Skip to content

coverity-scan

coverity-scan #351

Workflow file for this run

name: coverity-scan
on:
schedule:
- cron: '0 20 * * *' # Daily at 20:00 UTC
workflow_dispatch:
jobs:
latest:
runs-on: ubuntu-latest
steps:
- name: Check submission cache
id: check_submit
uses: actions/cache/restore@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
cov-int
key: check-submit-${{ github.sha }}
- name: Install dependencies
if: steps.check_submit.outputs.cache-hit != 'true'
run: sudo apt update && sudo apt install -y libcap-dev libjsoncpp-dev liblzo2-dev liblz4-dev libssl-dev swig
- name: Checkout OpenVPN 3
if: steps.check_submit.outputs.cache-hit != 'true'
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
path: openvpn3
- name: Checkout asio
if: steps.check_submit.outputs.cache-hit != 'true'
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
# versioning=regex:^asio-(?<major>\d+)-(?<minor>\d+)-(?<patch>\d+)$
repository: chriskohlhoff/asio
ref: asio-1-30-2
path: asio
- name: Checkout xxHash
if: steps.check_submit.outputs.cache-hit != 'true'
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
with:
# versioning=semver-coerced
repository: Cyan4973/xxHash
ref: v0.8.2
path: xxHash
- uses: lukka/get-cmake@85652a37b177d946c9f4fad0f696b2927ee7754d # v3.29.4
if: steps.check_submit.outputs.cache-hit != 'true'
- name: Download Coverity Build Tool
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=OpenVPN%2Fopenvpn3" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: CMake configure
if: steps.check_submit.outputs.cache-hit != 'true'
run: cmake -S openvpn3 -B cmake -DDEP_DIR=$PWD -GNinja
- name: Build with cov-build
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
PATH=`pwd`/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int cmake --build cmake
- name: Submit the result to Coverity Scan
if: steps.check_submit.outputs.cache-hit != 'true'
run: |
tar czvf openvpn.tgz cov-int
curl --form token=$TOKEN \
--form email=$EMAIL \
--form [email protected] \
--form version="$GITHUB_SHA" \
--form description="master" \
https://scan.coverity.com/builds?project=OpenVPN%2Fopenvpn3
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
- name: Cache submission
if: steps.check_submit.outputs.cache-hit != 'true'
uses: actions/cache/save@0c45773b623bea8c8e75f6c82b208c3cf94ea4f9 # v4.0.2
with:
path: |
cov-int
key: ${{ steps.check_submit.outputs.cache-primary-key }}