Skip to content

Coverity Scan (daily) #628

Coverity Scan (daily)

Coverity Scan (daily) #628

Workflow file for this run

# Coverity Scan tools download, build and send data to analysis
name: Coverity-Scan
run-name: Coverity Scan (daily)
on:
schedule:
- cron: '0 23 * * *'
workflow_dispatch:
env:
OWCOV_PROJECT: 'open-watcom/open-watcom-v2'
OWCOV_TOOLS_GITPATH: 'coverity-scan-analysis'
OWCOV_RESULTS_GITPATH: 'cov-int'
OWCOV_TAG: 'Coverity-scan'
jobs:
check_run:
if: github.repository == 'open-watcom/open-watcom-v2'
name: Check if to run
runs-on: ubuntu-latest
outputs:
runit: ${{ steps.check_tag.outputs.old }}
steps:
- name: Checkout Actions
uses: actions/checkout@v4
- name: Check tag reference
id: check_tag
uses: "./.github/actions/ghtagchk"
with:
tag: ${{ env.OWCOV_TAG }}
owdebug: ${{ vars.OWDEBUG }}
owcurlopts: ${{ vars.OWCURLOPTS }}
scan-lnx:
needs: check_run
if: needs.check_run.outputs.runit
name: "Coverity Scan Linux"
runs-on: ubuntu-latest
env:
OWCOV_SRC: 'linux64'
OWCOV_TOOLS_ARCHIVE: 'cov-analysis-linux.tgz'
OWCOV_RESULTS_ARCHIVE: 'open-watcom-v2.tgz'
steps:
- name: Checkout Actions
uses: actions/checkout@v4
- name: Install DOSBOX
uses: "./.github/actions/dosboxin"
with:
hostos: 'lnx'
- name: Setup curl options
id: curlcmd
uses: "./.github/actions/curlcmd"
with:
owcurlopts: ${{ inputs.owcurlopts }}
- name: "Download Coverity Tools"
run: |
$response = ${{ steps.curlcmd.outputs.cov }} `
-o $env:OWCOV_TOOLS_ARCHIVE `
"https://scan.coverity.com/download/cxx/$env:OWCOV_SRC" `
-d "project=$env:OWCOV_PROJECT&token=${{ secrets.OWCOVERITY_TOKEN }}"
if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response }
shell: pwsh
- name: "Restore Coverity Tools"
uses: "./.github/actions/tarload"
with:
hostos: 'lnx'
fullname: ${{ env.OWCOV_TOOLS_ARCHIVE }}
gitpath: ${{ env.OWCOV_TOOLS_GITPATH }}
format: 'gzip'
owdebug: ${{ vars.OWDEBUG }}
- name: "Remove Coverity Tools Archive"
run: rm -f $OWCOV_SRC_ARCHIVE
shell: bash
- name: Find Coverity Tool command
id: covtool
run: |
$xpath = Join-Path ${{ github.workspace }} $env:OWCOV_TOOLS_GITPATH
(Get-ChildItem -Recurse -Path $xpath -File "cov-build" | Select-Object -First 1).FullName `
| Join-String -OutputPrefix 'cmd=' `
| Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append
shell: pwsh
- name: "Build Coverity output data Linux"
run: ci/coverity.sh ${{ steps.covtool.outputs.cmd }} $OWCOV_RESULTS_GITPATH ci/covbuild.sh
env:
OWROOT: ${{ github.workspace }}
OWTOOLS: GCC
OWDOSBOX: dosbox
OWDEBUG: ${{ vars.OWDEBUG }}
OWVERBOSE: 1
shell: bash
- name: Get Coverity output data path
id: tarname
run: >
Join-Path ${{ github.workspace }} $env:OWCOV_RESULTS_ARCHIVE
| Join-String -OutputPrefix 'fullname='
| Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append
shell: pwsh
- name: "Create Archive with Coverity output data"
run: |
if [ "${{ vars.OWDEBUG }}" = "1" ]; then
tar -cvf "${{ steps.tarname.outputs.fullname }}" -J --overwrite $OWCOV_RESULTS_GITPATH
