Skip to content

ci: consolidate fuzz and coverity workflows#28

Closed
roshan-ku wants to merge 20 commits into
OpenVisualCloud:mainfrom
roshan-ku:workflowUpdates
Closed

ci: consolidate fuzz and coverity workflows#28
roshan-ku wants to merge 20 commits into
OpenVisualCloud:mainfrom
roshan-ku:workflowUpdates

Conversation

@roshan-ku

Copy link
Copy Markdown
Contributor

Description

Checklist

Code Quality

  • Code follows project style guidelines
  • No unnecessary debug logs or commented-out code
  • No hardcoded values / secrets

Testing

  • Unit test added/modified accordingly
  • Perform manual basic sanity testing at system level

Review Readiness

  • PR title and description are clear and meaningful
  • Story/Task IDs are linked

Documentation

  • README or relevant docs updated (if applicable)

Security

  • No sensitive data exposed (keys, passwords, tokens)
  • Input validation added where needed

PR Type

What kind of change does this PR introduce?

  • Bugfix
  • Feature
  • Code style update (formatting, local variables)
  • Refactoring (no functional changes, no api changes)
  • Documentation content changes
  • Testing
  • Other... Please describe:

Comment thread .github/workflows/ci.yml Outdated
@roshan-ku roshan-ku requested a review from dmkarthi June 4, 2026 05:45
The scan.coverity.com download (token/project mode) only includes
cov-build/cov-configure but not cov-analyze/cov-format-errors.

Detect the coverity mode after installation and branch accordingly:
- local mode (full install): run cov-analyze locally
- scan mode (scan.coverity.com): submit build capture for server-side
  analysis via the scan.coverity.com builds API
roshan-ku added 5 commits July 1, 2026 11:42
- Determine mode by credentials type, not binary probing
- scan mode: cov-build → tar → curl upload (matches open-source pattern)
- local mode: cov-build → cov-analyze → cov-format-errors (full install)
- Remove COVERITY_PROJECT env; hardcode project name directly
- Only pass COVERITY_TOKEN to analysis step
Strip all COVERITY_URL/USER/PASSWORD/SCAN_USER/SCAN_PASSWORD paths
and local cov-analyze mode. Only scan.coverity.com token flow remains:
download cov-build → capture build → tar → curl upload.
workflow_dispatch UI already provides branch selection; no need for
a separate inputs.branch. Using github.sha ensures the checked-out
code matches the branch the workflow is running from.
roshan-ku added 2 commits July 1, 2026 13:37
Project identifier is 'openvisualcloud-directview-led-software-toolkit'
(slug format), not the URL-encoded GitHub path.
Fixes zizmor undocumented-permissions audit findings across all
workflow files.
roshan-ku added 2 commits July 1, 2026 14:05
scan.coverity.com API requires 'OpenVisualCloud%2Fdirectview-led-software-toolkit'
(URL-encoded path). The slug format is only for the web UI.
roshan-ku added 2 commits July 1, 2026 14:43
scan.coverity.com requires the archive to contain cov-int/build-log.txt.
Rename from coverity_output to cov-int to match the expected format.
@roshan-ku roshan-ku mentioned this pull request Jul 1, 2026
17 tasks
@roshan-ku

Copy link
Copy Markdown
Contributor Author

closed in #36

@roshan-ku roshan-ku closed this Jul 1, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants