openssl/.github/workflows/static-analysis.yml
Matt Caswell 27d8827052 Further tweaks to the CI runs for fuzzing
Have a new job just to run the fuzz tests with fuzzing build mode enabled.

Reviewed-by: Tomas Mraz <tomas@openssl.org>
Reviewed-by: Hugo Landau <hlandau@openssl.org>
(Merged from https://github.com/openssl/openssl/pull/22368)
2023-10-23 10:08:22 +01:00

46 lines
1.7 KiB
YAML

# Copyright 2021-2023 The OpenSSL Project Authors. All Rights Reserved.
#
# Licensed under the Apache License 2.0 (the "License"). You may not use
# this file except in compliance with the License. You can obtain a copy
# in the file LICENSE in the source distribution or at
# https://www.openssl.org/source/license.html
name: Static Analysis
#Run once a day
on:
schedule:
- cron: '20 0 * * *'
permissions:
contents: read
jobs:
coverity:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v4
- name: tool download
run: |
wget https://scan.coverity.com/download/linux64 \
--post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openssl%2Fopenssl" \
--progress=dot:giga -O coverity_tool.tgz
- name: config
run: CC=gcc ./config --banner=Configured --debug enable-fips enable-rc5 enable-md2 enable-ssl3 enable-nextprotoneg enable-ssl3-method enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC
- name: config dump
run: ./configdata.pm --dump
- name: tool install
run: tar xzf coverity_tool.tgz
- name: make
run: ./cov-analysis*/bin/cov-build --dir cov-int make -s -j4
- name: archive
run: tar czvf openssl.tgz cov-int
- name: Coverity upload
run: |
curl --form token="${{ secrets.COVERITY_TOKEN }}" \
--form email=openssl-commits@openssl.org \
--form file=@openssl.tgz \
--form version="`date -u -I` `git rev-parse --short HEAD`" \
--form description="analysis of `git branch --show-current`" \
https://scan.coverity.com/builds?project=openssl%2Fopenssl