Fix coverity scan (#8388)
* Fix coverity scan * Add path filter to pull_request: condition * Add missing dependency
This commit is contained in:
parent
53d0634b02
commit
a18ec2d2d8
|
@ -4,6 +4,10 @@ name: Coverity Scan
|
||||||
on:
|
on:
|
||||||
schedule:
|
schedule:
|
||||||
- cron: '0 1 * * *'
|
- cron: '0 1 * * *'
|
||||||
|
pull_request:
|
||||||
|
paths:
|
||||||
|
- .github/workflows/coverity.yml
|
||||||
|
- coverity-scan.sh
|
||||||
jobs:
|
jobs:
|
||||||
coverity:
|
coverity:
|
||||||
if: github.repository == 'netdata/netdata'
|
if: github.repository == 'netdata/netdata'
|
||||||
|
@ -12,12 +16,18 @@ jobs:
|
||||||
- name: Checkout
|
- name: Checkout
|
||||||
uses: actions/checkout@v2
|
uses: actions/checkout@v2
|
||||||
- name: Prepare environment
|
- name: Prepare environment
|
||||||
|
env:
|
||||||
|
DEBIAN_FRONTEND: 'noninteractive'
|
||||||
run: |
|
run: |
|
||||||
./packaging/installer/install-required-packages.sh --dont-wait --non-interactive netdata
|
./packaging/installer/install-required-packages.sh \
|
||||||
sudo apt-get install -y libjson-c-dev libipmimonitoring-dev libcups2-dev libsnappy-dev \
|
--dont-wait --non-interactive netdata
|
||||||
libprotobuf-dev libprotoc-dev libssl-dev protobuf-compiler
|
sudo apt-get install -y libjson-c-dev libipmimonitoring-dev \
|
||||||
|
libcups2-dev libsnappy-dev libprotobuf-dev \
|
||||||
|
libprotoc-dev libssl-dev protobuf-compiler \
|
||||||
|
libnetfilter-acct-dev
|
||||||
- name: Run coverity-scan
|
- name: Run coverity-scan
|
||||||
env:
|
env:
|
||||||
|
REPOSITORY: 'netdata/netdata'
|
||||||
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
|
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
|
||||||
COVERITY_SCAN_SUBMIT_MAIL: ${{ secrets.COVERITY_SCAN_SUBMIT_MAIL }}
|
COVERITY_SCAN_SUBMIT_MAIL: ${{ secrets.COVERITY_SCAN_SUBMIT_MAIL }}
|
||||||
run: |
|
run: |
|
||||||
|
|
|
@ -48,37 +48,35 @@ source packaging/installer/functions.sh || echo "Failed to fully load the functi
|
||||||
cpus=$(find_processors)
|
cpus=$(find_processors)
|
||||||
[ -z "${cpus}" ] && cpus=1
|
[ -z "${cpus}" ] && cpus=1
|
||||||
|
|
||||||
if [ -f ".coverity-scan.conf" ]
|
if [ -f ".coverity-scan.conf" ]; then
|
||||||
then
|
source ".coverity-scan.conf"
|
||||||
source ".coverity-scan.conf"
|
|
||||||
fi
|
fi
|
||||||
|
|
||||||
repo="${REPOSITORY}"
|
repo="${REPOSITORY}"
|
||||||
if [ -z "${repo}" ]; then
|
if [ -z "${repo}" ]; then
|
||||||
fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
|
fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
|
||||||
fi
|
fi
|
||||||
repo="${repo//\//%2F}"
|
repo="${repo//\//%2F}"
|
||||||
|
|
||||||
email="${COVERITY_SCAN_SUBMIT_MAIL}"
|
email="${COVERITY_SCAN_SUBMIT_MAIL}"
|
||||||
if [ -z "${email}" ]; then
|
if [ -z "${email}" ]; then
|
||||||
fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
|
fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
token="${COVERITY_SCAN_TOKEN}"
|
token="${COVERITY_SCAN_TOKEN}"
|
||||||
if [ -z "${token}" ]; then
|
if [ -z "${token}" ]; then
|
||||||
fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
|
fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
if ! command -v curl >/dev/null 2>&1; then
|
if ! command -v curl > /dev/null 2>&1; then
|
||||||
fatal "CURL is required for coverity scan to work"
|
fatal "CURL is required for coverity scan to work"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# only print the output of a command
|
# only print the output of a command
|
||||||
# when debugging is enabled
|
# when debugging is enabled
|
||||||
# used to hide the token when debugging is not enabled
|
# used to hide the token when debugging is not enabled
|
||||||
debugrun() {
|
debugrun() {
|
||||||
if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]
|
if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]; then
|
||||||
then
|
|
||||||
run "${@}"
|
run "${@}"
|
||||||
return $?
