Skip to content

Coverity Scan

Coverity Scan #4

Workflow file for this run

name: Coverity Scan
on:
pull_request_review:
types: [submitted]
secrets:
COVERITY_TOKEN:
required: true
COVERITY_EMAIL:
required: true
jobs:
verify:
name: Verify Code
runs-on: ubuntu-latest
env:
COVERITY: coverity_tool
steps:
- uses: actions/checkout@v3
with:
fetch-depth: 0
- name: Set up JDK 8
uses: actions/setup-java@v3
with:
java-version: '8'
distribution: 'temurin'
server-id: github
settings-path: ${{ github.workspace }}
- name: Get version
run: echo "RELEASE_VERSION=$(git describe --tags)" >> $GITHUB_ENV
- name: Test run
run: mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= verify -s ${{ github.workspace }}/settings.xml
env:
GITHUB_TOKEN: ${{ github.token }}
- name: Cache Coverity
id: cache_coverity
uses: actions/cache@v2
with:
path: ${{ env.COVERITY }}
key: coverity
- name: Download Coverity
if: steps.cache_coverity.outputs.cache-hit != 'true'
run: |
wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=blf_01" -O ${{ env.COVERITY }}.tgz
mkdir -p ${{ env.COVERITY }}
tar zxvf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1
- name: Compile Coverity
run: |
${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean compile -s ${{ github.workspace }}/settings.xml
tar czvf blf_01.tgz cov-int
- name: Upload to Coverity
run: |
curl --silent --form token=${{ secrets.COVERITY_TOKEN }} \
--form email=${{ secrets.COVERITY_EMAIL }} \
--form file=@blf_01.tgz \
--form version="${GITHUB_REF##*/}" \
--form description="automated upload" \
https://scan.coverity.com/builds?project=blf_01