blob: 236d60eb2f817a4286a3085e9154e3fcd111729e (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
|
name: GitHub CI tests
on:
push:
branches: [master, ci, coverity_scan]
pull_request:
jobs:
build:
runs-on: ${{ matrix.os }}
strategy:
matrix:
os: [ubuntu-18.04, macos-10.15]
cc: [gcc, clang]
exclude:
- os: macos-10.15
cc: gcc
include:
# Enable distcheck for one build
- os: ubuntu-18.04
cc: gcc
do_distc: yes
# Run Coverity on a clang build; Coverity's gcc causes issues
- os: ubuntu-18.04
cc: clang
do_coverity: yes
steps:
- name: checkout code
uses: actions/checkout@v2
- name: install deps
run: |
if echo "${{ matrix.os }}" | grep -qE '^macos-' ; then
#brew update
# fontconfig, freetype, autoconf and libtool are preinstalled
# and `brew install` fails if a non-uptodate version is already installed
#brew upgrade fontconfig freetype autoconf libtool
brew install automake fribidi harfbuzz nasm
else
sudo apt-get update #&& sudo apt-get upgrade
sudo apt-get install -y \
libfontconfig1-dev libfreetype6-dev libfribidi-dev \
libharfbuzz-dev nasm ${{ matrix.cc }}
fi
- name: configure
run: ./autogen.sh && CC="${{ matrix.cc }}" ./configure
- name: compile
run: test "x${{ matrix.do_distc }}" = "xyes" || make -j 2
- name: distcheck
run: if [ "x${{ matrix.do_distc }}" = "xyes" ] ; then make -j 2 distcheck; fi
- name: Coverity scan
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
PROJECT_NAME: libass/libass
NOTIFY_EMAIL: none@example.com
TOOL_URL: https://scan.coverity.com/download/
UPLOAD_URL: https://scan.coverity.com/builds?project=libass%2Flibass
SCAN_URL: https://scan.coverity.com
RES_DIR: cov-int
run: |
if [ "x${{ matrix.do_coverity }}" = "xyes" ] \
&& [ "x${{ github.repository }}" = "xlibass/libass" ] \
&& [ "x${{ github.event_name }}" != "xpull_request" ]
then
exit_code=0
echo "Running Coverity ..."
# Remove previous build output
make clean
# The upstream script is borked and always exits with 1 even on success
# To get meaningful success/error status we're using our own script
# but we still want to be informed about upstream script changes
if curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh \
| shasum -a 256 \
| grep -Eq '^234d71b4a5257a79559e66dd3ba5765576d2af4845da83af4975b77b14ab536b '
then
: remote unchanged
else
echo "Coverity's travis script changed!"
exit_code=1
fi
# Check if we are within quoata
quota_res="$(curl -s --form project="$PROJECT_NAME" \
--form token="$COVERITY_SCAN_TOKEN" \
"$SCAN_URL"/api/upload_permitted)"
if [ "$?" -ne 0 ] || [ "x$quota_res" = "xAccess denied" ] ; then
echo "Coverity denied access or did not respond!"
exit 1
elif echo "$quota_res" | grep -Eq 'upload_permitted": *true' ; then
echo "Within Coverity quota."
else
echo "Exceeding Coverity quota! Try again later."
echo "$quota_res" | grep -Eo 'next_upload_permitted_at":[^,}]*'
exit 0
fi
# Download cov tool and make it available
wget -nv "$TOOL_URL""$(uname)" \
--post-data "project=$PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" \
-O cov-analysis-tool.tar.gz
mkdir cov-analysis-tool
tar xzf cov-analysis-tool.tar.gz --strip 1 -C cov-analysis-tool
export PATH="$(pwd)/cov-analysis-tool/bin:$PATH"
# Coverity Build
echo "Starting Coverity build..."
#mkdir "$RES_DIR" # already done by cov-build
COVERITY_UNSUPPORTED=1 cov-build --dir "$RES_DIR" make -j 2
cov-import-scm --dir "$RES_DIR" --scm git --log "$RES_DIR/scm_log.txt" 2>&1
# Submit results to Coverity's server
tar czf libass.tar.gz "$RES_DIR"
upstat="$(curl --silent --write-out "\n%{http_code}\n" \
--form project="PROJECT_NAME" \
--form token="$COVERITY_SCAN_TOKEN" \
--form email="$NOTIFY_EMAIL" \
--form file=@libass.tar.gz \
--form version="${{ github.sha }}" \
--form description="GitHubActions CI build" \
"$UPLOAD_URL")"
if [ "$?" -ne 0 ] ; then
echo "Upload failed (curl error)"
exit_code=1
elif echo "$upstat" | tail -n 1 | grep -Eq '^2[0-9]{2}$' ; then
echo "Upload successful."
else
echo "Upload failed (server error)"
exit_code=1
fi
echo "$upstat" | head
exit $exit_code
fi
|