ci: consolidate fuzz and coverity workflows#28
Closed
roshan-ku wants to merge 20 commits into
Closed
Conversation
dmkarthi
reviewed
Jun 3, 2026
dmkarthi
added a commit
that referenced
this pull request
Jun 30, 2026
The scan.coverity.com download (token/project mode) only includes cov-build/cov-configure but not cov-analyze/cov-format-errors. Detect the coverity mode after installation and branch accordingly: - local mode (full install): run cov-analyze locally - scan mode (scan.coverity.com): submit build capture for server-side analysis via the scan.coverity.com builds API
dmkarthi
added a commit
that referenced
this pull request
Jul 1, 2026
- Determine mode by credentials type, not binary probing - scan mode: cov-build → tar → curl upload (matches open-source pattern) - local mode: cov-build → cov-analyze → cov-format-errors (full install) - Remove COVERITY_PROJECT env; hardcode project name directly - Only pass COVERITY_TOKEN to analysis step
Strip all COVERITY_URL/USER/PASSWORD/SCAN_USER/SCAN_PASSWORD paths and local cov-analyze mode. Only scan.coverity.com token flow remains: download cov-build → capture build → tar → curl upload.
workflow_dispatch UI already provides branch selection; no need for a separate inputs.branch. Using github.sha ensures the checked-out code matches the branch the workflow is running from.
dmkarthi
added a commit
that referenced
this pull request
Jul 1, 2026
dmkarthi
added a commit
that referenced
this pull request
Jul 1, 2026
Project identifier is 'openvisualcloud-directview-led-software-toolkit' (slug format), not the URL-encoded GitHub path.
Fixes zizmor undocumented-permissions audit findings across all workflow files.
dmkarthi
added a commit
that referenced
this pull request
Jul 1, 2026
scan.coverity.com API requires 'OpenVisualCloud%2Fdirectview-led-software-toolkit' (URL-encoded path). The slug format is only for the web UI.
dmkarthi
added a commit
that referenced
this pull request
Jul 1, 2026
dmkarthi
added a commit
that referenced
this pull request
Jul 1, 2026
scan.coverity.com requires the archive to contain cov-int/build-log.txt. Rename from coverity_output to cov-int to match the expected format.
dmkarthi
added a commit
that referenced
this pull request
Jul 1, 2026
dmkarthi
added a commit
that referenced
this pull request
Jul 1, 2026
Contributor
Author
|
closed in #36 |
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.This suggestion is invalid because no changes were made to the code.Suggestions cannot be applied while the pull request is closed.Suggestions cannot be applied while viewing a subset of changes.Only one suggestion per line can be applied in a batch.Add this suggestion to a batch that can be applied as a single commit.Applying suggestions on deleted lines is not supported.You must change the existing code in this line in order to create a valid suggestion.Outdated suggestions cannot be applied.This suggestion has been applied or marked resolved.Suggestions cannot be applied from pending reviews.Suggestions cannot be applied on multi-line comments.Suggestions cannot be applied while the pull request is queued to merge.Suggestion cannot be applied right now. Please check back later.
Description
Checklist
Code Quality
Testing
Review Readiness
Documentation
Security
PR Type
What kind of change does this PR introduce?