Skip to content

Coverity Scan

Coverity Scan #1024

Workflow file for this run

name: Coverity Scan
# Based on https://github.com/arcaneframework/alien/blob/main/.github/workflows/coverity.yml
on:
schedule:
- cron: '12 0 * * *' # Tous les jours à 00:12.
# A executer lorsque l'on demande.
workflow_dispatch:
jobs:
build:
# The CMake configure and build commands are platform agnostic and should work equally
# well on Windows or Mac. You can convert this to a matrix build if you need
# cross-platform coverage.
# See: https://docs.github.com/en/free-pro-team@latest/actions/learn-github-actions/managing-complex-workflows#using-a-build-matrix
name: ubuntu coverity
runs-on: ubuntu-latest
container:
image: ghcr.io/arcaneframework/ubuntu-2404:gcc-14_full_20240717
steps:
- name: Display CPU Infos
shell: bash
run: |
cat /proc/cpuinfo
- name: Set C++ compiler and default MPI
shell: bash
run: |
source /root/scripts/use_openmpi.sh
source /root/scripts/use_gcc-14.sh
- name: Checkout
uses: actions/checkout@v4
with:
submodules: true
- name: Configure CMake
shell: 'bash'
# Configure CMake in a 'build' subdirectory. `C MAKE_BUILD_TYPE` is only required if you are using a single-configuration generator such as make.
# See https://cmake.org/cmake/help/latest/variable/CMAKE_BUILD_TYPE.html?highlight=cmake_build_type
run: |
cmake \
-B build \
-DCMAKE_BUILD_TYPE=Release \
-DCMAKE_C_COMPILER=gcc \
-DCMAKE_CXX_COMPILER=g++ \
-DARCCORE_CXX_STANDARD=20 \
-DARCANE_DEFAULT_PARTITIONER=Metis \
-DARCANE_DISABLE_PERFCOUNTER_TESTS=ON \
-DCMAKE_DISABLE_FIND_PACKAGE_SWIG=ON
# Setting up ccache from github cached files
- name: Prepare coverity
id: coverity-hash
# Disabled for `act`
if: ${{ !env.ACT }}
env:
COV_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
run: |
mkdir coverity-tool
curl https://scan.coverity.com/download/linux64 -o coverity-tool/md5-new \
-s --data "token=$COV_TOKEN&project=arcaneframework%2Fframework&md5=1"
echo "m_md5=$(cat coverity-tool/md5-new)" >> $GITHUB_ENV
- name: Restore cached files
uses: actions/cache@v4
# Disabled for `act`
if: ${{ !env.ACT }}
with:
path: coverity-tool
key: coverity-linux-${{ env.m_md5 }}
- name: Set up coverity
shell: bash
env:
COV_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
run: |
if cmp -s coverity-tool/md5-new coverity-tool/md5 ; then
echo "running from cache"
else
curl --silent https://scan.coverity.com/download/linux64 \
--data "token=${COV_TOKEN}&project=arcaneframework%2Fframework" \
| tar xz -C coverity-tool --strip-components=1
fi
cp coverity-tool/md5-new coverity-tool/md5
- name: Build with coverity
shell: bash
# Build, using cov-build and cov-int directory as output (mandatory)
run: |
export PATH="${PWD}/coverity-tool/bin:${PATH}"
cov-build --dir cov-int make -C build -j $(nproc)
- name: Upload log artifact
uses: actions/upload-artifact@v4
with:
name: coverity-artifact
path: cov-int/build-log.txt
retention-days: 3
- name: Install jq
shell: bash
run: |
apt-get update
apt-get install -y jq
- name: Submit results to Coverity Scan
shell: bash
env:
COV_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COV_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
run: |
tar -czvf cov-int.tgz cov-int
du -sh cov-int.tgz
curl -X POST \
-d version="${{ github.sha }}" \
-d description="${{ github.repository }} / ${{ github.ref }}" \
-d email="$COV_EMAIL" \
-d token="$COV_TOKEN" \
-d file_name="cov-int.tgz" \
-o response \
https://scan.coverity.com/projects/24734/builds/init
echo "::add-mask::$(jq -r '.url' response)"
echo "::add-mask::$(jq -r '.build_id' response)"
upload_url=$(jq -r '.url' response)
build_id=$(jq -r '.build_id' response)
curl -X PUT \
--header 'Content-Type: application/json' \
--upload-file cov-int.tgz \
$upload_url
curl -X PUT \
-d token="$COV_TOKEN" \
https://scan.coverity.com/projects/24734/builds/$build_id/enqueue