diff options
author | Frank Lichtenheld | 2023-09-11 13:07:35 +0200 |
---|---|---|
committer | Gert Doering | 2023-09-22 18:06:20 +0200 |
commit | 36605648a8974f1f7151a5842e94c75d08410fd0 (patch) | |
tree | 6bdaba6db990aa2f7018db1475a6e97bf5db5e61 | |
parent | b033683bf982200471e53b18600e3a2f541ab3f2 (diff) | |
download | openvpn-36605648a8974f1f7151a5842e94c75d08410fd0.zip openvpn-36605648a8974f1f7151a5842e94c75d08410fd0.tar.gz |
GHA: new workflow to submit scan to Coverity Scan service
Not on every push due to submit limits.
Use caching to not submit a scan for the same git commit
twice. Since we have many days without pushes to master
this saves a lot of Github and Coverity resources.
v2:
- add caching to not submit redundant scans
Change-Id: I302ccc82f9d5c43b58350bbbf7f16ad1c559248f
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230911110735.34491-1-frank@lichtenheld.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg27001.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 607ae9b821665dadb6bd0a3ceb6288bda10d5e67)
-rw-r--r-- | .github/workflows/coverity-scan.yml | 69 |
1 files changed, 69 insertions, 0 deletions
diff --git a/.github/workflows/coverity-scan.yml b/.github/workflows/coverity-scan.yml new file mode 100644 index 0000000..c107933 --- /dev/null +++ b/.github/workflows/coverity-scan.yml @@ -0,0 +1,69 @@ +name: coverity-scan +on: + schedule: + - cron: '0 20 * * *' # Daily at 20:00 UTC + workflow_dispatch: + +jobs: + latest: + runs-on: ubuntu-latest + steps: + - name: Check submission cache + id: check_submit + uses: actions/cache/restore@v3 + with: + path: | + cov-int + key: check-submit-${{ github.sha }} + + - name: Install dependencies + if: steps.check_submit.outputs.cache-hit != 'true' + run: sudo apt update && sudo apt install -y liblzo2-dev libpam0g-dev liblz4-dev libcap-ng-dev libnl-genl-3-dev linux-libc-dev man2html libcmocka-dev python3-docutils libtool automake autoconf libssl-dev libpkcs11-helper1-dev softhsm2 gnutls-bin + + - name: Checkout OpenVPN + if: steps.check_submit.outputs.cache-hit != 'true' + uses: actions/checkout@v3 + + - name: Download Coverity Build Tool + if: steps.check_submit.outputs.cache-hit != 'true' + run: | + wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=OpenVPN%2Fopenvpn" -O cov-analysis-linux64.tar.gz + mkdir cov-analysis-linux64 + tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 + env: + TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + + - name: autoconf + if: steps.check_submit.outputs.cache-hit != 'true' + run: autoreconf -fvi + - name: configure + if: steps.check_submit.outputs.cache-hit != 'true' + run: ./configure --enable-pkcs11 + + - name: Build with cov-build + if: steps.check_submit.outputs.cache-hit != 'true' + run: | + PATH=`pwd`/cov-analysis-linux64/bin:$PATH + cov-build --dir cov-int make + + - name: Submit the result to Coverity Scan + if: steps.check_submit.outputs.cache-hit != 'true' + run: | + tar czvf openvpn.tgz cov-int + curl --form token=$TOKEN \ + --form email=$EMAIL \ + --form file=@openvpn.tgz \ + --form version="$GITHUB_SHA" \ + --form description="master" \ + https://scan.coverity.com/builds?project=OpenVPN%2Fopenvpn + env: + TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} + EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} + + - name: Cache submission + if: steps.check_submit.outputs.cache-hit != 'true' + uses: actions/cache/save@v3 + with: + path: | + cov-int + key: ${{ steps.check_submit.outputs.cache-primary-key }} |