.github/workflows/coverity.yml

-Original file line number
+Diff line change
@@ Expand Up / @@ -72,7 +72,7 @@ jobs: @@
           - name: Build applications for Coverity
             run: |
               export PATH=`pwd`/coverity/bin:$PATH
-              cov-build --dir cov-int make coverity-build
+              cov-build --dir cov-int make coverity
           - name: Submit results to Coverity Scan
             env:
@@ Expand Down @@

Makefile

-Original file line number
+Diff line change
@@ Expand Up / @@ -16,8 +16,7 @@ bmake = $(MAKE) -C buildroot O=$(O) $1 @@
     all: $(config) buildroot/Makefile
     	@+$(call bmake,$@)
-    check dep:
-    	@echo "Starting local check, stage $@ ..."
+    check dep coverity:
     	@make -C src $@
     $(config):
@@ Expand All / @@ -40,4 +39,4 @@ test: @@
     buildroot/Makefile:
     	@git submodule update --init
-    .PHONY: all check test
+    .PHONY: all check coverity dep test

src/Makefile

            
                      Original file line number
                      Diff line number
                      Diff line change
                  
    @@ -1,117 +1,58 @@
  
    # Host build of critical components, for static analysis

    #

    # Available targets:

    #   build        - Build all components (no static analysis)

    #   check        - Run static analysis (auto-detects scan-build or cppcheck)

    #   scan-build   - Run clang static analyzer (preferred)

    #   cppcheck     - Run cppcheck static analyzer (fallback)

    #   coverity     - Show Coverity Scan usage

    #   coverity-build - Build for Coverity Scan (used by CI)

    #   dep          - Build dependencies only

    #   build          - Build all components (no static analysis)

    #   check          - Run static analysis (auto-detects scan-build or cppcheck)

    #   coverity       - Build for Coverity Scan (used by CI)

    #   dep            - Build dependencies only

    #

    APPS = bin confd factory keyack statd

    # Detect available static analysis tools

    # Installation (for 'make check'):

    #   scan-build (recommended):

    #     Debian/Ubuntu: sudo apt-get install clang-tools

    #     Fedora/RHEL:   sudo dnf install clang-tools-extra

    #     Alpine:        sudo apk add clang-extra-tools

    #

    #   cppcheck (fallback):

    #     Debian/Ubuntu: sudo apt-get install cppcheck

    #     Fedora/RHEL:   sudo dnf install cppcheck

    #

    APPS            = bin confd factory keyack statd

    HAVE_SCANBUILD := $(shell command -v scan-build 2>/dev/null)

    HAVE_CPPCHECK  := $(shell command -v cppcheck 2>/dev/null)

    .PHONY: all

    all:

    	@echo "*** all not supported, only build/check/coverity possible ***"

    	@echo "Target 'all' not supported, use build/check/coverity instead"

    	@false

    .PHONY: dep

    dep:

    	(cd libsrx && make -f check.mk dep)

    # Main build target (renamed from check)

    .PHONY: build

    build: dep $(APPS)

    	rm -rf staging

    $(APPS): libsrx

    	(cd $@ && make -f check.mk)

    .PHONY: libsrx

    libsrx:

    	(cd $@ && make -f check.mk)

    # Static analysis target - auto-detects scan-build or cppcheck

    .PHONY: check

    check:

    # Static analysis - auto-detects scan-build or cppcheck

    check: dep

    ifdef HAVE_SCANBUILD

    	@echo "==> Running scan-build (clang static analyzer)"

    	$(MAKE) scan-build

    	@rm -rf scan-results

    	@scan-build -o scan-results --status-bugs $(MAKE) build

    	@echo "Scan complete. Results in scan-results/"

    else ifdef HAVE_CPPCHECK

    	@echo "==> Running cppcheck (fallback - scan-build not found)"

    	@echo "    For better analysis, install scan-build:"

    	@echo "      Debian/Ubuntu: apt-get install clang-tools"

    	@echo "      Fedora/RHEL:   dnf install clang-tools-extra"

    	@echo ""

    	$(MAKE) cppcheck

    	@for app in libsrx $(APPS); do							\

    		(cd $$app && cppcheck --enable=all --suppress=missingIncludeSystem	\

    			--quiet --template=gcc -I../staging/include . 2>&1) || true;	\

    	done

    else

    	@echo "*** ERROR: No static analysis tool found ***"

