I modified patch to run against my own coverity repo 'chipitsine/haproxy'
Tim, can you have a look ? https://github.com/chipitsine/haproxy/actions/runs/443552484 чт, 24 дек. 2020 г. в 17:41, Илья Шипицин <[email protected]>: > Willy, patch is good. Let us apply that. > > чт, 24 дек. 2020 г. в 16:44, Tim Düsterhus <[email protected]>: > >> Ilya, >> >> Am 24.12.20 um 03:53 schrieb Илья Шипицин: >> > I particularly like this one: >> > >> > if: ${{ env.COVERITY_SCAN_TOKEN != '' }} >> > >> > >> > can it be done job wide ? i.e. nothing should start, neither checkout, >> nor >> > job itself if token is not set (which is true for forks) >> >> Yes, I think it is possible: >> >> https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idif >> >> By the way: I don't think secrets are exposed via environment variables >> automatically. You would need to pass them explicitly. See: >> >> https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow >> >> I've attached an updated patch that I believe does the correct thing: >> >> 1. The `if` is on the job level now. >> 2. It takes the secret from the `secrets` variable and passes it as the >> `env` for the actual step. >> >> Can you test this in your repository, please? >> >> > >> > Also, Tim, I've forgotten to limit builds to "master" branch. Should we >> > add some condition as well to prevent coverity scan for other branches ? >> > >> >> According to the documentation >> ( >> https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#schedule >> ) >> any workflows that are triggered by a schedule will run on the default >> branch (i.e. `master`). So I don't think we need to change anything for >> that. >> >> Best regards >> Tim Düsterhus >> >
