@@ -86,19 +86,29 @@ jobs:
86
86
submodules : recursive
87
87
88
88
- name : Download OpenVINO package
89
- uses : actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
89
+ uses : actions/download-artifact@d3f86a106a0bac45b974a628896c90dbdf5c8093 # v4.3.0
90
90
with :
91
91
name : ${{ needs.openvino_download.outputs.ov_artifact_name }}
92
92
path : ${{ env.INSTALL_DIR }}
93
93
merge-multiple : true
94
94
- run : ls -l ${{ env.INSTALL_DIR }}
95
95
96
- - name : Download coverity tool
96
+ - name : Download & install coverity tool
97
97
run : |
98
- wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SECRET_TOKEN }}&project=openvino-tokenizers" -O coverity_tool.tgz
99
- tar -I pigz -xf coverity_tool.tgz
100
- echo "ENV_COV_TOOL_DIR=$(tar -tzf coverity_tool.tgz | head -1 | cut -f1 -d'/')" >> $GITHUB_ENV
101
- rm coverity_tool.tgz
98
+ wget https://ubit-artifactory-or.intel.com/artifactory/coverity-or-local/Enterprise/license.dat -O license.dat
99
+ wget https://ubit-artifactory-or.intel.com/artifactory/coverity-or-local/Enterprise/cov-analysis-linux64-2024.6.1.sh -O cov-analysis-2024.6.1.sh
100
+ chmod u+x cov-analysis-2024.6.1.sh
101
+ ./cov-analysis-2024.6.1.sh \
102
+ -q \
103
+ --installation.dir=${ENV_COV_TOOL_DIR} \
104
+ --license.agreement=agree \
105
+ --license.region=0 \
106
+ --license.type.choice=0 \
107
+ --license.cov.path=${ENV_COV_TOOL_DIR}/license.dat \
108
+ --component.sdk=false \
109
+ --component.skip.documentation=true
110
+ rm cov-analysis-2024.6.1.sh
111
+ export PATH=$PATH:${ENV_COV_TOOL_DIR}/bin/
102
112
103
113
- name : Create build.sh
104
114
run : |
@@ -108,42 +118,45 @@ jobs:
108
118
CMAKE_BUILD_PARALLEL_LEVEL=4 cmake --build ${{ env.BUILD_DIR }} --parallel --config ${BUILD_TYPE}
109
119
""" > build.sh
110
120
121
+ - name : Create config file for coverity
122
+ run : |
123
+ cov-configure --template --compiler cc --comptype gcc --config coverity_config.xml
124
+ cov-configure --template --compiler c++ --comptype g++ --config coverity_config.xml
125
+ cov-configure --template --compiler python --comptype python --config coverity_config.xml
126
+ cov-configure --template --compiler javascript --comptype javascript --config coverity_config.xml
127
+
111
128
- name : Build for coverity
112
129
run : |
113
130
source ${INSTALL_DIR}/setupvars.sh
114
- ${ENV_COV_TOOL_DIR}/bin/ cov-build --config ${ENV_COV_TOOL_DIR}/config/ coverity_config.xml --tmpdir cov_temp --dir ${BUILD_DIR}/cov-int --fs-capture-search ${OPENVINO_TOKENIZERS_REPO} sh build.sh
131
+ cov-build --config coverity_config.xml --tmpdir cov_temp --dir ${BUILD_DIR}/cov-int --fs-capture-search ${OPENVINO_TOKENIZERS_REPO} sh build.sh
115
132
116
- - name : Pack for analysis submission
117
- run : tar -cvf - cov-int | pigz > openvino-tokenizers.tgz
118
- working-directory : ${{ env.BUILD_DIR }}
133
+ - name : Coverity - exclude from analysis
134
+ run : |
135
+ cov-manage-emit --dir cov-int --tu-pattern "file('$INTEL_OPENVINO_DIR/.*')" delete
136
+
137
+ - name : Coverity - analyze
138
+ run : |
139
+ cov-analyze \
140
+ --dir ${BUILD_DIR}/cov-int \
141
+ --concurrency \
142
+ --security \
143
+ --rule --enable-constraint-fpp --enable-fnptr --enable-virtual --enable-default --webapp-security --enable-audit-checkers --enable-audit-mode \
144
+ --strip-path ${{ env.OPENVINO_REPO }}
119
145
120
146
- name : Submit to coverity
121
147
run : |
122
- apt-get update && apt-get install -y curl jq
123
- pushd ${BUILD_DIR}
124
- curl -X POST -d token=${{ secrets.COVERITY_SECRET_TOKEN }} \
125
- -d email=${{ secrets.COVERITY_USER }} \
126
- -d file_name="openvino-tokenizers.tgz" \
127
- -d version="${{ github.sha }}" \
128
- -d description="https://github.com/openvinotoolkit/openvino_tokenizers/actions/runs/${{ github.run_id }}" \
129
- https://scan.coverity.com/projects/30137/builds/init | tee response
130
-
131
- upload_url=$(jq -r '.url' response)
132
- build_id=$(jq -r '.build_id' response)
133
-
134
- curl -X PUT \
135
- --header 'Content-Type: application/json' \
136
- --upload-file openvino-tokenizers.tgz \
137
- $upload_url
138
-
139
- curl -X PUT \
140
- -d token=${{ secrets.COVERITY_SECRET_TOKEN }} \
141
- https://scan.coverity.com/projects/30137/builds/$build_id/enqueue
142
- popd
148
+ cov-commit-defects \
149
+ --dir cov-int \
150
+ --stream OpenVINO-master-stream \
151
+ --url https://coverityent.devtools.intel.com/prod3 \
152
+ --version "${{ github.sha }}" \
153
+ --user <user> \
154
+ --password <coverity> \
155
+ --strip-path ${{ env.OPENVINO_REPO }} --noxrefs
143
156
144
157
- name : Show Coverity configure logs
145
158
continue-on-error : true
146
- run : cov-analysis*/bin/cov- configure -c ${ENV_COV_TOOL_DIR}/config/coverity_config.xml -lscc text
159
+ run : cov-configure -c ${ENV_COV_TOOL_DIR}/config/coverity_config.xml -lscc text
147
160
148
161
- name : Upload Coverity build log
149
162
uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
@@ -152,11 +165,3 @@ jobs:
152
165
name : coverity_logs
153
166
path : ${{ env.BUILD_DIR }}/cov-int/build-log.txt
154
167
if-no-files-found : ' error'
155
-
156
- - name : Upload Coverity build archive
157
- uses : actions/upload-artifact@ea165f8d65b6e75b540449e92b4886f43607fa02 # v4.6.2
158
- if : always()
159
- with :
160
- name : coverity_archive
161
- path : ${{ env.BUILD_DIR }}/openvino-tokenizers.tgz
162
- if-no-files-found : ' error'
0 commit comments