From patchwork Mon Sep 25 11:50:57 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johannes Schindelin X-Patchwork-Id: 13397678 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 631BACE7A94 for ; Mon, 25 Sep 2023 11:51:13 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230461AbjIYLvR (ORCPT ); Mon, 25 Sep 2023 07:51:17 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57028 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229972AbjIYLvO (ORCPT ); Mon, 25 Sep 2023 07:51:14 -0400 Received: from mail-wm1-x332.google.com (mail-wm1-x332.google.com [IPv6:2a00:1450:4864:20::332]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 091D9FB for ; Mon, 25 Sep 2023 04:51:06 -0700 (PDT) Received: by mail-wm1-x332.google.com with SMTP id 5b1f17b1804b1-40566f89f6eso31793165e9.3 for ; Mon, 25 Sep 2023 04:51:05 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695642664; x=1696247464; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=6gv/rM5RlRYRigHiGPittPda0/aQ+AfiS+auuOA5Fa0=; b=WX6UuqKOuHLKxuQf7UhwFo55srlzmCmHXZ1hkaTkdJyQqx7slnz5vg/aFXdbKe1Kek h6AjLnAu+MKWt7zwv7QvInGJpAOuMNGvh2bNKbJeA50VX9Y0B9vATL7O8vB+M90TlWn/ NZX+w2XA1+zrOlYo7ijTb/j6H/CVeVaRoxR5Yyx0aJyDhg57PVbrfJZZoY8JDvueqEIg BrJlDm52H3JIKPUm5B5KAO1Fd/gPvjOA3I8K9NurncQSoszX4L+N+Lwkyv4ffFPkm+2U UyZEg1+Kr0BDsqxQNN8YMLsdKcJ8mPoPDeLyg+CdB7/BWJKjiP/meryofMlRyVqmgXUm 5GuQ== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695642664; x=1696247464; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=6gv/rM5RlRYRigHiGPittPda0/aQ+AfiS+auuOA5Fa0=; b=lRL1ftCxHrvXFlVkVATpXZqz/Q3Y/wl8EIlnJtXQbqSej+O5KrmY0LIUwCV13ovV3g ZPsNAGhknUlIPbKXd55t5U3+NlMd9ZeuuRXFvtlsUFbgVYnjf63kGxELbXv/Q2HSH8vp I79u+mP+Zv8txvndeHIAU4T01RnxAl+EE4xmXYtKhEQU6AmAurRHHt/cf/13NporPkr7 /7W5RoTmnqDOvNSWJAK+mtv68VJt8COibMWWWRX3GpEvzWlt6pBzU/ABbekbj5ndszDl pNbP+k0KjBL07IBl0JrG8z628YnMvnPTvtL5Ru/hvzG/RGQX0kxOlzT7sMHO/VQwIF+s 1hLA== X-Gm-Message-State: AOJu0Yz+489SXvITtPEVaSSVhzukqIDN0ODroFQbJBogHFt94nCg3wKn v5TYRlBCCHg7lLuJKCS13dPiQ5jtbEc= X-Google-Smtp-Source: AGHT+IGKBEWzazrD4wyEyCHz1pGRZhL7OGGaLWMCRFp8fRd8HgdJxc9xPOIdNJCGcJdwQgZ4WAerLA== X-Received: by 2002:a7b:c415:0:b0:3fe:1b4e:c484 with SMTP id k21-20020a7bc415000000b003fe1b4ec484mr6009169wmi.5.1695642664258; Mon, 25 Sep 2023 04:51:04 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id j9-20020a05600c300900b003fe407ca05bsm10788791wmh.37.2023.09.25.04.51.03 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 04:51:04 -0700 (PDT) Message-ID: <46fb6b583d362e0984fdee337650ac81d3b7c09e.1695642662.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Mon, 25 Sep 2023 11:50:57 +0000 Subject: [PATCH v2 1/6] ci: add a GitHub workflow to submit Coverity scans Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Jeff King , Johannes Schindelin , Johannes Schindelin Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Johannes Schindelin From: Johannes Schindelin Coverity is a static analysis tool that detects and generates reports on various security and code quality issues. It is particularly useful when diagnosing memory safety issues which may be used as part of exploiting a security vulnerability. Coverity's website