Coverity Scan Workflow Fix (FreeRTOS#891)

Skptak · web-flow · commit 09c4c4bae968 · 2023-11-23T22:17:31.000+05:30
Currently the Coverity Scan attempts to run on every fork that pulls
the file. This leads to anybody who pulls this file getting emails that 
their workflow failed to run when the cron job attempts to run. This
PR sets the scan to only run if the repo is FreeRTOS/FreeRTOS-Kernel.
Also, change the scan from a cron job to a job that runs on a commit
to mainline, or if triggered manually.
diff --git a/.github/workflows/coverity_scan.yml b/.github/workflows/coverity_scan.yml
@@ -1,47 +1,87 @@
-name: FreeRTOS-Kernel Coverity Scan
+name: Coverity Scan
 on:
-  schedule: ## Scheduled to run at 1:15 AM UTC daily.
-    - cron: '15 1 * * *'
+  # Run on every commit to mainline
+  push:
+    branches: main
+  # Allow manual running of the scan
+  workflow_dispatch:
 
+env:
+  bashPass: \033[32;1mPASSED -
+  bashInfo: \033[33;1mINFO -
+  bashFail: \033[31;1mFAILED -
+  bashEnd:  \033[0m
 
 jobs:
-
   Coverity-Scan:
+    if: ( github.repository == 'FreeRTOS/FreeRTOS-Kernel' )
     name: Coverity Scan
     runs-on: ubuntu-latest
     steps:
       - name: Checkout the Repository
         uses: actions/checkout@v3
 
-      - name: Install Build Essentials
+      - env:
+          stepName: Install Build Essentials
         shell: bash
         run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
           sudo apt-get -y update
           sudo apt-get -y install build-essential
 
-      - name: Install Coverity Build
-        shell: bash
-        env:
+          echo "::endgroup::"
+          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
+      - env:
+          stepName: Install Coverity Build
           COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+        shell: bash
         run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
           wget -nv -qO- https://scan.coverity.com/download/linux64 --post-data "token=${COVERITY_TOKEN}&project=FreeRTOS-Kernel" | tar -zx --one-top-level=cov_scan --strip-components 1
           echo "cov_scan_path=$(pwd)/cov_scan/bin" >> $GITHUB_ENV
 
-      - name: Coverity Build & Upload for Scan
-        shell: bash
-        env:
+          echo "::endgroup::"
+          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
+
+      - env:
+          stepName: Coverity Build & Upload for Scan
           COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
           COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        shell: bash
         run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
           export PATH="$PATH:${{env.cov_scan_path}}"
           cmake -S ./examples/cmake_example/ -B build
           cd build
           cov-build --dir cov-int make -j
-          tar czvf gcc_freertos_kerenl_sample_build.tgz cov-int
+          tar czvf gcc_freertos_kernel_sample_build.tgz cov-int
+
+          echo "::endgroup::"
+          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
+
+      - env:
+          stepName: Upload Coverity Report for Scan
+          COVERITY_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+          COVERITY_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        shell: bash
+        run: |
+          # ${{ env.stepName }}
+          echo -e "::group::${{ env.bashInfo }} ${{ env.stepName }} ${{ env.bashEnd }}"
+
           COV_SCAN_UPLOAD_STATUS=$(curl --form token=${COVERITY_TOKEN} \
             --form email=${COVERITY_EMAIL} \
-            --form file=@gcc_freertos_kerenl_sample_build.tgz \
+            --form file=@gcc_freertos_kernel_sample_build.tgz \
             --form version="Mainline" \
-            --form description="FreeRTOS Kernel Nightly Scan" \
+            --form description="FreeRTOS Kernel Commit Scan" \
             https://scan.coverity.com/builds?project=FreeRTOS-Kernel)
+
+          echo "::endgroup::"
+          echo -e "${{ env.bashPass }} ${{ env.stepName }} ${{ env.bashEnd }} "
           echo "${COV_SCAN_UPLOAD_STATUS}" | grep -q -e 'Build successfully submitted' || echo >&2 "Error submitting build for analysis: ${COV_SCAN_UPLOAD_STATUS}"
