-
Notifications
You must be signed in to change notification settings - Fork 7
144 lines (119 loc) · 6.13 KB
/
coverity.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
name: Coverity Scan
on: push
jobs:
verify:
name: Verify Code
runs-on: ubuntu-latest
if: ${{ startsWith(github.repository, 'teragrep/') }}
env:
COVERITY: coverity_tool
services:
mariadb:
image: mariadb:10.5
env:
MYSQL_DB: pth_06
MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: true
ports:
- 3306:3306
options: --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
- name: Install jq
run: sudo apt-get update && sudo apt-get install jq
- name: Get version
run: printf "RELEASE_VERSION=%q\n" "$(git describe --tags)" >> $GITHUB_ENV
- name: Initialize MariaDB
env:
MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }}
run: |
echo "Creating databases"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE streamdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE journaldb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE bloomdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
echo "Creating users"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on streamdb.* to streamdb@'%' identified by 'streamdb_pass';"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on journaldb.* to streamdb@'%' identified by 'streamdb_pass';"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on bloomdb.* to streamdb@'%' identified by 'streamdb_pass';"
echo "Importing journaldb"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D journaldb < database/journaldb.sql
echo "Importing streamdb"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D streamdb < database/streamdb.sql
echo "Importing bloomdb"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D bloomdb < database/bloomdb.sql
echo "Flushing privileges"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "flush privileges;"
- name: Set up JDK 8
uses: actions/setup-java@v4
with:
java-version: '8'
distribution: 'temurin'
server-id: github
settings-path: ${{ github.workspace }}
- name: Cache local Maven repository
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-maven-${{ hashFiles('**/pom.xml') }}
restore-keys: |
${{ runner.os }}-maven-
- name: Generate sources
run: mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= generate-sources
env:
MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }}
GITHUB_TOKEN: ${{ github.token }}
- name: Inject licenses to generated files
run: bash add_headers_to_generated.sh
- name: Test run
run: mvn -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= verify
env:
MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }}
GITHUB_TOKEN: ${{ github.token }}
- name: Download Coverity distribution md5sum for cache key
run: wget https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}&md5=1" -O coverity_tool.md5
- name: Cache pull Coverity distribution, extracted
id: cache-pull-coverity-distribution
uses: actions/cache@v4
with:
path: ${{ env.COVERITY }}
key: ${{ runner.os }}-coverity-${{ hashFiles('coverity_tool.md5') }}
- name: Download and extract Coverity distribution if cache-miss
if: steps.cache-pull-coverity-distribution.outputs.cache-hit != 'true'
run: |
wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}" -O ${{ env.COVERITY }}.tgz
mkdir -p ${{ env.COVERITY }}
tar zxf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1
- name: Wait for Coverity analysis slot
run: |
while true; do
curl -X POST -d version=${{ env.RELEASE_VERSION }} -d description="automated upload" -d email=${{ secrets.COVERITY_EMAIL }} -d token=${{ secrets.COVERITY_TOKEN }} -d file_name="${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz" https://scan.coverity.com/projects/${{ vars.COVERITY_PROJECT_URL_ID }}/builds/init -o response;
if grep -q 'build submission quota' response; then
cat response
echo 'Giving up, submission quota met'
exit 1
fi;
if grep -q 'already in the queue' response; then
cat response
echo 'Waiting for 15 seconds and retrying'
sleep 15
else
break
fi
done
- name: Compile Coverity
run: |
${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean verify
tar czvf ${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz cov-int
- name: Prepare response url
run: printf "RESPONSE_URL=%q\n" "$(jq -r '.url' response)" >> $GITHUB_ENV
- name: Upload to Coverity
run: |
curl -X PUT --header 'Content-Type: application/json' --upload-file ${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz ${{ env.RESPONSE_URL }}
- name: Prepare build id
run: printf "COVERITY_BUILD_ID=%q\n" "$(jq -r '.build_id' response)" >> $GITHUB_ENV
- name: Build Coverity Submit URL
run: printf 'COVERITY_SUBMIT_URL=%q/%s/builds/%s/enqueue' "https://scan.coverity.com/projects" "${{ vars.COVERITY_PROJECT_URL_ID }}" "${{ env.COVERITY_BUILD_ID }}" >> $GITHUB_ENV
- name: Trigger Coverity analysis
run: curl -X PUT -d token=${{ secrets.COVERITY_TOKEN }} ${{ env.COVERITY_SUBMIT_URL }}