blob: 10c6c77b1464c6cc8f82a6fa432a577fde3fd96c (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
|
name: Coverity Scan analysis
on:
push:
branches:
- main
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
COVERITY_EMAIL: ${{ secrets.CoverityEmail }}
COVERITY_TOKEN: ${{ secrets.CoverityToken }}
BASE_DIR: "/dev/shm"
PACKAGE: "/dev/shm/coverity-package/coverity.tar.zst"
PACKAGE_DIR: "/dev/shm/coverity-package"
# Latest package: https://scan.coverity.com/download
PACKAGE_VERSION: "2021.12.1"
# One-time download, then lives in GitHub cache
TARBALL_URL: "https://kcgen.duckdns.org/coverity.tar.zst"
TARBALL_SHA256: "db872225984b588e178e42faecf597382d20e185c949512c93c485debd42d8d9"
jobs:
coverity_scan:
name: Coverity static analyzer
runs-on: ubuntu-20.04
steps:
- name: Checkout repository
uses: actions/checkout@v3
with:
submodules: false
- run: sudo apt-get update
- name: Log and setup environment
run: |
./scripts/log-env.sh
mkdir -p "${PACKAGE_DIR}"
- name: Install C++ compiler and dependencies
run: |
sudo apt-get install curl zstd clang $(cat packages/ubuntu-20.04-apt.txt)
sudo pip3 install --upgrade meson ninja
- name: Prepare the Coverity package cache
uses: actions/cache@v3.0.11
id: cache-coverity
with:
path: ${{ env.PACKAGE_DIR }}
key: coverity-${{ env.PACKAGE_VERSION }}
- name: Fetch the Coverity package
if: steps.cache-coverity.outputs.cache-hit != 'true'
run: curl -L "${TARBALL_URL}" > "${PACKAGE}"
- name: Install the Coverity package
run: |
set -xeuo pipefail
tee >(tar -I zstd -C "${BASE_DIR}" -x) < "${PACKAGE}" \
| sha256sum -c <(echo "${TARBALL_SHA256} -" )
- name: Build and instrument the project
run: |
set -xeu
CC="clang" CXX="clang++" meson setup \
-Dbuildtype=debug \
-Dunit_tests=disabled \
-Dsystem_libraries=speexdsp \
-Duse_alsa=false \
-Duse_fluidsynth=false \
-Duse_mt32emu=false \
-Duse_opengl=false \
-Duse_png=false \
-Duse_sdl2_net=false \
-Duse_slirp=false \
build
PATH="${BASE_DIR}/cov-analysis-linux64-${PACKAGE_VERSION}/bin:${PATH}"
cov-build --dir cov-int meson compile -C build
tar -cvaf package.tar.gz cov-int
- name: Upload the package to Coverity
run: |
curl \
--form token="${COVERITY_TOKEN}" \
--form email="${COVERITY_EMAIL}" \
--form file=@package.tar.gz \
--form version="${GITHUB_REF}" \
--form description="${GITHUB_REPOSITORY}" \
"https://scan.coverity.com/builds?project=dosbox-staging"
|