Coverity Scan Workflow Fix (#891)

Currently the Coverity Scan attempts to run on every fork that pulls the file. This leads to anybody who pulls this file getting emails that their workflow failed to run when the cron job attempts to run. This PR sets the scan to only run if the repo is FreeRTOS/FreeRTOS-Kernel. Also, change the scan from a cron job to a job that runs on a commit to mainline, or if triggered manually.
1 year ago · 09c4c4bae9
parent cb196ddbb1
commit 09c4c4bae9
1 changed files with 54 additions and 14 deletions
--- a/.github/workflows/coverity_scan.yml
+++ b/.github/workflows/coverity_scan.yml
@ -1,47 +1,87 @@
-name: FreeRTOS-Kernel Coverity Scan
+name: Coverity Scan
 on:
-  schedule: ## Scheduled to run at 1:15 AM UTC daily.
-    - cron: '15 1 * * *'
+  # Run on every commit to mainline
+  push:
+    branches: main
+  # Allow manual running of the scan
+  workflow_dispatch:

+env:
+  bashPass: \033[32;1mPASSED -
+  bashInfo: \033[33;1mINFO -
+  bashFail: \033[31;1mFAILED -
+  bashEnd:  \033[0m

 jobs:
-
  Coverity-Scan:
+    if: ( github.repository == 'FreeRTOS/FreeRTOS-Kernel' )
    name: Coverity Scan
    runs-on: ubuntu-latest
    steps:
      - name: Checkout the Repository
        uses: actions/checkout@v3

-      - name: Install Build Essentials
+      - env:
+          stepName: Install Build Essentials
        shell: bash
        run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
          sudo apt-get -y update
          sudo apt-get -y install build-essential

-      - name: Install Coverity Build
-        shell: bash
-        env:
+          echo "::endgroup::"
+          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
+      - env:
+          stepName: Install Coverity Build
          COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        shell: bash
        run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
          wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1
          echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV

-      - name: Coverity Build & Upload for Scan
-        shell: bash
-        env:
+          echo "::endgroup::"
+          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
+
+      - env:
+          stepName: Coverity Build & Upload for Scan
          COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
          COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        shell: bash
        run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
          export PATH="$PATH:${{env.cov_scan_path}}"
          cmake -S ./examples/cmake_example/ -B build
          cd build
          cov-build --dir cov-int make -j
-          tar czvf gcc_freertos_kerenl_sample_build.tgz cov-int
+          tar czvf gcc_freertos_kernel_sample_build.tgz cov-int
+
+          echo "::endgroup::"
+          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
+
+      - env:
+          stepName: Upload Coverity Report for Scan
+          COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        shell: bash
+        run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
          COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \
            --form email=${COVERITY_EMAIL} \
-            --form file=@gcc_freertos_kerenl_sample_build.tgz \
+            --form file=@gcc_freertos_kernel_sample_build.tgz \
            --form version="Mainline" \
-            --form description="FreeRTOS Kernel Nightly Scan" \
+            --form description="FreeRTOS Kernel Commit Scan" \
            https://scan.coverity.com/builds?project=FreeRTOS-Kernel)
+
+          echo "::endgroup::"
+          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
          echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"