diff options
author | Soren Ptak <ptaksoren@gmail.com> | 2023-11-23 19:47:31 +0300 |
---|---|---|
committer | GitHub <noreply@github.com> | 2023-11-23 19:47:31 +0300 |
commit | 09c4c4bae968084ac2ba26af81d160bdfcab841c (patch) | |
tree | f2e9221e2032f2e180c8d94e7ddc954ee9b34947 /.github | |
parent | cb196ddbb1a7b504fb3d4f349065c1ee625de93e (diff) |
Coverity Scan Workflow Fix (#891)
Currently the Coverity Scan attempts to run on every fork that pulls
the file. This leads to anybody who pulls this file getting emails that
their workflow failed to run when the cron job attempts to run. This
PR sets the scan to only run if the repo is FreeRTOS/FreeRTOS-Kernel.
Also, change the scan from a cron job to a job that runs on a commit
to mainline, or if triggered manually.
Diffstat (limited to '.github')
-rw-r--r-- | .github/workflows/coverity_scan.yml | 68 |
1 files changed, 54 insertions, 14 deletions
diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml index 050ea325b..bd6f77abc 100644 --- a/.github/workflows/coverity_scan.yml +++ b/.github/workflows/coverity_scan.yml @@ -1,47 +1,87 @@ -name: FreeRTOS-Kernel Coverity Scan +name: Coverity Scan on: - schedule: ## Scheduled to run at 1:15 AM UTC daily. - - cron: '15 1 * * *' + # Run on every commit to mainline + push: + branches: main + # Allow manual running of the scan + workflow_dispatch: +env: + bashPass: \033[32;1mPASSED - + bashInfo: \033[33;1mINFO - + bashFail: \033[31;1mFAILED - + bashEnd: \033[0m jobs: - Coverity-Scan: + if: ( github.repository == 'FreeRTOS/FreeRTOS-Kernel' ) name: Coverity Scan runs-on: ubuntu-latest steps: - name: Checkout the Repository uses: actions/checkout@v3 - - name: Install Build Essentials + - env: + stepName: Install Build Essentials shell: bash run: | + # ${{ env.stepName }} + echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" + sudo apt-get -y update sudo apt-get -y install build-essential - - name: Install Coverity Build - shell: bash - env: + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}" + + - env: + stepName: Install Coverity Build COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + shell: bash run: | + # ${{ env.stepName }} + echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" + wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1 echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV - - name: Coverity Build & Upload for Scan - shell: bash - env: + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " + + - env: + stepName: Coverity Build & Upload for Scan COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} + shell: bash run: | + # ${{ env.stepName }} + echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" + export PATH="$PATH:${{env.cov_scan_path}}" cmake -S ./examples/cmake_example/ -B build cd build cov-build --dir cov-int make -j - tar czvf gcc_freertos_kerenl_sample_build.tgz cov-int + tar czvf gcc_freertos_kernel_sample_build.tgz cov-int + + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " + + - env: + stepName: Upload Coverity Report for Scan + COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} + shell: bash + run: | + # ${{ env.stepName }} + echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" + COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \ --form email=${COVERITY_EMAIL} \ - --form file=@gcc_freertos_kerenl_sample_build.tgz \ + --form file=@gcc_freertos_kernel_sample_build.tgz \ --form version="Mainline" \ - --form description="FreeRTOS Kernel Nightly Scan" \ + --form description="FreeRTOS Kernel Commit Scan" \ https://scan.coverity.com/builds?project=FreeRTOS-Kernel) + + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}" |