Coverity Scan #1023
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Coverity Scan | |
# Based on https://github.com/arcaneframework/alien/blob/main/.github/workflows/coverity.yml | |
on: | |
schedule: | |
- cron: '12 0 * * *' # Tous les jours à 00:12. | |
# A executer lorsque l'on demande. | |
workflow_dispatch: | |
jobs: | |
build: | |
# The CMake configure and build commands are platform agnostic and should work equally | |
# well on Windows or Mac. You can convert this to a matrix build if you need | |
# cross-platform coverage. | |
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix | |
name: ubuntu coverity | |
runs-on: ubuntu-latest | |
container: | |
image: ghcr.io/arcaneframework/ubuntu-2404:gcc-14_full_20240717 | |
steps: | |
- name: Display CPU Infos | |
shell: bash | |
run: | | |
cat /proc/cpuinfo | |
- name: Set C++ compiler and default MPI | |
shell: bash | |
run: | | |
source /root/scripts/use_openmpi.sh | |
source /root/scripts/use_gcc-14.sh | |
- name: Checkout | |
uses: actions/checkout@v4 | |
with: | |
submodules: true | |
- name: Configure CMake | |
shell: 'bash' | |
# Configure CMake in a 'build' subdirectory. `C MAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make. | |
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type | |
run: | | |
cmake \ | |
-B build \ | |
-DCMAKE_BUILD_TYPE=Release \ | |
-DCMAKE_C_COMPILER=gcc \ | |
-DCMAKE_CXX_COMPILER=g++ \ | |
-DARCCORE_CXX_STANDARD=20 \ | |
-DARCANE_DEFAULT_PARTITIONER=Metis \ | |
-DARCANE_DISABLE_PERFCOUNTER_TESTS=ON \ | |
-DCMAKE_DISABLE_FIND_PACKAGE_SWIG=ON | |
# Setting up ccache from github cached files | |
- name: Prepare coverity | |
id: coverity-hash | |
# Disabled for `act` | |
if: ${{ !env.ACT }} | |
env: | |
COV_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
run: | | |
mkdir coverity-tool | |
curl https://scan.coverity.com/download/linux64 -o coverity-tool/md5-new \ | |
-s --data "token=$COV_TOKEN&project=arcaneframework%2Fframework&md5=1" | |
echo "m_md5=$(cat coverity-tool/md5-new)" >> $GITHUB_ENV | |
- name: Restore cached files | |
uses: actions/cache@v4 | |
# Disabled for `act` | |
if: ${{ !env.ACT }} | |
with: | |
path: coverity-tool | |
key: coverity-linux-${{ env.m_md5 }} | |
- name: Set up coverity | |
shell: bash | |
env: | |
COV_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
run: | | |
if cmp -s coverity-tool/md5-new coverity-tool/md5 ; then | |
echo "running from cache" | |
else | |
curl --silent https://scan.coverity.com/download/linux64 \ | |
--data "token=${COV_TOKEN}&project=arcaneframework%2Fframework" \ | |
| tar xz -C coverity-tool --strip-components=1 | |
fi | |
cp coverity-tool/md5-new coverity-tool/md5 | |
- name: Build with coverity | |
shell: bash | |
# Build, using cov-build and cov-int directory as output (mandatory) | |
run: | | |
export PATH="${PWD}/coverity-tool/bin:${PATH}" | |
cov-build --dir cov-int make -C build -j $(nproc) | |
- name: Upload log artifact | |
uses: actions/upload-artifact@v4 | |
with: | |
name: coverity-artifact | |
path: cov-int/build-log.txt | |
retention-days: 3 | |
- name: Install jq | |
shell: bash | |
run: | | |
apt-get update | |
apt-get install -y jq | |
- name: Submit results to Coverity Scan | |
shell: bash | |
env: | |
COV_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | |
COV_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }} | |
run: | | |
tar -czvf cov-int.tgz cov-int | |
du -sh cov-int.tgz | |
curl -X POST \ | |
-d version="${{ github.sha }}" \ | |
-d description="${{ github.repository }} / ${{ github.ref }}" \ | |
-d email="$COV_EMAIL" \ | |
-d token="$COV_TOKEN" \ | |
-d file_name="cov-int.tgz" \ | |
-o response \ | |
https://scan.coverity.com/projects/24734/builds/init | |
echo "::add-mask::$(jq -r '.url' response)" | |
echo "::add-mask::$(jq -r '.build_id' response)" | |
upload_url=$(jq -r '.url' response) | |
build_id=$(jq -r '.build_id' response) | |
curl -X PUT \ | |
--header 'Content-Type: application/json' \ | |
--upload-file cov-int.tgz \ | |
$upload_url | |
curl -X PUT \ | |
-d token="$COV_TOKEN" \ | |
https://scan.coverity.com/projects/24734/builds/$build_id/enqueue |