Ilya,
Am 24.12.20 um 03:53 schrieb Илья Шипицин:
> I particularly like this one:
>
> if: ${{ env.COVERITY_SCAN_TOKEN != '' }}
>
>
> can it be done job wide ? i.e. nothing should start, neither checkout, nor
> job itself if token is not set (which is true for forks)
Yes, I think it is possible:
https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idif
By the way: I don't think secrets are exposed via environment variables
automatically. You would need to pass them explicitly. See:
https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow
I've attached an updated patch that I believe does the correct thing:
1. The `if` is on the job level now.
2. It takes the secret from the `secrets` variable and passes it as the
`env` for the actual step.
Can you test this in your repository, please?
>
> Also, Tim, I've forgotten to limit builds to "master" branch. Should we
> add some condition as well to prevent coverity scan for other branches ?
>
According to the documentation
(https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#schedule)
any workflows that are triggered by a schedule will run on the default
branch (i.e. `master`). So I don't think we need to change anything for
that.
Best regards
Tim Düsterhus
From 63ed5405668799f45b65a9f3ba4a825c549996d5 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin <[email protected]>
Date: Thu, 24 Dec 2020 01:18:04 +0500
Subject: [PATCH] CI: GitHub Actions: enable daily Coverity scan
That scan was previously implemented on Travis. Let us migrate
it to GitHub Actions.
Co-authored-by: Tim Duesterhus <[email protected]>
---
.github/workflows/coverity.yml | 29 +++++++++++++++++++++++++++++
1 file changed, 29 insertions(+)
create mode 100644 .github/workflows/coverity.yml
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 000000000..0b75ecef2
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,29 @@
+name: Coverity
+
+on:
+ schedule:
+ - cron: "0 0 * * *"
+
+jobs:
+ scan:
+ runs-on: ubuntu-latest
+ if: ${{ secrets.COVERITY_SCAN_TOKEN != '' }}
+ env:
+ COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
+ COVERITY_SCAN_BRANCH_PATTERN: '*'
+ COVERITY_SCAN_NOTIFICATION_EMAIL: '[email protected]'
+ COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEFINE=-DDEBUG_USE_ABORT TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1 51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1"
+ steps:
+ - uses: actions/checkout@v2
+ - name: Install apt dependencies
+ run: |
+ sudo apt-get update
+ sudo apt-get install -y \
+ liblua5.3-dev \
+ libsystemd-dev
+ - name: Run Coverity Scan
+ env:
+ COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ run: |
+ make -C contrib/wurfl
+ curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh"; | bash
--
2.29.0
