harfbuzz/.github/workflows/coverity-scan.yml

43 lines
1.6 KiB
YAML

name: coverity-scan
on:
schedule:
- cron: '0 10 * * *' # Daily at 10:00 UTC
permissions:
contents: read
jobs:
latest:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v3
- run: sudo apt-get install gcc clang wget git curl pkg-config libfreetype6-dev libglib2.0-dev libicu-dev libgraphite2-dev
- name: Download Coverity
run: |
wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=HarfBuzz" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
# ideally we should've used meson and ninja here but it complains about coverage or something
- run: cov-analysis-linux64/bin/cov-build --dir cov-int clang src/hb-*.cc -DHAVE_FREETYPE -DHAVE_GRAPHITE2 -DHAVE_GLIB -DHAVE_ICU `pkg-config --cflags freetype2 graphite2 glib-2.0 icu-uc` -DHAVE_ROUNDF -DHAVE_SYS_MMAN_H -DHAVE_UNISTD_H -DHAVE_GETPAGESIZE -DHB_EXPERIMENTAL_API -c
- run: tar czvf harfbuzz.tgz cov-int
- name: submit to coverity
run: |
curl \
--form project=HarfBuzz \
--form token=$TOKEN \
--form email=harfbuzz-bots-chatter@googlegroups.com \
--form file=@harfbuzz.tgz \
--form version=trunk \
--form description="`git rev-parse --short HEAD`" \
https://scan.coverity.com/builds?project=HarfBuzz
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}