Skip to content

Commit

Permalink
coverity: detect and report when the token or project is incorrect
Browse files Browse the repository at this point in the history
When trying to obtain the MD5 of the Coverity Scan Tool (in order to
decide whether a cached version can be used or a new version has to be
downloaded), it is possible to get a 401 (Authorization required) due to
either an incorrect token, or even more likely due to an incorrect
Coverity project name.

Let's detect that scenario and provide a helpful error message instead
of trying to go forward with an empty string instead of the correct MD5.

Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
  • Loading branch information
dscho committed Sep 22, 2023
1 parent 782cf2b commit 458bc2e
Showing 1 changed file with 13 additions and 0 deletions.
13 changes: 13 additions & 0 deletions .github/workflows/coverity.yml
Original file line number Diff line number Diff line change
Expand Up @@ -76,7 +76,20 @@ jobs:
echo "COVERITY_TOOL_FILENAME=$COVERITY_TOOL_FILENAME" >>$GITHUB_ENV
echo "MAKEFLAGS=$MAKEFLAGS" >>$GITHUB_ENV
MD5=$(curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \
-D "$RUNNER_TEMP"/headers.txt \
--data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=$COVERITY_PROJECT&md5=1")
http_code="$(sed -n 1p <"$RUNNER_TEMP"/headers.txt)"
case "$http_code" in
*200*) ;; # okay
*401*) # access denied
echo "::error::incorrect token or project? ($http_code)" >&2
exit 1
;;
*) # other error
echo "::error::HTTP error $http_code" >&2
exit 1
;;
esac
echo "hash=$MD5" >>$GITHUB_OUTPUT
# Try to cache the tool to avoid downloading 1GB+ on every run.
Expand Down

0 comments on commit 458bc2e

Please sign in to comment.