ci: avoid running Coverity in forks #40718

Problem:
If you have this repo forked, the workflow for Coverity Scan creates a lot of
spammy emails about that workflow failing.

Solution:
Check for the presence of `COVERITY_SCAN_TOKEN` and `COVERITY_SCAN_EMAIL` at the
very start of `.github/workflows/coverity.yml`, skip the rest of the workflow if
they are absent. Unfortunately, Github Actions don't offer a straightforward way
of doing that, so using [this workaround](https://github.com/orgs/community/discussions/25280)).
This commit is contained in:
Dmytro Meleshko
2026-07-13 15:59:31 +02:00
committed by GitHub
parent 1665b992b7
commit e18820007f

View File

@@ -11,13 +11,25 @@ jobs:
scan:
runs-on: ubuntu-latest
steps:
- uses: actions/checkout@v7
- name: Check for the Coverity Scan token
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
run: |
if [[ -n "$TOKEN" && -n "EMAIL" ]]; then
echo "have_coverity_token=yes" >> $GITHUB_ENV
fi
- if: env.have_coverity_token
uses: actions/checkout@v7
with:
persist-credentials: false
- uses: ./.github/actions/setup
- if: env.have_coverity_token
uses: ./.github/actions/setup
- name: Download Coverity
- if: env.have_coverity_token
name: Download Coverity
run: |
wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=neovim%2Fneovim" -O coverity_tool.tgz
mkdir cov-scan
@@ -25,14 +37,17 @@ jobs:
env:
TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
- name: Build dependencies
- if: env.have_coverity_token
name: Build dependencies
run: make deps
- name: Build/scan neovim
- if: env.have_coverity_token
name: Build/scan neovim
run: |
env PATH=$(pwd)/cov-scan/bin:$PATH cov-build --dir cov-int make
- name: Submit results
- if: env.have_coverity_token
name: Submit results
run: |
tar zcf cov-scan.tgz cov-int
curl --form token=$TOKEN \