Taylor Blau <me@xxxxxxxxxxxx> writes: > This fell to the bottom of my queue, but I got back to it today while > doing some ~~spring~~ fall inbox cleaning :-). Thanks Peff and Johannes > for helpful review in the first round. Range-diff is below: > > Range-diff against v1: > 1: f74ae75ddb < -: ---------- .github/workflows: add coverity action > -: ---------- > 1: b23951c569 .github/workflows: add coverity action That's a useful range-diff ;-). Even with --word-diff, range-diff does not notice that they correspond to each other, without an absurd setting like --creation-factor=999. > .github/workflows/coverity.yml | 22 ++++++++++++++++++++++ > ci/install-dependencies.sh | 2 +- > ci/lib.sh | 2 +- > 3 files changed, 24 insertions(+), 2 deletions(-) > create mode 100644 .github/workflows/coverity.yml > > diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml > new file mode 100644 > index 0000000000..3ba00b3929 > --- /dev/null > +++ b/.github/workflows/coverity.yml > @@ -0,0 +1,22 @@ > +name: Coverity > + > +on: [push, pull_request] This no longer hardcocdes the condition to master and tagged ones, as ... > +jobs: > + coverity: > + if: (vars.ENABLE_COVERITY == 'true') && > + (vars.COVERITY_BRANCHES == '' || > + contains(vars.COVERITY_BRANCHES, github.ref_name) || > + contains(vars.COVERITY_BRANCHES, '*')) ... this lets you control when to run it via the "vars". This round also can act on pull-requests in addition to pushes. > + runs-on: ubuntu-latest > + steps: > + - uses: actions/checkout@v3 > + - run: ci/install-dependencies.sh > + env: > + jobname: coverity > + - uses: vapier/coverity-scan-action@cae3c096a2eb21c431961a49375ac17aea2670ce > + with: > + email: ${{ secrets.COVERITY_SCAN_EMAIL }} > + token: ${{ secrets.COVERITY_SCAN_TOKEN }} > + command: make -j8 And the actual implementation is vastly different by just using a canned one, which requires less maintenance on our end, which is nice. > diff --git a/ci/lib.sh b/ci/lib.sh > index 6fbb5bade1..2ad0ae340e 100755 > --- a/ci/lib.sh > +++ b/ci/lib.sh > @@ -227,7 +227,7 @@ export SKIP_DASHED_BUILT_INS=YesPlease > > case "$runs_on_pool" in > ubuntu-*) > - if test "$jobname" = "linux-gcc-default" > + if test "$jobname" = "linux-gcc-default" || test "$jobname" = "coverity" > then > break > fi This part is new in this iteration, to avoid further customization that enables more exotic features, which makes sense.