forked from OSGeo/gdal
-
Notifications
You must be signed in to change notification settings - Fork 0
77 lines (65 loc) · 2.96 KB
/
coverity_scan.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
name: coverity-scan
# Controls when the action will run.
on:
# Run this action on a schedule (we're allowed a maximum of two per day)
schedule:
- cron: '0 18 * * SUN' # Sunday at 18:00 UTC
# Allows you to run this workflow manually from the Actions tab
workflow_dispatch:
permissions:
contents: read
jobs:
coverity_scan:
runs-on: ubuntu-latest
if: github.repository == 'OSGeo/gdal'
strategy:
fail-fast: false
matrix:
include:
- id: coverity_scan
container: ubuntu_20.04
build_script: build.sh
# Store the components of the container name as environment variables:
# ${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER}/${CONTAINER_NAME}
env:
CONTAINER_REGISTRY: ${{ vars.gdal_container_registry || 'ghcr.io' }}
CONTAINER_REGISTRY_USER: ${{ vars.gdal_container_registry_user || github.repository_owner }}
CONTAINER_NAME: gdal-deps
CONTAINER_TAG: ${{ matrix.container }}-${{ github.base_ref || github.ref_name }}
GDAL_SOURCE_DIR: /gdal # Directory to which workspace (source root) will be mounted inside container
defaults:
run:
# bash is needed to use ${CONTAINER_REGISTRY_USER,,}, which forces the
# username to lower-case as required by docker.
shell: bash
steps:
- name: Checkout
uses: actions/checkout@a5ac7e51b41094c92402da3b24376905380afc29 # v4.1.6
- name: Login to GHCR
if: env.CONTAINER_REGISTRY == 'ghcr.io'
run: echo "${{ secrets.GITHUB_TOKEN }}" | docker login ghcr.io -u $ --password-stdin
- name: Set variables
shell: bash
# This logic needs to be kept in sync between linux_build.yml and converity_scan.yml
run: |
CONTAINER_TAG_CLEAN=$(echo ${CONTAINER_TAG} | tr -d -c "[:alnum:].-")
echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}"
echo "CONTAINER_TAG_CLEAN=${CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV}
CACHE_CONTAINER_TAG_CLEAN=$(echo ${CACHE_CONTAINER_TAG} | tr -d -c "[:alnum:].-")
echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}"
echo "CACHE_CONTAINER_TAG_CLEAN=${CACHE_CONTAINER_TAG_CLEAN}" >> ${GITHUB_ENV}
echo "CONTAINER_NAME_FULL=${CONTAINER_REGISTRY}/${CONTAINER_REGISTRY_USER,,}/${CONTAINER_NAME}:${CONTAINER_TAG_CLEAN}" >>${GITHUB_ENV}
- name: Build
run: |
mkdir -p build-${{ matrix.id }}
docker run --name gdal-build \
--rm \
-e COVERITY_SCAN_TOKEN -e COVERITY_SCAN_EMAIL \
-v $(pwd):/${GDAL_SOURCE_DIR}:rw \
-v ${{ github.workspace }}/.ccache:/root/.ccache:rw \
--workdir ${GDAL_SOURCE_DIR}/build-${{ matrix.id }} \
${CONTAINER_NAME_FULL} \
"${GDAL_SOURCE_DIR}/.github/workflows/${{ matrix.id }}/${{ matrix.build_script }}"
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}