report all ok and mark covscan as handled"