diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000000..f2884ec07f --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,60 @@ +# Copyright (c) 2024 Intel Corporation +# +# Licensed under the Apache License, Version 2.0 (the "License"); +# you may not use this file except in compliance with the License. +# You may obtain a copy of the License at +# +# http://www.apache.org/licenses/LICENSE-2.0 +# +# Unless required by applicable law or agreed to in writing, software +# distributed under the License is distributed on an "AS IS" BASIS, +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. +# See the License for the specific language governing permissions and +# limitations under the License. + +name: Coverity Scan + +on: + push: + branches: [master] + +permissions: read-all + +env: + BUILD_CONCURRENCY: 4 + COVERITY_PROJECT: oneapi-src%2FoneTBB + +jobs: + coverity_linux: + name: Coverity Linux + runs-on: [ubuntu-latest] + steps: + - uses: actions/checkout@v4 + - name: Download Linux 64 Coverity Tool + run: | + curl https://scan.coverity.com/download/cxx/linux64 --output ${GITHUB_WORKSPACE}/cov-linux64-tool.tar.gz \ + --data "token=${{secrets.COVERITY_TOKEN}}&project=${{env.COVERITY_PROJECT}}" + ls -l ${GITHUB_WORKSPACE} + mkdir cov-linux64-tool + tar -xzf cov-linux64-tool.tar.gz --strip 1 -C cov-linux64-tool + - name: Build with cov-build + run: | + export PATH="${PWD}/cov-linux64-tool/bin:${PATH}" + mkdir build && cd build + cmake -DCMAKE_CXX_STANDARD=20 -DCMAKE_BUILD_TYPE=relwithdebinfo \ + -DCMAKE_CXX_COMPILER=g++ -DCMAKE_C_COMPILER=gcc -DTBB_CPF=ON .. + cov-build --dir cov-int make VERBOSE=1 -j${{env.BUILD_CONCURRENCY}} + - name: Archive Coverity build results + run: | + cd build + tar -czvf cov-int.tgz cov-int + - name: Submit Coverity results for analysis + run: | + cd build + curl \ + --form token="${{ secrets.COVERITY_TOKEN }}" \ + --form email="${{ secrets.COVERITY_EMAIL }}" \ + --form file=@cov-int.tgz \ + --form version="${GITHUB_SHA}" \ + --form description="" \ + "https://scan.coverity.com/builds?project=${{env.COVERITY_PROJECT}}" diff --git a/README.md b/README.md index 2e7c2e81ba..8ebcc39ef3 100644 --- a/README.md +++ b/README.md @@ -3,6 +3,7 @@ [![Join the community on GitHub Discussions](https://badgen.net/badge/join%20the%20discussion/on%20github/blue?icon=github)](https://github.com/oneapi-src/oneTBB/discussions) [![OpenSSF Best Practices](https://www.bestpractices.dev/projects/9125/badge)](https://www.bestpractices.dev/projects/9125) [![OpenSSF Scorecard](https://api.securityscorecards.dev/projects/github.com/oneapi-src/oneTBB/badge)](https://securityscorecards.dev/viewer/?uri=github.com/oneapi-src/oneTBB) +[![Coverity Scan Build Status](https://img.shields.io/coverity/scan/30373.svg)](https://scan.coverity.com/projects/oneapi-src-onetbb) oneTBB is a flexible C++ library that simplifies the work of adding parallelism to complex applications, even if you are not a threading expert.