Coverity Scan tools download, build and send data to analysis #392
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Coverity-Scan | |
| run-name: Coverity Scan tools download, build and send data to analysis | |
| on: | |
| schedule: | |
| - cron: '0 23 * * *' | |
| workflow_dispatch: | |
| env: | |
| OWCOV_PROJECT: 'open-watcom/open-watcom-v2' | |
| OWCOV_TOOLS_GITPATH: 'coverity-scan-analysis' | |
| OWCOV_RESULTS_GITPATH: 'cov-int' | |
| OWCOV_TAG: 'Coverity-scan' | |
| jobs: | |
| check_run: | |
| if: github.repository == 'open-watcom/open-watcom-v2' | |
| name: Check if to run | |
| runs-on: ubuntu-latest | |
| outputs: | |
| runit: ${{ steps.check_tag.outputs.old }} | |
| steps: | |
| - name: Checkout Actions | |
| uses: actions/checkout@v4 | |
| - name: Check tag reference | |
| id: check_tag | |
| uses: "./.github/actions/ghtagchk" | |
| with: | |
| tag: ${{ env.OWCOV_TAG }} | |
| owdebug: ${{ vars.OWDEBUG }} | |
| owcurlopts: ${{ vars.OWCURLOPTS }} | |
| scan-lnx: | |
| needs: check_run | |
| if: needs.check_run.outputs.runit | |
| name: "Coverity Scan Linux" | |
| runs-on: ubuntu-latest | |
| env: | |
| OWCOV_SRC: 'linux64' | |
| OWCOV_TOOLS_ARCHIVE: 'cov-analysis-linux.tgz' | |
| OWCOV_RESULTS_ARCHIVE: 'open-watcom-v2.tgz' | |
| steps: | |
| - name: Checkout Actions | |
| uses: actions/checkout@v4 | |
| - name: Install DOSBOX | |
| uses: "./.github/actions/dosboxin" | |
| with: | |
| hostos: 'lnx' | |
| - name: Setup curl options | |
| id: curlcmd | |
| uses: "./.github/actions/curlcmd" | |
| with: | |
| owcurlopts: ${{ inputs.owcurlopts }} | |
| - name: "Download Coverity Tools" | |
| run: | | |
| $response = ${{ steps.curlcmd.outputs.cov }} ` | |
| -o $env:OWCOV_TOOLS_ARCHIVE ` | |
| "https://scan.coverity.com/download/cxx/$env:OWCOV_SRC" ` | |
| -d "project=$env:OWCOV_PROJECT&token=${{ secrets.OWCOVERITY_TOKEN }}" | |
| if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response } | |
| shell: pwsh | |
| - name: "Restore Coverity Tools" | |
| uses: "./.github/actions/tarload" | |
| with: | |
| hostos: 'lnx' | |
| fullname: ${{ env.OWCOV_TOOLS_ARCHIVE }} | |
| gitpath: ${{ env.OWCOV_TOOLS_GITPATH }} | |
| format: 'gzip' | |
| owdebug: ${{ vars.OWDEBUG }} | |
| - name: "Remove Coverity Tools Archive" | |
| run: rm -f $OWCOV_SRC_ARCHIVE | |
| shell: bash | |
| - name: Find Coverity Tool command | |
| id: covtool | |
| run: | | |
| $xpath = Join-Path ${{ github.workspace }} $env:OWCOV_TOOLS_GITPATH | |
| (Get-ChildItem -Recurse -Path $xpath -File "cov-build" | Select-Object -First 1).FullName ` | |
| | Join-String -OutputPrefix 'cmd=' ` | |
| | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append | |
| shell: pwsh | |
| - name: "Build Coverity output data Linux" | |
| run: ci/coverity.sh ${{ steps.covtool.outputs.cmd }} $OWCOV_RESULTS_GITPATH ci/covbuild.sh | |
| env: | |
| OWROOT: ${{ github.workspace }} | |
| OWTOOLS: GCC | |
| OWDOSBOX: dosbox | |
| OWDEBUG: ${{ vars.OWDEBUG }} | |
| OWVERBOSE: 1 | |
| shell: bash | |
| - name: Get Coverity output data path | |
| id: tarname | |
| run: > | |
| Join-Path ${{ github.workspace }} $env:OWCOV_RESULTS_ARCHIVE | |
| | Join-String -OutputPrefix 'fullname=' | |
| | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append | |
| shell: pwsh | |
| - name: "Create Archive with Coverity output data" | |
| run: | | |
| if [ "${{ vars.OWDEBUG }}" = "1" ]; then | |
