| Message ID | 20220218120042.32102-2-roger.pau@citrix.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | coverity: trigger scan as a github action | expand |
On 18/02/2022 12:00, Roger Pau Monne wrote: > Add a workflow that performs a build like it's done by osstest > Coverity flight and uploads the result to Coverity for analysis. The > build process is exactly the same as the one currently used in > osstest, and it's also run at the same time (bi-weekly). > > This has one big benefit over using osstest: we no longer have to care > about keeping the Coverity tools up to date in osstest. > > Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > --- > .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++ > 1 file changed, 35 insertions(+) > create mode 100644 .github/workflows/coverity.yml > > diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml > new file mode 100644 > index 0000000000..12fc9c782b > --- /dev/null > +++ b/.github/workflows/coverity.yml > @@ -0,0 +1,35 @@ > +name: Coverity Scan > + > +# We only want to test official release code, not every pull request. > +on: > + schedule: > + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC > + > +jobs: > + coverity: > + runs-on: ubuntu-latest > + steps: > + - name: Install build dependencies > + run: | > + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ > + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ > + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ > + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ > + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ > + ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \ > + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ > + libtool libfuse-dev liblzma-dev ninja-build \ > + kpartx python3-dev python3-pip golang python-dev libsystemd-dev We dropped gettext as a dependency a few releases ago, and we don't need python3-pip either. Can fix on commit. > + - uses: actions/checkout@v2 I think we want - uses: actions/checkout@v2 with: ref: staging Can also fix on commit. Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I can see that Coverity has done the right thing with this.) > + - name: Configure Xen > + run: | > + ./configure > + - name: Pre build stuff > + run: | > + make -C tools/firmware/etherboot all && make mini-os-dir > + - uses: vapier/coverity-scan-action@v1 > + with: > + command: make xen tools && make -C extras/mini-os/ > + project: XenProject > + email: ${{ secrets.COVERITY_SCAN_EMAIL }} > + token: ${{ secrets.COVERITY_SCAN_TOKEN }}
On 18/02/2022 12:21, Andrew Cooper wrote: > On 18/02/2022 12:00, Roger Pau Monne wrote: >> Add a workflow that performs a build like it's done by osstest >> Coverity flight and uploads the result to Coverity for analysis. The >> build process is exactly the same as the one currently used in >> osstest, and it's also run at the same time (bi-weekly). >> >> This has one big benefit over using osstest: we no longer have to care >> about keeping the Coverity tools up to date in osstest. >> >> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> >> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> >> --- >> .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++ >> 1 file changed, 35 insertions(+) >> create mode 100644 .github/workflows/coverity.yml >> >> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml >> new file mode 100644 >> index 0000000000..12fc9c782b >> --- /dev/null >> +++ b/.github/workflows/coverity.yml >> @@ -0,0 +1,35 @@ >> +name: Coverity Scan >> + >> +# We only want to test official release code, not every pull request. >> +on: >> + schedule: >> + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC >> + >> +jobs: >> + coverity: >> + runs-on: ubuntu-latest >> + steps: >> + - name: Install build dependencies >> + run: | >> + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ >> + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ >> + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ >> + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ >> + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ >> + ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \ >> + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ >> + libtool libfuse-dev liblzma-dev ninja-build \ >> + kpartx python3-dev python3-pip golang python-dev libsystemd-dev > We dropped gettext as a dependency a few releases ago, and we don't need > python3-pip either. Can fix on commit. > >> + - uses: actions/checkout@v2 > I think we want > > - uses: actions/checkout@v2 > with: > ref: staging > > Can also fix on commit. > > Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I > can see that Coverity has done the right thing with this.) > >> + - name: Configure Xen >> + run: | >> + ./configure On second thoughts, we can probably --disable-docs here, because it's just wasted processing time when all we care about is the C. ~Andrew
