Coverity #1507
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Coverity | |
on: | |
push: | |
branches: | |
- coverity_scan | |
schedule: | |
- cron: '0 20 * * *' | |
jobs: | |
coverity: | |
runs-on: ubuntu-24.04 | |
if: github.repository_owner == 'FreeRADIUS' || github.ref == 'refs/heads/coverity_scan' | |
steps: | |
- name: Checkout | |
uses: actions/checkout@v4 | |
- name: Package manager performance improvements | |
run: | | |
sudo sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup' | |
echo 'man-db man-db/auto-update boolean false' | sudo debconf-set-selections | |
sudo dpkg-reconfigure man-db | |
sudo sed -i 's/^update_initramfs=.*/update_initramfs=no/' /etc/initramfs-tools/update-initramfs.conf | |
sudo apt-get update | |
# Remove pre-installed package which conflicts with dependency installation | |
- name: Remove package conflicts | |
run: | | |
sudo apt-get remove -y libhashkit2 | |
- name: Install build dependencies | |
run: | | |
sudo apt-get install -y --no-install-recommends build-essential devscripts equivs quilt | |
debian/rules debian/control | |
sudo mk-build-deps -irt"apt-get -y --no-install-recommends" debian/control | |
sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control | |
- name: Download coverity tool MD5 | |
run: | | |
wget https://scan.coverity.com/download/linux64 \ | |
--post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server&md5=1" \ | |
-O coverity_tool.tar.gz.md5 | |
env: | |
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
OWNER: ${{ github.repository_owner }} | |
- name: Cache coverity tool | |
uses: actions/cache@v4 | |
id: cache-coverity | |
with: | |
path: coverity_tool.tar.gz | |
key: coverity-tool-cache-${{ hashFiles('coverity_tool.tar.gz.md5') }} | |
- name: Download coverity tool | |
if: steps.cache-coverity.outputs.cache-hit != 'true' | |
run: | | |
wget https://scan.coverity.com/download/linux64 \ | |
--post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server" \ | |
-O coverity_tool.tar.gz | |
env: | |
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
OWNER: ${{ github.repository_owner }} | |
- name: Extract coverity tool | |
run: | | |
mkdir coverity_tool | |
tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool | |
- name: Build with Coverity | |
run: | | |
export CC=clang | |
export PATH=`pwd`/coverity_tool/bin:$PATH | |
./configure -with-rlm-python-bin=/usr/bin/python2.7 | |
cov-configure --template --compiler clang --comptype clangcc | |
cov-build --dir cov-int make | |
- name: Display build result | |
run: | | |
cat /home/runner/work/freeradius-server/freeradius-server/cov-int/build-log.txt | |
- name: Submit result | |
run: | | |
tar czf cov-int.tar.gz cov-int | |
curl \ | |
--form token="$TOKEN" \ | |
--form email="freeradius-devel@lists.freeradius.org" \ | |
--form file=@cov-int.tar.gz \ | |
--form version="`cat VERSION`" \ | |
--form description="FreeRADIUS" \ | |
https://scan.coverity.com/builds?project=${OWNER}%2Ffreeradius-server | |
env: | |
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
OWNER: ${{ github.repository_owner }} |