else
tar -cf "${{ steps.tarname.outputs.fullname }}" -J --overwrite $OWCOV_RESULTS_GITPATH
fi
shell: bash
- if: vars.OWDEBUG == 1
name: Upload Artifact
uses: actions/upload-artifact@v4
with:
name: 'coverity'
path: ${{ steps.tarname.outputs.fullname }}
retention-days: 3
overwrite: true
- id: last_commit
run: git rev-parse HEAD | Join-String -OutputPrefix 'sha=' | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append
shell: pwsh
- name: "Upload Coverity output data Archive"
run: >
$response = ${{ steps.curlcmd.outputs.cov }}
--write-out "\n%{http_code}\n"
--form project=$env:OWCOV_PROJECT
--form token=${{ secrets.OWCOVERITY_TOKEN }}
--form [email protected]
--form file=`@${{ steps.tarname.outputs.fullname }}
--form version=${{ steps.last_commit.outputs.sha }}
--form description="Open Watcom V2 Azure Pipelines CI build"
https://scan.coverity.com/builds
shell: pwsh
- name: Check tag reference
id: check_tag
uses: "./.github/actions/ghtagchk"
with:
tag: ${{ env.OWCOV_TAG }}
owdebug: ${{ vars.OWDEBUG }}
- if: steps.check_tag.outputs.sha == ''
name: Create new Coverity scan tag
run: |
$response = ${{ steps.curlcmd.outputs.gh }} -H "Authorization: Bearer ${{ github.token }}" `
-X POST "https://api.github.com/repos/${{ github.repository }}/git/refs" `
-d '{"ref":"refs/tags/${{ env.OWCOV_TAG }}","sha":"${{ steps.last_commit.outputs.sha }}"}'
if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response }
shell: pwsh
- if: steps.check_tag.outputs.sha != ''
name: Update Coverity scan tag
run: |
$response = ${{ steps.curlcmd.outputs.gh }} -H "Authorization: Bearer ${{ github.token }}" `
-X PATCH "https://api.github.com/repos/${{ github.repository }}/git/refs/tags/${{ env.OWCOV_TAG }}" `
-d '{"sha":"${{ steps.last_commit.outputs.sha }}"}'
if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response }
shell: pwsh
# scan-nt:
# needs: check_run
# if: needs.check_run.outputs.runit
# name: "Load Coverity Scan Windows"
# runs-on: windows-2022
# env:
# OWCOV_SRC: 'win64'
# OWCOV_TOOLS_ARCHIVE: 'cov-analysis-linux.zip'
# OWCOV_RESULTS_ARCHIVE: 'open-watcom-v2.zip'
# steps:
# - name: Checkout Actions
# uses: actions/checkout@v4
# - name: Install DOSBOX
# uses: "./.github/actions/dosboxin"
# with:
# hostos: 'nt'
# - name: Setup curl options
# id: curlcmd
# uses: "./.github/actions/curlcmd"
# with:
# owcurlopts: ${{ inputs.owcurlopts }}
# - name: "Download Coverity Tools"
# run: |
# $response = ${{ steps.curlcmd.outputs.cov }} `
# -o $env:OWCOV_TOOLS_ARCHIVE `
# "https://scan.coverity.com/download/cxx/$env:OWCOV_SRC" `
# -d "project=$env:OWCOV_PROJECT&token=${{ secrets.OWCOVERITY_TOKEN }}"
# if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response }
# shell: pwsh
# - name: "Restore Coverity Tools"
# uses: "./.github/actions/tarload"
# with:
# hostos: 'nt'
# fullname: ${{ env.OWCOV_TOOLS_ARCHIVE }}
# gitpath: ${{ env.OWCOV_TOOLS_GITPATH }}
