Skip to content

Coverity (Ubuntu 20.04, Python 3.11) #223

Coverity (Ubuntu 20.04, Python 3.11)

Coverity (Ubuntu 20.04, Python 3.11) #223

Workflow file for this run

name: Coverity (Ubuntu 20.04, Python 3.11)
on:
workflow_dispatch:
inputs:
openvinoRef:
description: 'Branch, tag or commit hash to clone openvino from. Taken from event context if not set'
type: string
schedule:
# run daily at 00:00
- cron: '0 0 * * *'
concurrency:
# github.ref is not unique in post-commit
group: ${{ github.event_name == 'push' && github.run_id || github.ref }}-linux-coverity
cancel-in-progress: true
env:
PIP_CACHE_PATH: /mount/caches/pip/linux
PYTHON_VERSION: '3.11'
jobs:
Build:
timeout-minutes: 150
defaults:
run:
shell: bash
runs-on: aks-linux-16-cores-32gb
container:
image: openvinogithubactions.azurecr.io/dockerhub/ubuntu:20.04
env:
DEBIAN_FRONTEND: noninteractive # to prevent apt-get from waiting user input
CMAKE_BUILD_TYPE: 'Release'
CMAKE_GENERATOR: 'Ninja Multi-Config'
GITHUB_WORKSPACE: '/__w/openvino/openvino'
OPENVINO_REPO: /__w/openvino/openvino/openvino
OPENVINO_CONTRIB_REPO: /__w/openvino/openvino/openvino_contrib
BUILD_DIR: /__w/openvino/openvino/openvino_build
COVERITY_TOOL_DIR: /__w/openvino/openvino/coverity_tool
steps:
- name: Install git
run: |
apt-get update
apt-get install --assume-yes --no-install-recommends git ca-certificates
- name: Clone OpenVINO
uses: actions/checkout@v4
with:
path: ${{ env.OPENVINO_REPO }}
submodules: 'true'
ref: ${{ inputs.openvinoRef }}
- name: Clone OpenVINO Contrib
uses: actions/checkout@v4
with:
repository: 'openvinotoolkit/openvino_contrib'
path: ${{ env.OPENVINO_CONTRIB_REPO }}
submodules: 'true'
ref: 'master'
#
# Dependencies
#
- name: Install build dependencies
run: |
bash ${OPENVINO_REPO}/install_build_dependencies.sh
# default-jdk - Java API
apt install --assume-yes --no-install-recommends default-jdk
- name: Setup Python ${{ env.PYTHON_VERSION }}
uses: ./openvino/.github/actions/setup_python
with:
version: ${{ env.PYTHON_VERSION }}
pip-cache-path: ${{ env.PIP_CACHE_PATH }}
should-setup-pip-paths: 'true'
self-hosted-runner: 'true'
#
# Build
#
- name: CMake configure - OpenVINO
run: |
cmake \
-G "${{ env.CMAKE_GENERATOR }}" \
-DENABLE_CPPLINT=OFF \
-DENABLE_STRICT_DEPENDENCIES=OFF \
-DCMAKE_VERBOSE_MAKEFILE=ON \
-DBUILD_nvidia_plugin=OFF \
-DENABLE_FASTER_BUILD=OFF \
-DOPENVINO_EXTRA_MODULES=${OPENVINO_CONTRIB_REPO}/modules \
-S ${OPENVINO_REPO} \
-B ${BUILD_DIR}
- name: Install Coverity tool
run: |
rm -rf ${COVERITY_TOOL_DIR} && mkdir -p ${COVERITY_TOOL_DIR}
pushd ${COVERITY_TOOL_DIR}
wget https://scan.coverity.com/download/linux64 --progress=bar:force:noscroll --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openvino" -O coverity_tool.tgz
tar xvf coverity_tool.tgz && rm coverity_tool.tgz
popd
- name: Cmake build - OpenVINO with Coverity
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-build --dir ${BUILD_DIR}/cov-int cmake --build ${BUILD_DIR} --parallel --config ${{ env.CMAKE_BUILD_TYPE }}
- name: Pack Artefacts
run: |
pushd ${BUILD_DIR}
tar -C ${BUILD_DIR} -czvf openvino.tgz cov-int
popd
- name: Submit artefacts
run: |
apt-get update && apt-get install -y curl jq
pushd ${BUILD_DIR}
curl -X POST -d token=${{ secrets.COVERITY_TOKEN }} \
-d email=${{ secrets.COVERITY_USER }} \
-d file_name="openvino.tgz" \
-d version="${{ github.sha }}" \
-d description="https://github.com/openvinotoolkit/openvino/runs/${{ github.run_number }}" \
https://scan.coverity.com/projects/21921/builds/init | tee response
upload_url=$(jq -r '.url' response)
build_id=$(jq -r '.build_id' response)
curl -X PUT \
--header 'Content-Type: application/json' \
--upload-file openvino.tgz \
$upload_url
curl -X PUT \
-d token=${{ secrets.COVERITY_TOKEN }} \
https://scan.coverity.com/projects/21921/builds/$build_id/enqueue
popd
- name: Show Coverity configure logs
continue-on-error: true
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-configure -c ${COVERITY_TOOL_DIR}/cov-analysis-linux64-2023.6.2/config/coverity_config.xml -lscc text
- name: Upload Coverity build log
uses: actions/upload-artifact@v4
if: always()
with:
name: coverity_logs
path: ${{ env.BUILD_DIR }}/cov-int/build-log.txt
if-no-files-found: 'error'
- name: Upload Coverity build archive
uses: actions/upload-artifact@v4
if: always()
with:
name: coverity_archive
path: ${{ env.BUILD_DIR }}/openvino.tgz
if-no-files-found: 'error'