Google Git
Sign in
fuchsia/third_party/github.com/stefanberger/swtpm/36a93edca671fc70eecf8721f5a30627328e9776^!/.
commit
36a93edca671fc70eecf8721f5a30627328e9776
[log]
author
Stefan Berger <stefanb@linux.ibm.com>
Tue Apr 08 21:30:31 2025 -0400
committer
Stefan Berger <stefanb@us.ibm.com>
Tue Apr 08 22:33:38 2025 -0400
tree
03e783fc640553de14710e70508d1d46a0900e58
parent
8a42a2f7e86d9cc73285b8daa91819daedd20d6e [diff]
ci: Add a coverity workflow

Trigger the coverity scan workflow when pushing to coverity_scan branch.

Signed-off-by: Stefan Berger <stefanb@linux.ibm.com>

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000..39b12e6
--- /dev/null
+++ b/.github/workflows/coverity.yml

@@ -0,0 +1,29 @@
+name: Coverity Scan
+
+on:
+  push:
+    branches: ["coverity_scan"]
+
+jobs:
+  coverity:
+    runs-on: ubuntu-latest
+    env:
+      LIBTPMS_CONFIG: "--without-tpm1"
+      PREFIX:         "/usr"
+      CONFIG:         "--with-openssl --prefix=/usr"
+    steps:
+      - name: Checkout
+        uses: actions/checkout@v4
+
+      - name: Build libtpms and swtpm
+        uses: ./.github/actions/test-swtpm
+
+      - name: Clean swtpm build to build it again
+        run: make clean
+
+      - uses: vapier/coverity-scan-action@v1
+        with:
+          command: make -j$(nproc)
+          project: swtpm
+          email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+          token: ${{ secrets.COVERITY_SCAN_TOKEN }}