provides a service that accepts "builds" (which contains the object files generated during a standard build as well as a database generated by Coverity's scan tool). Let's add a GitHub workflow to automate all of this. To avoid running it without appropriate Coverity configuration (e.g. the token required to use Coverity's services), the job only runs when the repository variable "ENABLE_COVERITY_SCAN_FOR_BRANCHES" has been configured accordingly (see https://docs.github.com/en/actions/learn-github-actions/variables for details how to configure repository variables): It is expected to be a valid JSON array of branch strings, e.g. `["main", "next"]`. In addition, this workflow requires two repository secrets: - COVERITY_SCAN_EMAIL: the email to send the report to, and - COVERITY_SCAN_TOKEN: the Coverity token (look in the Project Settings tab of your Coverity project). Note: The initial version of this patch used `vapier/coverity-scan-action` to benefit from that Action's caching of the Coverity tool, which is rather large. Sadly, that Action only supports Linux, and we want to have the option of building on Windows, too. Besides, in the meantime Coverity requires `cov-configure` to be runantime, and that Action was not adjusted accordingly, i.e. it seems not to be maintained actively. Therefore it would seem prudent to implement the steps manually instead of using that Action. Initial-patch-by: Taylor Blau Signed-off-by: Johannes Schindelin --- .github/workflows/coverity.yml | 58 ++++++++++++++++++++++++++++++++++ 1 file changed, 58 insertions(+) create mode 100644 .github/workflows/coverity.yml diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml new file mode 100644 index 00000000000..d8d1e328578 --- /dev/null +++ b/.github/workflows/coverity.yml @@ -0,0 +1,58 @@ +name: Coverity + +# This GitHub workflow automates submitting builds to Coverity Scan. To enable it, +# set the repository variable `ENABLE_COVERITY_SCAN_FOR_BRANCHES` (for details, see +# https://docs.github.com/en/actions/learn-github-actions/variables) to a JSON +# string array containing the names of the branches for which the workflow should be +# run, e.g. `["main", "next"]`. +# +# In addition, two repository secrets must be set (for details how to add secrets, see +# https://docs.github.com/en/actions/security-guides/using-secrets-in-github-actions): +# `COVERITY_SCAN_EMAIL` and `COVERITY_SCAN_TOKEN`. The former specifies the +# email to which the Coverity reports should be sent and the latter can be +# obtained from the Project Settings tab of the Coverity project). + +on: + push: + +jobs: + coverity: + if: contains(fromJSON(vars.ENABLE_COVERITY_SCAN_FOR_BRANCHES || '[""]'), github.ref_name) + runs-on: ubuntu-latest + env: + COVERITY_PROJECT: git + COVERITY_LANGUAGE: cxx + COVERITY_PLATFORM: linux64 + steps: + - uses: actions/checkout@v3 + - run: ci/install-dependencies.sh + env: + runs_on_pool: ubuntu-latest + + - name: download the Coverity Build Tool (${{ env.COVERITY_LANGUAGE }} / ${{ env.COVERITY_PLATFORM}}) + run: | + curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \ + --fail --no-progress-meter \ + --output $RUNNER_TEMP/cov-analysis.tgz \ + --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \ + --form project="$COVERITY_PROJECT" + - name: extract the Coverity Build Tool + run: | + mkdir $RUNNER_TEMP/cov-analysis && + tar -xzf $RUNNER_TEMP/cov-analysis.tgz --strip 1 -C $RUNNER_TEMP/cov-analysis + - name: build with cov-build + run: | + export PATH="$RUNNER_TEMP/cov-analysis/bin:$PATH" && + cov-configure --gcc && + cov-build --dir cov-int make -j$(nproc) + - name: package the build + run: tar -czvf cov-int.tgz cov-int + - name: submit the build to Coverity Scan + run: | + curl \ + --fail \ + --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \ + --form email='${{ secrets.COVERITY_SCAN_EMAIL }}' \ + --form file=@cov-int.tgz \ + --form version='${{ github.sha }}' \ + "https://scan.coverity.com/builds?project=$COVERITY_PROJECT" From patchwork Mon Sep 25 11:50:58 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johannes Schindelin X-Patchwork-Id: 13397677 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 9BA3ACE7A95 for ; Mon, 25 Sep 2023 11:51:11 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230431AbjIYLvQ (ORCPT ); Mon, 25 Sep 2023 07:51:16 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57000 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229712AbjIYLvO (ORCPT ); Mon, 25 Sep 2023 07:51:14 -0400 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A2F1E100 for ; Mon, 25 Sep 2023 04:51:06 -0700 (PDT) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-40572aeb673so29080655e9.0 for ; Mon, 25 Sep 2023 04:51:06 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695642665; x=1696247465; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=yqRPI1cr69T5BQVFCiu5MdAHf2PZervoXEK4p0iX26k=; b=PJHoHXZJsFvrKn6hjE9g3JELPZUxXzLgWovk46rVn9TqFNydP615XQoySylM1oY4TL hT12Tt+qFL/05b4wbjDinZwrXPQP7xK+MkqMGtsP3yBUGad2mNh67D8GEQ1iead5VUit xWxrCLzbC/zIddj3rIy2pI73Y80J5nnAi2pBFpMhak9hTT+RPCvmSOggqS7J4pUamOgi FOzcEAVIiTSSA40xlFQLJz2ufSmc/lp1KkEAfkCyfIC4Gfe6Pm2Id9/5v1pVEB6SsiNG mo1tHX0JlbB1vnNda+MhHdYUYSPx3w37fmfw4JGqgTU3pSHykF5j0lToGImIg8jcX1h6 eUmA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695642665; x=1696247465; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=yqRPI1cr69T5BQVFCiu5MdAHf2PZervoXEK4p0iX26k=; b=os/mOWLV+NpiJ34O+RiXuwob9xg5vEv0yo5epZwvRLNk1D7S0a8fQ2H4hMHoowx8df fGfU05cKy2yUyK/CvwDiiT5ouT2T9RiugUsd4IjnYvQ22tCdha06Js6Tl5TD5Dh5f1D1 dHA1zpC7RCQmhboV2wc24R4nJ0h7tMJQSQfOhQk3Pft9lKWCvCd2p+6nVDF9hgdcPDI6 Ql4fGN89Lj6xM3dXpiekfg8dU0nMw/UAiwPzTKtSQUwXjtCFxrG2gyfDV2WUv+AWQ1B5 VlVu4/FrjFo2jjC3CWUV60psvqVw2dCct6e7XRPpTn24jdAxUhba2VbIhW9/p4rkCorC 9x7A== X-Gm-Message-State: AOJu0Yy0wu75yhvk95YiknRkIMgnqzkqX1kpENdOXS+bqdjUmd2j6mKl fTciAqGBL+/FlQ5xVJ8fLwnce9qKDWw= X-Google-Smtp-Source: AGHT+IGgohioVdpquw3B5DxoqhT8BsEwuPSzMKvNalE2aUDCGmgSFS4/xTNX1qvrphucvG6zu/DeAQ== X-Received: by 2002:adf:f205:0:b0:31f:8a6d:e527 with SMTP id p5-20020adff205000000b0031f8a6de527mr5634898wro.45.1695642664907; Mon, 25 Sep 2023 04:51:04 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id w7-20020adff9c7000000b0031912c0ffebsm11622823wrr.23.2023.09.25.04.51.04 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 