Skip to content

Coverity

Coverity #1475

Workflow file for this run

name: Coverity
on:
push:
branches:
- coverity_scan
schedule:
- cron: '0 20 * * *'
jobs:
coverity:
runs-on: ubuntu-24.04
if: github.repository_owner == 'FreeRADIUS' || github.ref == 'refs/heads/coverity_scan'
steps:
- name: Checkout
uses: actions/checkout@v4
- name: Package manager performance improvements
run: |
sudo sh -c 'echo force-unsafe-io > /etc/dpkg/dpkg.cfg.d/02speedup'
echo 'man-db man-db/auto-update boolean false' | sudo debconf-set-selections
sudo dpkg-reconfigure man-db
sudo sed -i 's/^update_initramfs=.*/update_initramfs=no/' /etc/initramfs-tools/update-initramfs.conf
sudo apt-get update
# Remove pre-installed package which conflicts with dependency installation
- name: Remove package conflicts
run: |
sudo apt-get remove -y libhashkit2
- name: Install build dependencies
run: |
sudo apt-get install -y --no-install-recommends build-essential devscripts equivs quilt
debian/rules debian/control
sudo mk-build-deps -irt"apt-get -y --no-install-recommends" debian/control
sudo mk-build-deps -irt"apt-get -y --no-install-recommends" scripts/ci/extra-packages.debian.control
- name: Download coverity tool MD5
run: |
wget https://scan.coverity.com/download/linux64 \
--post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server&md5=1" \
-O coverity_tool.tar.gz.md5
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
OWNER: ${{ github.repository_owner }}
- name: Cache coverity tool
uses: actions/cache@v4
id: cache-coverity
with:
path: coverity_tool.tar.gz
key: coverity-tool-cache-${{ hashFiles('coverity_tool.tar.gz.md5') }}
- name: Download coverity tool
if: steps.cache-coverity.outputs.cache-hit != 'true'
run: |
wget https://scan.coverity.com/download/linux64 \
--post-data "token=${TOKEN}&project=${OWNER}%2Ffreeradius-server" \
-O coverity_tool.tar.gz
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
OWNER: ${{ github.repository_owner }}
- name: Extract coverity tool
run: |
mkdir coverity_tool
tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
- name: Build with Coverity
run: |
export CC=clang
export PATH=`pwd`/coverity_tool/bin:$PATH
./configure -with-rlm-python-bin=/usr/bin/python2.7
cov-configure --template --compiler clang --comptype clangcc
cov-build --dir cov-int make
- name: Display build result
run: |
cat /home/runner/work/freeradius-server/freeradius-server/cov-int/build-log.txt
- name: Submit result
run: |
tar czf cov-int.tar.gz cov-int
curl \
--form token="$TOKEN" \
--form email="freeradius-devel@lists.freeradius.org" \
--form file=@cov-int.tar.gz \
--form version="`cat VERSION`" \
--form description="FreeRADIUS" \
https://scan.coverity.com/builds?project=${OWNER}%2Ffreeradius-server
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
OWNER: ${{ github.repository_owner }}