On Fri, Feb 18, 2022 at 12:21:34PM +0000, Andrew Cooper wrote: > On 18/02/2022 12:00, Roger Pau Monne wrote: > > Add a workflow that performs a build like it's done by osstest > > Coverity flight and uploads the result to Coverity for analysis. The > > build process is exactly the same as the one currently used in > > osstest, and it's also run at the same time (bi-weekly). > > > > This has one big benefit over using osstest: we no longer have to care > > about keeping the Coverity tools up to date in osstest. > > > > Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> > > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > > --- > > .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++ > > 1 file changed, 35 insertions(+) > > create mode 100644 .github/workflows/coverity.yml > > > > diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml > > new file mode 100644 > > index 0000000000..12fc9c782b > > --- /dev/null > > +++ b/.github/workflows/coverity.yml > > @@ -0,0 +1,35 @@ > > +name: Coverity Scan > > + > > +# We only want to test official release code, not every pull request. > > +on: > > + schedule: > > + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC > > + > > +jobs: > > + coverity: > > + runs-on: ubuntu-latest > > + steps: > > + - name: Install build dependencies > > + run: | > > + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ > > + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ > > + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ > > + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ > > + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ > > + ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \ > > + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ > > + libtool libfuse-dev liblzma-dev ninja-build \ > > + kpartx python3-dev python3-pip golang python-dev libsystemd-dev > > We dropped gettext as a dependency a few releases ago, and we don't need > python3-pip either. Can fix on commit. > > > + - uses: actions/checkout@v2 > > I think we want > > - uses: actions/checkout@v2 > with: > ref: staging I've assumed we wanted master as that at least functional per the testing done in osstest. But maybe it's indeed better to use staging in order to catch issues before they reach master. I'm fine with this. Thanks, Roger.
On 18/02/2022 12:27, Roger Pau Monne wrote: > On Fri, Feb 18, 2022 at 12:21:34PM +0000, Andrew Cooper wrote: >> On 18/02/2022 12:00, Roger Pau Monne wrote: >>> Add a workflow that performs a build like it's done by osstest >>> Coverity flight and uploads the result to Coverity for analysis. The >>> build process is exactly the same as the one currently used in >>> osstest, and it's also run at the same time (bi-weekly). >>> >>> This has one big benefit over using osstest: we no longer have to care >>> about keeping the Coverity tools up to date in osstest. >>> >>> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> >>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> >>> --- >>> .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++ >>> 1 file changed, 35 insertions(+) >>> create mode 100644 .github/workflows/coverity.yml >>> >>> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml >>> new file mode 100644 >>> index 0000000000..12fc9c782b >>> --- /dev/null >>> +++ b/.github/workflows/coverity.yml >>> @@ -0,0 +1,35 @@ >>> +name: Coverity Scan >>> + >>> +# We only want to test official release code, not every pull request. >>> +on: >>> + schedule: >>> + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC >>> + >>> +jobs: >>> + coverity: >>> + runs-on: ubuntu-latest >>> + steps: >>> + - name: Install build dependencies >>> + run: | >>> + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ >>> + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ >>> + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ >>> + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ >>> + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ >>> + ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \ >>> + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ >>> + libtool libfuse-dev liblzma-dev ninja-build \ >>> + kpartx python3-dev python3-pip golang python-dev libsystemd-dev >> We dropped gettext as a dependency a few releases ago, and we don't need >> python3-pip either. Can fix on commit. >> >>> + - uses: actions/checkout@v2 >> I think we want >> >> - uses: actions/checkout@v2 >> with: >> ref: staging > I've assumed we wanted master as that at least functional per the > testing done in osstest. But maybe it's indeed better to use staging > in order to catch issues before they reach master. IIRC, OSSTest has Coverity following smoke, but these days we're far better are not breaking the build now that Gitlab CI is in place. But it might be prudent to check that if the build fails, we don't submit a partial result to Coverity. The difference between staging and master is purely how early we get the report. ~Andrew
On Fri, Feb 18, 2022 at 12:23:47PM +0000, Andrew Cooper wrote: > On 18/02/2022 12:21, Andrew Cooper wrote: > > On 18/02/2022 12:00, Roger Pau Monne wrote: > >> Add a workflow that performs a build like it's done by osstest > >> Coverity flight and uploads the result to Coverity for analysis. The > >> build process is exactly the same as the one currently used in > >> osstest, and it's also run at the same time (bi-weekly). > >> > >> This has one big benefit over using osstest: we no longer have to care > >> about keeping the Coverity tools up to date in osstest. > >> > >> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> > >> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> > >> --- > >> .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++ > >> 1 file changed, 35 insertions(+) > >> create mode 100644 .github/workflows/coverity.yml > >> > >> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml > >> new file mode 100644 > >> index 0000000000..12fc9c782b > >> --- /dev/null > >> +++ b/.github/workflows/coverity.yml > >> @@ -0,0 +1,35 @@ > >> +name: Coverity Scan > >> + > >> +# We only want to test official release code, not every pull request. > >> +on: > >> + schedule: > >> + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC > >> + > >> +jobs: > >> + coverity: > >> + runs-on: ubuntu-latest > >> + steps: > >> + - name: Install build dependencies > >> + run: | > >> + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ > >> + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ > >> + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ > >> + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ > >> + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ > >> + ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \ > >> + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ > >> + libtool libfuse-dev liblzma-dev ninja-build \ > >> + kpartx python3-dev python3-pip golang python-dev libsystemd-dev > > We dropped gettext as a dependency a few releases ago, and we don't need > > python3-pip either. Can fix on commit. > > > >> + - uses: actions/checkout@v2 > > I think we want > > > > - uses: actions/checkout@v2 > > with: > > ref: staging > > > > Can also fix on commit. > > > > Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I > > can see that Coverity has done the right thing with this.) > > > >> + - name: Configure Xen > >> + run: | > >> + ./configure > > On second thoughts, we can probably --disable-docs here, because it's > just wasted processing time when all we care about is the C. We do not build the docs already, because the build command is `make xen tools`. Thanks, Roger.
Can someone please tell me how to remove my email account from this list? Thank you. On 2/18/22 07:36, Roger Pau Monné wrote: > On Fri, Feb 18, 2022 at 12:23:47PM +0000, Andrew Cooper wrote: >> On 18/02/2022 12:21, Andrew Cooper wrote: >>> On 18/02/2022 12:00, Roger Pau Monne wrote: >>>> Add a workflow that performs a build like it's done by osstest >>>> Coverity flight and uploads the result to Coverity for analysis. The >>>> build process is exactly the same as the one currently used in >>>> osstest, and it's also run at the same time (bi-weekly). >>>> >>>> This has one big benefit over using osstest: we no longer have to care >>>> about keeping the Coverity tools up to date in osstest. >>>> >>>> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> >>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> >>>> --- >>>> .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++ >>>> 1 file changed, 35 insertions(+) >>>> create mode 100644 .github/workflows/coverity.yml >>>> >>>> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml >>>> new file mode 100644 >>>> index 0000000000..12fc9c782b >>>> --- /dev/null >>>> +++ b/.github/workflows/coverity.yml >>>> @@ -0,0 +1,35 @@ >>>> +name: Coverity Scan >>>> + >>>> +# We only want to test official release code, not every pull request. >>>> +on: >>>> + schedule: >>>> + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC >>>> + >>>> +jobs: >>>> + coverity: >>>> + runs-on: ubuntu-latest >>>> + steps: >>>> + - name: Install build dependencies >>>> + run: | >>>> + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ >>>> + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ >>>> + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ >>>> + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ >>>> + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ >>>> + ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \ >>>> + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ >>>> + libtool libfuse-dev liblzma-dev ninja-build \ >>>> + kpartx python3-dev python3-pip golang python-dev libsystemd-dev >>> We dropped gettext as a dependency a few releases ago, and we don't need >>> python3-pip either. Can fix on commit. >>> >>>> + - uses: actions/checkout@v2 >>> I think we want >>> >>> - uses: actions/checkout@v2 >>> with: >>> ref: staging >>> >>> Can also fix on commit. >>> >>> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I >>> can see that Coverity has done the right thing with this.) >>> >>>> + - name: Configure Xen >>>> + run: | >>>> + ./configure >> On second thoughts, we can probably --disable-docs here, because it's >> just wasted processing time when all we care about is the C. > We do not build the docs already, because the build command is `make > xen tools`. > > Thanks, Roger. >
On 18/02/2022 13:38, Brian Olson wrote: > Can someone please tell me how to remove my email account from this > list? Thank you. Use https://lists.xenproject.org/mailman/listinfo/xen-devel to unsubscribe. ~Andrew
On 18/02/2022 13:36, Roger Pau Monne wrote: > On Fri, Feb 18, 2022 at 12:23:47PM +0000, Andrew Cooper wrote: >> On 18/02/2022 12:21, Andrew Cooper wrote: >>> On 18/02/2022 12:00, Roger Pau Monne wrote: >>>> Add a workflow that performs a build like it's done by osstest >>>> Coverity flight and uploads the result to Coverity for analysis. The >>>> build process is exactly the same as the one currently used in >>>> osstest, and it's also run at the same time (bi-weekly). >>>> >>>> This has one big benefit over using osstest: we no longer have to care >>>> about keeping the Coverity tools up to date in osstest. >>>> >>>> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> >>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> >>>> --- >>>> .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++ >>>> 1 file changed, 35 insertions(+) >>>> create mode 100644 .github/workflows/coverity.yml >>>> >>>> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml >>>> new file mode 100644 >>>> index 0000000000..12fc9c782b >>>> --- /dev/null >>>> +++ b/.github/workflows/coverity.yml >>>> @@ -0,0 +1,35 @@ >>>> +name: Coverity Scan >>>> + >>>> +# We only want to test official release code, not every pull request. >>>> +on: >>>> + schedule: >>>> + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC >>>> + >>>> +jobs: >>>> + coverity: >>>> + runs-on: ubuntu-latest >>>> + steps: >>>> + - name: Install build dependencies >>>> + run: | >>>> + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ >>>> + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ >>>> + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ >>>> + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ >>>> + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ >>>> + ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \ >>>> + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ >>>> + libtool libfuse-dev liblzma-dev ninja-build \ >>>> + kpartx python3-dev python3-pip golang python-dev libsystemd-dev >>> We dropped gettext as a dependency a few releases ago, and we don't need >>> python3-pip either. Can fix on commit. >>> >>>> + - uses: actions/checkout@v2 >>> I think we want >>> >>> - uses: actions/checkout@v2 >>> with: >>> ref: staging >>> >>> Can also fix on commit. >>> >>> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I >>> can see that Coverity has done the right thing with this.) >>> >>>> + - name: Configure Xen >>>> + run: | >>>> + ./configure >> On second thoughts, we can probably --disable-docs here, because it's >> just wasted processing time when all we care about is the C. > We do not build the docs already, because the build command is `make > xen tools`. > > Thanks, Roger. Good point. ~Andrew
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 0000000000..12fc9c782b --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,35 @@ +name: Coverity Scan + +# We only want to test official release code, not every pull request. +on: + schedule: + - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC + +jobs: + coverity: + runs-on: ubuntu-latest + steps: + - name: Install build dependencies + run: | + sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \ + iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \ + make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \ + libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \ + libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \ + ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \ + libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \ + libtool libfuse-dev liblzma-dev ninja-build \ + kpartx python3-dev python3-pip golang python-dev libsystemd-dev + - uses: actions/checkout@v2 + - name: Configure Xen + run: | + ./configure + - name: Pre build stuff + run: | + make -C tools/firmware/etherboot all && make mini-os-dir + - uses: vapier/coverity-scan-action@v1 + with: + command: make xen tools && make -C extras/mini-os/ + project: XenProject + email: ${{ secrets.COVERITY_SCAN_EMAIL }} + token: ${{ secrets.COVERITY_SCAN_TOKEN }}
Add a workflow that performs a build like it's done by osstest Coverity flight and uploads the result to Coverity for analysis. The build process is exactly the same as the one currently used in osstest, and it's also run at the same time (bi-weekly). This has one big benefit over using osstest: we no longer have to care about keeping the Coverity tools up to date in osstest. Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com> --- .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++ 1 file changed, 35 insertions(+) create mode 100644 .github/workflows/coverity.yml