From 89bcf85d50730b9dc9eee6a83dedcca4e8f69ac2 Mon Sep 17 00:00:00 2001 From: John Safranek Date: Thu, 22 Jan 2026 11:09:44 -0800 Subject: [PATCH] Coverity Scan Automation 1. Add GitHub action to run a Coverity scan. --- .github/workflows/coverity-scan-fixes.yml | 61 +++++++++++++++++++++++ 1 file changed, 61 insertions(+) create mode 100644 .github/workflows/coverity-scan-fixes.yml diff --git a/.github/workflows/coverity-scan-fixes.yml b/.github/workflows/coverity-scan-fixes.yml new file mode 100644 index 000000000..b1bae35a4 --- /dev/null +++ b/.github/workflows/coverity-scan-fixes.yml @@ -0,0 +1,61 @@ +name: Coverity scan master branch + +on: + schedule: + - cron: '0 0 * * 0' + workflow_dispatch: + +jobs: + build_wolfssl: + name: Build wolfSSL + runs-on: ubuntu-latest + timeout-minutes: 4 + steps: + - name: Checking cache for wolfSSL + uses: actions/cache@v4 + id: cache-wolfssl + with: + path: build-dir + key: wolfssh-coverity-wolfssl + lookup-only: true + + - name: Build wolfSSL + if: steps.cache-wolfssl.outputs.cache-hit != 'true' + uses: wolfSSL/actions-build-autotools-project@v1 + with: + repository: wolfSSL/wolfssl + ref: master + path: wolfssl + configure: --enable-all + check: false + install: true + + coverity: + name: Coverity scan + needs: build_wolfssl + runs-on: ubuntu-latest + steps: + - name: Checking out wolfSSH + uses: actions/checkout@v4 + with: + ref: master + + - name: Checking cache for wolfssl + uses: actions/cache@v4 + with: + path: build-dir + key: wolfssh-coverity-wolfssl + fail-on-cache-miss: true + + - name: Configure wolfSSH + run: | + ./autogen.sh + ./configure --with-wolfssl=build-dir --enable-all + + - uses: vapier/coverity-scan-action@v1 + with: + build_language: 'cxx' + project: "wolfSSH" + token: ${{ secrets.COVERITY_SCAN_TOKEN_WOLFSSH }} + email: ${{ secrets.COVERITY_SCAN_EMAIL }} + command: "make"