actions FEATURE coverity on push
diff --git a/.github/workflows/ci.yml b/.github/workflows/ci.yml
index 6c09d5f..015f37f 100644
--- a/.github/workflows/ci.yml
+++ b/.github/workflows/ci.yml
@@ -12,11 +12,28 @@
env:
DEFAULT_OPTIONS: -DENABLE_BUILD_TESTS=ON -DENABLE_DNSSEC=ON
DEFAULT_PACKAGES: libcmocka-dev zlib1g-dev libssh-dev libssl-dev
+ COVERITY_PROJECT: sysrepo%2Fsysrepo
jobs:
+ git-branch:
+ name: Get git branch
+ runs-on: ubuntu-18.04
+ outputs:
+ branch-name: ${{ steps.get-git-branch.outputs.branch-name }}
+ steps:
+ - id: get-git-branch
+ run: |
+ if ${{ github.event_name == 'push' }}
+ then export GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3`
+ else
+ export GIT_BRANCH=${{ github.base_ref }}
+ fi
+ echo "::set-output name=branch-name::$GIT_BRANCH"
+
build:
name: ${{ matrix.config.name }}
- runs-on: ${{ matrix.config.os }} # mac-OS does not implement robust mutexes so it is not supported
+ runs-on: ${{ matrix.config.os }}
+ needs: git-branch
strategy:
fail-fast: false
matrix:
@@ -25,79 +42,149 @@
name: "Release, Ubuntu 18.04, gcc",
os: "ubuntu-18.04",
build-type: "Release",
+ dep-build-type: "Release",
cc: "gcc",
options: "",
- packager: "sudo apt-get",
- packages: ""
+ packages: "",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
}
- {
name: "Release, Ubuntu 18.04, clang",
os: "ubuntu-18.04",
build-type: "Release",
+ dep-build-type: "Release",
cc: "clang",
options: "",
- packager: "sudo apt-get",
- packages: ""
+ packages: "",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
}
- {
name: "Debug, Ubuntu 18.04, gcc",
os: "ubuntu-18.04",
build-type: "Debug",
+ dep-build-type: "Release",
cc: "gcc",
options: "",
- packager: "sudo apt-get",
- packages: "valgrind"
+ packages: "valgrind",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
}
- {
name: "Debug, Ubuntu 18.04, clang",
os: "ubuntu-18.04",
build-type: "Debug",
+ dep-build-type: "Release",
cc: "clang",
options: "",
- packager: "sudo apt-get",
- packages: "valgrind"
+ packages: "valgrind",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
}
- {
name: "SSH Only",
os: "ubuntu-18.04",
build-type: "Debug",
+ dep-build-type: "Release",
cc: "gcc",
options: "DENABLE_TLS=OFF -DENABLE_SSH=ON",
- packager: "sudo apt-get",
- packages: "valgrind"
+ packages: "valgrind",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
}
- {
name: "TLS Only",
os: "ubuntu-18.04",
build-type: "Debug",
+ dep-build-type: "Release",
cc: "gcc",
options: "DENABLE_TLS=ON -DENABLE_SSH=OFF",
- packager: "sudo apt-get",
- packages: "valgrind"
+ packages: "valgrind",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
}
- {
name: "No SSH nor TLS",
os: "ubuntu-18.04",
build-type: "Debug",
+ dep-build-type: "Release",
cc: "gcc",
options: "DENABLE_TLS=OFF -DENABLE_SSH=OFF",
- packager: "sudo apt-get",
- packages: "valgrind"
+ packages: "valgrind",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
}
- {
name: "ASAN and UBSAN",
