Commit: CI: Restore daily Coverity Scan
2 views
Skip to first unread message
Christian Brabandt
2:00 PM (9 hours ago) 2:00 PM
to vim...@googlegroups.com
CI: Restore daily Coverity Scan
Commit: https://github.com/vim/vim/commit/ccdc81701459a1e5d8f6d84221f34fcb7e127e50
Author: Christian Brabandt <c...@256bit.org>
Date: Tue Jun 23 17:49:27 2026 +0000
CI: Restore daily Coverity Scan
I finally got a note that Coverity is online back again.
This partially reverts commit 0abffbff23adc4ae6e3c78af921a8c9a8cb6670f.
("CI: Remove Cirrus CI and Coverity Scan")
related: #20431
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 000000000..b4c64f3f2
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,85 @@
+name: Coverity
+on:
+ schedule:
+ - cron: '42 0 * * *' # Run once per day, to avoid Coverity's submission limits
+ workflow_dispatch:
+
+permissions:
+ contents: read # to fetch code (actions/checkout)
+
+jobs:
+ scan:
+ runs-on: ubuntu-24.04
+
+ env:
+ CC: gcc
+ DEBIAN_FRONTEND: noninteractive
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+ steps:
+ - name: Checkout repository from github
+ if: env.TOKEN
+ uses: actions/chec...@v6.0.2
+
+ - name: Download Coverity
+ if: env.TOKEN
+ run: |
+ wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz
+ mkdir cov-scan
+ tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan
+
+ - name: Install packages
+ if: env.TOKEN
+ run: |
+ sudo apt-get update && sudo apt-get install -y \
+ autoconf \
+ gettext \
+ libcanberra-dev \
+ libperl-dev \
+ python3-dev \
+ liblua5.4-dev \
+ lua5.4 \
+ ruby-dev \
+ tcl-dev \
+ libgtk2.0-dev \
+ desktop-file-utils \
+ libtool-bin \
+ libsodium-dev
+
+ - name: Set up environment
+ if: env.TOKEN
+ run: |
+ echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH
+ (
+ echo "NPROC=$(getconf _NPROCESSORS_ONLN)"
+ echo "CONFOPT=--enable-perlinterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp"
+ ) >> $GITHUB_ENV
+
+ - name: Configure
+ if: env.TOKEN
+ run: |
+ ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing
+ # Append various warning flags to CFLAGS.
+ sed -i -f ci/config.mk.sed src/auto/config.mk
+ sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk
+ # -O2 gives false warning and turns it into an error:
+ # warning: function may return address of local variable [-Wreturn-local-addr]
+ sed -i 's/-O2 \?//' src/auto/config.mk
+
+ - name: Build/scan vim
+ if: env.TOKEN
+ run: |
+ cov-build --dir cov-int make -j${NPROC}
+
+ - name: Submit results
+ if: env.TOKEN
+ run: |
+ tar zcf cov-scan.tgz cov-int
+ curl --form token=$TOKEN \
+ --form email=$EMAIL \
+ --form file=@cov-scan.tgz \
+ --form version="$(git rev-parse HEAD)" \
+ --form description="Automatic GHA scan" \
+ 'https://scan.coverity.com/builds?project=vim'
+ env:
+ EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
diff --git a/Filelist b/Filelist
index 8f36b1c66..019fa1aee 100644
--- a/Filelist
+++ b/Filelist
@@ -14,6 +14,7 @@ SRC_ALL = \
.github/workflows/ci-windows.yml \
.github/workflows/ci.yml \
.github/workflows/codeql-analysis.yml \
+ .github/workflows/coverity.yml \
.github/workflows/link-check.yml \
.github/actions/build_vim_on_linux/action.yml \
.github/actions/test_artifacts/action.yml \
diff --git a/README.md b/README.md
index 387e5b2bc..569aed94d 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@
[](https://github.com/vim/vim/actions?query=workflow%3A%22GitHub+CI%22)
