1name: Coverity Scan
2on:
3  # Run on every commit to mainline
4  push:
5    branches: main
6  # Allow manual running of the scan
7  workflow_dispatch:
8
9env:
10  bashPass: \033[32;1mPASSED -
11  bashInfo: \033[33;1mINFO -
12  bashFail: \033[31;1mFAILED -
13  bashEnd:  \033[0m
14
15jobs:
16  Coverity-Scan:
17    if: ( github.repository == 'FreeRTOS/FreeRTOS-Kernel' )
18    name: Coverity Scan
19    runs-on: ubuntu-latest
20    steps:
21      - name: Checkout the Repository
22        uses: actions/checkout@v4.1.1
23
24      - env:
25          stepName: Install Build Essentials
26        shell: bash
27        run: |
28          # ${{ env.stepName }}
29          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
30
31          sudo apt-get -y update
32          sudo apt-get -y install build-essential
33
34          echo "::endgroup::"
35          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
36
37      - env:
38          stepName: Install Coverity Build
39          COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
40        shell: bash
41        run: |
42          # ${{ env.stepName }}
43          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
44
45          wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1
46          echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV
47
48          echo "::endgroup::"
49          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
50
51      - env:
52          stepName: Coverity Build
53          COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
54          COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
55        shell: bash
56        run: |
57          # ${{ env.stepName }}
58          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
59
60          export PATH="$PATH:${{env.cov_scan_path}}"
61          cmake -S ./examples/cmake_example/ -B build
62          cd build
63          cov-build --dir cov-int make -j
64          # Move the report out of the build directory
65          tar czvf ../gcc_freertos_kernel_sample_build.tgz cov-int
66
67          echo "::endgroup::"
68          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
69
70      - env:
71          stepName: Upload Coverity Report for Scan
72          COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
73          COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
74        shell: bash
75        run: |
76          # ${{ env.stepName }}
77          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
78
79          COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \
80            --form email=${COVERITY_EMAIL} \
81            --form file=@gcc_freertos_kernel_sample_build.tgz \
82            --form version="Mainline" \
83            --form description="FreeRTOS Kernel Commit Scan" \
84            https://scan.coverity.com/builds?project=FreeRTOS-Kernel)
85
86          echo "::endgroup::"
87          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
88          echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"
89
90      - env:
91            stepName: Coverity Build for SMP FreeRTOS
92            COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
93            COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
94        shell: bash
95        run: |
96            # ${{ env.stepName }}
97            echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
98
99            export PATH="$PATH:${{env.cov_scan_path}}"
100            cmake -S ./examples/cmake_example/ -B build -DFREERTOS_SMP_EXAMPLE=1
101            cd build
102            cov-build --dir cov-int make -j
103            # Move the report out of the build directory
104            tar czvf ../gcc_freertos_kernel_smp_sample_build.tgz cov-int
105
106            echo "::endgroup::"
107            echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
108
109      - env:
110            stepName: Upload FreeRTOS SMP Coverity Report for Scan
111            COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
112            COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
113        shell: bash
114        run: |
115            # ${{ env.stepName }}
116            echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
117
118            COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \
119              --form email=${COVERITY_EMAIL} \
120              --form file=@gcc_freertos_kernel_smp_sample_build.tgz \
121              --form version="Mainline" \
122              --form description="FreeRTOS Kernel SMP Commit Scan" \
123              https://scan.coverity.com/builds?project=FreeRTOS-Kernel)
124
125            echo "::endgroup::"
126            echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
127            echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"
128