Coverity (Ubuntu 22.04, Python 3.11) #33
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Coverity (Ubuntu 22.04, Python 3.11) | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # run daily at 00:00 | |
| - cron: '0 0 * * *' | |
| pull_request: | |
| paths: | |
| - '.github/workflows/coverity.yml' | |
| permissions: read-all | |
| concurrency: | |
| group: ${{ github.ref }}-tokenizers-cov-linux | |
| cancel-in-progress: true | |
| env: | |
| PYTHON_VERSION: '3.11' | |
| OV_BRANCH: ${{ github.base_ref || github.event.merge_group.base_ref || github.ref }} | |
| jobs: | |
| openvino_download: | |
| name: Download prebuilt OpenVINO | |
| outputs: | |
| status: ${{ steps.openvino_download.outcome }} | |
| docker_tag: ${{ steps.get_docker_tag.outputs.docker_tag }} | |
| timeout-minutes: 10 | |
| defaults: | |
| run: | |
| shell: bash | |
| runs-on: aks-linux-2-cores-8gb | |
| container: | |
| image: 'openvinogithubactions.azurecr.io/openvino_provider:0.1.0' | |
| volumes: | |
| - /mount:/mount | |
| - ${{ github.workspace }}:${{ github.workspace }} | |
| steps: | |
| - uses: openvinotoolkit/openvino/.github/actions/openvino_provider@master | |
| id: openvino_download | |
| with: | |
| platform: ubuntu22 | |
| commit_packages_to_provide: wheels | |
| revision: latest_available_commit | |
| - name: Clone docker tag from OpenVINO repo | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| repository: 'openvinotoolkit/openvino' | |
| path: 'openvino' | |
| ref: ${{ env.OV_BRANCH }} | |
| sparse-checkout: | | |
| .github/dockerfiles/docker_tag | |
| - name: Save docker tag to output | |
| id: get_docker_tag | |
| run: | | |
| docker_tag=$(cat openvino/.github/dockerfiles/docker_tag) | |
| echo "docker_tag=$docker_tag" >> $GITHUB_OUTPUT | |
| coverity_build: | |
| name: Build for coverity | |
| needs: [ openvino_download ] | |
| timeout-minutes: 40 | |
| defaults: | |
| run: | |
| shell: bash | |
| runs-on: aks-linux-8-cores-16gb | |
| container: | |
| image: openvinogithubactions.azurecr.io/ov_build/ubuntu_22_04_x64:${{ needs.openvino_download.outputs.docker_tag }} | |
| volumes: | |
| - /mount:/mount | |
| - ${{ github.workspace }}:${{ github.workspace }} | |
| env: | |
| CMAKE_GENERATOR: 'Ninja' | |
| INSTALL_DIR: ${{ github.workspace }}/openvino/install | |
| BUILD_DIR: ${{ github.workspace }}/openvino_tokenizers/build | |
| BUILD_TYPE: Release | |
| OPENVINO_TOKENIZERS_REPO: ${{ github.workspace }}/openvino_tokenizers | |
| steps: | |
| - name: Clone Openvino tokenizers | |
| uses: actions/checkout@11bd71901bbe5b1630ceea73d27597364c9af683 # v4.2.2 | |
| with: | |
| path: ${{ env.OPENVINO_TOKENIZERS_REPO }} | |
| submodules: recursive | |
| - name: Download OpenVINO package | |
| uses: actions/download-artifact@cc203385981b70ca67e1cc392babf9cc229d5806 # v4.1.9 | |
| with: | |
| name: ${{ needs.openvino_download.outputs.ov_artifact_name }} | |
| path: ${{ env.INSTALL_DIR }} | |
| merge-multiple: true | |
| - run: ls -l ${{ env.INSTALL_DIR }} | |
| - name: Download coverity tool | |
| run: | | |
| wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SECRET_TOKEN }}&project=openvino-tokenizers" -O coverity_tool.tgz | |
| tar -I pigz -xf coverity_tool.tgz | |
| echo "ENV_COV_TOOL_DIR=$(tar -tzf coverity_tool.tgz | head -1 | cut -f1 -d'/')" >> $GITHUB_ENV | |
| rm coverity_tool.tgz | |
| - name: Create build.sh | |
| run: | | |
| echo """ | |
| mkdir -p ${BUILD_DIR} | |
| cmake -DBUILD_FAST_TOKENIZERS=ON -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -S${OPENVINO_TOKENIZERS_REPO} -B${BUILD_DIR} | |
| CMAKE_BUILD_PARALLEL_LEVEL=4 cmake --build ${{ env.BUILD_DIR }} --parallel --config ${BUILD_TYPE} | |
| """ > build.sh | |
| - name: Build for coverity | |
| run: | | |
| source ${INSTALL_DIR}/setupvars.sh | |
| ${ENV_COV_TOOL_DIR}/bin/cov-build --config ${ENV_COV_TOOL_DIR}/config/coverity_config.xml --tmpdir cov_temp --dir ${BUILD_DIR}/cov-int --fs-capture-search ${OPENVINO_TOKENIZERS_REPO} sh build.sh | |
| - name: Pack for analysis submission | |
| run: tar -cvf - cov-int | pigz > openvino-tokenizers.tgz | |
| working-directory: ${{ env.BUILD_DIR }} | |
| - name: Submit to coverity | |
| run: | | |
| apt-get update && apt-get install -y curl jq | |
| pushd ${BUILD_DIR} | |
| curl -X POST -d token=${{ secrets.COVERITY_SECRET_TOKEN }} \ | |
| -d email=${{ secrets.COVERITY_USER }} \ | |
| -d file_name="openvino-tokenizers.tgz" \ | |
| -d version="${{ github.sha }}" \ | |
| -d description="https://github.com/openvinotoolkit/openvino_tokenizers/actions/runs/${{ github.run_id }}" \ | |
| https://scan.coverity.com/projects/30137/builds/init | tee response | |
| upload_url=$(jq -r '.url' response) | |
| build_id=$(jq -r '.build_id' response) | |
| curl -X PUT \ | |
| --header 'Content-Type: application/json' \ | |
| --upload-file openvino-tokenizers.tgz \ | |
| $upload_url | |
| curl -X PUT \ | |
| -d token=${{ secrets.COVERITY_SECRET_TOKEN }} \ | |
| https://scan.coverity.com/projects/30137/builds/$build_id/enqueue | |
| popd | |
| - name: Show Coverity configure logs | |
| continue-on-error: true | |
| run: cov-analysis*/bin/cov-configure -c ${ENV_COV_TOOL_DIR}/config/coverity_config.xml -lscc text | |
| - name: Upload Coverity build log | |
| uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 | |
| if: always() | |
| with: | |
| name: coverity_logs | |
| path: ${{ env.BUILD_DIR }}/cov-int/build-log.txt | |
| if-no-files-found: 'error' | |
| - name: Upload Coverity build archive | |
| uses: actions/upload-artifact@4cec3d8aa04e39d1a68397de0c4cd6fb9dce8ec1 # v4.6.1 | |
| if: always() | |
| with: | |
| name: coverity_archive | |
| path: ${{ env.BUILD_DIR }}/openvino-tokenizers.tgz | |
| if-no-files-found: 'error' |