From 09c4c4bae968084ac2ba26af81d160bdfcab841c Mon Sep 17 00:00:00 2001 From: Soren Ptak Date: Thu, 23 Nov 2023 08:47:31 -0800 Subject: [PATCH] Coverity Scan Workflow Fix (#891) Currently the Coverity Scan attempts to run on every fork that pulls the file. This leads to anybody who pulls this file getting emails that their workflow failed to run when the cron job attempts to run. This PR sets the scan to only run if the repo is FreeRTOS/FreeRTOS-Kernel. Also, change the scan from a cron job to a job that runs on a commit to mainline, or if triggered manually. --- .github/workflows/coverity_scan.yml | 68 +++++++++++++++++++++++------ 1 file changed, 54 insertions(+), 14 deletions(-) diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml index 050ea325b..bd6f77abc 100644 --- a/.github/workflows/coverity_scan.yml +++ b/.github/workflows/coverity_scan.yml @@ -1,47 +1,87 @@ -name: FreeRTOS-Kernel Coverity Scan +name: Coverity Scan on: - schedule: ## Scheduled to run at 1:15 AM UTC daily. - - cron: '15 1 * * *' + # Run on every commit to mainline + push: + branches: main + # Allow manual running of the scan + workflow_dispatch: +env: + bashPass: \033[32;1mPASSED - + bashInfo: \033[33;1mINFO - + bashFail: \033[31;1mFAILED - + bashEnd: \033[0m jobs: - Coverity-Scan: + if: ( github.repository == 'FreeRTOS/FreeRTOS-Kernel' ) name: Coverity Scan runs-on: ubuntu-latest steps: - name: Checkout the Repository uses: actions/checkout@v3 - - name: Install Build Essentials + - env: + stepName: Install Build Essentials shell: bash run: | + # ${{ env.stepName }} + echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" + sudo apt-get -y update sudo apt-get -y install build-essential - - name: Install Coverity Build - shell: bash - env: + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}" + + - env: + stepName: Install Coverity Build COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + shell: bash run: | + # ${{ env.stepName }} + echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" + wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1 echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV - - name: Coverity Build & Upload for Scan - shell: bash - env: + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " + + - env: + stepName: Coverity Build & Upload for Scan COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} + shell: bash run: | + # ${{ env.stepName }} + echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" + export PATH="$PATH:${{env.cov_scan_path}}" cmake -S ./examples/cmake_example/ -B build cd build cov-build --dir cov-int make -j - tar czvf gcc_freertos_kerenl_sample_build.tgz cov-int + tar czvf gcc_freertos_kernel_sample_build.tgz cov-int + + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " + + - env: + stepName: Upload Coverity Report for Scan + COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} + shell: bash + run: | + # ${{ env.stepName }} + echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" + COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \ --form email=${COVERITY_EMAIL} \ - --form file=@gcc_freertos_kerenl_sample_build.tgz \ + --form file=@gcc_freertos_kernel_sample_build.tgz \ --form version="Mainline" \ - --form description="FreeRTOS Kernel Nightly Scan" \ + --form description="FreeRTOS Kernel Commit Scan" \ https://scan.coverity.com/builds?project=FreeRTOS-Kernel) + + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"