[](https://codecov.io/gh/vim/vim?branch=master)
+[](https://scan.coverity.com/projects/vim)
[](https://buildd.debian.org/vim)
[](https://repology.org/metapackage/vim)
[](https://fossies.org/linux/test/vim-master.tar.gz/codespell.html)
diff --git a/ci/lychee.toml b/ci/lychee.toml
index 515e4f54d..8b9f0099f 100644
--- a/ci/lychee.toml
+++ b/ci/lychee.toml
@@ -26,6 +26,7 @@ exclude = [
'^file://.*',
'^https?://(www\.)?badges\.debian\.net/.*$',
'^https?://(www\.)?repology\.org/.*$',
+ '^https?://scan\.coverity\.com/.*$',
'^https?://(www\.)?img\.shields\.io/.*$',
'^https?://(www\.)?fossies\.org/.*$',
'^https?://(www\.)?adobe\.com.*$',
diff --git a/runtime/doc/todo.txt b/runtime/doc/todo.txt
index 66b8f96ed..f265b3968 100644
--- a/runtime/doc/todo.txt
+++ b/runtime/doc/todo.txt
@@ -1,4 +1,4 @@
-*todo.txt* For Vim version 9.2. Last change: 2026 Jun 12
+*todo.txt* For Vim version 9.2. Last change: 2026 Jun 23
VIM REFERENCE MANUAL by Bram Moolenaar
@@ -1999,6 +1999,9 @@ Dominique can't reproduce it.
":function f(x) keepjumps" creates a function where every command is executed
like it has ":keepjumps" before it.
+Coverity: Check if there are new reported defects:
+https://scan.coverity.com/projects/241
+
Problem with editing file in binary mode. (Ingo Krabbe, 2009 Oct 8)
Display error when 'tabline' that includes a file name with double-width
Commit: https://github.com/vim/vim/commit/ccdc81701459a1e5d8f6d84221f34fcb7e127e50
Author: Christian Brabandt <c...@256bit.org>
Date: Tue Jun 23 17:49:27 2026 +0000
CI: Restore daily Coverity Scan
I finally got a note that Coverity is online back again.
This partially reverts commit 0abffbff23adc4ae6e3c78af921a8c9a8cb6670f.
("CI: Remove Cirrus CI and Coverity Scan")
related: #20431
Signed-off-by: Christian Brabandt <c...@256bit.org>
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 000000000..b4c64f3f2
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,85 @@
+name: Coverity
+on:
+ schedule:
+ - cron: '42 0 * * *' # Run once per day, to avoid Coverity's submission limits
+ workflow_dispatch:
+
+permissions:
+ contents: read # to fetch code (actions/checkout)
+
+jobs:
+ scan:
+ runs-on: ubuntu-24.04
+
+ env:
+ CC: gcc
+ DEBIAN_FRONTEND: noninteractive
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+
+ steps:
+ - name: Checkout repository from github
+ if: env.TOKEN
+ uses: actions/chec...@v6.0.2
+
+ - name: Download Coverity
+ if: env.TOKEN
+ run: |
+ wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=vim" -O coverity_tool.tgz
+ mkdir cov-scan
+ tar ax -f coverity_tool.tgz --strip-components=1 -C cov-scan
+
+ - name: Install packages
+ if: env.TOKEN
+ run: |
+ sudo apt-get update && sudo apt-get install -y \
+ autoconf \
+ gettext \
+ libcanberra-dev \
+ libperl-dev \
+ python3-dev \
+ liblua5.4-dev \
+ lua5.4 \
+ ruby-dev \
+ tcl-dev \
+ libgtk2.0-dev \
+ desktop-file-utils \
+ libtool-bin \
+ libsodium-dev
+
+ - name: Set up environment
+ if: env.TOKEN
+ run: |
+ echo "$(pwd)/cov-scan/bin" >> $GITHUB_PATH
+ (
+ echo "NPROC=$(getconf _NPROCESSORS_ONLN)"
+ echo "CONFOPT=--enable-perlinterp --enable-python3interp --enable-rubyinterp --enable-luainterp --enable-tclinterp"
+ ) >> $GITHUB_ENV
+
+ - name: Configure
+ if: env.TOKEN
+ run: |
+ ./configure --with-features=huge ${CONFOPT} --enable-fail-if-missing
+ # Append various warning flags to CFLAGS.
