static-analysis.yml 1.7 KB

123456789101112131415161718192021222324252627282930313233343536373839404142434445
  1. # Copyright 2021 The OpenSSL Project Authors. All Rights Reserved.
  2. #
  3. # Licensed under the Apache License 2.0 (the "License"). You may not use
  4. # this file except in compliance with the License. You can obtain a copy
  5. # in the file LICENSE in the source distribution or at
  6. # https://www.openssl.org/source/license.html
  7. name: Static Analysis
  8. #Run once a day
  9. on:
  10. schedule:
  11. - cron: '20 0 * * *'
  12. permissions:
  13. contents: read
  14. jobs:
  15. coverity:
  16. runs-on: ubuntu-latest
  17. steps:
  18. - uses: actions/checkout@v3
  19. - name: tool download
  20. run: |
  21. wget https://scan.coverity.com/download/linux64 \
  22. --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
  23. --progress=dot:giga -O coverity_tool.tgz
  24. - name: config
  25. run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC -DFUZZING_BUILD_MODE_UNSAFE_FOR_PRODUCTION
  26. - name: config dump
  27. run: ./configdata.pm --dump
  28. - name: tool install
  29. run: tar xzf coverity_tool.tgz
  30. - name: make
  31. run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
  32. - name: archive
  33. run: tar czvf openssl.tgz cov-int
  34. - name: Coverity upload
  35. run: |
  36. curl --form token="${{ secrets.COVERITY_TOKEN }}" \
  37. --form email=openssl-commits@openssl.org \
  38. --form file=@openssl.tgz \
  39. --form version="`date -u -I` `git rev-parse --short HEAD`" \
  40. --form description="analysis of `git branch --show-current`" \
  41. https://scan.coverity.com/builds?project=openssl%2Fopenssl