-
Notifications
You must be signed in to change notification settings - Fork 7
135 lines (111 loc) · 6.21 KB
/
coverity.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
name: Coverity Scan
on: push
jobs:
verify:
name: Verify Code
runs-on: ubuntu-latest
if: ${{ startsWith(github.repository, 'teragrep/') }}
env:
COVERITY: coverity_tool
services:
mariadb:
image: mariadb:10.5
env:
MYSQL_DB: pth_06
MARIADB_ALLOW_EMPTY_ROOT_PASSWORD: true
ports:
- 3306:3306
options: --health-cmd="mysqladmin ping" --health-interval=5s --health-timeout=2s --health-retries=3
steps:
- uses: actions/checkout@v4
with:
fetch-depth: 0
fetch-tags: true
- name: Install jq
run: sudo apt-get update && sudo apt-get install jq
- name: Get version
run: printf "RELEASE_VERSION=%q\n" "$(git describe --tags)" >> $GITHUB_ENV
- name: Initialize MariaDB
env:
MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }}
run: |
echo "Creating databases"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE streamdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE journaldb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "CREATE DATABASE bloomdb CHARACTER SET utf8mb4 COLLATE utf8mb4_unicode_ci;"
echo "Creating users"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on streamdb.* to streamdb@'%' identified by 'streamdb_pass';"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on journaldb.* to streamdb@'%' identified by 'streamdb_pass';"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "grant all privileges on bloomdb.* to streamdb@'%' identified by 'streamdb_pass';"
echo "Importing journaldb"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D journaldb < database/journaldb.sql
echo "Importing streamdb"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D streamdb < database/streamdb.sql
echo "Importing bloomdb"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} -D bloomdb < database/bloomdb.sql
echo "Flushing privileges"
mysql -u root -h127.0.0.1 -P${MARIADB_PORT} <<< "flush privileges;"
- name: Set up JDK 8
uses: actions/setup-java@v4
with:
java-version: '8'
distribution: 'temurin'
server-id: github
settings-path: ${{ github.workspace }}
- name: Cache .m2
uses: actions/cache@v4
with:
path: ~/.m2/repository
key: ${{ runner.os }}-m2-repository-${{ hashFiles('~/.m2/repository/**/*') }}
- name: Generate sources
run: mvn -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= generate-sources
env:
MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }}
GITHUB_TOKEN: ${{ github.token }}
- name: Inject licenses to generated files
run: bash add_headers_to_generated.sh
- name: Test run
run: mvn -DskipTests -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= verify
env:
MARIADB_PORT: ${{ job.services.mariadb.ports[3306] }}
GITHUB_TOKEN: ${{ github.token }}
- name: Download Coverity distribution md5sum for cache key
run: wget https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}&md5=1" -O coverity_tool.md5
- name: Cache pull Coverity distribution, extracted
id: cache-pull-coverity-distribution
uses: actions/cache@v4
with:
path: ${{ env.COVERITY }}
key: ${{ runner.os }}-coverity-${{ hashFiles('coverity_tool.md5') }}
- name: Download and extract Coverity distribution if cache-miss
if: steps.cache-pull-coverity-distribution.outputs.cache-hit != 'true'
run: |
wget --quiet https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=${{ vars.COVERITY_PROJECT_URL_NAME }}" -O ${{ env.COVERITY }}.tgz
mkdir -p ${{ env.COVERITY }}
tar zxf ${{ env.COVERITY }}.tgz -C ${{ env.COVERITY }} --strip-components 1
- name: Compile Coverity
run: |
${{ env.COVERITY }}/bin/cov-build --dir cov-int mvn -DskipTests -Pbuild-nogenerate -B -Drevision=${{ env.RELEASE_VERSION }} -Dsha1= -Dchangelist= clean compile
tar czvf ${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz cov-int
- name: Fetch cloud upload url
run: curl -X POST -d version=${{ env.RELEASE_VERSION }} -d description="automated upload" -d email=${{ secrets.COVERITY_EMAIL }} -d token=${{ secrets.COVERITY_TOKEN }} -d file_name="${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz" https://scan.coverity.com/projects/${{ vars.COVERITY_PROJECT_URL_ID }}/builds/init -o response
- name: Wait for Coverity analysis slot
run: |
while grep -q 'already in the queue' response
do
cat response
echo 'Waiting for 15 seconds and retrying'
sleep 15
curl -X POST -d version=${{ env.RELEASE_VERSION }} -d description="automated upload" -d email=${{ secrets.COVERITY_EMAIL }} -d token=${{ secrets.COVERITY_TOKEN }} -d file_name="${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz" https://scan.coverity.com/projects/${{ vars.COVERITY_PROJECT_URL_ID }}/builds/init -o response
done
- name: Prepare response url
run: printf "RESPONSE_URL=%q\n" "$(jq -r '.url' response)" >> $GITHUB_ENV
- name: Upload to Coverity
run: |
curl -X PUT --header 'Content-Type: application/json' --upload-file ${{ vars.COVERITY_PROJECT_URL_NAME }}.tgz ${{ env.RESPONSE_URL }}
- name: Prepare build id
run: printf "COVERITY_BUILD_ID=%q\n" "$(jq -r '.build_id' response)" >> $GITHUB_ENV
- name: Build Coverity Submit URL
run: printf 'COVERITY_SUBMIT_URL=%q/%s/builds/%s/enqueue' "https://scan.coverity.com/projects" "${{ vars.COVERITY_PROJECT_URL_ID }}" "${{ env.COVERITY_BUILD_ID }}" >> $GITHUB_ENV
- name: Trigger Coverity analysis
run: curl -X PUT -d token=${{ secrets.COVERITY_TOKEN }} ${{ env.COVERITY_SUBMIT_URL }}