[thirdparty/openssl.git] / .github / workflows / static-analysis.yml

# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License").  You may not use
# this file except in compliance with the License.  You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html

name: Static Analysis

#Run once a day
on:
  schedule:
    - cron:  '20 0 * * *'

permissions:
  contents: read

jobs:
  coverity:
    runs-on: ubuntu-latest
    steps:
    - uses: actions/checkout@v4
    - name: tool download
      run: |
        wget https://scan.coverity.com/download/linux64 \
             --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
             --progress=dot:giga -O coverity_tool.tgz
    - name: config
      run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
    - name: config dump
      run: ./configdata.pm --dump
    - name: tool install
      run: tar xzf coverity_tool.tgz
    - name: make
      run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
    - name: archive
      run: tar czvf openssl.tgz cov-int
    - name: Coverity upload
      run: |
        curl --form token="${{ secrets.COVERITY_TOKEN }}" \
             --form email=openssl-commits@openssl.org \
             --form file=@openssl.tgz \
             --form version="`date -u -I` `git rev-parse --short HEAD`" \
             --form description="analysis of `git branch --show-current`" \
             https://scan.coverity.com/builds?project=openssl%2Fopenssl
Commit	Line	Data
da1c088f	1	# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
7267769c P	2	#
	3	# Licensed under the Apache License 2.0 (the "License"). You may not use
	4	# this file except in compliance with the License. You can obtain a copy
	5	# in the file LICENSE in the source distribution or at
	6	# https://www.openssl.org/source/license.html
	7
	8	name: Static Analysis
	9
	10	#Run once a day
	11	on:
	12	schedule:
	13	- cron: '20 0 * * *'
	14
c6e7f427 VS	15	permissions:
	16	contents: read
	17
7267769c P	18	jobs:
	19	coverity:
	20	runs-on: ubuntu-latest
	21	steps:
d4231af6	22	- uses: actions/checkout@v4
7267769c P	23	- name: tool download
	24	run: \|
	25	wget https://scan.coverity.com/download/linux64 \
	26	--post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
	27	--progress=dot:giga -O coverity_tool.tgz
	28	- name: config
	29	run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
	30	- name: config dump
	31	run: ./configdata.pm --dump
	32	- name: tool install
	33	run: tar xzf coverity_tool.tgz
	34	- name: make
	35	run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
	36	- name: archive
	37	run: tar czvf openssl.tgz cov-int
	38	- name: Coverity upload
	39	run: \|
	40	curl --form token="${{ secrets.COVERITY_TOKEN }}" \
	41	--form email=openssl-commits@openssl.org \
	42	--form file=@openssl.tgz \
	43	--form version="`date -u -I` `git rev-parse --short HEAD`" \
	44	--form description="analysis of `git branch --show-current`" \
	45	https://scan.coverity.com/builds?project=openssl%2Fopenssl