os: "ubuntu-18.04",
build-type: "Debug",
+ dep-build-type: "Release",
cc: "clang",
options: "-DCMAKE_C_FLAGS=-fsanitize=address,undefined -DENABLE_VALGRIND_TESTS=OFF",
- packager: "sudo apt-get",
- packages: ""
+ packages: "",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
+ }
+ - {
+ name: "ABI Check",
+ os: "ubuntu-latest",
+ build-type: "ABICheck",
+ dep-build-type: "Debug",
+ cc: "gcc",
+ options: "",
+ packages: "abi-dumper abi-compliance-checker",
+ snaps: "core universal-ctags",
+ make-prepend: "",
+ make-target: "abi-check"
+ }
+ - {
+ name: "Coverity",
+ os: "ubuntu-latest",
+ build-type: "Debug",
+ dep-build-type: "Debug",
+ cc: "clang",
+ options: "",
+ packages: "",
+ snaps: "",
+ make-prepend: "cov-build --dir cov-int",
+ make-target: ""
+ }
+ - {
+ name: "Codecov",
+ os: "ubuntu-latest",
+ build-type: "Debug",
+ dep-build-type: "Debug",
+ cc: "gcc",
+ options: "-DENABLE_COVERAGE=ON",
+ packages: "lcov",
+ snaps: "",
+ make-prepend: "",
+ make-target: ""
}
steps:
- uses: actions/checkout@v2
- - name: Uncrustify
+ - name: Deps-packages
+ shell: bash
+ run: |
+ sudo add-apt-repository ppa:kedazo/libssh-0.7.x -y
+ sudo apt-get update
+ sudo apt-get install $DEFAULT_PACKAGES ${{ matrix.config.packages }}
+ if ${{ matrix.config.snaps != '' }}
+ then sudo snap install ${{ matrix.config.snaps }}
+ fi
+
+ - name: Deps-uncrustify
shell: bash
working-directory: ${{ github.workspace }}
run: |
@@ -110,34 +197,43 @@
sudo make install
if: ${{ matrix.config.name == 'Debug, Ubuntu 18.04, gcc' }}
- - name: Dependencies
+ - name: Deps-coverity
+ shell: bash
+ working-directory: ${{ github.workspace }}
+ run: |
+ wget -q https://scan.coverity.com/download/linux64 --post-data "token=$TOKEN&project=$COVERITY_PROJECT" -O coverity-tools.tar.gz
+ mkdir coverity-tools
+ tar xzf coverity-tools.tar.gz --strip 1 -C coverity-tools
+ env:
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ if: ${{ matrix.config.name == 'Coverity' }}
+
+ - name: Deps-coverity-fix-permissions
+ run: |
+ chmod go-w $HOME
+ sudo chmod -R go-w /usr/share
+ if: ${{ matrix.config.name == 'Coverity' }}
+
+ - name: Deps-libyang
shell: bash
run: |
- sudo add-apt-repository ppa:kedazo/libssh-0.7.x -y
- ${{ matrix.config.packager }} update
- ${{ matrix.config.packager }} install $DEFAULT_PACKAGES ${{ matrix.config.packages }}
-
- if ${{ github.event_name == 'push' }}
- then GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3`
- else
- GIT_BRANCH=${{ github.base_ref }}
- fi
-
- git clone -b $GIT_BRANCH https://github.com/CESNET/libyang.git
+ git clone -b ${{needs.git-branch.outputs.branch-name}} https://github.com/CESNET/libyang.git
cd libyang
mkdir build
cd build
- CC=${{ matrix.config.cc }} cmake -DCMAKE_BUILD_TYPE=${{ matrix.config.build-type }} -DENABLE_BUILD_TESTS=OFF ..
+ CC=${{ matrix.config.cc }} cmake -DCMAKE_BUILD_TYPE=${{ matrix.config.dep-build-type }} -DENABLE_BUILD_TESTS=OFF ..
