Coverity (Ubuntu 20.04, Python 3.11) #233
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Coverity (Ubuntu 20.04, Python 3.11) | |
on: | |
workflow_dispatch: | |
inputs: | |
openvinoRef: | |
description: 'Branch, tag or commit hash to clone openvino from. Taken from event context if not set' | |
type: string | |
openvinoContribRef: | |
description: 'Branch, tag or commit hash to clone openvino_contrib from. Taken from event context if not set' | |
type: string | |
schedule: | |
# run daily at 00:00 | |
- cron: '0 0 * * *' | |
concurrency: | |
# github.ref is not unique in post-commit | |
group: ${{ github.event_name == 'push' && github.run_id || github.ref }}-linux-coverity | |
cancel-in-progress: true | |
permissions: read-all | |
env: | |
PIP_CACHE_PATH: /mount/caches/pip/linux | |
PYTHON_VERSION: '3.11' | |
TARGET_BRANCH: ${{ github.base_ref || github.event.merge_group.base_ref || github.ref }} | |
jobs: | |
Smart_CI: | |
runs-on: ubuntu-latest | |
outputs: | |
affected_components: "${{ steps.smart_ci.outputs.affected_components }}" | |
changed_components: "${{ steps.smart_ci.outputs.changed_components }}" | |
skip_workflow: "${{ steps.smart_ci.outputs.skip_workflow }}" | |
steps: | |
- name: checkout action | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
sparse-checkout: .github/actions/smart-ci | |
- name: Get affected components | |
id: smart_ci | |
uses: ./.github/actions/smart-ci | |
with: | |
repository: ${{ github.repository }} | |
pr: ${{ github.event.number }} | |
commit_sha: ${{ github.sha }} | |
ref_name: ${{ github.ref_name }} | |
component_pattern: "category: (.*)" | |
repo_token: ${{ secrets.GITHUB_TOKEN }} | |
skip_when_only_listed_labels_set: 'docs' | |
skip_when_only_listed_files_changed: '*.md,*.rst,*.png,*.jpg,*.svg' | |
Docker: | |
needs: Smart_CI | |
runs-on: aks-linux-4-cores-16gb-docker-build | |
container: | |
image: openvinogithubactions.azurecr.io/docker_build:0.2 | |
volumes: | |
- /mount:/mount | |
outputs: | |
images: "${{ steps.handle_docker.outputs.images }}" | |
steps: | |
- name: Checkout | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
- uses: ./.github/actions/handle_docker | |
id: handle_docker | |
with: | |
images: | | |
ov_build/ubuntu_20_04_x64 | |
registry: 'openvinogithubactions.azurecr.io' | |
dockerfiles_root_dir: '.github/dockerfiles' | |
changed_components: ${{ needs.smart_ci.outputs.changed_components }} | |
Build: | |
needs: Docker | |
timeout-minutes: 150 | |
defaults: | |
run: | |
shell: bash | |
runs-on: aks-linux-16-cores-32gb | |
if: ${{ github.repository_owner == 'openvinotoolkit' }} | |
container: | |
image: ${{ fromJSON(needs.docker.outputs.images).ov_build.ubuntu_20_04_x64 }} | |
volumes: | |
- /mount:/mount | |
env: | |
DEBIAN_FRONTEND: noninteractive # to prevent apt-get from waiting user input | |
CMAKE_BUILD_TYPE: 'Release' | |
CMAKE_GENERATOR: 'Ninja Multi-Config' | |
GITHUB_WORKSPACE: '/__w/openvino/openvino' | |
OPENVINO_REPO: /__w/openvino/openvino/openvino | |
OPENVINO_CONTRIB_REPO: /__w/openvino/openvino/openvino_contrib | |
BUILD_DIR: /__w/openvino/openvino/openvino_build | |
COVERITY_TOOL_DIR: /__w/openvino/openvino/coverity_tool | |
steps: | |
- name: Clone OpenVINO | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
path: ${{ env.OPENVINO_REPO }} | |
submodules: 'true' | |
