From a13375344f4a1c1b9f3a4f4c32a1b892a144b91b Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sat, 6 Apr 2024 13:29:46 -0400 Subject: [PATCH 01/11] coverity: add in code for compiling GRASS --- .github/workflows/coverity.yml | 64 +++++++++++++++++++++++++++------- 1 file changed, 51 insertions(+), 13 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 32895e33e37..c8630114e9a 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -4,18 +4,56 @@ on: schedule: - cron: '48 5 * * *' # Run at 05:48 # Coverity will let GRASS do a scan a maximum of twice per day, so this schedule will help GRASS fit within that limit with some additional space for manual runs - +permissions: + contents: read jobs: - build: - runs-on: [ ubuntu-latest ] + coverity: + runs-on: ubuntu-22.04 + # if: github.repository == 'OSGeo/grass' TODO: uncomment this line when it is deployed steps: - - name: Checkout Source - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - - name: Coverity Scan - uses: synopsys-sig/synopsys-action@cef5e38596faf5d2787bbff78a5d7255a9f7682b # v1.8.0 - with: - ### SCANNING: Required fields - coverity_url: ${{ secrets.COVERITY_URL }} # The URL to Coverity - coverity_user: ${{ secrets.COVERITY_USER }} # The user for the Coverity project - coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} # The password for the Coverity user - coverity_version: '2023.6.2' # The version for Coverity Scan + - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + + - name: Get dependencies + run: | + sudo apt-get update -y + sudo apt-get install -y wget git gawk findutils + xargs -a <(awk '! /^ *(#|$)/' ".github/workflows/apt.txt") -r -- \ + sudo apt-get install -y --no-install-recommends --no-install-suggests + - name: Create installation directory + run: | + mkdir $HOME/install + + - name: Set number of cores for compilation + run: | + echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV + + - name: Set LD_LIBRARY_PATH for compilation + run: | + echo "LD_LIBRARY_PATH=$HOME/install/lib" >> $GITHUB_ENV + + - name: Print build environment variables + run: | + printenv | sort + gcc --version + ldd --version + - name: Build + env: + # TODO: -pedantic-errors here won't go through ./configure (with GNU C) + CFLAGS: -fPIC -Wvla + # TODO: -pedantic-errors here won't compile + CXXFLAGS: -fPIC + run: .github/workflows/build_ubuntu-22.04_without_x.sh $HOME/install -Werror + + # build: + # runs-on: [ ubuntu-latest ] + # steps: + # - name: Checkout Source + # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 + # - name: Coverity Scan + # uses: synopsys-sig/synopsys-action@cef5e38596faf5d2787bbff78a5d7255a9f7682b # v1.8.0 + # with: + # ### SCANNING: Required fields + # coverity_url: ${{ secrets.COVERITY_URL }} # The URL to Coverity + # coverity_user: ${{ secrets.COVERITY_USER }} # The user for the Coverity project + # coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} # The password for the Coverity user + # coverity_version: '2023.6.2' From 6e26a84d3f2d962cbd33e03fe5477a6560045b8f Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sat, 6 Apr 2024 13:54:18 -0400 Subject: [PATCH 02/11] coverity: add in getting coverity tool and building with coverity --- .github/workflows/coverity.yml | 48 +++++++++++++++++++++------------- 1 file changed, 30 insertions(+), 18 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index c8630114e9a..78ffc1f1d09 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -6,10 +6,12 @@ on: # Coverity will let GRASS do a scan a maximum of twice per day, so this schedule will help GRASS fit within that limit with some additional space for manual runs permissions: contents: read + # action based off of https://github.com/OSGeo/PROJ/blob/905c9a6c2da3dc6b7aa2c89d3ab78d9d1a9cd070/.github/workflows/coverity-scan.yml + # and https://github.com/OSGeo/grass/blob/2aa98a166d8f50aa1491908401205962fa1d70fb/.github/workflows/ubuntu.yml jobs: coverity: runs-on: ubuntu-22.04 - # if: github.repository == 'OSGeo/grass' TODO: uncomment this line when it is deployed + if: github.repository == 'OSGeo/grass' # make sure that it only runs for GRASS steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 @@ -22,7 +24,14 @@ jobs: - name: Create installation directory run: | mkdir $HOME/install - + + - name: Download Coverity Build Tool + run: | + wget -q https://scan.coverity.com/download/cxx/linux64 --post-data "token=$TOKEN&project=grass" -O cov-analysis-linux64.tar.gz + mkdir cov-analysis-linux64 + tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 + env: + TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} # this is the token that admins use to upload builds - name: Set number of cores for compilation run: | echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV @@ -36,24 +45,27 @@ jobs: printenv | sort gcc --version ldd --version - - name: Build + - name: Build with cov-build env: # TODO: -pedantic-errors here won't go through ./configure (with GNU C) CFLAGS: -fPIC -Wvla # TODO: -pedantic-errors here won't compile CXXFLAGS: -fPIC - run: .github/workflows/build_ubuntu-22.04_without_x.sh $HOME/install -Werror - - # build: - # runs-on: [ ubuntu-latest ] - # steps: - # - name: Checkout Source - # uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 - # - name: Coverity Scan - # uses: synopsys-sig/synopsys-action@cef5e38596faf5d2787bbff78a5d7255a9f7682b # v1.8.0 - # with: - # ### SCANNING: Required fields - # coverity_url: ${{ secrets.COVERITY_URL }} # The URL to Coverity - # coverity_user: ${{ secrets.COVERITY_USER }} # The user for the Coverity project - # coverity_passphrase: ${{ secrets.COVERITY_PASSPHRASE }} # The password for the Coverity user - # coverity_version: '2023.6.2' + run: | + pwd + export PATH=`pwd`/cov-analysis-linux64/bin:$PATH + cov-build --dir cov-int .github/workflows/build_ubuntu-22.04_without_x.sh $HOME/install -Werror + - name: Submit to Coverity Scan + run: | + tar czvf proj.tgz cov-int + curl \ + --form project=grass \ + --form token=$TOKEN \ + --form email=wenzeslaus@gmail.com \ + --form file=@proj.tgz \ + --form version=master \ + --form description="`git rev-parse --abbrev-ref HEAD` `git rev-parse --short HEAD`" \ + https://scan.coverity.com/builds?project=grass + env: + TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} + From 5dda89d462464a902341e3ec6d7b620f799c1704 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sun, 7 Apr 2024 23:21:39 -0400 Subject: [PATCH 03/11] coverity: remove fail on warnings Co-authored-by: Nicklas Larsson --- .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 78ffc1f1d09..eb147c044f4 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -54,7 +54,7 @@ jobs: run: | pwd export PATH=`pwd`/cov-analysis-linux64/bin:$PATH - cov-build --dir cov-int .github/workflows/build_ubuntu-22.04_without_x.sh $HOME/install -Werror + cov-build --dir cov-int .github/workflows/build_ubuntu-22.04_without_x.sh $HOME/install - name: Submit to Coverity Scan run: | tar czvf proj.tgz cov-int From 5f482180486aedee742f0573edb5d75985dd4724 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sun, 7 Apr 2024 23:22:15 -0400 Subject: [PATCH 04/11] coverity: update tar file name Co-authored-by: Nicklas Larsson --- .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index eb147c044f4..0ed7f5b2eed 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -57,7 +57,7 @@ jobs: cov-build --dir cov-int .github/workflows/build_ubuntu-22.04_without_x.sh $HOME/install - name: Submit to Coverity Scan run: | - tar czvf proj.tgz cov-int + tar czvf grass.tgz cov-int curl \ --form project=grass \ --form token=$TOKEN \ From 3ff3ec9d74a76e0309a3c4f853e06f5be1508475 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sun, 7 Apr 2024 23:22:55 -0400 Subject: [PATCH 05/11] coverity: update name to match tar file Co-authored-by: Nicklas Larsson --- .