Coverity Scan #19
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
--- | |
name: Coverity Scan | |
on: | |
workflow_dispatch: # run whenever a contributor calls it | |
permissions: | |
contents: read | |
# action based off of | |
# https://github.com/OSGeo/PROJ/blob/905c9a6c2da3dc6b7aa2c89d3ab78d9d1a9cd070/.github/workflows/coverity-scan.yml | |
jobs: | |
coverity: | |
runs-on: ubuntu-22.04 | |
if: github.repository == 'nilason/grass' | |
steps: | |
- uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | |
- name: Get dependencies | |
run: | | |
sudo apt-get update -y | |
sudo apt-get install -y wget git gawk findutils jq | |
xargs -a <(awk '! /^ *(#|$)/' ".github/workflows/apt.txt") -r -- \ | |
sudo apt-get install -y --no-install-recommends --no-install-suggests | |
- name: Create installation directory | |
run: | | |
mkdir $HOME/install | |
- name: Download Coverity Build Tool | |
run: | | |
wget -q https://scan.coverity.com/download/cxx/linux64 \ | |
--post-data "token=${TOKEN}&project=nilason%2Fgrass" -O cov-analysis-linux64.tar.gz | |
mkdir cov-analysis-linux64 | |
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 | |
env: | |
TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} | |
- name: Set number of cores for compilation | |
run: | | |
echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV | |
- name: Set LD_LIBRARY_PATH for compilation | |
run: | | |
echo "LD_LIBRARY_PATH=$HOME/install/lib" >> $GITHUB_ENV | |
- name: Print build environment variables | |
run: | | |
printenv | sort | |
gcc --version | |
ldd --version | |
- name: Configure | |
run: | | |
echo "CFLAGS=${{ env.CFLAGS }}" >> $GITHUB_ENV | |
echo "CXXFLAGS=${{ env.CXXFLAGS }}" >> $GITHUB_ENV | |
./configure \ | |
--prefix="$HOME/install/" \ | |
--enable-largefile \ | |
--with-cxx \ | |
--with-zstd \ | |
--with-bzlib \ | |
--with-blas \ | |
--with-lapack \ | |
--with-readline \ | |
--without-openmp \ | |
--with-pdal \ | |
--without-pthread \ | |
--with-tiff \ | |
--with-freetype \ | |
--with-freetype-includes="/usr/include/freetype2/" \ | |
--with-proj-share=/usr/share/proj \ | |
--with-geos \ | |
--with-sqlite \ | |
--with-fftw \ | |
--with-netcdf | |
env: | |
CFLAGS: -fPIC -g | |
CXXFLAGS: -fPIC -g | |
- name: Build with cov-build | |
run: | | |
pwd | |
export PATH=$(pwd)/cov-analysis-linux64/bin:$PATH | |
cov-build --dir cov-int make | |
- name: Put results into Tarball | |
run: | | |
tar czvf grass.tgz cov-int | |
- name: Upload Artifact of Scan Results | |
uses: actions/upload-artifact@5d5d22a31266ced268874388b861e4b58bb5c2f3 # v4.3.1 | |
with: | |
name: grass.tgz | |
path: grass.tgz | |
- name: Submit to Coverity Scan | |
run: | | |
version=$(head -n 3 include/VERSION | xargs | sed 's/ /./g') | |
commit=$(git rev-parse --short HEAD) | |
branch=$(git rev-parse --abbrev-ref HEAD) | |
echo "${version}-${commit}" | |
echo "Version ${version}, commit ${commit}, branch <${branch}>." | |
tar czvf grass.tgz cov-int | |
# curl \ | |
# --form token=${TOKEN} \ | |
# --form email=${EMAIL} \ | |
# --form file=@grass.tgz \ | |
# --form version="${version}-${commit}" \ | |
# --form description="Version ${version}, commit ${commit}, branch <${branch}>." \ | |
# 'https://scan.coverity.com/builds?project=nilason%2Fgrass' | |
env: | |
TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} | |
EMAIL: ${{ secrets.COVERITY_USER }} |