Correctly set the coverity cache path (#162) #111
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Coverity Scan | |
| on: push | |
| jobs: | |
| verify: | |
| name: Verify Code | |
| runs-on: ubuntu-latest | |
| if: ${{ startsWith(github.repository, 'teragrep/') }} | |
| env: | |
| COVERITY: coverity_tool | |
| services: | |
| mariadb: | |
| image: mariadb:10.5 | |
| env: | |
| MYSQL_DB: pth_06 | |
| MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: true | |
| ports: | |
| - 3306:3306 | |
| options: --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3 | |
| steps: | |
| - uses: actions/checkout@v4 | |
| with: | |
| fetch-depth: 0 | |
| fetch-tags: true | |
| - name: Install jq | |
| run: sudo apt-get update && sudo apt-get install jq | |
| - name: Get version | |
| run: printf "RELEASE_VERSION=%q\n" "$(git describe --tags)" >> $GITHUB_ENV | |
| - name: Initialize MariaDB | |
| env: | |
| MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }} | |
| run: | | |
| echo "Creating databases" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE streamdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE journaldb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE bloomdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;" | |
| echo "Creating users" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on streamdb.* to streamdb@'%' identified by 'streamdb_pass';" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on journaldb.* to streamdb@'%' identified by 'streamdb_pass';" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on bloomdb.* to streamdb@'%' identified by 'streamdb_pass';" | |
| echo "Importing journaldb" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D journaldb < database/journaldb.sql | |
| echo "Importing streamdb" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D streamdb < database/streamdb.sql | |
| echo "Importing bloomdb" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D bloomdb < database/bloomdb.sql | |
| echo "Flushing privileges" | |
| mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "flush privileges;" | |
| - name: Set up JDK 8 | |
| uses: actions/setup-java@v4 | |
| with: | |
| java-version: '8' | |
| distribution: 'temurin' | |
| server-id: github | |
| settings-path: ${{ github.workspace }} | |
| - name: Cache local Maven repository | |
| uses: actions/cache@v4 | |
| with: | |
| path: ~/.m2/repository | |
| key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }} | |
| restore-keys: | | |
| ${{ runner.os }}-maven- | |
| - name: Generate sources | |
| run: mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= generate-sources | |
| env: | |
| MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }} | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Inject licenses to generated files | |
| run: bash add_headers_to_generated.sh | |
| - name: Test run | |
| run: mvn -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= verify | |
| env: | |
| MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }} | |
| GITHUB_TOKEN: ${{ github.token }} | |
| - name: Download Coverity distribution md5sum for cache key | |
| run: wget https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project_id=${{ vars.COVERITY_PROJECT_URL_ID }}&md5=1" -O coverity_tool.md5 | |
| - name: Cache pull Coverity distribution, extracted | |
| id: cache-pull-coverity-distribution | |
| uses: actions/cache@v4 | |
| with: | |
| path: ${RUNNER_TEMP}/${{ env.COVERITY }} | |
| key: ${{ runner.os }}-coverity-${{ hashFiles('coverity_tool.md5') }} | |
| - name: Remove coverity_tool.md5 file | |
| run: rm -f coverity_tool.md5 | |
| - name: Download and extract Coverity distribution if cache-miss | |
| if: steps.cache-pull-coverity-distribution.outputs.cache-hit != 'true' | |
| run: | | |
| wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project_id=${{ vars.COVERITY_PROJECT_URL_ID }}" -O ${RUNNER_TEMP}/${{ env.COVERITY }}.tgz | |
| mkdir -p ${RUNNER_TEMP}/${{ env.COVERITY }} | |
| tar zxf ${RUNNER_TEMP}/${{ env.COVERITY }}.tgz -C ${RUNNER_TEMP}/${{ env.COVERITY }} --strip-components 1 | |
| - name: Wait for Coverity analysis slot | |
| run: | | |
| while true; do | |
| curl -X POST -d version=${{ env.RELEASE_VERSION }} -d description="automated upload" -d email=${{ secrets.COVERITY_EMAIL }} -d token=${{ secrets.COVERITY_TOKEN }} -d file_name="${{ vars.COVERITY_PROJECT_URL_ID }}.tgz" https://scan.coverity.com/projects/${{ vars.COVERITY_PROJECT_URL_ID }}/builds/init -o ${RUNNER_TEMP}/response; | |
| if grep -q 'build submission quota' ${RUNNER_TEMP}/response; then | |
| cat ${RUNNER_TEMP}/response | |
| echo 'Giving up, submission quota met' | |
| exit 1 | |
| fi; | |
| if grep -q 'already in the queue' ${RUNNER_TEMP}/response; then | |
| cat ${RUNNER_TEMP}/response | |
| echo 'Waiting for 15 seconds and retrying' | |
| sleep 15 | |
| else | |
| break | |
| fi | |
| done | |
| - name: Compile Coverity | |
| run: | | |
| ${RUNNER_TEMP}/${{ env.COVERITY }}/bin/cov-build --dir ${RUNNER_TEMP}/cov-int mvn -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean verify | |
| tar czvf ${RUNNER_TEMP}/${{ vars.COVERITY_PROJECT_URL_ID }}.tgz ${RUNNER_TEMP}/cov-int | |
| - name: Prepare response url | |
| run: printf "RESPONSE_URL=%q\n" "$(jq -r '.url' ${RUNNER_TEMP}/response)" >> $GITHUB_ENV | |
| - name: Upload to Coverity | |
| run: | | |
| curl -X PUT --header 'Content-Type: application/json' --upload-file ${RUNNER_TEMP}/${{ vars.COVERITY_PROJECT_URL_ID }}.tgz ${{ env.RESPONSE_URL }} | |
| - name: Prepare build id | |
| run: printf "COVERITY_BUILD_ID=%q\n" "$(jq -r '.build_id' ${RUNNER_TEMP}/response)" >> $GITHUB_ENV | |
| - name: Build Coverity Submit URL | |
| run: printf 'COVERITY_SUBMIT_URL=%q/%s/builds/%s/enqueue' "https://scan.coverity.com/projects" "${{ vars.COVERITY_PROJECT_URL_ID }}" "${{ env.COVERITY_BUILD_ID }}" >> $GITHUB_ENV | |
| - name: Trigger Coverity analysis | |
| run: curl -X PUT -d token=${{ secrets.COVERITY_TOKEN }} ${{ env.COVERITY_SUBMIT_URL }} |