From 9209e8b2ae98ef595dc3bc41ed3af06efccc1738 Mon Sep 17 00:00:00 2001
From: "Alexander V. Tikhonov" <avtikhon@tarantool.org>
Date: Mon, 14 Dec 2020 11:59:03 +0300
Subject: [PATCH] github-ci: implement coverity check
Added standalone job with coverity check as described at [1]. This
job uploads results to coverity.com host to 'tarantool' project when
COVERITY_TOKEN environment is enabled. Main coverity functionality
added at .travis.mk make file as standalone targets:
'test_coverity_debian_no_deps' - used in github-ci actions
'coverity_debian' - additional target with needed tools check
This job configured by cron scheduler on each Saturday 04:00 am.
Closes #5600
[1] - https://scan.coverity.com/download?tab=cxx
---
.github/workflows/coverity.yml | 34 ++++++++++++++++++++++++++++++++++
.travis.mk | 32 ++++++++++++++++++++++++++++++++
2 files changed, 66 insertions(+)
create mode 100644 .github/workflows/coverity.yml
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000000..f0c630ee1b
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,34 @@
+name: CI
+
+on:
+ schedule:
+ - cron: '0 4 * * 6'
+
+env:
+ CI_MAKE: make -f .travis.mk
+
+jobs:
+ coverity:
+ runs-on: ubuntu-latest
+
+ strategy:
+ fail-fast: false
+
+ # Image built by .gitlab.mk instructions and targets from .travis.mk.
+ # Also additional installation of coverity tool installation check
+ # exists in target deps_coverity_debian at .travis.mk file.
+ container: docker.io/tarantool/testing:debian-buster
+
+ steps:
+ - uses: actions/checkout@v1
+ - name: test
+ run: ${CI_MAKE} test_coverity_debian_no_deps
+ env:
+ COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
+ - name: artifacts
+ uses: actions/upload-artifact@v2
+ if: failure()
+ with:
+ name: debug
+ retention-days: 1000000
+ path: test/var/artifacts
diff --git a/.travis.mk b/.travis.mk
index 4290a5f8c5..09bf91277c 100644
--- a/.travis.mk
+++ b/.travis.mk
@@ -12,6 +12,8 @@ OOS_BUILD_PATH?=/rw_bins
OOS_BUILD_RULE?=test_oos_no_deps
BIN_DIR=/usr/local/bin
OSX_VARDIR?=/tmp/tnt
+GIT_DESCRIBE=$(shell git describe HEAD)
+COVERITY_BINS=/cov-analysis/bin
CLOJURE_URL="https://download.clojure.org/install/linux-install-1.10.1.561.sh"
LEIN_URL="https://raw.githubusercontent.com/technomancy/leiningen/stable/bin/lein"
@@ -152,6 +154,36 @@ test_coverage_debian_no_deps: build_coverage_debian
coverage_debian: deps_debian test_coverage_debian_no_deps
+# Coverity
+
+build_coverity_debian: configure_debian
+ export PATH=${PATH}:${COVERITY_BINS} ; \
+ cov-build --dir cov-int make -j
+
+test_coverity_debian_no_deps: build_coverity_debian
+ tar czvf tarantool.tgz cov-int
+ @if [ -n "$(COVERITY_TOKEN)" ]; then \
+ echo "Exporting code coverity information to scan.coverity.com"; \
+ curl --form token=$(COVERITY_TOKEN) \
+ --form email=tarantool@tarantool.org \
+ --form file=@tarantool.tgz \
+ --form version=${GIT_DESCRIBE} \
+ --form description="Tarantool Coverity" \
+ https://scan.coverity.com/builds?project=tarantool%2Ftarantool ; \
+ fi;
+
+deps_coverity_debian: deps_debian
+ # check that coverity tools installed in known place
+ @ls -al ${COVERITY_BINS} || \
+ ( echo "=================== ERROR: =====================" ; \
+ echo "Coverity binaries not found in: ${COVERITY_BINS}" ; \
+ echo "please install it there using instructions from:" ; \
+ echo " https://scan.coverity.com/download?tab=cxx" ; \
+ echo ; \
+ exit 1 )
+
+coverity_debian: deps_coverity_debian test_coverity_debian_no_deps
+
# ASAN
build_asan_debian:
--
GitLab