@@ -47,10 +47,46 @@ jobs:
4747 email_len=${#email_var}
4848 echo "$email_len"
4949
50- - uses : vapier/coverity-scan-action@v1
50+ - name : Cache key (month-based, tool updates ~twice yearly)
51+ id : cov-cache-key
52+ run : echo "key=$(date +%Y-%m)" >> $GITHUB_OUTPUT
53+
54+ - name : Cache Coverity Build Tool
55+ id : cov-build-cache
56+ uses : actions/cache@v4
5157 with :
52- build_language : ' cxx'
53- project : " wolfTPM"
54- token : ${{ secrets.COVERITY_SCAN_TOKEN_WOLFTPM }}
55- email : ${{ secrets.COVERITY_SCAN_EMAIL }}
56- command : " make"
58+ path : cov-analysis
59+ key : cov-build-cxx-linux64-${{ steps.cov-cache-key.outputs.key }}
60+
61+ - name : Download Coverity Build Tool
62+ if : steps.cov-build-cache.outputs.cache-hit != 'true'
63+ env :
64+ TOKEN : ${{ secrets.COVERITY_SCAN_TOKEN_WOLFTPM }}
65+ run : |
66+ curl https://scan.coverity.com/download/cxx/linux64 \
67+ --no-progress-meter \
68+ --output cov-analysis.tar.gz \
69+ --data "token=${TOKEN}&project=wolfTPM"
70+ mkdir -p cov-analysis
71+ tar -xzf cov-analysis.tar.gz --strip 1 -C cov-analysis
72+
73+ - name : Build with cov-build
74+ run : |
75+ export PATH="${PWD}/cov-analysis/bin:${PATH}"
76+ cov-build --dir cov-int make
77+
78+ - name : Archive results
79+ run : tar -czvf cov-int.tgz cov-int
80+
81+ - name : Submit results to Coverity Scan
82+ env :
83+ TOKEN : ${{ secrets.COVERITY_SCAN_TOKEN_WOLFTPM }}
84+ EMAIL : ${{ secrets.COVERITY_SCAN_EMAIL }}
85+ run : |
86+ curl \
87+ --form token="${TOKEN}" \
88+ --form email="${EMAIL}" \
89+ --form file=@cov-int.tgz \
90+ --form version="${GITHUB_SHA}" \
91+ --form description="coverity-scan wolfSSL/wolfTPM / ${GITHUB_REF}" \
92+ "https://scan.coverity.com/builds?project=wolfTPM"
0 commit comments