04:51:04 -0700 (PDT) Message-ID: In-Reply-To: References: Date: Mon, 25 Sep 2023 11:50:58 +0000 Subject: [PATCH v2 2/6] coverity: cache the Coverity Build Tool Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Jeff King , Johannes Schindelin , Johannes Schindelin Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Johannes Schindelin From: Johannes Schindelin It would add a 1GB+ download for every run, better cache it. This is inspired by the GitHub Action `vapier/coverity-scan-action`, however, it uses the finer-grained `restore`/`save` method to be able to cache the Coverity Build Tool even if an unrelated step in the GitHub workflow fails later on. Signed-off-by: Johannes Schindelin --- .github/workflows/coverity.yml | 28 ++++++++++++++++++++++++++++ 1 file changed, 28 insertions(+) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index d8d1e328578..4bc1572f040 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -29,7 +29,28 @@ jobs: env: runs_on_pool: ubuntu-latest + # The Coverity site says the tool is usually updated twice yearly, so the + # MD5 of download can be used to determine whether there's been an update. + - name: get the Coverity Build Tool hash + id: lookup + run: | + MD5=$(curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \ + --fail \ + --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \ + --form project="$COVERITY_PROJECT" \ + --form md5=1) && + echo "hash=$MD5" >>$GITHUB_OUTPUT + + # Try to cache the tool to avoid downloading 1GB+ on every run. + # A cache miss will add ~30s to create, but a cache hit will save minutes. + - name: restore the Coverity Build Tool + id: cache + uses: actions/cache/restore@v3 + with: + path: ${{ runner.temp }}/cov-analysis + key: cov-build-${{ env.COVERITY_LANGUAGE }}-${{ env.COVERITY_PLATFORM }}-${{ steps.lookup.outputs.hash }} - name: download the Coverity Build Tool (${{ env.COVERITY_LANGUAGE }} / ${{ env.COVERITY_PLATFORM}}) + if: steps.cache.outputs.cache-hit != 'true' run: | curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \ --fail --no-progress-meter \ @@ -37,9 +58,16 @@ jobs: --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \ --form project="$COVERITY_PROJECT" - name: extract the Coverity Build Tool + if: steps.cache.outputs.cache-hit != 'true' run: | mkdir $RUNNER_TEMP/cov-analysis && tar -xzf $RUNNER_TEMP/cov-analysis.tgz --strip 1 -C $RUNNER_TEMP/cov-analysis + - name: cache the Coverity Build Tool + if: steps.cache.outputs.cache-hit != 'true' + uses: actions/cache/save@v3 + with: + path: ${{ runner.temp }}/cov-analysis + key: cov-build-${{ env.COVERITY_LANGUAGE }}-${{ env.COVERITY_PLATFORM }}-${{ steps.lookup.outputs.hash }} - name: build with cov-build run: | export PATH="$RUNNER_TEMP/cov-analysis/bin:$PATH" && From patchwork Mon Sep 25 11:50:59 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johannes Schindelin X-Patchwork-Id: 13397676 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 32694CE7A94 for ; Mon, 25 Sep 2023 11:51:10 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230260AbjIYLvP (ORCPT ); Mon, 25 Sep 2023 07:51:15 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:56992 