Adding coverity scan to the project #1
Workflow file for this run
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Coverity Scan | |
| on: | |
| push: | |
| branches: [ develop ] | |
| pull_request: | |
| branches: [ develop ] | |
| types: [opened, synchronize, ready_for_review] | |
| workflow_dispatch: | |
| permissions: | |
| contents: read | |
| pull-requests: write | |
| actions: write | |
| id-token: write | |
| env: | |
| COVERITY_PROJECT_NAME: securefederatedai-openfl | |
| COVERITY_STREAM_NAME: securefederatedai-openfl | |
| COVERITY_URL: https://scan.coverity.com | |
| jobs: | |
| build: | |
| runs-on: ubuntu-latest | |
| environment: dev | |
| steps: | |
| - name: Pre-build Cleanup | |
| if: ${{ always() }} | |
| continue-on-error: true | |
| run: | | |
| rm -fr * || true | |
| rm -fr .* || true | |
| - name: Checkout Source | |
| uses: actions/checkout@v3 | |
| - name: Coverity Full Scan | |
| uses: synopsys-sig/[email protected] | |
| with: | |
| coverity_url: ${{ env.COVERITY_URL }} | |
| coverity_user: ${{ secrets.COVERITY_USER }} | |
| coverity_passphrase: ${{ secrets.COVERITY_TOKEN}} | |
| coverity_project_name: ${{ env.COVERITY_PROJECT_NAME }} | |
| coverity_stream_name: ${{ env.COVERITY_STREAM_NAME }} | |
| #coverity_policy_view: 'Outstanding Issues' | |
| coverity_waitForScan: true # Used to support the async mode | |
| #coverity_local: true | |
| # coverity_install_directory: "${{ vars.COVERITY_PATH }}/cov-analysis" | |
| ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded | |
| include_diagnostics: true | |
| - name: Coverity PR Scan | |
| if: ${{ github.event_name == 'pull_request' }} | |
| uses: synopsys-sig/[email protected] | |
| with: | |
| coverity_url: ${{ env.COVERITY_URL }} | |
| coverity_user: ${{ secrets.COVERITY_USER }} | |
| coverity_passphrase: ${{ secrets.COVERITY_TOKEN}} | |
| coverity_project_name: ${{ env.COVERITY_PROJECT_NAME }} | |
| coverity_stream_name: ${{ env.COVERITY_STREAM_NAME }} | |
| #coverity_policy_view: 'Outstanding Issues' | |
| #coverity_local: true | |
| coverity_waitForScan: true | |
| #coverity_install_directory: "${{ vars.COVERITY_PATH }}/cov-analysis" | |
| ### Below configuration is used to enable feedback from Coverity security testing as pull request comment | |
| coverity_prComment_enabled: true | |
| github_token: ${{ secrets.GITHUB_TOKEN }} # Mandatory when coverity_prComment_enabled is set to 'true' | |
| # project_directory: ${{ vars.PROJECT_DIRECTORY }} | |
| ### Uncomment below configuration if Synopsys Bridge diagnostic files needs to be uploaded | |
| include_diagnostics: true |