@@ -12,31 +12,62 @@ name: Coverity
1212# email to which the Coverity reports should be sent and the latter can be
1313# obtained from the Project Settings tab of the Coverity project).
1414#
15+ # The workflow runs on `ubuntu-latest` by default. This can be overridden by setting
16+ # the repository variable `ENABLE_COVERITY_SCAN_ON_OS` to a JSON string array specifying
17+ # the operating systems, e.g. `["ubuntu-latest", "windows-latest"]`.
18+ #
1519# By default, the builds are submitted to the Coverity project `git`. To override this,
1620# set the repository variable `COVERITY_PROJECT`.
1721
1822on :
1923 push :
2024
25+ defaults :
26+ run :
27+ shell : bash
28+
2129jobs :
2230 coverity :
2331 if : contains(fromJSON(vars.ENABLE_COVERITY_SCAN_FOR_BRANCHES || '[""]'), github.ref_name)
24- runs-on : ubuntu-latest
32+ strategy :
33+ matrix :
34+ os : ${{ fromJSON(vars.ENABLE_COVERITY_SCAN_ON_OS || '["ubuntu-latest"]') }}
35+ runs-on : ${{ matrix.os }}
2536 env :
2637 COVERITY_PROJECT : ${{ vars.COVERITY_PROJECT || 'git' }}
2738 COVERITY_LANGUAGE : cxx
28- COVERITY_PLATFORM : linux64
39+ COVERITY_PLATFORM : overridden-below
2940 steps :
3041 - uses : actions/checkout@v3
42+ - name : install minimal Git for Windows SDK
43+ if : contains(matrix.os, 'windows')
44+ uses : git-for-windows/setup-git-for-windows-sdk@v1
3145 - run : ci/install-dependencies.sh
46+ if : contains(matrix.os, 'ubuntu')
3247 env :
33- runs_on_pool : ubuntu-latest
48+ runs_on_pool : ${{ matrix.os }}
3449
3550 # The Coverity site says the tool is usually updated twice yearly, so the
3651 # MD5 of download can be used to determine whether there's been an update.
3752 - name : get the Coverity Build Tool hash
3853 id : lookup
3954 run : |
55+ case "${{ matrix.os }}" in
56+ *windows*)
57+ COVERITY_PLATFORM=win64
58+ COVERITY_TOOL_FILENAME=cov-analysis.zip
59+ ;;
60+ *ubuntu*)
61+ COVERITY_PLATFORM=linux64
62+ COVERITY_TOOL_FILENAME=cov-analysis.tgz
63+ ;;
64+ *)
65+ echo '::error::unhandled OS ${{ matrix.os }}' >&2
66+ exit 1
67+ ;;
68+ esac
69+ echo "COVERITY_PLATFORM=$COVERITY_PLATFORM" >>$GITHUB_ENV
70+ echo "COVERITY_TOOL_FILENAME=$COVERITY_TOOL_FILENAME" >>$GITHUB_ENV
4071 MD5=$(curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \
4172 --fail \
4273 --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \
@@ -57,14 +88,28 @@ jobs:
5788 run : |
5889 curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \
5990 --fail --no-progress-meter \
60- --output $RUNNER_TEMP/cov-analysis.tgz \
91+ --output $RUNNER_TEMP/$COVERITY_TOOL_FILENAME \
6192 --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \
6293 --form project="$COVERITY_PROJECT"
6394name : extract the Coverity Build Tool
6495 if : steps.cache.outputs.cache-hit != 'true'
6596 run : |
66- mkdir $RUNNER_TEMP/cov-analysis &&
67- tar -xzf $RUNNER_TEMP/cov-analysis.tgz --strip 1 -C $RUNNER_TEMP/cov-analysis
97+ case "$COVERITY_TOOL_FILENAME" in
98+ *.tgz)
99+ mkdir $RUNNER_TEMP/cov-analysis &&
100+ tar -xzf $RUNNER_TEMP/$COVERITY_TOOL_FILENAME --strip 1 -C $RUNNER_TEMP/cov-analysis
101+ ;;
102+ *.zip)
103+ cd $RUNNER_TEMP &&
104+ mkdir cov-analysis-tmp &&
105+ unzip -d cov-analysis-tmp $COVERITY_TOOL_FILENAME &&
106+ mv cov-analysis-tmp/* cov-analysis
107+ ;;
108+ *)
109+ echo "::error::unhandled archive type: $COVERITY_TOOL_FILENAME" >&2
110+ exit 1
111+ ;;
112+ esac
68113name : cache the Coverity Build Tool
69114 if : steps.cache.outputs.cache-hit != 'true'
70115 uses : actions/cache/save@v3
0 commit comments