name: coverity scan of the auth
runs-on: ubuntu-20.04
env:
+ COVERITY_TOKEN: ${{ secrets.coverity_auth_token }}
FUZZING_TARGETS: no
SANITIZERS:
UNIT_TESTS: no
- run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- run: inv install-clang
- run: inv install-auth-build-deps
- - run: inv install-coverity-tools ${{ secrets.coverity_auth_token }} PowerDNS
+ - run: inv install-coverity-tools PowerDNS
- run: inv coverity-clang-configure
- run: inv ci-autoconf
- run: inv ci-auth-configure
- run: inv coverity-make
- run: inv coverity-tarball auth.tar.bz2
- - run: inv coverity-upload ${{ secrets.coverity_auth_token }} ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2
+ - run: inv coverity-upload ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2
coverity-dnsdist:
name: coverity scan of dnsdist
runs-on: ubuntu-20.04
env:
+ COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }}
SANITIZERS:
UNIT_TESTS: no
steps:
- run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- run: inv install-clang
- run: inv install-dnsdist-build-deps
- - run: inv install-coverity-tools ${{ secrets.coverity_dnsdist_token }} dnsdist
+ - run: inv install-coverity-tools dnsdist
- run: inv coverity-clang-configure
- run: inv ci-autoconf
working-directory: ./pdns/dnsdistdist/
working-directory: ./pdns/dnsdistdist/
- run: inv coverity-tarball dnsdist.tar.bz2
working-directory: ./pdns/dnsdistdist/
- - run: inv coverity-upload ${{ secrets.coverity_dnsdist_token }} ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2
+ - run: inv coverity-upload ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2
working-directory: ./pdns/dnsdistdist/
coverity-rec:
name: coverity scan of the rec
runs-on: ubuntu-20.04
env:
+ COVERITY_TOKEN: ${{ secrets.coverity_rec_token }}
SANITIZERS:
UNIT_TESTS: no
steps:
- run: build-scripts/gh-actions-setup-inv # this runs apt update+upgrade
- run: inv install-clang
- run: inv install-rec-build-deps
- - run: inv install-coverity-tools ${{ secrets.coverity_rec_token }} 'PowerDNS+Recursor'
+ - run: inv install-coverity-tools 'PowerDNS+Recursor'
- run: inv coverity-clang-configure
- run: inv ci-autoconf
working-directory: ./pdns/recursordist/
working-directory: ./pdns/recursordist/
- run: inv coverity-tarball recursor.tar.bz2
working-directory: ./pdns/recursordist/
- - run: inv coverity-upload ${{ secrets.coverity_rec_token }} ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2
+ - run: inv coverity-upload ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2
working-directory: ./pdns/recursordist/
c.run('api-spec-converter docs/http-api/swagger/authoritative-api-swagger.yaml -f swagger_2 -t openapi_3 -s json -c')
@task
-def install_coverity_tools(c, token, project):
- c.sudo(f'curl -s https://scan.coverity.com/download/linux64 --data "token={token}&project={project}" | gunzip | sudo tar xvf /dev/stdin --strip-components=1 --no-same-owner -C /usr/local')
+def install_coverity_tools(c, project):
+ token = os.getenv('COVERITY_TOKEN')
+ c.run(f'curl -s https://scan.coverity.com/download/linux64 --data "token={token}&project={project}" | gunzip | sudo tar xvf /dev/stdin --strip-components=1 --no-same-owner -C /usr/local', hide=True)
@task
def coverity_clang_configure(c):
c.run(f'tar caf {tarball} cov-int')
@task
-def coverity_upload(c, token, email, project, tarball):
+def coverity_upload(c, email, project, tarball):
+ token = os.getenv('COVERITY_TOKEN')
c.run(f'curl --form token={token} \
--form email="{email}" \
--form file=@{tarball} \
--form version="$(./builder-support/gen-version)" \
--form description="master build" \
- https://scan.coverity.com/builds?project={project}')
+ https://scan.coverity.com/builds?project={project}', hide=True)
# this is run always
def setup():
projects / thirdparty / pdns.git / commitdiff