# format: 'gzip'
# owdebug: ${{ vars.OWDEBUG }}
# - name: "Remove Coverity Tools Archive"
# run: rm -f $OWCOV_SRC_ARCHIVE
# shell: bash
# - name: Find Coverity Tool command
# id: covtool
# run: |
# $xpath = Join-Path ${{ github.workspace }} $env:OWCOV_TOOLS_GITPATH
# (Get-ChildItem -Recurse -Path $xpath -File "cov-build.exe" | Select-Object -First 1).FullName `
# | Join-String -OutputPrefix 'cmd=' `
# | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append
# shell: pwsh
# - name: "Build Coverity output data Windows"
# run: |
# ci\coverity.cmd ${{ steps.covtool.outputs.cmd }} ${{ env.OWCOV_RESULTS_GITPATH }} ci\covbuild.cmd vs2019
# env:
# OWROOT: ${{ github.workspace }}
# OWTOOLS: VISUALC
# OWDOSBOX: dosbox.exe
# OWDOSBOXPATH: ci\nt386
# OWDEBUG: ${{ vars.OWDEBUG }}
# OWVERBOSE: 1
# shell: cmd
# - name: Get Coverity output data path
# id: tarname
# run: >
# Join-Path ${{ github.workspace }} $env:OWCOV_RESULTS_ARCHIVE
# | Join-String -OutputPrefix 'fullname='
# | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append
# shell: pwsh
# - id: last_commit
# run: git rev-parse HEAD | Join-String -OutputPrefix 'sha=' | Out-File -FilePath ${{ github.output }} -Encoding utf8 -Append
# shell: pwsh
# - name: "Archive Coverity output data"
# uses: "./.github/actions/tarsave"
# with:
# hostos: 'nt'
# fullname: ${{ steps.tarname.outputs.fullname }}
# gitpath: ${{ env.OWCOV_RESULTS_GITPATH }}
# format: 'gzip'
# owdebug: ${{ vars.OWDEBUG }}
# - name: "Upload Coverity output data Archive"
# run: >
# $response = ${{ steps.curlcmd.outputs.cov }}
# --write-out "\n%{http_code}\n"
# --form project=$env:OWCOV_PROJECT
# --form token=${{ secrets.OWCOVERITY_TOKEN }}
# --form [email protected]
# --form file=`@${{ steps.tarname.outputs.fullname }}
# --form version=${{ steps.last_commit.outputs.sha }}
# --form description="Open Watcom V2 Azure Pipelines CI build"
# https://scan.coverity.com/builds
# shell: pwsh
# - name: Check tag reference
# id: check_tag
# uses: "./.github/actions/ghtagchk"
# with:
# tag: ${{ env.OWCOV_TAG }}
# owdebug: ${{ vars.OWDEBUG }}
# - if: steps.check_tag.outputs.sha == ''
# name: Create new Coverity scan tag
# run: |
# $response = ${{ steps.curlcmd.outputs.gh }} -H "Authorization: Bearer ${{ github.token }}" `
# -X POST "https://api.github.com/repos/${{ github.repository }}/git/refs" `
# -d '{"ref":"refs/tags/${{ env.OWCOV_TAG }}","sha":"${{ steps.last_commit.outputs.sha }}"}'
# if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response }
# shell: pwsh
# - if: steps.check_tag.outputs.sha != ''
# name: Update Coverity scan tag
# run: |
# $response = ${{ steps.curlcmd.outputs.gh }} -H "Authorization: Bearer ${{ github.token }}" `
# -X PATCH "https://api.github.com/repos/${{ github.repository }}/git/refs/tags/${{ env.OWCOV_TAG }}" `
# -d '{"sha":"${{ steps.last_commit.outputs.sha }}"}'
# if( '${{ vars.OWDEBUG }}' -eq '1' ) { $response }
# shell: pwsh