len0rd/FreeRTOS-Kernel
1
0
Fork 0
mirror of https://github.com/FreeRTOS/FreeRTOS-Kernel.git synced 2025-04-19 21:11:57 -04:00
Code Issues Packages Projects Releases Wiki Activity

Coverity Scan Workflow Fix (#891)

Browse source 
Currently the Coverity Scan attempts to run on every fork that pulls
the file. This leads to anybody who pulls this file getting emails that 
their workflow failed to run when the cron job attempts to run. This
PR sets the scan to only run if the repo is FreeRTOS/FreeRTOS-Kernel.
Also, change the scan from a cron job to a job that runs on a commit
to mainline, or if triggered manually.
This commit is contained in:
Soren Ptak 2023-11-23 08:47:31 -08:00 committed by GitHub
parent cb196ddbb1
commit 09c4c4bae9
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 54 additions and 14 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

68
.github/workflows/coverity_scan.yml vendored
View file

@ -1,47 +1,87 @@
name: FreeRTOS-Kernel Coverity Scan name: Coverity Scan
on: on:
schedule: ## Scheduled to run at 1:15 AM UTC daily. # Run on every commit to mainline
- cron: '15 1 * * *' push:
branches: main
# Allow manual running of the scan
workflow_dispatch:
env:
bashPass: \033[32;1mPASSED -
bashInfo: \033[33;1mINFO -
bashFail: \033[31;1mFAILED -
bashEnd: \033[0m
jobs: jobs:
Coverity-Scan: Coverity-Scan:
if: ( github.repository == 'FreeRTOS/FreeRTOS-Kernel' )
name: Coverity Scan name: Coverity Scan
runs-on: ubuntu-latest runs-on: ubuntu-latest
steps: steps:
- name: Checkout the Repository - name: Checkout the Repository
uses: actions/checkout@v3 uses: actions/checkout@v3
- name: Install Build Essentials - env:
stepName: Install Build Essentials
shell: bash shell: bash
run: | run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
sudo apt-get -y update sudo apt-get -y update
sudo apt-get -y install build-essential sudo apt-get -y install build-essential
- name: Install Coverity Build echo "::endgroup::"
shell: bash echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
env:
- env:
stepName: Install Coverity Build
COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
shell: bash
run: | run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1 wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1
echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV
- name: Coverity Build & Upload for Scan echo "::endgroup::"
shell: bash echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
env:
- env:
stepName: Coverity Build & Upload for Scan
COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
shell: bash
run: | run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
export PATH="$PATH:${{env.cov_scan_path}}" export PATH="$PATH:${{env.cov_scan_path}}"
cmake -S ./examples/cmake_example/ -B build cmake -S ./examples/cmake_example/ -B build
cd build cd build
cov-build --dir cov-int make -j cov-build --dir cov-int make -j
tar czvf gcc_freertos_kerenl_sample_build.tgz cov-int tar czvf gcc_freertos_kernel_sample_build.tgz cov-int
echo "::endgroup::"
echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
- env:
stepName: Upload Coverity Report for Scan
COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
shell: bash
run: |
# ${{ env.stepName }}
echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \ COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \
--form email=${COVERITY_EMAIL} \ --form email=${COVERITY_EMAIL} \
--form file=@gcc_freertos_kerenl_sample_build.tgz \ --form file=@gcc_freertos_kernel_sample_build.tgz \
--form version="Mainline" \ --form version="Mainline" \
--form description="FreeRTOS Kernel Nightly Scan" \ --form description="FreeRTOS Kernel Commit Scan" \
https://scan.coverity.com/builds?project=FreeRTOS-Kernel) https://scan.coverity.com/builds?project=FreeRTOS-Kernel)
echo "::endgroup::"
echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}" echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"