Skip to content

Bump github/codeql-action from 3.26.2 to 3.27.0 #730

Bump github/codeql-action from 3.26.2 to 3.27.0

Bump github/codeql-action from 3.26.2 to 3.27.0 #730

Workflow file for this run

name: Coverity
on:
push:
branches:
- main
pull_request:
branches:
- main
workflow_dispatch:
permissions: read-all
jobs:
Coverity:
runs-on: ubuntu-latest
env:
CHECKERS: --concurrency --security --rule --enable-constraint-fpp --enable-fnptr --enable-virtual --webapp-security --enable-audit-checkers --enable-default
steps:
- uses: actions/checkout@v4
- uses: actions/setup-java@v4
with:
distribution: zulu
java-version: 11
- name: URL encode project name
run: echo "COV_PROJECT=${{ github.repository }}" | sed -e 's:/:%2F:g' -e 's/ /%20/g' >> $GITHUB_ENV
- name: Coverity Download
run: |
mkdir -p /tmp/cov-analysis
wget https://scan.coverity.com/download/linux64 --post-data "token=${{secrets.COV_TOKEN}}&project=${{env.COV_PROJECT}}" -O cov-analysis.tgz
tar -xzf cov-analysis.tgz --strip 1 -C /tmp/cov-analysis
rm cov-analysis.tgz
- name: Coverity Full Scan
if: ${{ github.event_name != 'pull_request' }}
run: |
export PATH=$PATH:/tmp/cov-analysis/bin
set -x
cov-build --dir cov-int --fs-capture-search $GITHUB_WORKSPACE --no-command
# Not available in package, maybe will be once approved?
# cov-analyze --dir cov-int --ticker-mode none --strip-path $GITHUB_WORKSPACE $CHECKERS
tar czvf numba-dpex.tgz cov-int
rm -rf cov-int
curl --form token=${{ secrets.COV_TOKEN }} \
--form email=${{ secrets.COV_EMAIL }} \
--form [email protected] \
--form version="${{ github.sha }}" \
--form description="Coverity Scan ${{ github.repository }} / ${{ github.ref }}" \
https://scan.coverity.com/builds?project=${{env.COV_PROJECT}}