epagris/FreeRTOS-Kernel-CustomTag
1
0
Fork 0
forked from epagris/FreeRTOS-Kernel
Code Pull Requests Activity

Coverity Scan Workflow Fix (#891)

Browse Source 
Currently the Coverity Scan attempts to run on every fork that pulls
the file. This leads to anybody who pulls this file getting emails that 
their workflow failed to run when the cron job attempts to run. This
PR sets the scan to only run if the repo is FreeRTOS/FreeRTOS-Kernel.
Also, change the scan from a cron job to a job that runs on a commit
to mainline, or if triggered manually.
This commit is contained in:
Soren Ptak 2023-11-23 08:47:31 -08:00 committed by GitHub
parent cb196ddbb1
commit 09c4c4bae9
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 54 additions and 14 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

68
.github/workflows/coverity_scan.yml vendored
View File

@ -1,47 +1,87 @@
name: FreeRTOS-Kernel Coverity Scan
name: Coverity Scan
on:
schedule: ## Scheduled to run at 1:15 AM UTC daily.
- cron: '15 1 * * *'
# Run on every commit to mainline
push:
branches: main
# Allow manual running of the scan
workflow_dispatch:
env:
bashPass: \033[32;1mPASSED -
bashInfo: \033[33;1mINFO -
bashFail: \033[31;1mFAILED -
bashEnd: \033[0m
jobs:
Coverity-Scan:
if: ( github.repository == 'FreeRTOS/FreeRTOS-Kernel' )
name: Coverity Scan
runs-on: ubuntu-latest
steps:
- name: Checkout the Repository
uses: actions/checkout@v3
- name: Install Build Essentials
- env:
stepName: Install Build Essentials
shell: bash
run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
sudo apt-get -y update
sudo apt-get -y install build-essential
- name: Install Coverity Build
shell: bash
env:
echo "::endgroup::"
echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
- env:
stepName: Install Coverity Build
COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
shell: bash
run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1
echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV
- name: Coverity Build & Upload for Scan
shell: bash
env:
echo "::endgroup::"
echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
- env:
stepName: Coverity Build & Upload for Scan
COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
shell: bash
run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
export PATH="$PATH:${{env.cov_scan_path}}"
cmake -S ./examples/cmake_example/ -B build
cd build
cov-build --dir cov-int make -j
tar czvf gcc_freertos_kerenl_sample_build.tgz cov-int
tar czvf gcc_freertos_kernel_sample_build.tgz cov-int
echo "::endgroup::"
echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
- env:
stepName: Upload Coverity Report for Scan
COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
shell: bash
run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \
--form email=${COVERITY_EMAIL} \
--form file=@gcc_freertos_kerenl_sample_build.tgz \
--form file=@gcc_freertos_kernel_sample_build.tgz \
--form version="Mainline" \
--form description="FreeRTOS Kernel Nightly Scan" \
--form description="FreeRTOS Kernel Commit Scan" \
https://scan.coverity.com/builds?project=FreeRTOS-Kernel)
echo "::endgroup::"
echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"