Coverity (Ubuntu 20.04, Python 3.11) #223
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
name: Coverity (Ubuntu 20.04, Python 3.11) | |
on: | |
workflow_dispatch: | |
inputs: | |
openvinoRef: | |
description: 'Branch, tag or commit hash to clone openvino from. Taken from event context if not set' | |
type: string | |
schedule: | |
# run daily at 00:00 | |
- cron: '0 0 * * *' | |
concurrency: | |
# github.ref is not unique in post-commit | |
group: ${{ github.event_name == 'push' && github.run_id || github.ref }}-linux-coverity | |
cancel-in-progress: true | |
env: | |
PIP_CACHE_PATH: /mount/caches/pip/linux | |
PYTHON_VERSION: '3.11' | |
jobs: | |
Build: | |
timeout-minutes: 150 | |
defaults: | |
run: | |
shell: bash | |
runs-on: aks-linux-16-cores-32gb | |
container: | |
image: openvinogithubactions.azurecr.io/dockerhub/ubuntu:20.04 | |
env: | |
DEBIAN_FRONTEND: noninteractive # to prevent apt-get from waiting user input | |
CMAKE_BUILD_TYPE: 'Release' | |
CMAKE_GENERATOR: 'Ninja Multi-Config' | |
GITHUB_WORKSPACE: '/__w/openvino/openvino' | |
OPENVINO_REPO: /__w/openvino/openvino/openvino | |
OPENVINO_CONTRIB_REPO: /__w/openvino/openvino/openvino_contrib | |
BUILD_DIR: /__w/openvino/openvino/openvino_build | |
COVERITY_TOOL_DIR: /__w/openvino/openvino/coverity_tool | |
steps: | |
- name: Install git | |
run: | | |
apt-get update | |
apt-get install --assume-yes --no-install-recommends git ca-certificates | |
- name: Clone OpenVINO | |
uses: actions/checkout@v4 | |
with: | |
path: ${{ env.OPENVINO_REPO }} | |
submodules: 'true' | |
ref: ${{ inputs.openvinoRef }} | |
- name: Clone OpenVINO Contrib | |
uses: actions/checkout@v4 | |
with: | |
repository: 'openvinotoolkit/openvino_contrib' | |
path: ${{ env.OPENVINO_CONTRIB_REPO }} | |
submodules: 'true' | |
ref: 'master' | |
# | |
# Dependencies | |
# | |
- name: Install build dependencies | |
run: | | |
bash ${OPENVINO_REPO}/install_build_dependencies.sh | |
# default-jdk - Java API | |
apt install --assume-yes --no-install-recommends default-jdk | |
- name: Setup Python ${{ env.PYTHON_VERSION }} | |
uses: ./openvino/.github/actions/setup_python | |
with: | |
version: ${{ env.PYTHON_VERSION }} | |
pip-cache-path: ${{ env.PIP_CACHE_PATH }} | |
should-setup-pip-paths: 'true' | |
self-hosted-runner: 'true' | |
# | |
# Build | |
# | |
- name: CMake configure - OpenVINO | |
run: | | |
cmake \ | |
-G "${{ env.CMAKE_GENERATOR }}" \ | |
-DENABLE_CPPLINT=OFF \ | |
-DENABLE_STRICT_DEPENDENCIES=OFF \ | |
-DCMAKE_VERBOSE_MAKEFILE=ON \ | |
-DBUILD_nvidia_plugin=OFF \ | |
-DENABLE_FASTER_BUILD=OFF \ | |
-DOPENVINO_EXTRA_MODULES=${OPENVINO_CONTRIB_REPO}/modules \ | |
-S ${OPENVINO_REPO} \ | |
-B ${BUILD_DIR} | |
- name: Install Coverity tool | |
run: | | |
rm -rf ${COVERITY_TOOL_DIR} && mkdir -p ${COVERITY_TOOL_DIR} | |
pushd ${COVERITY_TOOL_DIR} | |
wget https://scan.coverity.com/download/linux64 --progress=bar:force:noscroll --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openvino" -O coverity_tool.tgz | |
tar xvf coverity_tool.tgz && rm coverity_tool.tgz | |
popd | |
- name: Cmake build - OpenVINO with Coverity | |
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-build --dir ${BUILD_DIR}/cov-int cmake --build ${BUILD_DIR} --parallel --config ${{ env.CMAKE_BUILD_TYPE }} | |
- name: Pack Artefacts | |
run: | | |
pushd ${BUILD_DIR} | |
tar -C ${BUILD_DIR} -czvf openvino.tgz cov-int | |
popd | |
- name: Submit artefacts | |
run: | | |
apt-get update && apt-get install -y curl jq | |
pushd ${BUILD_DIR} | |
curl -X POST -d token=${{ secrets.COVERITY_TOKEN }} \ | |
-d email=${{ secrets.COVERITY_USER }} \ | |
-d file_name="openvino.tgz" \ | |
-d version="${{ github.sha }}" \ | |
-d description="https://github.com/openvinotoolkit/openvino/runs/${{ github.run_number }}" \ | |
https://scan.coverity.com/projects/21921/builds/init | tee response | |
upload_url=$(jq -r '.url' response) | |
build_id=$(jq -r '.build_id' response) | |
curl -X PUT \ | |
--header 'Content-Type: application/json' \ | |
--upload-file openvino.tgz \ | |
$upload_url | |
curl -X PUT \ | |
-d token=${{ secrets.COVERITY_TOKEN }} \ | |
https://scan.coverity.com/projects/21921/builds/$build_id/enqueue | |
popd | |
- name: Show Coverity configure logs | |
continue-on-error: true | |
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-configure -c ${COVERITY_TOOL_DIR}/cov-analysis-linux64-2023.6.2/config/coverity_config.xml -lscc text | |
- name: Upload Coverity build log | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: coverity_logs | |
path: ${{ env.BUILD_DIR }}/cov-int/build-log.txt | |
if-no-files-found: 'error' | |
- name: Upload Coverity build archive | |
uses: actions/upload-artifact@v4 | |
if: always() | |
with: | |
name: coverity_archive | |
path: ${{ env.BUILD_DIR }}/openvino.tgz | |
if-no-files-found: 'error' |