From 88f73e2172795d023e136487e632e6605ee21d3c Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Tue, 9 Apr 2024 05:50:43 -0400 Subject: [PATCH] CI: Overhaul Coverity Scan (#3566) This attempts to fix the problems with the previously submitted Coverity Scanning action. Basic building functionality is borrowed from our ubuntu.yml, and Coverity functionality is borrowed from PROJ's coverity-scan.yml. The needed secrets are COVERITY_PASSPHRASE (the token used to submit builds) and COVERITY_USER (user email). --------- Co-authored-by: Nicklas Larsson --- .github/workflows/coverity.yml | 74 ++++++++++++++++++++++++++++------ 1 file changed, 61 insertions(+), 13 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 32895e33e37..577e7cdd86e 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -4,18 +4,66 @@ on: schedule: - cron: '48 5 * * *' # Run at 05:48 # Coverity will let GRASS do a scan a maximum of twice per day, so this schedule will help GRASS fit within that limit with some additional space for manual runs - +permissions: + contents: read + # action based off of https://github.com/OSGeo/PROJ/blob/905c9a6c2da3dc6b7aa2c89d3ab78d9d1a9cd070/.github/workflows/coverity-scan.yml jobs: - build: - runs-on: [ ubuntu-latest ] + coverity: + runs-on: ubuntu-22.04 + if: github.repository == 'OSGeo/grass' steps: - - name: Checkout Source - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Coverity Scan - uses: synopsys-sig/synopsys-action@cef5e38596faf5d2787bbff78a5d7255a9f7682b # v1.8.0 - with: - ### SCANNING: Required fields - coverity_url: ${{ secrets.COVERITY_URL }} # The URL to Coverity - coverity_user: ${{ secrets.COVERITY_USER }} # The user for the Coverity project - coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} # The password for the Coverity user - coverity_version: '2023.6.2' # The version for Coverity Scan + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Get dependencies + run: | + sudo apt-get update -y + sudo apt-get install -y wget git gawk findutils + xargs -a <(awk '! /^ *(#|$)/' ".github/workflows/apt.txt") -r -- \ + sudo apt-get install -y --no-install-recommends --no-install-suggests + - name: Create installation directory + run: | + mkdir $HOME/install + + - name: Download Coverity Build Tool + run: | + wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=grass" -O cov-analysis-linux64.tar.gz + mkdir cov-analysis-linux64 + tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 + env: + TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} + - name: Set number of cores for compilation + run: | + echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV + + - name: Set LD_LIBRARY_PATH for compilation + run: | + echo "LD_LIBRARY_PATH=$HOME/install/lib" >> $GITHUB_ENV + + - name: Print build environment variables + run: | + printenv | sort + gcc --version + ldd --version + - name: Build with cov-build + env: + CFLAGS: -fPIC -Wvla + CXXFLAGS: -fPIC + run: | + pwd + export PATH=`pwd`/cov-analysis-linux64/bin:$PATH + cov-build --dir cov-int .github/workflows/build_ubuntu-22.04_without_x.sh $HOME/install + - name: Submit to Coverity Scan + run: | + tar czvf grass.tgz cov-int + curl \ + --form project=grass \ + --form token=$TOKEN \ + --form email=$EMAIL \ + --form file=@grass.tgz \ + --form version=main \ + --form description="`git rev-parse --abbrev-ref HEAD` `git rev-parse --short HEAD`" \ + https://scan.coverity.com/builds?project=grass + env: + TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} + EMAIL: ${{ secrets.COVERITY_USER }} +