begriffs open source - freertos/blob - .github/workflows/coverity_scan.yml

   1 name: Coverity Scan
   2 on:
   3   # Run on every commit to mainline
   4   push:
   5     branches: main
   6   # Allow manual running of the scan
   7   workflow_dispatch:
   8
   9 env:
  10   bashPass: \033[32;1mPASSED -
  11   bashInfo: \033[33;1mINFO -
  12   bashFail: \033[31;1mFAILED -
  13   bashEnd:  \033[0m
  14
  15 jobs:
  16   Coverity-Scan:
  17     if: ( github.repository == 'FreeRTOS/FreeRTOS-Kernel' )
  18     name: Coverity Scan
  19     runs-on: ubuntu-latest
  20     steps:
  21       - name: Checkout the Repository
  22         uses: actions/checkout@v4.1.1
  23
  24       - env:
  25           stepName: Install Build Essentials
  26         shell: bash
  27         run: |
  28           # ${{ env.stepName }}
  29           echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
  30
  31           sudo apt-get -y update
  32           sudo apt-get -y install build-essential
  33
  34           echo "::endgroup::"
  35           echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
  36
  37       - env:
  38           stepName: Install Coverity Build
  39           COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
  40         shell: bash
  41         run: |
  42           # ${{ env.stepName }}
  43           echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
  44
  45           wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1
  46           echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV
  47
  48           echo "::endgroup::"
  49           echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
  50
  51       - env:
  52           stepName: Coverity Build
  53           COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
  54           COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
  55         shell: bash
  56         run: |
  57           # ${{ env.stepName }}
  58           echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
  59
  60           export PATH="$PATH:${{env.cov_scan_path}}"
  61           cmake -S ./examples/cmake_example/ -B build
  62           cd build
  63           cov-build --dir cov-int make -j
  64           # Move the report out of the build directory
  65           tar czvf ../gcc_freertos_kernel_sample_build.tgz cov-int
  66
  67           echo "::endgroup::"
  68           echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
  69
  70       - env:
  71           stepName: Upload Coverity Report for Scan
  72           COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
  73           COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
  74         shell: bash
  75         run: |
  76           # ${{ env.stepName }}
  77           echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
  78
  79           COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \
  80             --form email=${COVERITY_EMAIL} \
  81             --form file=@gcc_freertos_kernel_sample_build.tgz \
  82             --form version="Mainline" \
  83             --form description="FreeRTOS Kernel Commit Scan" \
  84             https://scan.coverity.com/builds?project=FreeRTOS-Kernel)
  85
  86           echo "::endgroup::"
  87           echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
  88           echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"
  89
  90       - env:
  91             stepName: Coverity Build for SMP FreeRTOS
  92             COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
  93             COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
  94         shell: bash
  95         run: |
  96             # ${{ env.stepName }}
  97             echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
  98
  99             export PATH="$PATH:${{env.cov_scan_path}}"
 100             cmake -S ./examples/cmake_example/ -B build -DFREERTOS_SMP_EXAMPLE=1
 101             cd build
 102             cov-build --dir cov-int make -j
 103             # Move the report out of the build directory
 104             tar czvf ../gcc_freertos_kernel_smp_sample_build.tgz cov-int
 105
 106             echo "::endgroup::"
 107             echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
 108
 109       - env:
 110             stepName: Upload FreeRTOS SMP Coverity Report for Scan
 111             COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
 112             COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
 113         shell: bash
 114         run: |
 115             # ${{ env.stepName }}
 116             echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
 117
 118             COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \
 119               --form email=${COVERITY_EMAIL} \
 120               --form file=@gcc_freertos_kernel_smp_sample_build.tgz \
 121               --form version="Mainline" \
 122               --form description="FreeRTOS Kernel SMP Commit Scan" \
 123               https://scan.coverity.com/builds?project=FreeRTOS-Kernel)
 124
 125             echo "::endgroup::"
 126             echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
 127             echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"