diff --git a/.github/workflows/scan_coverity.yml b/.github/workflows/scan_coverity.yml index 3c19682504d..09d6cc7e77e 100644 --- a/.github/workflows/scan_coverity.yml +++ b/.github/workflows/scan_coverity.yml @@ -10,31 +10,25 @@ on: COVERITY_SCAN_TOKEN: required: true -env: - GITHUB_REPO: pmem/pmdk - DOCKER_REPO: ghcr.io/pmem/pmdk - COVERITY_SCAN_NOTIFICATION_EMAIL: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }} - COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} - HOST_WORKDIR: /home/runner/work/pmdk/pmdk - WORKDIR: utils/docker - PMDK_CC: gcc - PMDK_CXX: g++ - VALGRIND: 1 - COVERITY: 1 - jobs: linux: name: Linux runs-on: ubuntu-latest - strategy: - matrix: - CONFIG: ["OS=ubuntu OS_VER=22.04"] + permissions: + contents: none steps: - name: Clone the git repo uses: actions/checkout@v3 - - name: Pull or rebuild the image - run: cd $WORKDIR && ${{ matrix.CONFIG }} ./pull-or-rebuild-image.sh + - name: Install dependencies + run: sudo apt-get -y install libndctl-dev libdaxctl-dev + + - name: Skip building doc + run: touch .skip-doc - - name: Run the build - run: cd $WORKDIR && ${{ matrix.CONFIG }} ./build-CI.sh + - name: Coverity scan + uses: vapier/coverity-scan-action@v1 + with: + email: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }} + token: ${{ secrets.COVERITY_SCAN_TOKEN }} + command: make -j all diff --git a/utils/docker/build-CI.sh b/utils/docker/build-CI.sh index 670411fd61c..75d9f3befc4 100755 --- a/utils/docker/build-CI.sh +++ b/utils/docker/build-CI.sh @@ -36,7 +36,6 @@ containerName=pmdk-${OS}-${OS_VER} if [[ $MAKE_PKG -eq 0 ]] ; then command="./run-build.sh"; fi if [[ $MAKE_PKG -eq 1 ]] ; then command="./run-build-package.sh"; fi if [[ $COVERAGE -eq 1 ]] ; then command="./run-coverage.sh"; fi -if [[ "$COVERITY" -eq 1 ]]; then command="./run-coverity.sh"; fi if [ -n "$DNS_SERVER" ]; then DNS_SETTING=" --dns=$DNS_SERVER "; fi if [[ -f $CI_FILE_SKIP_BUILD_PKG_CHECK ]]; then BUILD_PACKAGE_CHECK=n; else BUILD_PACKAGE_CHECK=y; fi @@ -86,8 +85,6 @@ docker run --rm --name=$containerName -i \ --env CI_BRANCH=$CI_BRANCH \ --env CI_EVENT_TYPE=$CI_EVENT_TYPE \ --env DOC_UPDATE_GITHUB_TOKEN=$DOC_UPDATE_GITHUB_TOKEN \ - --env COVERITY_SCAN_TOKEN=$COVERITY_SCAN_TOKEN \ - --env COVERITY_SCAN_NOTIFICATION_EMAIL=$COVERITY_SCAN_NOTIFICATION_EMAIL \ --env FAULT_INJECTION=$FAULT_INJECTION \ --env GITHUB_ACTIONS=$GITHUB_ACTIONS \ --env GITHUB_HEAD_REF=$GITHUB_HEAD_REF \ diff --git a/utils/docker/images/Dockerfile.ubuntu-22.04 b/utils/docker/images/Dockerfile.ubuntu-22.04 index 5ba5f0bad02..c63dd81a3e6 100644 --- a/utils/docker/images/Dockerfile.ubuntu-22.04 +++ b/utils/docker/images/Dockerfile.ubuntu-22.04 @@ -63,9 +63,6 @@ ENV PACKAGING_DEPS "debhelper \ # Codecov (coverage measurement) dependencies (optional) ENV CODECOV_DEPS curl perl -# Coverity (static analysis) dependencies (optional) -ENV COVERITY_DEPS ruby gcc g++ wget - # miscellaneous