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 0ed7f5b2eed..5d97bddc3b7 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -62,7 +62,7 @@ jobs: --form project=grass \ --form token=$TOKEN \ --form email=wenzeslaus@gmail.com \ - --form file=@proj.tgz \ + --form file=@grass.tgz \ --form version=master \ --form description="`git rev-parse --abbrev-ref HEAD` `git rev-parse --short HEAD`" \ https://scan.coverity.com/builds?project=grass From 8579a0309bb2814faa1a79238e89d225e4be4a75 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sun, 7 Apr 2024 23:24:15 -0400 Subject: [PATCH 06/11] coverity: remove unnecessary comment Co-authored-by: Nicklas Larsson --- .github/workflows/coverity.yml | 1 - 1 file changed, 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 5d97bddc3b7..2258e75edef 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -7,7 +7,6 @@ on: permissions: contents: read # action based off of https://github.com/OSGeo/PROJ/blob/905c9a6c2da3dc6b7aa2c89d3ab78d9d1a9cd070/.github/workflows/coverity-scan.yml - # and https://github.com/OSGeo/grass/blob/2aa98a166d8f50aa1491908401205962fa1d70fb/.github/workflows/ubuntu.yml jobs: coverity: runs-on: ubuntu-22.04 From 09fd804dd520717bb8997609bcc738bd9cc6f354 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sun, 7 Apr 2024 23:25:00 -0400 Subject: [PATCH 07/11] coverity: remove unnecessary comment Co-authored-by: Nicklas Larsson --- .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 2258e75edef..7c30879e343 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -30,7 +30,7 @@ jobs: mkdir cov-analysis-linux64 tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64 env: - TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} # this is the token that admins use to upload builds + TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} - name: Set number of cores for compilation run: | echo "MAKEFLAGS=-j$(nproc)" >> $GITHUB_ENV From 6a8a9c535ece98e2882bc16ef688a495e7567769 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sun, 7 Apr 2024 23:26:17 -0400 Subject: [PATCH 08/11] coverity: remove unnecessary comment Co-authored-by: Nicklas Larsson --- .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 7c30879e343..f1fb7392103 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -10,7 +10,7 @@ permissions: jobs: coverity: runs-on: ubuntu-22.04 - if: github.repository == 'OSGeo/grass' # make sure that it only runs for GRASS + if: github.repository == 'OSGeo/grass' steps: - uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 From 98fe4086b75958ffc6a61c10b9c2c49bbfb079d1 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Sun, 7 Apr 2024 23:26:33 -0400 Subject: [PATCH 09/11] coverity: remove unnecessary comment Co-authored-by: Nicklas Larsson --- .github/workflows/coverity.yml | 2 -- 1 file changed, 2 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index f1fb7392103..2b772174d85 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -46,9 +46,7 @@ jobs: ldd --version - name: Build with cov-build env: - # TODO: -pedantic-errors here won't go through ./configure (with GNU C) CFLAGS: -fPIC -Wvla - # TODO: -pedantic-errors here won't compile CXXFLAGS: -fPIC run: | pwd From b9018676dd3e0a186c2950d55460f0ea1672c0e9 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Mon, 8 Apr 2024 16:34:55 -0400 Subject: [PATCH 10/11] coverity: use email from secrets --- .github/workflows/coverity.yml | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 2b772174d85..a570c0d8ffa 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -58,11 +58,12 @@ jobs: curl \ --form project=grass \ --form token=$TOKEN \ - --form email=wenzeslaus@gmail.com \ + --form email=$EMAIL \ --form file=@grass.tgz \ --form version=master \ --form description="`git rev-parse --abbrev-ref HEAD` `git rev-parse --short HEAD`" \ https://scan.coverity.com/builds?project=grass env: TOKEN: ${{ secrets.COVERITY_PASSPHRASE }} + EMAIL: ${{ secrets.COVERITY_USER }} From dcd612df84f7b9ed90ea1c1bacc600a7fdf0e481 Mon Sep 17 00:00:00 2001 From: Jaden Abrams <96440993+jadenabrams100@users.noreply.github.com> Date: Mon, 8 Apr 2024 16:36:32 -0400 Subject: [PATCH 11/11] coverity: update branch name --- .github/workflows/coverity.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index a570c0d8ffa..577e7cdd86e 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -60,7 +60,7 @@ jobs: --form token=$TOKEN \ --form email=$EMAIL \ --form file=@grass.tgz \ - --form version=master \ + --form version=main \ --form description="`git rev-parse --abbrev-ref HEAD` `git rev-parse --short HEAD`" \ https://scan.coverity.com/builds?project=grass env: