Skip to content

Coverity (Ubuntu 20.04, Python 3.11) #374

Coverity (Ubuntu 20.04, Python 3.11)

Coverity (Ubuntu 20.04, Python 3.11) #374

Workflow file for this run

name: Coverity (Ubuntu 20.04, Python 3.11)
on:
workflow_dispatch:
inputs:
openvinoRef:
description: 'Branch, tag or commit hash to clone openvino from. Taken from event context if not set'
type: string
openvinoContribRef:
description: 'Branch, tag or commit hash to clone openvino_contrib from. Taken from event context if not set'
type: string
schedule:
# run daily at 00:00
- cron: '0 0 * * *'
concurrency:
# github.ref is not unique in post-commit
group: ${{ github.event_name == 'push' && github.run_id || github.ref }}-linux-coverity
cancel-in-progress: true
permissions: read-all
env:
PIP_CACHE_PATH: /mount/caches/pip/linux
PYTHON_VERSION: '3.11'
TARGET_BRANCH: ${{ github.base_ref || github.event.merge_group.base_ref || github.ref }}
jobs:
Smart_CI:
runs-on: ubuntu-latest
outputs:
affected_components: "${{ steps.smart_ci.outputs.affected_components }}"
changed_components: "${{ steps.smart_ci.outputs.changed_components }}"
skip_workflow: "${{ steps.smart_ci.outputs.skip_workflow }}"
steps:
- name: checkout action
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
sparse-checkout: .github/actions/smart-ci
- name: Get affected components
id: smart_ci
uses: ./.github/actions/smart-ci
with:
repository: ${{ github.repository }}
pr: ${{ github.event.number }}
commit_sha: ${{ github.sha }}
ref_name: ${{ github.ref_name }}
component_pattern: "category: (.*)"
repo_token: ${{ secrets.GITHUB_TOKEN }}
skip_when_only_listed_labels_set: 'docs'
skip_when_only_listed_files_changed: '*.md,*.rst,*.png,*.jpg,*.svg'
Docker:
needs: Smart_CI
runs-on: aks-linux-4-cores-16gb-docker-build
container:
image: openvinogithubactions.azurecr.io/docker_build:0.2
volumes:
- /mount:/mount
outputs:
images: "${{ steps.handle_docker.outputs.images }}"
steps:
- name: Checkout
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
- uses: ./.github/actions/handle_docker
id: handle_docker
with:
images: |
ov_build/ubuntu_20_04_x64
registry: 'openvinogithubactions.azurecr.io'
dockerfiles_root_dir: '.github/dockerfiles'
changed_components: ${{ needs.smart_ci.outputs.changed_components }}
Build:
needs: Docker
timeout-minutes: 150
defaults:
run:
shell: bash
runs-on: aks-linux-16-cores-32gb
if: ${{ github.repository_owner == 'openvinotoolkit' }}
container:
image: ${{ fromJSON(needs.docker.outputs.images).ov_build.ubuntu_20_04_x64 }}
volumes:
- /mount:/mount
env:
DEBIAN_FRONTEND: noninteractive # to prevent apt-get from waiting user input
CMAKE_BUILD_TYPE: 'Release'
CMAKE_GENERATOR: 'Ninja Multi-Config'
GITHUB_WORKSPACE: '/__w/openvino/openvino'
OPENVINO_REPO: /__w/openvino/openvino/openvino
OPENVINO_CONTRIB_REPO: /__w/openvino/openvino/openvino_contrib
BUILD_DIR: /__w/openvino/openvino/openvino_build
COVERITY_TOOL_DIR: /__w/openvino/openvino/coverity_tool
steps:
- name: Clone OpenVINO
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
path: ${{ env.OPENVINO_REPO }}
submodules: 'true'
ref: ${{ inputs.openvinoRef }}
- name: Clone OpenVINO Contrib
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2
with:
repository: 'openvinotoolkit/openvino_contrib'
path: ${{ env.OPENVINO_CONTRIB_REPO }}
submodules: 'true'
ref: ${{ inputs.openvinoContribRef || env.TARGET_BRANCH }}
#
# Dependencies
#
- name: Install build dependencies
run: |
bash ${OPENVINO_REPO}/install_build_dependencies.sh
# default-jdk - Java API
apt install --assume-yes --no-install-recommends default-jdk
- name: Setup Python ${{ env.PYTHON_VERSION }}
uses: ./openvino/.github/actions/setup_python
with:
version: ${{ env.PYTHON_VERSION }}
pip-cache-path: ${{ env.PIP_CACHE_PATH }}
should-setup-pip-paths: 'true'
self-hosted-runner: 'true'
#
# Build
#
- name: CMake configure - OpenVINO
run: |
cmake \
-G "${{ env.CMAKE_GENERATOR }}" \
-DENABLE_CPPLINT=OFF \
-DENABLE_STRICT_DEPENDENCIES=OFF \
-DCMAKE_VERBOSE_MAKEFILE=ON \
-DENABLE_FASTER_BUILD=OFF \
-S ${OPENVINO_REPO} \
-B ${BUILD_DIR}
- name: Install Coverity tool
run: |
rm -rf ${COVERITY_TOOL_DIR} && mkdir -p ${COVERITY_TOOL_DIR}
pushd ${COVERITY_TOOL_DIR}
wget https://scan.coverity.com/download/linux64 --progress=bar:force:noscroll --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openvino" -O coverity_tool.tgz
tar -I pigz -xf coverity_tool.tgz && rm coverity_tool.tgz
popd
- name: Cmake build - OpenVINO with Coverity
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-build --dir ${BUILD_DIR}/cov-int cmake --build ${BUILD_DIR} --parallel $(nproc) --config ${{ env.CMAKE_BUILD_TYPE }}
- name: Pack Artefacts
run: tar -cvf - cov-int | pigz > openvino.tgz
working-directory: ${{ env.BUILD_DIR }}
- name: Submit artefacts
run: |
apt-get update && apt-get install -y curl jq
pushd ${BUILD_DIR}
curl -X POST -d token=${{ secrets.COVERITY_TOKEN }} \
-d email=${{ secrets.COVERITY_USER }} \
-d file_name="openvino.tgz" \
-d version="${{ github.sha }}" \
-d description="https://github.com/openvinotoolkit/openvino/runs/${{ github.run_number }}" \
https://scan.coverity.com/projects/21921/builds/init | tee response
upload_url=$(jq -r '.url' response)
build_id=$(jq -r '.build_id' response)
curl -X PUT \
--header 'Content-Type: application/json' \
--upload-file openvino.tgz \
$upload_url
curl -X PUT \
-d token=${{ secrets.COVERITY_TOKEN }} \
https://scan.coverity.com/projects/21921/builds/$build_id/enqueue
popd
- name: Show Coverity configure logs
continue-on-error: true
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-configure -c ${COVERITY_TOOL_DIR}/cov-analysis-linux64-2023.6.2/config/coverity_config.xml -lscc text
- name: Upload Coverity build log
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always()
with:
name: coverity_logs
path: ${{ env.BUILD_DIR }}/cov-int/build-log.txt
if-no-files-found: 'error'
- name: Upload Coverity build archive
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3
if: always()
with:
name: coverity_archive
path: ${{ env.BUILD_DIR }}/openvino.tgz
if-no-files-found: 'error'