search

c9s / r3

libr3 is a high-performance path dispatching library. It compiles your route paths into a prefix tree (trie). By using the constructed prefix trie in the start-up time, you may dispatch your routes with efficiency
http://c9s.github.com/r3/bench.html
MIT License
813 stars 83 forks source link

Use coverity-scan-action in CI #154

Closed bjosv closed 8 months ago

bjosv commented 10 months ago

By using a maintained GitHub action to run Coverity jobs we hopefully don't have to do modifications when procedures change. This seems to fix the current token issue and also simplifies the CI job.

Additionally coverity-scan-action adds a cache to avoid downloading the 1GB+ tool archive on every run.

Here are logs from a test run.

bjosv commented 10 months ago

The repository secret COVERITY_TOKEN seems to be missing when looking at the logs above. Maybe there has been a change since the last run?

When I ran the testrun in my own repo I added the token via the repository menu "Settings", then under the "Secrets and variables" sub-menu. The secret COVERITY_TOKEN should be under the "Repository secrets" headine, and contain the token string that is provided at https://scan.coverity.com/projects/r3?tab=project_settings . That seemed to work.

c9s commented 10 months ago

Got it, i will take a look later

Bjorn Svensson @.***>於 2023年9月6日 週三,15:28寫道:

The repository secret COVERITY_TOKEN seems to be missing when looking at the logs above. Maybe there has been a change since the last run?

When I ran the testrun in my own repo I added the token via the repository menu "Settings", then under the "Secrets and variables" sub-menu. The secret COVERITY_TOKEN should be under the "Repository secrets" headine, and contain the token string that is provided at https://scan.coverity.com/projects/r3?tab=project_settings . That seemed to work.

— Reply to this email directly, view it on GitHub https://github.com/c9s/r3/pull/154#issuecomment-1707814816, or unsubscribe https://github.com/notifications/unsubscribe-auth/AAAMNTXGBXLTMUQ25IC4HPTXZAQYJANCNFSM6AAAAAA4M3CKPY . You are receiving this because you are subscribed to this thread.Message ID: @.***>

c9s commented 8 months ago

@bjosv I finally updated the token, it was there but somehow I don't know why it's empty. I just updated it, thanks!

bjosv commented 8 months ago

@c9s Thanks! After some investigations I now understand why this job failed on my PRs. There are some security restrictions in place on Github which makes sure arbitrary changes in a PR can't access the Coverity token. Secrets are not available when an action is triggered by a pull request, unless you are the owner of the repo.

I missed this but have now changed so that we only run this job when a PR has been merged (and reviewed) to our default 2.0 branch. I've seen that this is the recommended way to trigger this action.