mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-12 14:35:14 +00:00
89c9d0a169
This change locks down the permissions of the access token in GitHub Actions to only allow reading the repository contents and nothing else. see https://docs.github.com/en/actions/security-guides/automatic-token-authentication#permissions-for-the-github_token
45 lines
1.5 KiB
YAML
45 lines
1.5 KiB
YAML
|
|
#
|
|
# scan results: https://scan.coverity.com/projects/haproxy
|
|
#
|
|
|
|
name: Coverity
|
|
|
|
on:
|
|
schedule:
|
|
- cron: "0 0 * * *"
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
scan:
|
|
runs-on: ubuntu-latest
|
|
if: ${{ github.repository_owner == 'haproxy' }}
|
|
env:
|
|
COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
|
|
COVERITY_SCAN_BRANCH_PATTERN: '*'
|
|
COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipitsine@gmail.com'
|
|
COVERITY_SCAN_BUILD_COMMAND: "make CC=clang TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=addons/wurfl/dummy WURFL_LIB=addons/wurfl/dummy USE_DEVICEATLAS=1 DEVICEATLAS_SRC=addons/deviceatlas/dummy USE_51DEGREES=1 51DEGREES_SRC=addons/51degrees/dummy/pattern"
|
|
steps:
|
|
- uses: actions/checkout@v2
|
|
- name: Install apt dependencies
|
|
run: |
|
|
sudo apt-get update
|
|
sudo apt-get install -y \
|
|
liblua5.3-dev \
|
|
libsystemd-dev
|
|
- name: Hijack Makefile
|
|
run: |
|
|
# We cannot pass the DEBUG variable in `COVERITY_SCAN_BUILD_COMMAND`,
|
|
# because Coverity splits parameters at whitespaces, without taking
|
|
# quoting into account.
|
|
sed -i 's/^DEBUG =$/DEBUG = -DDEBUG_STRICT=1 -DDEBUG_USE_ABORT=1/' Makefile
|
|
- name: Build WURFL
|
|
run: make -C addons/wurfl/dummy
|
|
- name: Run Coverity Scan
|
|
env:
|
|
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
|
|
run: |
|
|
curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true
|