| tar -cvf "${{ steps.tarname.outputs.fullname }}" -J --overwrite $OWCOV_RESULTS_GITPATH | |
| else | |
| tar -cf "${{ steps.tarname.outputs.fullname }}" -J --overwrite $OWCOV_RESULTS_GITPATH | |
| fi | |
| shell: bash | |
| - if: vars.OWDEBUG == 1 | |
| name: Upload Artifact | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: 'coverity' | |
| path: ${{ steps.tarname.outputs.fullname }} | |
| retention-days: 3 | |
| overwrite: true | |
| - id: last_commit | |
| run: git rev-parse HEAD | Join-String -OutputPrefix 'sha=' | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append | |
| shell: pwsh | |
| - name: "Upload Coverity output data Archive" | |
| run: > | |
| $response = ${{ steps.curlcmd.outputs.cov }} | |
| --write-out "\n%{http_code}\n" | |
| --form project=$env:OWCOV_PROJECT | |
| --form token=${{ secrets.OWCOVERITY_TOKEN }} | |
| --form email=malak.jiri@gmail.com | |
| --form file=`@${{ steps.tarname.outputs.fullname }} | |
| --form version=${{ steps.last_commit.outputs.sha }} | |
| --form description="Open Watcom V2 Azure Pipelines CI build" | |
| https://scan.coverity.com/builds | |
| shell: pwsh | |
| - name: Check tag reference | |
| id: check_tag | |
| uses: "./.github/actions/ghtagchk" | |
| with: | |
| tag: ${{ env.OWCOV_TAG }} | |
| owdebug: ${{ vars.OWDEBUG }} | |
| - if: steps.check_tag.outputs.sha == '' | |
| name: Create new Coverity scan tag | |
| run: | | |
| $response = ${{ steps.curlcmd.outputs.gh }} -H "Authorization: Bearer ${{ github.token }}" ` | |
| -X POST "https://api.github.com/repos/${{ github.repository }}/git/refs" ` | |
| -d '{"ref":"refs/tags/${{ env.OWCOV_TAG }}","sha":"${{ steps.last_commit.outputs.sha }}"}' | |
| if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response } | |
| shell: pwsh | |
| - if: steps.check_tag.outputs.sha != '' | |
| name: Update Coverity scan tag | |
| run: | | |
| $response = ${{ steps.curlcmd.outputs.gh }} -H "Authorization: Bearer ${{ github.token }}" ` | |
| -X PATCH "https://api.github.com/repos/${{ github.repository }}/git/refs/tags/${{ env.OWCOV_TAG }}" ` | |
| -d '{"sha":"${{ steps.last_commit.outputs.sha }}"}' | |
| if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response } | |
| shell: pwsh | |
| # scan-nt: | |
| # needs: check_run | |
| # if: needs.check_run.outputs.runit | |
| # name: "Load Coverity Scan Windows" | |
| # runs-on: windows-2022 | |
| # env: | |
| # OWCOV_SRC: 'win64' | |
| # OWCOV_TOOLS_ARCHIVE: 'cov-analysis-linux.zip' | |
| # OWCOV_RESULTS_ARCHIVE: 'open-watcom-v2.zip' | |
| # steps: | |
| # - name: Checkout Actions | |
| # uses: actions/checkout@v4 | |
| # - name: Install DOSBOX | |
| # uses: "./.github/actions/dosboxin" | |
| # with: | |
| # hostos: 'nt' | |
| # - name: Setup curl options | |
| # id: curlcmd | |
| # uses: "./.github/actions/curlcmd" | |
| # with: | |
| # owcurlopts: ${{ inputs.owcurlopts }} | |
| # - name: "Download Coverity Tools" | |
| # run: | | |
| # $response = ${{ steps.curlcmd.outputs.cov }} ` | |
| # -o $env:OWCOV_TOOLS_ARCHIVE ` | |
| # "https://scan.coverity.com/download/cxx/$env:OWCOV_SRC" ` | |
| # -d "project=$env:OWCOV_PROJECT&token=${{ secrets.OWCOVERITY_TOKEN }}" | |
| # if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response } | |
| # shell: pwsh | |
| # - name: "Restore Coverity Tools" | |
| # uses: "./.github/actions/tarload" | |
| # with: | |
| # hostos: 'nt' | |
| # fullname: ${{ env.OWCOV_TOOLS_ARCHIVE }} | |