dependencies (mostly for CI) ENV MISC_DEPS "clang \ hub \ @@ -98,7 +95,6 @@ RUN apt-get update && apt-get dist-upgrade -y \ $TESTS_DEPS \ $PACKAGING_DEPS \ $CODECOV_DEPS \ - $COVERITY_DEPS \ $MISC_DEPS \ && ./install-valgrind.sh ubuntu \ && ./download-scripts.sh \ diff --git a/utils/docker/run-coverity.sh b/utils/docker/run-coverity.sh deleted file mode 100755 index 4206746d48a..00000000000 --- a/utils/docker/run-coverity.sh +++ /dev/null @@ -1,79 +0,0 @@ -#!/usr/bin/env bash -# SPDX-License-Identifier: BSD-3-Clause -# Copyright 2017-2023, Intel Corporation - -# -# run-coverity.sh - runs the Coverity scan build -# - -set -e - -if [[ "$CI_REPO_SLUG" != "$GITHUB_REPO" \ - && ( "$COVERITY_SCAN_NOTIFICATION_EMAIL" == "" \ - || "$COVERITY_SCAN_TOKEN" == "" ) ]]; then - echo - echo "Skipping Coverity build:"\ - "COVERITY_SCAN_TOKEN=\"$COVERITY_SCAN_TOKEN\" or"\ - "COVERITY_SCAN_NOTIFICATION_EMAIL="\ - "\"$COVERITY_SCAN_NOTIFICATION_EMAIL\" is not set" - exit 0 -fi - -# Prepare build environment -./prepare-for-build.sh - -CERT_FILE=/etc/ssl/certs/ca-certificates.crt -TEMP_CF=$(mktemp) -cp $CERT_FILE $TEMP_CF - -# Download Coverity certificate -echo -n | openssl s_client -connect scan.coverity.com:443 | \ - sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \ - tee -a $TEMP_CF - -echo $USERPASS | sudo -S mv $TEMP_CF $CERT_FILE - -export COVERITY_SCAN_PROJECT_NAME="$CI_REPO_SLUG" -[[ "$CI_EVENT_TYPE" == "cron" ]] \ - && export COVERITY_SCAN_BRANCH_PATTERN="master" \ - || export COVERITY_SCAN_BRANCH_PATTERN="coverity_scan" -export COVERITY_SCAN_BUILD_COMMAND="make -j$(nproc) all" - -cd $WORKDIR - -# -# Run the Coverity scan -# - -# The 'travisci_build_coverity_scan.sh' script requires the following -# environment variables to be set: -# - TRAVIS_BRANCH - has to contain the name of the current branch -# - TRAVIS_PULL_REQUEST - has to be set to 'true' in case of pull requests -# -export TRAVIS_BRANCH=${CI_BRANCH} -[ "${CI_EVENT_TYPE}" == "pull_request" ] && export TRAVIS_PULL_REQUEST="true" - -# XXX: Patch the Coverity script. -# Recently, this script regularly exits with an error, even though -# the build is successfully submitted. Probably because the status code -# is missing in response, or it's not 201. -# Changes: -# 1) change the expected status code to 200 and -# 2) print the full response string. -# -# This change should be reverted when the Coverity script is fixed. -# -# The previous version was: -# curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh | bash - -wget https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh -patch < utils/docker/0001-travis-fix-travisci_build_coverity_scan.sh.patch -bash ./travisci_build_coverity_scan.sh - -COVERITY_LOG_FILE=/pmdk/cov-int/scm_log.txt -if [ -f $COVERITY_LOG_FILE ]; then - echo "Coverity log file detected: $COVERITY_LOG_FILE" - cat $COVERITY_LOG_FILE -else - echo "Coverity log not found ($COVERITY_LOG_FILE)" -fi