Skip to content
Coverity Scan

Bump github/codeql-action from 4.30.9 to 4.31.2 (#1894) #237

Sign in to view logs

Bump github/codeql-action from 4.30.9 to 4.31.2 (#1894)

Bump github/codeql-action from 4.30.9 to 4.31.2 (#1894) #237

Workflow file for this run

.github/workflows/coverity.yml at 0993eb2
# Copyright (c) 2024-2025 Intel Corporation
#
# Licensed under the Apache License, Version 2.0 (the "License");
# you may not use this file except in compliance with the License.
# You may obtain a copy of the License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
# See the License for the specific language governing permissions and
# limitations under the License.
name: Coverity Scan
on:
# Only run on push to master branch
push:
branches: [master]
permissions: read-all
env:
BUILD_CONCURRENCY: 4
COVERITY_PROJECT: oneapi-src%2FoneTBB
jobs:
coverity_linux:
name: Coverity Linux
if: github.repository == 'uxlfoundation/oneTBB'
runs-on: [ubuntu-latest]
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: audit
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download Linux 64 Coverity Tool
run: |
curl https://scan.coverity.com/download/cxx/linux64 --output ${GITHUB_WORKSPACE}/cov-linux64-tool.tar.gz \
--data "token=${{secrets.COVERITY_TOKEN}}&project=${{env.COVERITY_PROJECT}}"
mkdir cov-linux64-tool
tar -xzf cov-linux64-tool.tar.gz --strip 1 -C cov-linux64-tool
- name: Build with cov-build
run: |
export PATH="${PWD}/cov-linux64-tool/bin:${PATH}"
mkdir build && cd build
cmake -DCMAKE_CXX_STANDARD=20 -DCMAKE_BUILD_TYPE=relwithdebinfo \
-DCMAKE_CXX_COMPILER=g++ -DCMAKE_C_COMPILER=gcc -DTBB_CPF=ON ..
cov-build --dir cov-int make VERBOSE=1 -j${{env.BUILD_CONCURRENCY}}
- name: Archive Coverity build results
run: |
cd build
tar -czvf cov-int.tgz cov-int
- name: Submit Coverity results for analysis
run: |
cd build
curl \
--form token="${{ secrets.COVERITY_TOKEN }}" \
--form email="${{ secrets.COVERITY_EMAIL }}" \
--form [email protected] \
--form version="${GITHUB_SHA}" \
--form description="" \
"https://scan.coverity.com/builds?project=${{env.COVERITY_PROJECT}}"
coverity_windows:
name: Coverity Windows
if: github.repository == 'uxlfoundation/oneTBB'
runs-on: [windows-latest]
steps:
- name: Harden the runner (Audit all outbound calls)
uses: step-security/harden-runner@f4a75cfd619ee5ce8d5b864b0d183aff3c69b55a # v2.13.1
with:
egress-policy: audit
- uses: actions/checkout@08c6903cd8c0fde910a37f88322edcfb5dd907a8 # v5.0.0
- name: Download Windows 64 Coverity Tool
run: |
curl https://scan.coverity.com/download/cxx/win64 -o cov-win64-tool.zip -d "token=${{secrets.COVERITY_TOKEN}}&project=${{env.COVERITY_PROJECT}}"
7z x cov-win64-tool.zip
del cov-win64-tool.zip
move cov-analysis-win64* cov-win64-tool
- name: Setup MSBuild
uses: microsoft/setup-msbuild@6fb02220983dee41ce7ae257b6f4d8f9bf5ed4ce # v2.0.0
- name: Build with cov-build
shell: bash
run: |
export PATH="${PWD}/cov-win64-tool/bin:${PATH}"
cmake -DCMAKE_CXX_STANDARD=14 -DCMAKE_BUILD_TYPE=relwithdebinfo \
-DCMAKE_CXX_COMPILER=cl -DCMAKE_C_COMPILER=cl -DTBB_CPF=ON .
cov-configure --msvc
cov-build --dir cov-int msbuild.exe ALL_BUILD.vcxproj -m -v:n
- name: Archive Coverity build results
run: |
7z a -r cov-int.zip cov-int
- name: Submit Coverity results for analysis
run: |
curl --form token="${{ secrets.COVERITY_TOKEN }}" --form email="${{ secrets.COVERITY_EMAIL }}" --form [email protected] --form version="${GITHUB_SHA}" --form description="" "https://scan.coverity.com/builds?project=${{env.COVERITY_PROJECT}}"