Skip to content

Coverity

Coverity #175

Workflow file for this run

# Copyright 2024, Intel Corporation
# SPDX-License-Identifier: BSD-3-Clause
name: Coverity
# It runs static analysis build - Coverity. It requires special token (set in CI's secret).
permissions: read-all
on:
workflow_dispatch:
schedule:
# Run every day at 22:00 UTC
- cron: '0 22 * * *'
concurrency:
group: ${{ github.workflow }}-${{ github.ref }}
cancel-in-progress: true
env:
LLVM_REPO: https://github.com/ispc/ispc.dependencies
jobs:
linux:
name: Coverity
runs-on: ubuntu-22.04
env:
COVERITY_SCAN_BUILD_COMMAND: "cmake --build ${{github.workspace}}/build"
COVERITY_SCAN_BRANCH_PATTERN: "main"
COVERITY_SCAN_NOTIFICATION_EMAIL: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }}
COVERITY_SCAN_PROJECT_NAME: ${{ secrets.COVERITY_SCAN_PROJECT_NAME }}
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
LLVM_VERSION: "18.1"
LLVM_TAR: llvm-18.1.8-ubuntu22.04-Release+Asserts-x86.arm.wasm.tar.xz
# Disabling this workflow for non ispc/ispc repo, since number of build submissions is limited.
if: github.repository == 'ispc/ispc'
steps:
- name: Clone the git repo
uses: actions/checkout@eef61447b9ff4aafe5dcd4e0bbf5d482be7e7871 # v4.2.1
- name: Install dependencies
run: |
.github/workflows/scripts/install-build-deps.sh
- name: Check environment
run: |
which -a clang
cat /proc/cpuinfo
- name: Build package
run: |
.github/workflows/scripts/build-ispc.sh
- name: Run Coverity
run: |
.github/workflows/scripts/run-coverity.sh
- name: Upload Coverity artifact
uses: actions/upload-artifact@50769540e7f4bd5e21e526ee35c689e35e0d6874 # v4.4.0
with:
name: scm_log.txt
path: cov-int/scm_log.txt