Skip to content

Commit 1dc77ce

Browse files
authored
Restore Coverity Scan static analysis as a GitHub Actions workflow (#557)
## What this does The Coverity Scan static analysis used to run from the Travis CI build matrix (the `COVERITY_SCAN_*` job in `.travis.yml`). Travis is gone, so the analysis stopped running even though the Coverity project at https://scan.coverity.com/projects/srombauts-sqlitecpp and its README badge are still there. This adds a dedicated GitHub Actions workflow (`.github/workflows/coverity.yml`) that brings it back. It uses the official `vapier/coverity-scan-action`, which downloads the Coverity build tool, compiles the library through `cov-build`, and uploads the result to the same project. ## How it runs - On pushes to `master` and on manual `workflow_dispatch`. - Only in the upstream `SRombauts/SQLiteCpp` repository, guarded by an `if` on `github.repository`, because the secret token is not readable from forks. - The build is configured with tests and examples off, since the analysis only needs the library to compile. ## One setup step before it works The workflow reads the project token from a repository secret named `COVERITY_SCAN_TOKEN`. The old Travis job stored the same token encrypted in `.travis.yml`, so that ciphertext cannot be reused here. To enable the workflow, add the token under **Settings -> Secrets and variables -> Actions -> New repository secret**: - Name: `COVERITY_SCAN_TOKEN` - Value: the project token from the Coverity **Project Settings** tab. The notification email is set to `sebastien.rombauts@gmail.com` in the workflow, matching the old Travis config. Until the secret is added, the job fails at the upload step with an authentication error and nothing else is affected. ## Notes - `.travis.yml` is left untouched; this PR only adds the GitHub Actions equivalent. - Added a CHANGELOG entry under the open 3.4.0 section.
2 parents b2d9b02 + 311c5cd commit 1dc77ce

2 files changed

Lines changed: 42 additions & 0 deletions

File tree

.github/workflows/coverity.yml

Lines changed: 41 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,41 @@
1+
name: Coverity Scan
2+
3+
# Coverity Scan static analysis. The action needs the secret project token,
4+
# which forks cannot read, so this runs only on pushes to master in the
5+
# upstream repository, plus manual dispatch.
6+
on:
7+
push:
8+
branches: [master]
9+
workflow_dispatch:
10+
11+
jobs:
12+
coverity:
13+
name: Ubuntu GCC Coverity Scan
14+
runs-on: ubuntu-24.04
15+
if: github.repository == 'SRombauts/SQLiteCpp'
16+
17+
steps:
18+
- name: Checkout ${{ github.ref_name }}
19+
uses: actions/checkout@v4
20+
- run: git submodule update --init --recursive
21+
22+
- run: mkdir build
23+
24+
# Configure before Coverity wraps the compilation. The analysis only needs
25+
# the library to compile, so the tests and examples are left out.
26+
- name: Configure
27+
working-directory: build
28+
env:
29+
CC: gcc
30+
CXX: g++
31+
run: cmake -DCMAKE_VERBOSE_MAKEFILE=ON -DCMAKE_BUILD_TYPE=Debug -DBUILD_SHARED_LIBS=OFF -DSQLITECPP_BUILD_TESTS=OFF -DSQLITECPP_BUILD_EXAMPLES=OFF -DSQLITECPP_RUN_CPPCHECK=OFF -DSQLITECPP_RUN_CPPLINT=OFF ..
32+
33+
# Download the Coverity build tool, run the build through cov-build, then
34+
# upload the result to https://scan.coverity.com/projects/srombauts-sqlitecpp
35+
- name: Coverity Scan
36+
uses: vapier/coverity-scan-action@v1
37+
with:
38+
project: SRombauts/SQLiteCpp
39+
email: sebastien.rombauts@gmail.com
40+
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
41+
command: cmake --build build --config Debug

CHANGELOG.md

Lines changed: 1 addition & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -307,3 +307,4 @@ Version 3.4.0 - 2026 ???
307307
- Fix Database::isUnencrypted() to compare the full 16-byte header in binary mode (#553)
308308
- Fix execute_many() to clear stale bindings between parameter sets (#554)
309309
- Fix Column::operator<< to stream the exact column bytes via getString() (#556)
310+
- Restore the Coverity Scan static analysis as a GitHub Actions workflow, replacing the old Travis CI job

0 commit comments

Comments
 (0)