    	@echo ""

    	@echo "Please install scan-build (recommended) or cppcheck:"

    	@echo "  Debian/Ubuntu: sudo apt-get install clang-tools"

    	@echo "  Fedora/RHEL:   sudo dnf install clang-tools-extra"

    	@echo "  Alpine:        apk add clang-extra-tools"

    	@echo ""

    	@echo "Or install cppcheck as fallback:"

    	@echo "  Debian/Ubuntu: sudo apt-get install cppcheck"

    	@echo "  Fedora/RHEL:   sudo dnf install cppcheck"

    	@false

    endif

    # Clang static analyzer (preferred)

    .PHONY: scan-build

    scan-build: dep

    ifndef HAVE_SCANBUILD

    	@echo "*** ERROR: scan-build not found ***"

    	@echo ""

    	@echo "Install scan-build for better static analysis:"

    	@echo "  Debian/Ubuntu: sudo apt-get install clang-tools"

    	@echo "  Fedora/RHEL:   sudo dnf install clang-tools-extra"

    	@echo "  Alpine:        apk add clang-extra-tools"

    	@echo "Error: No static analysis tool found."

    	@false

    endif

    	@echo "==> Running scan-build on all components"

    	@rm -rf scan-results

    	scan-build -o scan-results --status-bugs $(MAKE) _analyze

    	@echo "==> Scan complete. Results in scan-results/"

    # cppcheck static analyzer

    .PHONY: cppcheck

    cppcheck: dep

    ifndef HAVE_CPPCHECK

    	@echo "*** ERROR: cppcheck not found ***"

    	@echo ""

    	@echo "Install cppcheck:"

    	@echo "  Debian/Ubuntu: sudo apt-get install cppcheck"

    	@echo "  Fedora/RHEL:   sudo dnf install cppcheck"

    	@echo ""

    	@echo "Or use scan-build (recommended) instead:"

    	@echo "  Debian/Ubuntu: sudo apt-get install clang-tools"

    	@false

    endif

    	@echo "==> Running cppcheck on all components"

    	@for app in libsrx $(APPS); do \

    		echo "  -> Checking $$app"; \

    		(cd $$app && cppcheck --enable=all --suppress=missingIncludeSystem \

    			--quiet --template=gcc -I../staging/include . 2>&1) || true; \

    	done

    	@echo "==> cppcheck complete"

    # Internal target for scan-build to analyze

    .PHONY: _analyze

    _analyze: libsrx $(APPS)

    	rm -rf staging

    # Coverity Scan target (for CI)

    .PHONY: coverity

    coverity:

    	@echo "==> Building for Coverity Scan"

    	@echo "Use: cov-build --dir cov-int make coverity-build"

    # Coverity Scan (for CI)

    coverity: build

    .PHONY: coverity-build

    coverity-build: build

    .PHONY: all dep build libsrx check coverity

Fix Coverity Scan build target #1274

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Merged

troglobit merged 1 commit into main from check

Nov 23, 2025

-Original file line number
+Diff line change
@@ Expand Up / @@ -72,7 +72,7 @@ jobs: @@
           - name: Build applications for Coverity
             run: |
               export PATH=`pwd`/coverity/bin:$PATH
-              cov-build --dir cov-int make coverity-build
+              cov-build --dir cov-int make coverity
           - name: Submit results to Coverity Scan
             env:
@@ Expand Down @@

-Original file line number
+Diff line change
@@ Expand Up / @@ -16,8 +16,7 @@ bmake = $(MAKE) -C buildroot O=$(O) $1 @@
     all: $(config) buildroot/Makefile
     	@+$(call bmake,$@)
-    check dep:
-    	@echo "Starting local check, stage $@ ..."
+    check dep coverity:
     	@make -C src $@
     $(config):
@@ Expand All / @@ -40,4 +39,4 @@ test: @@
     buildroot/Makefile:
     	@git submodule update --init
-    .PHONY: all check test
+    .PHONY: all check coverity dep test

Provide feedback

Saved searches

Use saved searches to filter your results more quickly

Fix Coverity Scan build target #1274

Uh oh!

Diff view

Diff view

There are no files selected for viewing