| # gitpath: ${{ env.OWCOV_TOOLS_GITPATH }} | |
| # format: 'gzip' | |
| # owdebug: ${{ vars.OWDEBUG }} | |
| # - name: "Remove Coverity Tools Archive" | |
| # run: rm -f $OWCOV_SRC_ARCHIVE | |
| # shell: bash | |
| # - name: Find Coverity Tool command | |
| # id: covtool | |
| # run: | | |
| # $xpath = Join-Path ${{ github.workspace }} $env:OWCOV_TOOLS_GITPATH | |
| # (Get-ChildItem -Recurse -Path $xpath -File "cov-build.exe" | Select-Object -First 1).FullName ` | |
| # | Join-String -OutputPrefix 'cmd=' ` | |
| # | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append | |
| # shell: pwsh | |
| # - name: "Build Coverity output data Windows" | |
| # run: | | |
| # ci\coverity.cmd ${{ steps.covtool.outputs.cmd }} ${{ env.OWCOV_RESULTS_GITPATH }} ci\covbuild.cmd vs2019 | |
| # env: | |
| # OWROOT: ${{ github.workspace }} | |
| # OWTOOLS: VISUALC | |
| # OWDOSBOX: dosbox.exe | |
| # OWDOSBOXPATH: ci\nt386 | |
| # OWDEBUG: ${{ vars.OWDEBUG }} | |
| # OWVERBOSE: 1 | |
| # shell: cmd | |
| # - name: Get Coverity output data path | |
| # id: tarname | |
| # run: > | |
| # Join-Path ${{ github.workspace }} $env:OWCOV_RESULTS_ARCHIVE | |
| # | Join-String -OutputPrefix 'fullname=' | |
| # | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append | |
| # shell: pwsh | |
| # - id: last_commit | |
| # run: git rev-parse HEAD | Join-String -OutputPrefix 'sha=' | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append | |
| # shell: pwsh | |
| # - name: "Archive Coverity output data" | |
| # uses: "./.github/actions/tarsave" | |
| # with: | |
| # hostos: 'nt' | |
| # fullname: ${{ steps.tarname.outputs.fullname }} | |
| # gitpath: ${{ env.OWCOV_RESULTS_GITPATH }} | |
| # format: 'gzip' | |
| # owdebug: ${{ vars.OWDEBUG }} | |
| # - name: "Upload Coverity output data Archive" | |
| # run: > | |
| # $response = ${{ steps.curlcmd.outputs.cov }} | |
| # --write-out "\n%{http_code}\n" | |
| # --form project=$env:OWCOV_PROJECT | |
| # --form token=${{ secrets.OWCOVERITY_TOKEN }} | |
| # --form email=malak.jiri@gmail.com | |
| # --form file=`@${{ steps.tarname.outputs.fullname }} | |
| # --form version=${{ steps.last_commit.outputs.sha }} | |
| # --form description="Open Watcom V2 Azure Pipelines CI build" | |
| # https://scan.coverity.com/builds | |
| # shell: pwsh | |
| # - name: Check tag reference | |
| # id: check_tag | |
| # uses: "./.github/actions/ghtagchk" | |
| # with: | |
| # tag: ${{ env.OWCOV_TAG }} | |
| # owdebug: ${{ vars.OWDEBUG }} | |
| # - if: steps.check_tag.outputs.sha == '' | |
| # name: Create new Coverity scan tag | |
| # run: | | |
| # $response = ${{ steps.curlcmd.outputs.gh }} -H "Authorization: Bearer ${{ github.token }}" ` | |
| # -X POST "https://api.github.com/repos/${{ github.repository }}/git/refs" ` | |
| # -d '{"ref":"refs/tags/${{ env.OWCOV_TAG }}","sha":"${{ steps.last_commit.outputs.sha }}"}' | |
| # if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response } | |
| # shell: pwsh | |
| # - if: steps.check_tag.outputs.sha != '' | |
| # name: Update Coverity scan tag | |
| # run: | | |
| # $response = ${{ steps.curlcmd.outputs.gh }} -H "Authorization: Bearer ${{ github.token }}" ` | |
| # -X PATCH "https://api.github.com/repos/${{ github.repository }}/git/refs/tags/${{ env.OWCOV_TAG }}" ` | |
| # -d '{"sha":"${{ steps.last_commit.outputs.sha }}"}' | |
| # if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response } | |
| # shell: pwsh |