+ sed -i -f ci/config.mk.sed src/auto/config.mk
+ sed -i -f ci/config.mk.${CC}.sed src/auto/config.mk
+ # -O2 gives false warning and turns it into an error:
+ # warning: function may return address of local variable [-Wreturn-local-addr]
+ sed -i 's/-O2 \?//' src/auto/config.mk
+
+ - name: Build/scan vim
+ if: env.TOKEN
+ run: |
+ cov-build --dir cov-int make -j${NPROC}
+
+ - name: Submit results
+ if: env.TOKEN
+ run: |
+ tar zcf cov-scan.tgz cov-int
+ curl --form token=$TOKEN \
+ --form email=$EMAIL \
+ --form file=@cov-scan.tgz \
+ --form version="$(git rev-parse HEAD)" \
+ --form description="Automatic GHA scan" \
+ 'https://scan.coverity.com/builds?project=vim'
+ env:
+ EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
diff --git a/Filelist b/Filelist
index 8f36b1c66..019fa1aee 100644
--- a/Filelist
+++ b/Filelist
@@ -14,6 +14,7 @@ SRC_ALL = \
.github/workflows/ci-windows.yml \
.github/workflows/ci.yml \
.github/workflows/codeql-analysis.yml \
+ .github/workflows/coverity.yml \
.github/workflows/link-check.yml \
.github/actions/build_vim_on_linux/action.yml \
.github/actions/test_artifacts/action.yml \
diff --git a/README.md b/README.md
index 387e5b2bc..569aed94d 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@
[](https://github.com/vim/vim/actions?query=workflow%3A%22GitHub+CI%22)
[](https://codecov.io/gh/vim/vim?branch=master)
+[](https://scan.coverity.com/projects/vim)
[](https://buildd.debian.org/vim)
[](https://repology.org/metapackage/vim)
[](https://fossies.org/linux/test/vim-master.tar.gz/codespell.html)
diff --git a/ci/lychee.toml b/ci/lychee.toml
index 515e4f54d..8b9f0099f 100644
--- a/ci/lychee.toml
+++ b/ci/lychee.toml
@@ -26,6 +26,7 @@ exclude = [
'^file://.*',
'^https?://(www\.)?badges\.debian\.net/.*$',
'^https?://(www\.)?repology\.org/.*$',
+ '^https?://scan\.coverity\.com/.*$',
'^https?://(www\.)?img\.shields\.io/.*$',
'^https?://(www\.)?fossies\.org/.*$',
'^https?://(www\.)?adobe\.com.*$',
diff --git a/runtime/doc/todo.txt b/runtime/doc/todo.txt
index 66b8f96ed..f265b3968 100644
--- a/runtime/doc/todo.txt
+++ b/runtime/doc/todo.txt
@@ -1,4 +1,4 @@
-*todo.txt* For Vim version 9.2. Last change: 2026 Jun 12
+*todo.txt* For Vim version 9.2. Last change: 2026 Jun 23
VIM REFERENCE MANUAL by Bram Moolenaar
@@ -1999,6 +1999,9 @@ Dominique can't reproduce it.
":function f(x) keepjumps" creates a function where every command is executed
like it has ":keepjumps" before it.
+Coverity: Check if there are new reported defects:
+https://scan.coverity.com/projects/241
+
Problem with editing file in binary mode. (Ingo Krabbe, 2009 Oct 8)
Display error when 'tabline' that includes a file name with double-width
Reply all
Reply to author
Forward
0 new messages