.github/workflows/coverity.yml

   1 name: Coverity build and upload
   2 on:
   3   push:
   4     branches:
   5       - master
   6 permissions:
   7   contents: read
   8
   9 jobs:
  10   test:
  11     runs-on: ubuntu-22.04
  12     steps:
  13       - name: Checkout code
  14         uses: actions/checkout@v3
  15
  16       - name: Download Coverity Build Tool
  17         run: |
  18           wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=lxc/lxc" -O cov-analysis-linux64.tar.gz
  19           mkdir cov-analysis-linux64
  20           tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
  21         env:
  22           TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
  23
  24       - name: Install dependencies
  25         run: |
  26           sudo apt-get update -qq
  27           sudo apt-get install -qq gcc clang meson
  28           sudo apt-get install -qq libapparmor-dev libcap-dev libseccomp-dev libselinux1-dev linux-libc-dev docbook2x libsystemd-dev
  29
  30       - name: Compiler version
  31         run: |
  32           gcc --version
  33
  34       - name: Kernel version
  35         run: |
  36           uname -a
  37
  38       - name: Mount table
  39         run: |
  40           findmnt
  41
  42       - name: Run coverity
  43         run: |
  44           # Configure
  45           export PATH="$(pwd)/cov-analysis-linux64/bin:${PATH}"
  46           export CFLAGS="-Wall -Werror"
  47           export LDFLAGS="-pthread -lpthread"
  48
  49           BUILD="$(pwd)/build"
  50           meson setup -Dtests=true -Dpam-cgroup=true -Dcoverity-build=true build/
  51
  52           # Build
  53           cov-build --dir cov-int ninja -C ${BUILD}
  54           tar czvf lxc.tgz cov-int
  55
  56           # Submit the results
  57           curl \
  58             --form project=lxc/lxc \
  59             --form token=${TOKEN} \
  60             --form email=lxc-devel@lists.linuxcontainers.org \
  61             --form file=@lxc.tgz \
  62             --form version=master \
  63             --form description="${GITHUB_SHA}" \
  64             https://scan.coverity.com/builds?project=lxc/lxc
  65         env:
  66           TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}