Skip to content

build: add coverity workflow #3096

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged
igaw merged 1 commit into from
Feb 13, 2026
+76 −0
Merged

build: add coverity workflow #3096

Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
76 changes: 76 additions & 0 deletions .github/workflows/coverity.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,76 @@
---
name: coverity

on:
schedule:
# Run weekly on Mondays at 00:00 UTC
- cron: '0 0 * * 1'
workflow_dispatch:
inputs:
ref:
description: 'Branch, tag, or ref to check out (leave empty for default branch)'
required: false
default: ''

jobs:
coverity-scan:
if: github.repository == 'linux-nvme/nvme-cli'
name: coverity scan
runs-on: ubuntu-latest
container:
image: ghcr.io/linux-nvme/debian:latest
steps:
- uses: actions/checkout@v5
with:
ref: ${{ github.event.inputs.ref || github.ref }}
fetch-depth: 0

- name: Mark repo as safe for git
run: git config --global --add safe.directory "$GITHUB_WORKSPACE"

- name: Get version info
id: version
run: |
VERSION="$(git describe --always --abbrev=12 --dirty)"
echo "version=${VERSION}" >> $GITHUB_OUTPUT
echo "Building version: ${VERSION}"
echo "Current SHA: $(git rev-parse HEAD)"

- name: Download Coverity Build Tool
run: |
wget -q https://scan.coverity.com/download/linux64 \
--post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=linux-nvme%2Fnvme-cli" \
-O coverity_tool.tgz
mkdir coverity-tools
tar xzf coverity_tool.tgz --strip 1 -C coverity-tools

- name: Configure build
run: |
meson setup .build

- name: Build with Coverity
run: |
export PATH="$PWD/coverity-tools/bin:$PATH"
cov-build --dir cov-int ninja -C .build

- name: Create Coverity tarball
run: |
tar czvf nvme-cli-coverity.tgz cov-int

- name: Upload to Coverity Scan
run: |
curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
--form email=${{ secrets.COVERITY_SCAN_EMAIL }} \
--form [email protected] \
--form version="${{ steps.version.outputs.version }}" \
--form description="Automated Coverity Scan from ${{ github.event_name }}" \
https://scan.coverity.com/builds?project=linux-nvme%2Fnvme-cli

- uses: actions/upload-artifact@v5
name: upload coverity artifacts
if: failure()
with:
name: coverity-results
path: |
cov-int/
nvme-cli-coverity.tgz