Coverity #4
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Coverity | |
| on: | |
| schedule: | |
| - cron: '0 3 * * 1' | |
| # Mondays at 03:00 | |
| workflow_dispatch: | |
| jobs: | |
| build: | |
| name: Coverity | |
| runs-on: ubuntu-latest | |
| container: ghcr.io/neomutt/ubuntu | |
| env: | |
| TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
| OPTIONS: --autocrypt --bdb --disable-doc --fmemopen --gdbm --gnutls --gpgme --gss --kyotocabinet --lmdb --lua --lz4 --notmuch --pcre2 --qdbm --rocksdb --sasl --tdb --tokyocabinet --with-lock=fcntl --zlib --zstd | |
| COV_TOOLS: cov-tools | |
| COV_RESULTS: cov-int | |
| steps: | |
| - name: Get number of CPU cores | |
| uses: SimenB/github-actions-cpu-cores@v2 | |
| id: cpu-cores | |
| - name: Check Secret | |
| run: | | |
| [ -n "${{ secrets.COVERITY_SCAN_TOKEN }}" ] | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| - name: Configure NeoMutt | |
| run: ./configure $OPTIONS | |
| - name: Download Coverity | |
| run: | | |
| wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=$TOKEN&project=neomutt%2Fneomutt" -O "$COV_TOOLS.tar.gz" | |
| mkdir "$COV_TOOLS" | |
| tar xzf "$COV_TOOLS.tar.gz" --strip 1 -C "$COV_TOOLS" | |
| ls -l "$COV_TOOLS" | |
| - name: Build with Coverity | |
| run: | | |
| export PATH="$(pwd)/$COV_TOOLS/bin:$PATH" | |
| cov-build --dir $COV_RESULTS make -j ${{steps.cpu-cores.outputs.count}} | |
| # Filter out private info | |
| sed -i '/TOKEN=/d' cov-int/build-log.txt | |
| - name: Upload build log | |
| uses: actions/upload-artifact@v4 | |
| with: | |
| name: build-log | |
| path: cov-int/build-log.txt | |
| retention-days: 10 | |
| - name: Submit Results | |
| run: | | |
| tar -czf neomutt.tgz $COV_RESULTS | |
| ls -lh neomutt.tgz | |
| git config --global --add safe.directory "$GITHUB_WORKSPACE" | |
| GIT_HASH="$(git rev-parse --short HEAD)" | |
| echo "HASH: $GIT_HASH" | |
| GIT_DESC="$(git log -n1 --format="%s" $GIT_HASH)" | |
| echo "DESC: $GIT_DESC" | |
| curl --fail --output curl.log \ | |
| --form token=$TOKEN \ | |
| --form [email protected] \ | |
| --form [email protected] \ | |
| --form version="$GIT_HASH" \ | |
| --form description="$GIT_DESC" \ | |
| https://scan.coverity.com/builds?project=neomutt%2Fneomutt | |
| # If we go over quota, alert the user | |
| cat curl.log | |
| grep -qv "quota.*reached" curl.log || false | |