make -j2
sudo make install
+ - name: Deps-libval
+ shell: bash
+ run: |
git clone https://github.com/DNSSEC-Tools/DNSSEC-Tools.git dnssec-tools
cd dnssec-tools/dnssec-tools/validator
./configure
make -j2
sudo make install
-
- name: Configure
shell: bash
working-directory: ${{ github.workspace }}
@@ -149,104 +245,34 @@
- name: Build
shell: bash
working-directory: ${{ github.workspace }}/build
- run: make
+ run: |
+ export LC_ALL=C.UTF-8
+ export PATH=/snap/bin:${{ github.workspace }}/coverity-tools/bin:$PATH
+ ${{ matrix.config.make-prepend }} make ${{ matrix.config.make-target }}
- name: Test
shell: bash
working-directory: ${{ github.workspace }}/build
run: ctest --output-on-failure
- abi:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
-
- - name: Dependencies
- shell: bash
- run: |
- sudo add-apt-repository ppa:kedazo/libssh-0.7.x -y
- sudo apt-get update
- sudo apt-get install $DEFAULT_PACKAGES abi-dumper abi-compliance-checker
- sudo snap install core universal-ctags
-
- if ${{ github.event_name == 'push' }}
- then GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3`
- else
- GIT_BRANCH=${{ github.base_ref }}
- fi
-
- git clone -b $GIT_BRANCH https://github.com/CESNET/libyang.git
- cd libyang
- mkdir build
- cd build
- CC=gcc cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_BUILD_TESTS=OFF ..
- make -j2
- sudo make install
-
- git clone https://github.com/DNSSEC-Tools/DNSSEC-Tools.git dnssec-tools
- cd dnssec-tools/dnssec-tools/validator
- ./configure
- make -j2
- sudo make install
-
- - name: Configure
- shell: bash
- working-directory: ${{ github.workspace }}
- run: |
- mkdir build
- cd build
- CC=gcc cmake -DCMAKE_BUILD_TYPE=ABICheck ..
-
- - name: Build
+ - name: Upload to Coverity.com
shell: bash
working-directory: ${{ github.workspace }}/build
- run: LC_ALL=C.UTF-8 PATH=/snap/bin:$PATH make abi-check
-
- coverage:
- runs-on: ubuntu-latest
- steps:
- - uses: actions/checkout@v2
-
- - name: Dependencies
- shell: bash
run: |
- sudo add-apt-repository ppa:kedazo/libssh-0.7.x -y
- sudo apt-get update
- sudo apt-get install $DEFAULT_PACKAGES lcov
-
- if ${{ github.event_name == 'push' }}
- then GIT_BRANCH=`echo ${{ github.ref }} | cut -d'/' -f 3`
- else
- GIT_BRANCH=${{ github.base_ref }}
- fi
-
- git clone -b $GIT_BRANCH https://github.com/CESNET/libyang.git
- cd libyang
- mkdir build
- cd build
- CC=gcc cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_BUILD_TESTS=OFF ..
- make -j2
- sudo make install
-
- - name: Configure
- shell: bash
- working-directory: ${{ github.workspace }}
- run: |
- mkdir build
- cd build
- CC=gcc cmake -DCMAKE_BUILD_TYPE=Debug -DENABLE_COVERAGE=ON ..
-
- - name: Build
- shell: bash
- working-directory: ${{ github.workspace }}/build
- run: make
-
- - name: Test
- shell: bash
- working-directory: ${{ github.workspace }}/build
- run: ctest --output-on-failure
+ tar czvf libnetconf2.tgz cov-int
+ curl \
+ --form token=$TOKEN \
+ --form email=mvasko@cesnet.cz \
+ --form file=@libnetconf2.tgz \
+ --form version="`grep Version ./libnetconf2.pc | cut -d' ' -f 2`" \
+ --form description="libnetconf2 NETCONF library" \
+ https://scan.coverity.com/builds?project=$COVERITY_PROJECT
+ env:
+ TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+ if: ${{ matrix.config.name == 'Coverity' && github.event_name == 'push' && needs.git-branch.outputs.branch-name == 'devel' }}
- name: Upload to Codecov.io
shell: bash
working-directory: ${{ github.workspace }}/build
run: bash <(curl -s https://codecov.io/bash)
+ if: ${{ matrix.config.name == 'Codecov' && github.event_name == 'push' }}