Add coverity support to workflow #12
Workflow file for this run
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| # SPDX-License-Identifier: LicenseRef-MSLA | |
| # SPDX-Copyright-Text: (c) 2024 Silicon Laboratories Inc. (www.silabs.com) | |
| name: Build | |
| on: [push, pull_request] | |
| jobs: | |
| build: | |
| runs-on: ${{ github.repository_owner == 'SiliconLabsInternal' && 'silabs-internal' || 'ubuntu-24.04' }} | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| # Necessary for git-describe used by version.sh | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| # Forks do not copy upstream tags by default | |
| - name: Update tags | |
| run: | | |
| git remote add upstream https://github.com/SiliconLabs/wisun-br-linux | |
| git fetch upstream refs/tags/*:refs/tags/* | |
| - name: Download Coverity | |
| env: | |
| COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
| run: | | |
| # Download toolbox | |
| COVERITY_URL="https://scan.coverity.com/download/cxx/linux64" | |
| wget -q $COVERITY_URL --post-data "token=${COVERITY_SCAN_TOKEN}&project=wisun-br-linux" -O coverity.tar.gz --no-check-certificate | |
| mkdir -p coverity | |
| tar -xf coverity.tar.gz -C coverity --strip-components=1 | |
| rm -fr coverity.tar.gz | |
| # For the current shell session | |
| export PATH=$(pwd)/coverity/bin:$PATH | |
| coverity --version | |
| # For the upcoming shell sessions | |
| echo "$(pwd)/coverity/bin" >> $GITHUB_PATH | |
| - name: Install dependencies | |
| run: | | |
| sudo apt-get update -y | |
| [ ${{ github.repository_owner }} = SiliconLabsInternal ] && \ | |
| sudo apt-get install -y build-essential cargo | |
| sudo apt-get install -y ninja-build \ | |
| libnl-3-dev libnl-route-3-dev \ | |
| libcap-dev libsystemd-dev \ | |
| libdbus-1-dev | |
| cargo fetch --manifest-path=tools/wsbrd_cli/Cargo.toml | |
| - name: Install MbedTLS | |
| run: | | |
| git clone --branch v3.6.2 \ | |
| --depth 1 \ | |
| --recurse-submodules \ | |
| --shallow-submodules \ | |
| https://github.com/ARMmbed/mbedtls | |
| cmake -S mbedtls \ | |
| -B mbedtls/build \ | |
| -D ENABLE_PROGRAMS=OFF \ | |
| -D ENABLE_TESTING=OFF \ | |
| -G Ninja | |
| ninja -C mbedtls/build | |
| sudo ninja -C mbedtls/build install | |
| - name: Compile and install | |
| run: | | |
| cmake -S . \ | |
| -B build \ | |
| -D COMPILE_WSRD=ON \ | |
| -D COMPILE_DEVTOOLS=ON \ | |
| -D COMPILE_DEMOS=ON \ | |
| -D CMAKE_C_FLAGS=-Werror \ | |
| -G Ninja | |
| cov-build --dir cov-int ninja -C build | |
| sudo ninja -C build install | |
| - name: Run --version | |
| run: wsbrd --version | |
| - name: Compile new authenticator | |
| run: | | |
| cmake -S . \ | |
| -B build-auth \ | |
| -D AUTH_LEGACY=OFF \ | |
| -G Ninja | |
| ninja -C build-auth wsbrd | |
| - name: Prepare for Coverity | |
| run: | | |
| tar czf coverity-analysis.tgz cov-int | |
| - name: Upload Coverity Scan Results | |
| env: | |
| COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
| COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} | |
| COVERITY_SCAN_VERSION: ${{ github.sha }} | |
| run: | | |
| curl --fail \ | |
| --form token="$COVERITY_SCAN_TOKEN" \ | |
| --form email="$COVERITY_SCAN_EMAIL" \ | |
| --form [email protected] \ | |
| --form version="$COVERITY_SCAN_VERSION" \ | |
| --form description="Coverity scan results for commit $COVERITY_SCAN_VERSION" \ | |
| "https://scan.coverity.com/builds?project=wisun-br-linux" |