From 86660d160b7e37365240da1ef28c487e19e3e911 Mon Sep 17 00:00:00 2001 From: Frantisek Sumsal Date: Fri, 8 Jan 2021 21:45:08 +0100 Subject: [PATCH] ci: move the Coverity job to GitHub Actions --- .github/workflows/coverity.yml | 39 ++++++++++++++ .travis.yml | 62 ---------------------- tools/coverity.sh | 12 ++--- {travis-ci/tools => tools}/get-coverity.sh | 0 4 files changed, 42 insertions(+), 71 deletions(-) create mode 100644 .github/workflows/coverity.yml delete mode 100644 .travis.yml rename {travis-ci/tools => tools}/get-coverity.sh (100%) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 00000000000..2c1863779f1 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,39 @@ +--- +# vi: ts=2 sw=2 et: +# +name: Coverity + +on: + schedule: + # Run Coverity daily at midnight + - cron: '0 0 * * *' + +jobs: + build: + runs-on: ubuntu-20.04 + if: github.repository == 'systemd/systemd' + env: + COVERITY_SCAN_BRANCH_PATTERN: "${{ github.ref}}" + COVERITY_SCAN_NOTIFICATION_EMAIL: "" + COVERITY_SCAN_PROJECT_NAME: "${{ github.repository }}" + # Set in repo settings -> secrets -> repository secrets + COVERITY_SCAN_TOKEN: "${{ secrets.COVERITY_SCAN_TOKEN }}" + CURRENT_REF: "${{ github.ref }}" + steps: + - name: Repository checkout + uses: actions/checkout@v1 + # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable + - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable + run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV + - name: Install Coverity tools + run: tools/get-coverity.sh + # Reuse the setup phase of the unit test script to avoid code duplication + - name: Install build dependencies + run: sudo -E .github/workflows/ubuntu-unit-tests.sh SETUP + # Preconfigure with meson to prevent Coverity from capturing meson metadata + - name: Preconfigure the build directory + run: meson cov-build -Dman=false + - name: Build + run: tools/coverity.sh build + - name: Upload the results + run: tools/coverity.sh upload diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 5f99e8df6a0..00000000000 --- a/.travis.yml +++ /dev/null @@ -1,62 +0,0 @@ ---- -# vi: ts=2 sw=2 et: - -language: bash -dist: bionic -services: - - docker - -env: - global: - - AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")" - - CI_MANAGERS="$TRAVIS_BUILD_DIR/travis-ci/managers" - - CI_TOOLS="$TRAVIS_BUILD_DIR/travis-ci/tools" - - REPO_ROOT="$TRAVIS_BUILD_DIR" - -stages: - # Run Coverity periodically instead of for each commit/PR - - name: Coverity - if: type = cron - -jobs: - include: - - stage: Coverity - language: bash - env: - - FEDORA_RELEASE="31" - - TOOL_BASE="/var/tmp/coverity-scan-analysis" - - CONT_NAME="coverity-fedora-$FEDORA_RELEASE" - - DOCKER_EXEC="docker exec -ti $CONT_NAME" - - DOCKER_RUN="docker run -v $TOOL_BASE:$TOOL_BASE:rw --env-file .cov-env" - # Coverity env variables - - PLATFORM="$(uname)" - - TOOL_ARCHIVE="/var/tmp/cov-analysis-$PLATFORM.tgz" - - SCAN_URL="https://scan.coverity.com" - - UPLOAD_URL="https://scan.coverity.com/builds" - - COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG" - - COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}" - - COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH" - # Encrypted COVERITY_SCAN_TOKEN env variable - # Generated using `travis encrypt -r systemd/systemd COVERITY_SCAN_TOKEN=xxxx` - - secure: "jKSz+Y1Mv8xMpQHh7g5lzW7E6HQGndFz/vKDJQ1CVShwFoyjV3Zu+MFS3UYKlh1236zL0Z4dvsYFx/b3Hq8nxZWCrWeZs2NdXgy/wh8LZhxwzcGYigp3sIA/cYdP5rDjFJO0MasNkl25/rml8+eZWz+8/xQic98UQHjSco/EOWtssoRcg0J0c4eDM7bGLfIQWE73NNY1Q1UtWjKmx1kekVrM8dPmHXJ9aERka7bmcbJAcKd6vabs6DQ5AfWccUPIn/EsRYqIJTRxJrFYU6XizANZ1a7Vwk/DWHZUEn2msxcZw5BbAMDTMx0TbfrNkKSHMHuvQUCu6KCBAq414i+LgkMfmQ2SWwKiIUsud1kxXX3ZPl9bxDv1HkvVdcniC/EM7lNEEVwm4meOnjuhI2lhOyOjmP3FTSlMHGP7xlK8DS2k9fqL58vn0BaSjwWgd+2+HuL2+nJmxcK1eLGzKqaostFxrk2Xs2vPZkUdV2nWY/asUrcWHml6YlWDn2eP83pfwxHYsMiEHY/rTKvxeVY+iirO/AphoO+eaYu7LvjKZU1Yx5Z4u/SnGWAiCH0yhMis0bWmgi7SCbw+sDd2uya+aoiLIGiB2ChW7hXHXCue/dif6/gLU7b+L8R00pQwnWdvKUPoIJCmZJYCluTeib4jpW+EmARB2+nR8wms2K9FGKM=" - before_install: - - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce - - docker --version - install: - # Install Coverity on the host - - $CI_TOOLS/get-coverity.sh - # Export necessary env variables for Coverity - - env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env - # Pull a Docker image and start a new container - - $CI_MANAGERS/fedora.sh SETUP - script: - - set -e - # Preconfigure with meson to prevent Coverity from capturing meson metadata - - $DOCKER_EXEC meson cov-build -Dman=false - # Run Coverity - - $DOCKER_EXEC tools/coverity.sh build - - $DOCKER_EXEC tools/coverity.sh upload - - - set +e - after_script: - - $CI_MANAGERS/fedora.sh CLEANUP diff --git a/tools/coverity.sh b/tools/coverity.sh index 5d3b7e29180..8aa0544466e 100755 --- a/tools/coverity.sh +++ b/tools/coverity.sh @@ -22,17 +22,11 @@ echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are [ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1 [ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1 -# Do not run on pull requests -if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then - echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m" - exit 0 -fi - # Verify this branch should run -if [[ "${TRAVIS_BRANCH^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then - echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m" +if [[ "${CURRENT_REF^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then + echo -e "\033[33;1mCoverity Scan configured to run on branch ${CURRENT_REF}\033[0m" else - echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m" + echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${CURRENT_REF}\033[0m" exit 1 fi diff --git a/travis-ci/tools/get-coverity.sh b/tools/get-coverity.sh similarity index 100% rename from travis-ci/tools/get-coverity.sh rename to tools/get-coverity.sh