| Message ID | 20220321135828.3158-1-andrew.cooper3@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | CI: Don't run Coverity on forks | expand |
On Mon, Mar 21, 2022 at 01:58:28PM +0000, Andrew Cooper wrote: > By default, workflows run in all forks, but the Coverity token is specific to > us, causing all other runs to fail. > > Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> Acked-by: Roger Pau Monné <roger.pau@citrix.com> Albeit I have a suggestion to make this more useful I think > --- > CC: Roger Pau Monné <roger.pau@citrix.com> > CC: George Dunlap <George.Dunlap@eu.citrix.com> > CC: Jan Beulich <JBeulich@suse.com> > CC: Stefano Stabellini <sstabellini@kernel.org> > CC: Wei Liu <wl@xen.org> > CC: Julien Grall <julien@xen.org> > --- > .github/workflows/coverity.yml | 1 + > 1 file changed, 1 insertion(+) > > diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml > index 427fb86f947f..f613f9ed3652 100644 > --- a/.github/workflows/coverity.yml > +++ b/.github/workflows/coverity.yml > @@ -8,6 +8,7 @@ on: > > jobs: > coverity: > + if: github.repository_owner == 'xen-project' Since I don't know anything else similar, why not make this a secret, ie: ${{ secrets.RUN_COVERITY_SCAN }}? So that people could decide to enable coverity on their own repos if desired. We would also need to introduce a ${{ secrets.COVERITY_SCAN_PROJECT }} To allow setting a different project name. Thanks, Roger.
On 21/03/2022 15:04, Roger Pau Monné wrote: > On Mon, Mar 21, 2022 at 01:58:28PM +0000, Andrew Cooper wrote: >> By default, workflows run in all forks, but the Coverity token is specific to >> us, causing all other runs to fail. >> >> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> > Acked-by: Roger Pau Monné <roger.pau@citrix.com> > > Albeit I have a suggestion to make this more useful I think > >> --- >> CC: Roger Pau Monné <roger.pau@citrix.com> >> CC: George Dunlap <George.Dunlap@eu.citrix.com> >> CC: Jan Beulich <JBeulich@suse.com> >> CC: Stefano Stabellini <sstabellini@kernel.org> >> CC: Wei Liu <wl@xen.org> >> CC: Julien Grall <julien@xen.org> >> --- >> .github/workflows/coverity.yml | 1 + >> 1 file changed, 1 insertion(+) >> >> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml >> index 427fb86f947f..f613f9ed3652 100644 >> --- a/.github/workflows/coverity.yml >> +++ b/.github/workflows/coverity.yml >> @@ -8,6 +8,7 @@ on: >> >> jobs: >> coverity: >> + if: github.repository_owner == 'xen-project' > Since I don't know anything else similar, why not make this a secret, > ie: ${{ secrets.RUN_COVERITY_SCAN }}? So that people could decide to > enable coverity on their own repos if desired. > > We would also need to introduce a ${{ secrets.COVERITY_SCAN_PROJECT }} > > To allow setting a different project name. We wouldn't need a secret here. We could do it on on the existence of the PROJECT field. But if we're doing this, then we also need to make the branch selectable too via the same mechanism. ~Andrew
On Wed, Mar 23, 2022 at 11:19:50AM +0000, Andrew Cooper wrote: > On 21/03/2022 15:04, Roger Pau Monné wrote: > > On Mon, Mar 21, 2022 at 01:58:28PM +0000, Andrew Cooper wrote: > >> By default, workflows run in all forks, but the Coverity token is specific to > >> us, causing all other runs to fail. > >> > >> Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> > > Acked-by: Roger Pau Monné <roger.pau@citrix.com> > > > > Albeit I have a suggestion to make this more useful I think > > > >> --- > >> CC: Roger Pau Monné <roger.pau@citrix.com> > >> CC: George Dunlap <George.Dunlap@eu.citrix.com> > >> CC: Jan Beulich <JBeulich@suse.com> > >> CC: Stefano Stabellini <sstabellini@kernel.org> > >> CC: Wei Liu <wl@xen.org> > >> CC: Julien Grall <julien@xen.org> > >> --- > >> .github/workflows/coverity.yml | 1 + > >> 1 file changed, 1 insertion(+) > >> > >> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml > >> index 427fb86f947f..f613f9ed3652 100644 > >> --- a/.github/workflows/coverity.yml > >> +++ b/.github/workflows/coverity.yml > >> @@ -8,6 +8,7 @@ on: > >> > >> jobs: > >> coverity: > >> + if: github.repository_owner == 'xen-project' > > Since I don't know anything else similar, why not make this a secret, > > ie: ${{ secrets.RUN_COVERITY_SCAN }}? So that people could decide to > > enable coverity on their own repos if desired. > > > > We would also need to introduce a ${{ secrets.COVERITY_SCAN_PROJECT }} > > > > To allow setting a different project name. > > We wouldn't need a secret here. We could do it on on the existence of > the PROJECT field. > > But if we're doing this, then we also need to make the branch selectable > too via the same mechanism. Sure, that would be better. Those don't need to be secrets, but I don't know another way to store such data in a github project. Thanks, Roger.
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 427fb86f947f..f613f9ed3652 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -8,6 +8,7 @@ on: jobs: coverity: + if: github.repository_owner == 'xen-project' runs-on: ubuntu-latest steps: - name: Install build dependencies
By default, workflows run in all forks, but the Coverity token is specific to us, causing all other runs to fail. Signed-off-by: Andrew Cooper <andrew.cooper3@citrix.com> --- CC: Roger Pau Monné <roger.pau@citrix.com> CC: George Dunlap <George.Dunlap@eu.citrix.com> CC: Jan Beulich <JBeulich@suse.com> CC: Stefano Stabellini <sstabellini@kernel.org> CC: Wei Liu <wl@xen.org> CC: Julien Grall <julien@xen.org> --- .github/workflows/coverity.yml | 1 + 1 file changed, 1 insertion(+)