|
return $?
|
||||||
else
|
else
|
||||||
|
@ -91,7 +89,7 @@ scanit() {
|
||||||
progress "Scanning using coverity"
|
progress "Scanning using coverity"
|
||||||
export PATH="${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/"
|
export PATH="${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/"
|
||||||
covbuild="${COVERITY_BUILD_PATH}"
|
covbuild="${COVERITY_BUILD_PATH}"
|
||||||
[ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
|
[ -z "${covbuild}" ] && covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
|
||||||
|
|
||||||
if [ -z "${covbuild}" ]; then
|
if [ -z "${covbuild}" ]; then
|
||||||
fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
|
fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
|
||||||
|
@ -146,7 +144,7 @@ installit() {
|
||||||
progress "Installing coverity..."
|
progress "Installing coverity..."
|
||||||
cd "${INSTALL_DIR}"
|
cd "${INSTALL_DIR}"
|
||||||
|
|
||||||
run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
|
run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
|
||||||
rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz"
|
rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz"
|
||||||
export PATH=${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/
|
export PATH=${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/
|
||||||
else
|
else
|
||||||
|
@ -154,7 +152,7 @@ installit() {
|
||||||
fi
|
fi
|
||||||
|
|
||||||
# Validate the installation
|
# Validate the installation
|
||||||
covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
|
covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
|
||||||
if [ -z "$covbuild" ]; then
|
if [ -z "$covbuild" ]; then
|
||||||
fatal "Failed to install coverity."
|
fatal "Failed to install coverity."
|
||||||
fi
|
fi
|
||||||
|
@ -183,23 +181,23 @@ OTHER_OPTIONS+=" --enable-backend-prometheus-remote-write"
|
||||||
|
|
||||||
FOUND_OPTS="NO"
|
FOUND_OPTS="NO"
|
||||||
while [ -n "${1}" ]; do
|
while [ -n "${1}" ]; do
|
||||||
if [ "${1}" = "--with-install" ]; then
|
if [ "${1}" = "--with-install" ]; then
|
||||||
progress "Running coverity install"
|
progress "Running coverity install"
|
||||||
installit
|
installit
|
||||||
shift 1
|
shift 1
|
||||||
elif [ -n "${1}" ]; then
|
elif [ -n "${1}" ]; then
|
||||||
# Clear the default arguments, once you bump into the first argument
|
# Clear the default arguments, once you bump into the first argument
|
||||||
if [ "${FOUND_OPTS}" = "NO" ]; then
|
if [ "${FOUND_OPTS}" = "NO" ]; then
|
||||||
OTHER_OPTIONS="${1}"
|
OTHER_OPTIONS="${1}"
|
||||||
FOUND_OPTS="YES"
|
FOUND_OPTS="YES"
|
||||||
else
|
else
|
||||||
OTHER_OPTIONS+=" ${1}"
|
OTHER_OPTIONS+=" ${1}"
|
||||||
fi
|
fi
|
||||||
|
|
||||||
shift 1
|
shift 1
|
||||||
else
|
else
|
||||||
break
|
break
|
||||||
fi
|
fi
|
||||||
done
|
done
|
||||||
|
|
||||||
echo "Running coverity scan with extra options ${OTHER_OPTIONS}"
|
echo "Running coverity scan with extra options ${OTHER_OPTIONS}"
|
||||||
|
|
Loading…
Reference in New Issue