name: GitHub CI tests on: push: branches: [master, ci, coverity_scan] pull_request: jobs: build: runs-on: ${{ matrix.os }} strategy: matrix: os: [ubuntu-18.04, macos-10.15] cc: [gcc, clang] exclude: - os: macos-10.15 cc: gcc include: # Enable distcheck for one build - os: ubuntu-18.04 cc: gcc do_distc: yes # Also run Coverity on a clang build; Coverity's gcc causes issues - os: ubuntu-18.04 cc: clang do_coverity: yes steps: - name: checkout code uses: actions/checkout@v2 - name: retrieve caches uses: actions/cache@v2 with: path: | $HOME/Library/Caches/Homebrew /usr/local/Homebrew key: ${{ runner.os }}-${{ matrix.os }}-build - name: install deps run: | if (echo "${{ matrix.os }}" | grep -qE '^macos-') ; then brew update # freetype, autoconf and libtool are preinstalled # and `brew install` fails if a non-uptodate version is already installed #brew upgrade freetype autoconf libtool brew install automake fribidi harfbuzz nasm else #sudo apt-get update && sudo apt-get upgrade sudo apt-get install -y \ libfontconfig1-dev libfreetype6-dev libfribidi-dev \ libharfbuzz-dev nasm ${{ matrix.cc }} fi - name: configure run: ./autogen.sh && CC="${{ matrix.cc }}" ./configure - name: compile run: make -j 2 - name: distcheck run: if [ "x${{ matrix.do_distc }}" == "xyes" ] ; then make -j 2 distcheck; fi - name: Coverity scan env: COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} PROJECT_NAME: libass/libass NOTIFY_EMAIL: none@example.com TOOL_URL: https://scan.coverity.com/download/ UPLOAD_URL: https://scan.coverity.com/builds?project=libass%2Flibass SCAN_URL: https://scan.coverity.com RES_DIR: cov-int run: | if [ "x${{ matrix.do_coverity }}" = "xyes" ] \ && [ "x${{ github.repository }}" = "xlibass/libass" ] \ && [ "x${{ github.event_name }}" != "xpull_request" ] then exit_code=0 echo "Running Coverity ..." # Remove previous build output make clean # The upstream script is borked and always exits with 1 even on success # To get meaningful success/error status we're using our own script # but we still wnat to be informed about upstream script changes if curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh \ | shasum -a 256 \ | grep -Eq '^234d71b4a5257a79559e66dd3ba5765576d2af4845da83af4975b77b14ab536b ' then echo "" > /dev/null else echo "Coverity's upstream travis script changed!"; exit_code=1 fi # Check if we are within quoata quota_res="$(curl -s --form project="$PROJECT_NAME" \ --form token="$COVERITY_SCAN_TOKEN" \ "$SCAN_URL"/api/upload_permitted)" if [ "$?" -ne 0 ] || [ "x$quota_res" = "xAccess denied" ] ; then echo "Coverity denied access or did not respond!" exit 1 elif echo "$quota_res" | grep -Eq 'upload_permitted": *true' ; then echo "Within Coverity quota." else echo "Exceeding Coverity quota! Try again later." exit 0; fi # Download cov tool and make it available wget -nv "$TOOL_URL""$(uname)" \ --post-data "project=$PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" \ -O cov-analysis-tool.tar.gz mkdir cov-analysis-tool tar xzf cov-analysis-tool.tar.gz --strip 1 -C cov-analysis-tool export PATH="$(pwd)/cov-analysis-tool/bin:$PATH" # Coverity Build echo "Starting Coverity build..." #mkdir "$RES_DIR" # already done by cov-build COVERITY_UNSUPPORTED=1 cov-build --dir "$RES_DIR" make -j 2 cov-import-scm --dir "$RES_DIR" --scm git --log "$RES_DIR/scm_log.txt" 2>&1 echo "" echo "[COV] SCM LOG" echo "=============" echo "" cat "$RES_DIR"/scm_log.txt echo "" echo "" # Submit results to Coverity's server tar czf libass.tar.gz "$RES_DIR" upstat="$(curl --silent --write-out "\n%{http_code}\n" \ --form project="PROJECT_NAME" \ --form token="$COVERITY_SCAN_TOKEN" \ --form email="$NOTIFY_EMAIL" \ --form file=@libass.tar.gz \ --form version="${{ github.sha }}" \ --form description="GitHubActions CI build" \ "$UPLOAD_URL")" if [ "$?" -ne 0 ] ; then echo "Upload failed (curl error)" exit_code=1 elif echo "$upstat" | tail -n 1 | grep -Eq '^2[0-9]{2}$' ; then echo "Upload successful." else echo "Upload failed (server error)" exit_code=1 fi echo "$upstat" | head exit $exit_code fi