ref: ${{ inputs.openvinoRef }} | |
- name: Clone OpenVINO Contrib | |
uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
with: | |
repository: 'openvinotoolkit/openvino_contrib' | |
path: ${{ env.OPENVINO_CONTRIB_REPO }} | |
submodules: 'true' | |
ref: ${{ inputs.openvinoContribRef || env.TARGET_BRANCH }} | |
# | |
# Dependencies | |
# | |
- name: Install build dependencies | |
run: | | |
bash ${OPENVINO_REPO}/install_build_dependencies.sh | |
# default-jdk - Java API | |
apt install --assume-yes --no-install-recommends default-jdk | |
- name: Setup Python ${{ env.PYTHON_VERSION }} | |
uses: ./openvino/.github/actions/setup_python | |
with: | |
version: ${{ env.PYTHON_VERSION }} | |
pip-cache-path: ${{ env.PIP_CACHE_PATH }} | |
should-setup-pip-paths: 'true' | |
self-hosted-runner: 'true' | |
# | |
# Build | |
# | |
- name: CMake configure - OpenVINO | |
run: | | |
cmake \ | |
-G "${{ env.CMAKE_GENERATOR }}" \ | |
-DENABLE_CPPLINT=OFF \ | |
-DENABLE_STRICT_DEPENDENCIES=OFF \ | |
-DCMAKE_VERBOSE_MAKEFILE=ON \ | |
-DENABLE_FASTER_BUILD=OFF \ | |
-S ${OPENVINO_REPO} \ | |
-B ${BUILD_DIR} | |
- name: Install Coverity tool | |
run: | | |
rm -rf ${COVERITY_TOOL_DIR} && mkdir -p ${COVERITY_TOOL_DIR} | |
pushd ${COVERITY_TOOL_DIR} | |
wget https://scan.coverity.com/download/linux64 --progress=bar:force:noscroll --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openvino" -O coverity_tool.tgz | |
tar -I pigz -xf coverity_tool.tgz && rm coverity_tool.tgz | |
popd | |
- name: Cmake build - OpenVINO with Coverity | |
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-build --dir ${BUILD_DIR}/cov-int cmake --build ${BUILD_DIR} --parallel $(nproc) --config ${{ env.CMAKE_BUILD_TYPE }} | |
- name: Pack Artefacts | |
run: tar -cvf - cov-int | pigz > openvino.tgz | |
working-directory: ${{ env.BUILD_DIR }} | |
- name: Submit artefacts | |
run: | | |
apt-get update && apt-get install -y curl jq | |
pushd ${BUILD_DIR} | |
curl -X POST -d token=${{ secrets.COVERITY_TOKEN }} \ | |
-d email=${{ secrets.COVERITY_USER }} \ | |
-d file_name="openvino.tgz" \ | |
-d version="${{ github.sha }}" \ | |
-d description="https://github.com/openvinotoolkit/openvino/runs/${{ github.run_number }}" \ | |
https://scan.coverity.com/projects/21921/builds/init | tee response | |
upload_url=$(jq -r '.url' response) | |
build_id=$(jq -r '.build_id' response) | |
curl -X PUT \ | |
--header 'Content-Type: application/json' \ | |
--upload-file openvino.tgz \ | |
$upload_url | |
curl -X PUT \ | |
-d token=${{ secrets.COVERITY_TOKEN }} \ | |
https://scan.coverity.com/projects/21921/builds/$build_id/enqueue | |
popd | |
- name: Show Coverity configure logs | |
continue-on-error: true | |
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-configure -c ${COVERITY_TOOL_DIR}/cov-analysis-linux64-2023.6.2/config/coverity_config.xml -lscc text | |
- name: Upload Coverity build log | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
if: always() | |
with: | |
name: coverity_logs | |
path: ${{ env.BUILD_DIR }}/cov-int/build-log.txt | |
if-no-files-found: 'error' | |
- name: Upload Coverity build archive | |
uses: actions/upload-artifact@b4b15b8c7c6ac21ea08fcf65892d2ee8f75cf882 # v4.4.3 | |
if: always() | |
with: | |
name: coverity_archive | |
path: ${{ env.BUILD_DIR }}/openvino.tgz | |
if-no-files-found: 'error' |