Skip to content

Commit 1fa2123

Browse files
committed
Switching to coverity en (server prod3)
1 parent 5b24007 commit 1fa2123

File tree

1 file changed

+45
-40
lines changed

1 file changed

+45
-40
lines changed

.github/workflows/coverity.yml

Lines changed: 45 additions & 40 deletions
Original file line numberDiff line numberDiff line change
@@ -86,19 +86,29 @@ jobs:
8686
submodules: recursive
8787

8888
- name: Download OpenVINO package
89-
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
89+
uses: actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
9090
with:
9191
name: ${{ needs.openvino_download.outputs.ov_artifact_name }}
9292
path: ${{ env.INSTALL_DIR }}
9393
merge-multiple: true
9494
- run: ls -l ${{ env.INSTALL_DIR }}
9595

96-
- name: Download coverity tool
96+
- name: Download & install coverity tool
9797
run: |
98-
wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SECRET_TOKEN }}&project=openvino-tokenizers" -O coverity_tool.tgz
99-
tar -I pigz -xf coverity_tool.tgz
100-
echo "ENV_COV_TOOL_DIR=$(tar -tzf coverity_tool.tgz | head -1 | cut -f1 -d'/')" >> $GITHUB_ENV
101-
rm coverity_tool.tgz
98+
wget https://ubit-artifactory-or.intel.com/artifactory/coverity-or-local/Enterprise/license.dat -O license.dat
99+
wget https://ubit-artifactory-or.intel.com/artifactory/coverity-or-local/Enterprise/cov-analysis-linux64-2024.6.1.sh -O cov-analysis-2024.6.1.sh
100+
chmod u+x cov-analysis-2024.6.1.sh
101+
./cov-analysis-2024.6.1.sh \
102+
-q \
103+
--installation.dir=${ENV_COV_TOOL_DIR} \
104+
--license.agreement=agree \
105+
--license.region=0 \
106+
--license.type.choice=0 \
107+
--license.cov.path=${ENV_COV_TOOL_DIR}/license.dat \
108+
--component.sdk=false \
109+
--component.skip.documentation=true
110+
rm cov-analysis-2024.6.1.sh
111+
export PATH=$PATH:${ENV_COV_TOOL_DIR}/bin/
102112
103113
- name: Create build.sh
104114
run: |
@@ -108,42 +118,45 @@ jobs:
108118
CMAKE_BUILD_PARALLEL_LEVEL=4 cmake --build ${{ env.BUILD_DIR }} --parallel --config ${BUILD_TYPE}
109119
""" > build.sh
110120
121+
- name: Create config file for coverity
122+
run: |
123+
cov-configure --template --compiler cc --comptype gcc --config coverity_config.xml
124+
cov-configure --template --compiler c++ --comptype g++ --config coverity_config.xml
125+
cov-configure --template --compiler python --comptype python --config coverity_config.xml
126+
cov-configure --template --compiler javascript --comptype javascript --config coverity_config.xml
127+
111128
- name: Build for coverity
112129
run: |
113130
source ${INSTALL_DIR}/setupvars.sh
114-
${ENV_COV_TOOL_DIR}/bin/cov-build --config ${ENV_COV_TOOL_DIR}/config/coverity_config.xml --tmpdir cov_temp --dir ${BUILD_DIR}/cov-int --fs-capture-search ${OPENVINO_TOKENIZERS_REPO} sh build.sh
131+
cov-build --config coverity_config.xml --tmpdir cov_temp --dir ${BUILD_DIR}/cov-int --fs-capture-search ${OPENVINO_TOKENIZERS_REPO} sh build.sh
115132
116-
- name: Pack for analysis submission
117-
run: tar -cvf - cov-int | pigz > openvino-tokenizers.tgz
118-
working-directory: ${{ env.BUILD_DIR }}
133+
- name: Coverity - exclude from analysis
134+
run: |
135+
cov-manage-emit --dir cov-int --tu-pattern "file('$INTEL_OPENVINO_DIR/.*')" delete
136+
137+
- name: Coverity - analyze
138+
run: |
139+
cov-analyze \
140+
--dir ${BUILD_DIR}/cov-int \
141+
--concurrency \
142+
--security \
143+
--rule --enable-constraint-fpp --enable-fnptr --enable-virtual --enable-default --webapp-security --enable-audit-checkers --enable-audit-mode \
144+
--strip-path ${{ env.OPENVINO_REPO }}
119145
120146
- name: Submit to coverity
121147
run: |
122-
apt-get update && apt-get install -y curl jq
123-
pushd ${BUILD_DIR}
124-
curl -X POST -d token=${{ secrets.COVERITY_SECRET_TOKEN }} \
125-
-d email=${{ secrets.COVERITY_USER }} \
126-
-d file_name="openvino-tokenizers.tgz" \
127-
-d version="${{ github.sha }}" \
128-
-d description="https://github.com/openvinotoolkit/openvino_tokenizers/actions/runs/${{ github.run_id }}" \
129-
https://scan.coverity.com/projects/30137/builds/init | tee response
130-
131-
upload_url=$(jq -r '.url' response)
132-
build_id=$(jq -r '.build_id' response)
133-
134-
curl -X PUT \
135-
--header 'Content-Type: application/json' \
136-
--upload-file openvino-tokenizers.tgz \
137-
$upload_url
138-
139-
curl -X PUT \
140-
-d token=${{ secrets.COVERITY_SECRET_TOKEN }} \
141-
https://scan.coverity.com/projects/30137/builds/$build_id/enqueue
142-
popd
148+
cov-commit-defects \
149+
--dir cov-int \
150+
--stream OpenVINO-master-stream \
151+
--url https://coverityent.devtools.intel.com/prod3 \
152+
--version "${{ github.sha }}" \
153+
--user <user> \
154+
--password <coverity> \
155+
--strip-path ${{ env.OPENVINO_REPO }} --noxrefs
143156
144157
- name: Show Coverity configure logs
145158
continue-on-error: true
146-
run: cov-analysis*/bin/cov-configure -c ${ENV_COV_TOOL_DIR}/config/coverity_config.xml -lscc text
159+
run: cov-configure -c ${ENV_COV_TOOL_DIR}/config/coverity_config.xml -lscc text
147160

148161
- name: Upload Coverity build log
149162
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@@ -152,11 +165,3 @@ jobs:
152165
name: coverity_logs
153166
path: ${{ env.BUILD_DIR }}/cov-int/build-log.txt
154167
if-no-files-found: 'error'
155-
156-
- name: Upload Coverity build archive
157-
uses: actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
158-
if: always()
159-
with:
160-
name: coverity_archive
161-
path: ${{ env.BUILD_DIR }}/openvino-tokenizers.tgz
162-
if-no-files-found: 'error'

0 commit comments

Comments
 (0)