From 5ba917c3da84d915eed3f07327887b9b8c0c22bf Mon Sep 17 00:00:00 2001 From: Rahul Kar Date: Thu, 5 Jun 2025 09:23:16 +0000 Subject: [PATCH 1/6] Test to check failure path in MD5 checksum validation in coverity --- .github/workflows/coverity_scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml index 0afc8e2e1..fe40799e5 100644 --- a/.github/workflows/coverity_scan.yml +++ b/.github/workflows/coverity_scan.yml @@ -44,7 +44,7 @@ jobs: wget -nv -q -O "$HOME/cov-analysis.tar.gz" https://scan.coverity.com/download/linux64 --post-data="token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" - EXPECTED_MD5="e4418004b073140d67390cffba79c3b2" + EXPECTED_MD5="e4418004b073140d67390cffba79c3b1" GENERATED_MD5=$(md5sum "$HOME/cov-analysis.tar.gz" | awk '{print $1}') if [ "$GENERATED_MD5" = "$EXPECTED_MD5" ]; then From e0a2dcd41e025f736d003b6f4bba388eda24102f Mon Sep 17 00:00:00 2001 From: Rahul Kar Date: Thu, 5 Jun 2025 09:39:24 +0000 Subject: [PATCH 2/6] Update yml file to trigger coverity scan --- .github/workflows/coverity_scan.yml | 2 ++ 1 file changed, 2 insertions(+) diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml index fe40799e5..b1dd9b0cf 100644 --- a/.github/workflows/coverity_scan.yml +++ b/.github/workflows/coverity_scan.yml @@ -3,6 +3,8 @@ on: # Run on every commit to mainline push: branches: main + pull_request: + branches: main # Allow manual running of the scan workflow_dispatch: From b5c643aad8e33ef26d5a96a8ab53f502dd8be2ff Mon Sep 17 00:00:00 2001 From: Rahul Kar Date: Thu, 5 Jun 2025 09:41:33 +0000 Subject: [PATCH 3/6] Revert to expected MD5 to see if check passes --- .github/workflows/coverity_scan.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml index b1dd9b0cf..a040a60d7 100644 --- a/.github/workflows/coverity_scan.yml +++ b/.github/workflows/coverity_scan.yml @@ -46,7 +46,7 @@ jobs: wget -nv -q -O "$HOME/cov-analysis.tar.gz" https://scan.coverity.com/download/linux64 --post-data="token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" - EXPECTED_MD5="e4418004b073140d67390cffba79c3b1" + EXPECTED_MD5="e4418004b073140d67390cffba79c3b2" GENERATED_MD5=$(md5sum "$HOME/cov-analysis.tar.gz" | awk '{print $1}') if [ "$GENERATED_MD5" = "$EXPECTED_MD5" ]; then From 2dffbbe874865c5492b4c7c873238c848055409f Mon Sep 17 00:00:00 2001 From: Rahul Kar Date: Thu, 5 Jun 2025 10:03:30 +0000 Subject: [PATCH 4/6] Add verbose logs --- .github/workflows/coverity_scan.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml index a040a60d7..47333d619 100644 --- a/.github/workflows/coverity_scan.yml +++ b/.github/workflows/coverity_scan.yml @@ -44,11 +44,14 @@ jobs: # ${{ env.stepName }} echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" - wget -nv -q -O "$HOME/cov-analysis.tar.gz" https://scan.coverity.com/download/linux64 --post-data="token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" + wget --verbose -O "$HOME/cov-analysis.tar.gz" https://scan.coverity.com/download/linux64 --post-data="token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" EXPECTED_MD5="e4418004b073140d67390cffba79c3b2" GENERATED_MD5=$(md5sum "$HOME/cov-analysis.tar.gz" | awk '{print $1}') + echo "Expected MD5: $EXPECTED_MD5" + echo "Generated MD5: $GENERATED_MD5" + if [ "$GENERATED_MD5" = "$EXPECTED_MD5" ]; then tar -zxf "$HOME/cov-analysis.tar.gz" --one-top-level=cov_scan -C "$HOME" echo "cov_scan_path=$HOME/cov_scan/bin" >> $GITHUB_ENV From be13ec9820d537877e861cb5eb19db961a2e604c