| # Copyright 2021-2026 The OpenSSL Project Authors. All Rights Reserved. |
| # |
| # Licensed under the Apache License 2.0 (the "License"). You may not use |
| # this file except in compliance with the License. You can obtain a copy |
| # in the file LICENSE in the source distribution or at |
| # https://www.openssl.org/source/license.html |
| |
| name: Static Analysis On Prem |
| |
| on: |
| schedule: |
| - cron: '25 02 * * *' |
| workflow_dispatch: |
| |
| permissions: |
| contents: read |
| |
| jobs: |
| coverity-analysis: |
| if: github.repository == 'openssl/openssl' |
| runs-on: ubuntu-latest |
| container: quay.io/openssl-ci/coverity-analysis:2024.3.1 |
| steps: |
| - name: Put license |
| run: echo ${{ secrets.COVERITY_LICENSE }} | base64 -d > /opt/coverity-analysis/bin/license.dat |
| - name: Put auth key file |
| run: | |
| echo ${{ secrets.COVERITY_AUTH_KEY }} | base64 -d > /auth_key_file.txt |
| chmod 0600 /auth_key_file.txt |
| - uses: actions/checkout@v6 |
| with: |
| persist-credentials: false |
| - name: Config |
| run: CC=gcc ./config --strict-warnings --banner=Configured --debug enable-lms enable-fips enable-rc5 enable-md2 enable-nextprotoneg enable-weak-ssl-ciphers enable-zlib enable-ec_nistp_64_gcc_128 no-shared enable-buildtest-c++ enable-external-tests -DPEDANTIC |
| - name: Config dump |
| run: ./configdata.pm --dump |
| - name: Make |
| run: cov-build --dir cov-int make -s -j4 |
| - name: Analyze |
| run: cov-analyze --dir cov-int --strip-path $(pwd) |
| - name: Commit defects |
| run: cov-commit-defects --url https://coverity.openssl.org:443 --stream OpenSSL --dir cov-int --auth-key-file /auth_key_file.txt |
