Skip to content

Commit

Permalink
Test the covscan stuff
Browse files Browse the repository at this point in the history 
the covscan wrokflow can't be tested on PRs as it uses pull_request_target, so use a copy that runs on regular pull_request (but actually fails to work in practice as it can't use tokens) to make sure all the syntaxes are ok.

this commit will be removed if all looks good

Signed-off-by: Simo Sorce <[email protected]>
  • Loading branch information
@simo5
simo5 committed Jun 4, 2024
1 parent 2a0e0b0 commit 9598de5
Showing 1 changed file with 111 additions and 0 deletions.
111 changes: 111 additions & 0 deletions .github/workflows/test.yml
View file
Original file line number Diff line number Diff line change
@@ -0,0 +1,111 @@
---
name: Faux Scan

on:
pull_request:
branches: ["main"]
types:
- synchronize
- labeled

jobs:
on-labeled-pr:
if: ${{ contains(github.event.action, 'labeled') && contains(github.event.*.labels.*.name, 'covscan') }}
name: Coverity Scan on PR
runs-on: ubuntu-latest
permissions:
pull-requests: write
container: fedora:latest
steps:
- name: Install Dependencies
run: |
dnf -y install git gcc meson pkgconf-pkg-config \
openssl-devel openssl \
nss-softokn nss-tools nss-softokn-devel \
gh
- name: Checkout Repository
uses: actions/checkout@v4
with:
ref: ${{github.event.pull_request.head.sha}}
- name: Setup
run: |
meson setup builddir
env:
CC: gcc
- name: Coverity Scan
uses: vapier/coverity-scan-action@v1
with:
project: "PKCS%2311+Provider"
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: Remove Label
if: always()
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.number }}
run: gh pr edit "$NUMBER" --remove-label "covscan"

on-no-covscan-labeled-pr:
if: ${{ contains(github.event.action, 'labeled') && contains(github.event.*.labels.*.name, 'covscan-ok') }}
name: Coverity Scan on PR
runs-on: ubuntu-latest
steps:
- name: Coverity Scan not needed
run: echo "Dummy action to report all ok and mark covscan as handled"

on-synchronize-no-source-changes:
if: ${{ contains(github.event.action, 'synchronize') && ! contains(github.event.*.labels.*.name, 'covscan-ok') }}
name: Coverity Scan on PR
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: Check changed files
id: changed-sources
uses: tj-actions/changed-files@v44
with:
files: |
src/**
- name: Coverity Scan not needed
if: steps.changed-sources.outputs.any_changed == 'false'
run: |
echo "No Source files changed, no covscan needed"
- name: Coverity Scan is needed
if: steps.changed-sources.outputs.any_changed == 'true'
run: |
echo "Source files changed, covscan is needed"
on-synchronize-covscan-ok:
if: ${{ contains(github.event.action, 'synchronize') && contains(github.event.*.labels.*.name, 'covscan-ok') }}
name: Coverity Scan on PR
runs-on: ubuntu-latest
continue-on-error: true
steps:
- uses: actions/checkout@v4
- name: Check changed files
id: changed-sources
uses: tj-actions/changed-files@v44
with:
base_sha: ${{ github.event.before }}
files: |
src/**
- name: Remove on failure
if: steps.changed-sources.outcome == 'failure'
run: |
echo "Probably rebased, covscan may need to be re-run"
false
- name: Remove on changed files
if: steps.changed-sources.outputs.any_changed == 'true'
run: |
echo "Source files changed, covscan may need to be re-run"
false
- name: Coverity Scan not needed
if: ${{ steps.changed-sources.outcome == 'success' && steps.changed-sources.outputs.any_changed == 'false' }}
run: echo "Dummy action to report all ok and mark covscan as handled"
- name: Label Remover
if: ${{ steps.changed-sources.outcome == 'failure' || steps.changed-sources.outputs.any_changed == 'true' }}
env:
GH_TOKEN: ${{ secrets.GITHUB_TOKEN }}
GH_REPO: ${{ github.repository }}
NUMBER: ${{ github.event.number }}
run: gh pr edit "$NUMBER" --remove-label "covscan"

0 comments on commit 9598de5

Please sign in to comment.