Workflow (by @smitesh-sutaria via schedule) #4
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: "Device Plugin: Coverity Scan" | |
| run-name: "Workflow (by @${{ github.actor }} via ${{ github.event_name }})" | |
| on: | |
| # Allow this to also be manually scheduled against a specific branch | |
| workflow_dispatch: | |
| inputs: | |
| branch: | |
| description: 'Branch to run on' | |
| required: true | |
| default: 'main' | |
| schedule: | |
| # Run at 01:35 UTC every day | |
| # Chosen arbitrarily and could be moved - 01:30 UTC is generally after workday ends in US and before it starts in India | |
| - cron: "35 1 * * *" | |
| push: | |
| tags: | |
| - "*" | |
| permissions: read-all | |
| jobs: | |
| coverity: | |
| name: Coverity | |
| runs-on: ubuntu-24.04 | |
| defaults: | |
| run: | |
| shell: bash -noprofile --norc -eo pipefail {0} | |
| steps: | |
| - name: Checkout Code | |
| uses: actions/checkout@v4 | |
| with: | |
| persist-credentials: false | |
| fetch-depth: 0 # All history, not just latest commit | |
| ref: ${{ github.event.pull_request.head.sha }} # Check out the actual commit, not a fake merge commit | |
| - name: Setup Tools & Common Variables | |
| uses: ./.github/actions/setup-tools | |
| - name: Load coverity from cache | |
| id: cache-coverity | |
| uses: actions/cache@v4 | |
| env: | |
| cache-name: cache-coverity | |
| with: | |
| path: $HOME/coverity | |
| # Update coverity each month | |
| key: coverity-$(date +%Y%m) | |
| - name: Debug COVERITY_TOKEN | |
| run: | | |
| if [ -z "$COVERITY_TOKEN" ]; then | |
| echo "COVERITY_TOKEN is not set" | |
| exit 1 | |
| else | |
| echo "COVERITY_TOKEN is set" | |
| fi | |
| env: | |
| COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }} | |
| - name: Download coverity | |
| if: ${{ steps.cache-coverity.outputs.cache-hit != 'true' }} | |
| env: | |
| COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }} | |
| run: | | |
| cd $HOME | |
| wget https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_TOKEN&project=open-edge-platform%2Fedge-desktop-virtualization" -O coverity.tgz | |
| tar zxf coverity.tgz | |
| mv -T cov-analysis-linux64-* coverity | |
| - name: Add coverity to PATH | |
| run: | | |
| echo "$HOME/coverity/bin" >> $GITHUB_PATH | |
| - name: Show coverity version | |
| run: | | |
| coverity --version | |
| - name: Run coverity build | |
| working-directory: device-plugins-for-kubernetes | |
| run: | | |
| cov-build --dir $HOME/cov-int ./build.sh --ver "$EDV_VERSION" --repo "localhost" | |
| - name: Create coverity results tarball | |
| run: | | |
| cd $HOME | |
| tail cov-int/build-log.txt | |
| tar zcf cov-int.tgz cov-int | |
| - name: Create coverity build | |
| env: | |
| COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }} | |
| run: | | |
| cd $HOME | |
| ls -hal cov-int.tgz | |
| echo "NOTE: If size above is > 500 MB, this will fail and need to be restructured to use the more advanced coverity API" | |
| curl --form token=$COVERITY_TOKEN \ | |
| --form email=byron.marohn@intel.com \ | |
| --form file=@cov-int.tgz \ | |
| --form version="$EDV_VERSION" \ | |
| --form description="Coverity build for edge-desktop-virtualization@$EDV_VERSION" \ | |
| https://scan.coverity.com/builds?project=open-edge-platform%2Fedge-desktop-virtualization |