mirror of
https://github.com/libexpat/libexpat.git
synced 2025-04-05 05:05:00 +00:00
9c7609a007
Bumps [actions/upload-artifact](https://github.com/actions/upload-artifact) from 4.6.1 to 4.6.2.
- [Release notes](https://github.com/actions/upload-artifact/releases)
- [Commits](4cec3d8aa0...ea165f8d65)
---
updated-dependencies:
- dependency-name: actions/upload-artifact
dependency-type: direct:production
update-type: version-update:semver-patch
...
Signed-off-by: dependabot[bot] <support@github.com>
125 lines
4.9 KiB
YAML
125 lines
4.9 KiB
YAML
# __ __ _
|
|
# ___\ \/ /_ __ __ _| |_
|
|
# / _ \\ /| '_ \ / _` | __|
|
|
# | __// \| |_) | (_| | |_
|
|
# \___/_/\_\ .__/ \__,_|\__|
|
|
# |_| XML parser
|
|
#
|
|
# Copyright (c) 2024-2025 Sebastian Pipping <sebastian@pipping.org>
|
|
# Licensed under the MIT license:
|
|
#
|
|
# Permission is hereby granted, free of charge, to any person obtaining
|
|
# a copy of this software and associated documentation files (the
|
|
# "Software"), to deal in the Software without restriction, including
|
|
# without limitation the rights to use, copy, modify, merge, publish,
|
|
# distribute, sublicense, and/or sell copies of the Software, and to permit
|
|
# persons to whom the Software is furnished to do so, subject to the
|
|
# following conditions:
|
|
#
|
|
# The above copyright notice and this permission notice shall be included
|
|
# in all copies or substantial portions of the Software.
|
|
#
|
|
# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND,
|
|
# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF
|
|
# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT. IN
|
|
# NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE LIABLE FOR ANY CLAIM,
|
|
# DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION OF CONTRACT, TORT OR
|
|
# OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION WITH THE SOFTWARE OR THE
|
|
# USE OR OTHER DEALINGS IN THE SOFTWARE.
|
|
|
|
name: Upload build to Coverity Scan
|
|
|
|
on:
|
|
push:
|
|
branches:
|
|
- master
|
|
schedule:
|
|
- cron: '0 2 * * 5' # Every Friday at 2am
|
|
workflow_dispatch:
|
|
|
|
permissions:
|
|
contents: read
|
|
|
|
jobs:
|
|
coverity_scan_upload:
|
|
name: Upload build to Coverity Scan
|
|
# NOTE: The idea is not to bother fork repositories with a job
|
|
# that is doomed to fail
|
|
if: ${{ github.repository == 'libexpat/libexpat' }}
|
|
runs-on: ubuntu-24.04
|
|
steps:
|
|
- uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
|
|
with:
|
|
# The next two lines ensure clean and public-only submissions
|
|
repository: libexpat/libexpat
|
|
ref: master
|
|
# This will allow to do "git describe --tags" further done
|
|
fetch-depth: 0
|
|
|
|
- name: Determine version string
|
|
id: determine_version
|
|
run: |-
|
|
set -x
|
|
tee "${GITHUB_OUTPUT}" <<< "version=$(git describe --tags | sed -e 's,^R_,,' -e 's,_,.,g')"
|
|
tee -a "${GITHUB_OUTPUT}" <<< "git_commit=$(git rev-parse HEAD)"
|
|
|
|
- name: Install Clang 19
|
|
run: |-
|
|
set -x
|
|
source /etc/os-release
|
|
wget -O - https://apt.llvm.org/llvm-snapshot.gpg.key | sudo apt-key add -
|
|
sudo add-apt-repository "deb https://apt.llvm.org/${UBUNTU_CODENAME}/ llvm-toolchain-${UBUNTU_CODENAME}-19 main"
|
|
sudo apt-get update # due to new repository
|
|
sudo apt-get install --yes --no-install-recommends -V \
|
|
clang-19 \
|
|
libclang-rt-19-dev \
|
|
llvm-19
|
|
echo /usr/lib/llvm-19/bin >>"${GITHUB_PATH}"
|
|
|
|
- name: Install build dependencies
|
|
run: |-
|
|
set -x
|
|
sudo apt-get install --yes --no-install-recommends -V \
|
|
libprotobuf-dev \
|
|
protobuf-compiler
|
|
|
|
- name: Configure using CMake
|
|
run: |
|
|
set -x -o pipefail
|
|
|
|
type -P clang clang++
|
|
clang --version | head -n1
|
|
clang++ --version | head -n1
|
|
|
|
cd expat/
|
|
args=(
|
|
-DEXPAT_BUILD_DOCS=OFF
|
|
-DEXPAT_BUILD_FUZZERS=ON
|
|
|
|
# Tune compilation of fuzzers to (1) pass all sanity checks from
|
|
# CMakeLists.txt (that e.g. require use of fuzzers with sanitizers)
|
|
# and (2) ideally speed up compilation since no machine or human
|
|
# will be running the binaries we build for nothing but Coverity:
|
|
-DCMAKE_C_COMPILER=clang
|
|
-DCMAKE_CXX_COMPILER=clang++
|
|
-DCMAKE_{C,CXX}_FLAGS='-O1 -g -fsanitize=address'
|
|
-DCMAKE_{EXE,MODULE,SHARED}_LINKER_FLAGS='-g -fsanitize=address'
|
|
)
|
|
cmake "${args[@]}" -S . -B .
|
|
|
|
- uses: vapier/coverity-scan-action@2068473c7bdf8c2fb984a6a40ae76ee7facd7a85 # v1.8.0
|
|
with:
|
|
email: ${{ secrets.COVERITY_SCAN_EMAIL }}
|
|
token: ${{ secrets.COVERITY_SCAN_TOKEN }}
|
|
command: make VERBOSE=1
|
|
working-directory: "${{ github.workspace }}/expat"
|
|
version: "${{ steps.determine_version.outputs.version }}"
|
|
# NOTE: The commit here is not necessarily the same as ${{ github.sha }} that triggered the action.
|
|
description: "coverity-scan-action libexpat/libexpat / ${{ steps.determine_version.outputs.git_commit }}"
|
|
|
|
- name: Offer analysis tarball for inspection
|
|
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
|
|
with:
|
|
name: expat_coverity_scan_upload_${{ github.sha }}
|
|
path: expat/cov-int.tgz
|
|
if-no-files-found: error
|