diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 00000000..5d6de437 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,50 @@ +# example workflow for Coverity scans using the Synopsys Action +# https://github.com/marketplace/actions/synopsys-action +name: coverity-snps-action +on: + push: + branches: [ main, master, develop, stage, release ] + pull_request: + branches: [ main, master, develop, stage, release ] + workflow_dispatch: +jobs: + coverity: + runs-on: ubuntu-latest + steps: + - name: Checkout Source + uses: actions/checkout@v4 + - name: Setup Java JDK + uses: actions/setup-java@v4 + with: + java-version: 17 + distribution: microsoft + cache: maven + - name: Coverity Full Scan + if: ${{ github.event_name != 'pull_request' }} + uses: synopsys-sig/synopsys-action@v1.9.0 + with: + coverity_url: ${{ vars.COVERITY_URL }} + coverity_user: ${{ secrets.COV_USER }} + coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} + coverity_project_name: 'JavaSecCode' # ${{ github.event.repository.name }} + coverity_stream_name: 'JavaSecCode' # ${{ github.event.repository.name }}-${{ github.ref_name }} + coverity_policy_view: 'Outstanding Issues' + # coverity_local: true + - name: Coverity PR Scan + if: ${{ github.event_name == 'pull_request' }} + uses: synopsys-sig/synopsys-action@v1.9.0 + with: + coverity_url: ${{ vars.COVERITY_URL }} + coverity_user: ${{ secrets.COV_USER }} + coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} + coverity_project_name: ${{ github.event.repository.name }} + coverity_stream_name: ${{ github.event.repository.name }}-${{ github.base_ref }} + coverity_prComment_enabled: true + github_token: ${{ secrets.GITHUB_TOKEN }} + # coverity_local: true +# - name: Save Logs +# if: always() +# uses: actions/upload-artifact@v4 +# with: +# name: bridge-logs +# path: ${{ github.workspace }}/.bridge