name: Coverity on: schedule: - cron: '42 0 * * *' # Run once per day, to avoid Coverity's submission limits workflow_dispatch: permissions: contents: read # to fetch code (actions/checkout) jobs: scan: runs-on: ubuntu-22.04 env: CC: gcc DEBIAN_FRONTEND: noninteractive TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} steps: - name: Checkout repository from github if: env.TOKEN uses: actions/checkout@v4 - name: Download Coverity if: env.TOKEN run: | wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz mkdir cov-scan tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan - name: Install packages if: env.TOKEN run: | sudo apt-get update && sudo apt-get install -y \ autoconf \ gettext \ libcanberra-dev \ libperl-dev \ python2-dev \ python3-dev \ liblua5.4-dev \ lua5.4 \ ruby-dev \ tcl-dev \ libgtk2.0-dev \ desktop-file-utils \ libtool-bin \ libsodium-dev - name: Set up environment if: env.TOKEN run: | echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH ( echo "NPROC=$(getconf _NPROCESSORS_ONLN)" echo "CONFOPT=--enable-perlinterp --enable-pythoninterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp" ) >> $GITHUB_ENV - name: Configure if: env.TOKEN run: | ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing # Append various warning flags to CFLAGS. sed -i -f ci/config.mk.sed src/auto/config.mk sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk # -O2 gives false warning and turns it into an error: # warning: function may return address of local variable [-Wreturn-local-addr] sed -i 's/-O2 \?//' src/auto/config.mk - name: Build/scan vim if: env.TOKEN run: | cov-build --dir cov-int make -j${NPROC} - name: Submit results if: env.TOKEN run: | tar zcf cov-scan.tgz cov-int curl --form token=$TOKEN \ --form email=$EMAIL \ --form file=@cov-scan.tgz \ --form version="$(git rev-parse HEAD)" \ --form description="Automatic GHA scan" \ 'https://scan.coverity.com/builds?project=vim' env: EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}