Message ID | 782cf2b440313fcad0492ee352fa66d1a3534ac4.1695379323.git.gitgitgadget@gmail.com (mailing list archive) |
---|---|
State | Superseded |
Headers | show |
Series | Add a GitHub workflow to submit builds to Coverity Scan | expand |
On Fri, Sep 22, 2023 at 10:42:02AM +0000, Johannes Schindelin via GitGitGadget wrote: > From: Johannes Schindelin <johannes.schindelin@gmx.de> > > For completeness' sake, let's add support for submitting macOS builds to > Coverity Scan. I don't have any real problem with this, and it will check a few extra bits of platform-specific code not covered elsewhere. My big question would be: how much extra does this cost to run each time? I guess it is not too much (compared to regular CI); my coverity build job ran in 7 minutes, and that is including the download of the tool. -Peff
Hi Peff, On Sat, 23 Sep 2023, Jeff King wrote: > On Fri, Sep 22, 2023 at 10:42:02AM +0000, Johannes Schindelin via GitGitGadget wrote: > > > From: Johannes Schindelin <johannes.schindelin@gmx.de> > > > > For completeness' sake, let's add support for submitting macOS builds to > > Coverity Scan. > > I don't have any real problem with this, and it will check a few extra > bits of platform-specific code not covered elsewhere. Just to make sure: The patch series, as presented here, will only build on `ubuntu-latest` by default, unless that is specifically overridden in the repository variables of `git/git`. It makes most sense to me that way. > My big question would be: how much extra does this cost to run each > time? I linked the example runs in the cover letter, which record the runtimes of the `build with cov-build` step as: ubuntu-latest 5m20s windows-latest 17m40s macos-latest 1m59s But again, I don't see much sense building `git/git` for anything else than `ubuntu-latest`, at least for now. Ciao, Johannes
On Mon, Sep 25, 2023 at 01:52:52PM +0200, Johannes Schindelin wrote: > > > For completeness' sake, let's add support for submitting macOS builds to > > > Coverity Scan. > > > > I don't have any real problem with this, and it will check a few extra > > bits of platform-specific code not covered elsewhere. > > Just to make sure: The patch series, as presented here, will only build on > `ubuntu-latest` by default, unless that is specifically overridden in the > repository variables of `git/git`. It makes most sense to me that way. Yeah, that makes sense to me, too. But then I wondered why we have this macOS code if nobody is going to run it. On the other hand, maybe it eventually will come in handy, and you already did the work, and it is not hurting anybody in the meantime. -Peff
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 70ba3f97c18..ca51048ed9d 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -42,7 +42,7 @@ jobs: if: contains(matrix.os, 'windows') uses: git-for-windows/setup-git-for-windows-sdk@v1 - run: ci/install-dependencies.sh - if: contains(matrix.os, 'ubuntu') + if: contains(matrix.os, 'ubuntu') || contains(matrix.os, 'macos') env: runs_on_pool: ${{ matrix.os }} @@ -55,10 +55,17 @@ jobs: *windows*) COVERITY_PLATFORM=win64 COVERITY_TOOL_FILENAME=cov-analysis.zip + MAKEFLAGS=-j$(nproc) + ;; + *macos*) + COVERITY_PLATFORM=macOSX + COVERITY_TOOL_FILENAME=cov-analysis.dmg + MAKEFLAGS=-j$(sysctl -n hw.physicalcpu) ;; *ubuntu*) COVERITY_PLATFORM=linux64 COVERITY_TOOL_FILENAME=cov-analysis.tgz + MAKEFLAGS=-j$(nproc) ;; *) echo '::error::unhandled OS ${{ matrix.os }}' >&2 @@ -67,6 +74,7 @@ jobs: esac echo "COVERITY_PLATFORM=$COVERITY_PLATFORM" >>$GITHUB_ENV echo "COVERITY_TOOL_FILENAME=$COVERITY_TOOL_FILENAME" >>$GITHUB_ENV + echo "MAKEFLAGS=$MAKEFLAGS" >>$GITHUB_ENV MD5=$(curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \ --data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=$COVERITY_PROJECT&md5=1") echo "hash=$MD5" >>$GITHUB_OUTPUT @@ -94,6 +102,16 @@ jobs: mkdir $RUNNER_TEMP/cov-analysis && tar -xzf $RUNNER_TEMP/$COVERITY_TOOL_FILENAME --strip 1 -C $RUNNER_TEMP/cov-analysis ;; + *.dmg) + cd $RUNNER_TEMP && + attach="$(hdiutil attach $COVERITY_TOOL_FILENAME)" && + volume="$(echo "$attach" | cut -f 3 | grep /Volumes/)" && + mkdir cov-analysis && + cd cov-analysis && + sh "$volume"/cov-analysis-macosx-*.sh && + ls -l && + hdiutil detach "$volume" + ;; *.zip) cd $RUNNER_TEMP && mkdir cov-analysis-tmp && @@ -115,7 +133,7 @@ jobs: run: | export PATH="$RUNNER_TEMP/cov-analysis/bin:$PATH" && cov-configure --gcc && - cov-build --dir cov-int make -j$(nproc) + cov-build --dir cov-int make - name: package the build run: tar -czvf cov-int.tgz cov-int - name: submit the build to Coverity Scan