Mon Sep 17 00:00:00 2001 From: Rahul Kar Date: Thu, 5 Jun 2025 10:10:02 +0000 Subject: [PATCH 5/6] Dummy check --- .github/workflows/coverity_scan.yml | 23 ++++------------------- 1 file changed, 4 insertions(+), 19 deletions(-) diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml index 47333d619..615c09283 100644 --- a/.github/workflows/coverity_scan.yml +++ b/.github/workflows/coverity_scan.yml @@ -44,25 +44,10 @@ jobs: # ${{ env.stepName }} echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" - wget --verbose -O "$HOME/cov-analysis.tar.gz" https://scan.coverity.com/download/linux64 --post-data="token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" - - EXPECTED_MD5="e4418004b073140d67390cffba79c3b2" - GENERATED_MD5=$(md5sum "$HOME/cov-analysis.tar.gz" | awk '{print $1}') - - echo "Expected MD5: $EXPECTED_MD5" - echo "Generated MD5: $GENERATED_MD5" - - if [ "$GENERATED_MD5" = "$EXPECTED_MD5" ]; then - tar -zxf "$HOME/cov-analysis.tar.gz" --one-top-level=cov_scan -C "$HOME" - echo "cov_scan_path=$HOME/cov_scan/bin" >> $GITHUB_ENV - sudo rm -f "$HOME/cov-analysis.tar.gz" - echo "::endgroup::" - echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " - else - echo -e "${{ env.bashFail }} MD5 checksum verification failed for cov-analysis.tar.gz ${{ env.bashEnd }}" - echo -e "${{ env.bashFail }} ${{ env.stepName }} ${{ env.bashEnd }}" - exit -1 - fi + wget --verbose -O- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan -C "$HOME" + echo "cov_scan_path=$HOME/cov_scan/bin" >> $GITHUB_ENV + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " - env: stepName: Coverity Build From b604dad22bad8f3bcd0d98273becac093f2a0cef Mon Sep 17 00:00:00 2001 From: Rahul Kar Date: Thu, 5 Jun 2025 12:07:56 +0000 Subject: [PATCH 6/6] Revert back changes done for test --- .github/workflows/coverity_scan.yml | 22 ++++++++++++++++------ 1 file changed, 16 insertions(+), 6 deletions(-) diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml index 615c09283..0afc8e2e1 100644 --- a/.github/workflows/coverity_scan.yml +++ b/.github/workflows/coverity_scan.yml @@ -3,8 +3,6 @@ on: # Run on every commit to mainline push: branches: main - pull_request: - branches: main # Allow manual running of the scan workflow_dispatch: @@ -44,10 +42,22 @@ jobs: # ${{ env.stepName }} echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}" - wget --verbose -O- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan -C "$HOME" - echo "cov_scan_path=$HOME/cov_scan/bin" >> $GITHUB_ENV - echo "::endgroup::" - echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " + wget -nv -q -O "$HOME/cov-analysis.tar.gz" https://scan.coverity.com/download/linux64 --post-data="token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" + + EXPECTED_MD5="e4418004b073140d67390cffba79c3b2" + GENERATED_MD5=$(md5sum "$HOME/cov-analysis.tar.gz" | awk '{print $1}') + + if [ "$GENERATED_MD5" = "$EXPECTED_MD5" ]; then + tar -zxf "$HOME/cov-analysis.tar.gz" --one-top-level=cov_scan -C "$HOME" + echo "cov_scan_path=$HOME/cov_scan/bin" >> $GITHUB_ENV + sudo rm -f "$HOME/cov-analysis.tar.gz" + echo "::endgroup::" + echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} " + else + echo -e "${{ env.bashFail }} MD5 checksum verification failed for cov-analysis.tar.gz ${{ env.bashEnd }}" + echo -e "${{ env.bashFail }} ${{ env.stepName }} ${{ env.bashEnd }}" + exit -1 + fi - env: stepName: Coverity Build