-
-
Notifications
You must be signed in to change notification settings - Fork 13
/
action.yml
127 lines (110 loc) · 4.5 KB
/
action.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
# https://docs.github.com/en/actions/creating-actions/creating-a-composite-action
name: Unofficial Coverity Scan
description: Run Coverity Scan and upload the results.
inputs:
project:
description: Project name in Coverity Scan.
default: ${{ github.repository }}
required: false
token:
description: Secret project token for accessing Coverity Scan.
required: true
email:
description: Where Coverity Scan should send notifications.
required: true
build_language:
description: Which Coverity Scan language pack to download.
default: cxx
required: false
build_platform:
description: Which Coverity Scan platform pack to download.
default: linux64
required: false
command:
description: Command to pass to cov-build.
default: make
required: false
working-directory:
description: Working directory to set for all steps.
default: ${{ github.workspace }}
required: false
version:
description: (Informational) The source version being built.
default: ${{ github.sha }}
required: false
description:
description: (Informational) A description for this particular build.
default: coverity-scan-action ${{ github.repository }} / ${{ github.ref }}
required: false
runs:
using: composite
steps:
# Need to encode the project name when using in URLs and HTTP forms. Valid
# GitHub project names only have / that need encoding and
# Coverity projects with spaces in their names need encoding so do
# an ad-hoc conversion here. Wait to see if anyone needs something else.
- name: URL encode project name
id: project
run: echo "project=${{ inputs.project }}" | sed -e 's:/:%2F:g' -e 's/ /%20/g' >> $GITHUB_OUTPUT
shell: bash
# The Coverity site says the tool is usually updated twice yearly, so the
# md5 of download can be used to determine whether there's been an update.
- name: Lookup Coverity Build Tool hash
id: coverity-cache-lookup
run: |
hash=$(curl https://scan.coverity.com/download/${{ inputs.build_language }}/${{ inputs.build_platform }} \
--data "token=${TOKEN}&project=${{ steps.project.outputs.project }}&md5=1"); \
echo "hash=${hash}" >> $GITHUB_OUTPUT
shell: bash
env:
TOKEN: ${{ inputs.token }}
# Try to cache the tool to avoid downloading 1GB+ archive on every run.
# Cache miss will add ~30s to create, but cache hit will save minutes.
- name: Cache Coverity Build Tool
id: cov-build-cache
uses: actions/cache@v4
with:
path: ${{ inputs.working-directory }}/cov-analysis
key: cov-build-${{ inputs.build_language }}-${{ inputs.build_platform }}-${{ steps.coverity-cache-lookup.outputs.hash }}
- name: Download Coverity Build Tool (${{ inputs.build_language }} / ${{ inputs.build_platform }})
if: steps.cov-build-cache.outputs.cache-hit != 'true'
run: |
curl https://scan.coverity.com/download/${{ inputs.build_language }}/${{ inputs.build_platform }} \
--no-progress-meter \
--output cov-analysis.tar.gz \
--data "token=${TOKEN}&project=${{ steps.project.outputs.project }}"
shell: bash
working-directory: ${{ inputs.working-directory }}
env:
TOKEN: ${{ inputs.token }}
- if: steps.cov-build-cache.outputs.cache-hit != 'true'
run: mkdir cov-analysis
shell: bash
working-directory: ${{ inputs.working-directory }}
- if: steps.cov-build-cache.outputs.cache-hit != 'true'
run: tar -xzf cov-analysis.tar.gz --strip 1 -C cov-analysis
shell: bash
working-directory: ${{ inputs.working-directory }}
- name: Build with cov-build
run: |
export PATH="${PWD}/cov-analysis/bin:${PATH}"
cov-build --dir cov-int ${{ inputs.command }}
shell: bash
working-directory: ${{ inputs.working-directory }}
- name: Archive results
run: tar -czvf cov-int.tgz cov-int
shell: bash
working-directory: ${{ inputs.working-directory }}
- name: Submit results to Coverity Scan
run: |
curl \
--form token="${TOKEN}" \
--form email="${{ inputs.email }}" \
--form [email protected] \
--form version="${{ inputs.version }}" \
--form description="${{ inputs.description }}" \
"https://scan.coverity.com/builds?project=${{ steps.project.outputs.project }}"
shell: bash
working-directory: ${{ inputs.working-directory }}
env:
TOKEN: ${{ inputs.token }}