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229456AbjIYLvO (ORCPT ); Mon, 25 Sep 2023 07:51:14 -0400 Received: from mail-wr1-x42d.google.com (mail-wr1-x42d.google.com [IPv6:2a00:1450:4864:20::42d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 68982103 for ; Mon, 25 Sep 2023 04:51:07 -0700 (PDT) Received: by mail-wr1-x42d.google.com with SMTP id ffacd0b85a97d-31f737b8b69so5251344f8f.3 for ; Mon, 25 Sep 2023 04:51:07 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695642665; x=1696247465; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=c9CAKxJ/+D445dVI3YYXX+qm/DxlOx8hlzwKEMuHP9w=; b=gTv0FYG2k4GPp9FjtSbthZrtJWjzzMS7oA6EVYPIGAC9drPVZUh7pB9+41fXcDpzYs JfZqzR13cCN+qEPOAh7tzqjHFgiCnD1wscFeJM3Navzs8n6AlPKSfMbJEoo+x3Epuj5L hCvR8ElWsravcjupchsYEsR3eWWqwZSZLTetLtZkzu8exGt5rlUeil+bMH7dGTpCePAQ T0X8tckGSzSZDP9tS7BF7lrtx6Oj3vqJIUHfRPqXahyFTAAHiqOZi29Lz9XqBPb/tlGR 0GStRYSqSWXcH5Npf4KeUeLzPpucsnRkcngdYzwsflJIce0e2b/oi2ukzKx9XtyjY8hG fFtA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695642665; x=1696247465; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=c9CAKxJ/+D445dVI3YYXX+qm/DxlOx8hlzwKEMuHP9w=; b=Uh645qlhX3vsbZtGtlbRCv6MSuIToPScaOioG8He2g5RldlsHsSF9hwdZcbm9wBT9N L8Kc+WFoYO9nAM5h7emORStt25OVOqBbfO3OCrR9z7XdsU5jixQBIbcrou3JjojfyoYI 6LbJeU9JwXoKcQYvT1c2OJay3V9H+MtD20kDho+K+jpid+/FDsiA2AhMwwYV1ltd1P7e NlWtpknRy1zO6WwTx2CrbvsV1up2L6R7P3wcjWVtPPv4gnFB8gJdca6agBpNk5lFl3DH VHrblhaqhh4V+AwOsYrTUZZNX4zViG/vwLBqSP75j82fPlOxs0OU7O3kNEx4F/eDLJan vOnw== X-Gm-Message-State: AOJu0YwT8Q9TI/Q4bSEnuuObPMkliV9MiDRZG7BRAJEG2ucu0xz7R6o6 Ac9RtmuXjxOd/R7TGnew9QowS7P2NL8= X-Google-Smtp-Source: AGHT+IE9XF8l9mxrdZS/8cRXWYa1DlTw1FNTpsB/3aZfBQUHUihGUwOawuaT7rp4Ie1TnB3tv5lrFQ== X-Received: by 2002:adf:e4ce:0:b0:321:6414:5869 with SMTP id v14-20020adfe4ce000000b0032164145869mr6787862wrm.58.1695642665637; Mon, 25 Sep 2023 04:51:05 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id s13-20020a5d424d000000b0031f729d883asm11655219wrr.42.2023.09.25.04.51.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 04:51:05 -0700 (PDT) Message-ID: In-Reply-To: References: Date: Mon, 25 Sep 2023 11:50:59 +0000 Subject: [PATCH v2 3/6] coverity: allow overriding the Coverity project Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Jeff King , Johannes Schindelin , Johannes Schindelin Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Johannes Schindelin From: Johannes Schindelin By default, the builds are submitted to the `git` project at https://scan.coverity.com/projects/git. The Git for Windows project would like to use this workflow, too, though, and needs the builds to be submitted to the `git-for-windows` Coverity project. To that end, allow configuring the Coverity project name via the repository variable, you guessed it, `COVERITY_PROJECT`. The default if that variable is not configured or has an empty value is still `git`. Signed-off-by: Johannes Schindelin --- .github/workflows/coverity.yml | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 4bc1572f040..55a3a8f5acf 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -11,6 +11,9 @@ name: Coverity # `COVERITY_SCAN_EMAIL` and `COVERITY_SCAN_TOKEN`. The former specifies the # email to which the Coverity reports should be sent and the latter can be # obtained from the Project Settings tab of the Coverity project). +# +# By default, the builds are submitted to the Coverity project `git`. To override this, +# set the repository variable `COVERITY_PROJECT`. on: push: @@ -20,7 +23,7 @@ jobs: if: contains(fromJSON(vars.ENABLE_COVERITY_SCAN_FOR_BRANCHES || '[""]'), github.ref_name) runs-on: ubuntu-latest env: - COVERITY_PROJECT: git + COVERITY_PROJECT: ${{ vars.COVERITY_PROJECT || 'git' }} COVERITY_LANGUAGE: cxx COVERITY_PLATFORM: linux64 steps: From patchwork Mon Sep 25 11:51:00 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johannes Schindelin X-Patchwork-Id: 13397680 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 3292DCE7A95 for ; Mon, 25 Sep 2023 11:51:15 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S230503AbjIYLvU (ORCPT ); Mon, 25 Sep 2023 07:51:20 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57050 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S229456AbjIYLvP (ORCPT ); Mon, 25 Sep 2023 07:51:15 -0400 Received: from mail-wm1-x329.google.com (mail-wm1-x329.google.com [IPv6:2a00:1450:4864:20::329]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id A75319B for ; Mon, 25 Sep 2023 04:51:08 -0700 (PDT) Received: by mail-wm1-x329.google.com with SMTP id 5b1f17b1804b1-405361bb9f7so60915685e9.2 for ; Mon, 25 Sep 2023 04:51:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695642667; x=1696247467; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=CyNh0zRTxdTKtNkjtPjN/XLMG5sIRaX5/80rLtGGo1Q=; b=bJAWI7OhkYoWTMq/+SZ6neU2QyZik8UUCvbqM9TF4bOVlBwnbORu07a12DO7tcXxGN tfzM1WMRJYfTjXqxXxTVrW00yEory6ExmM4KvtBfL56dhjkFjWMS9AB52Lw+sv9NFPef zNtMA3L/3eJpKbfiGLOm5mbWqACAv9LIEtyQ4EOKZglfTqRTNjgcNDgOwJ1K/5bVJx7h 7yHx+hq7O3zJh30mRV45f1ZHYpUvhOKWMAqkbLqxBet9UOXlDxxSGtcDvO+SWaHe87Em SCdMAHa4ggKvoZPBpgusVkEA8glh5UgIfFmFrID/BltBvvptx0RAtOoJtfhSVsmgIfYH TsXg== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695642667; x=1696247467; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=CyNh0zRTxdTKtNkjtPjN/XLMG5sIRaX5/80rLtGGo1Q=; b=ckFwHz1eT6fp/gU3Ps96+aDsuidfSYqiOCiwMbGz1EXCzWvKpxccPr4SRXs66W04Dn T3LKrbC+eT8xBNptpXz+8J+XonWrRo5oRYpWKEe1fQdKDwfVM5Asx1SbWSz+3aurKEQw aPmeBEQzipoxbYKg+4nPUNyYrCp3h0IJjgejvQpFFLZWjrQtYThKdnRQKf4R0Waa4Np1 FOUSViHGp2XbbOKgMEkiN5AnVVICmlIFPFgbKPYkKO/Opalzsn8LEIoO3NDCRoepqh2P difEcofRWdZNUVUlMsLKmCLQWIf51/h+C4O1Fn92Kuw9UMF9Dykzx3rG511WqjgPjyXc MZ2Q== X-Gm-Message-State: AOJu0YwZ48q0R87IMj8zUhkUJBjtx5pyxiqmsa7JELspheYeqMUVnFu8 8QeF1t1+R0ytemiQFsYAo2zR32M4ibo= X-Google-Smtp-Source: AGHT+IHzSBnPTCOrliBVuuYLbJV0VvAEOd6b43vki3MJGcqXJOvXLkudx6NHBu3ibKcz5dwfvvTGyQ== X-Received: by 2002:a7b:c3d2:0:b0:405:3252:fe2 with SMTP id t18-20020a7bc3d2000000b0040532520fe2mr5411779wmj.14.1695642666386; Mon, 25 Sep 2023 04:51:06 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id b1-20020a5d4d81000000b003215c6e30cbsm11537507wru.104.2023.09.25.04.51.05 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 04:51:06 -0700 (PDT) Message-ID: <84e1c3eede822cda4fc839080c9d9929df104ee3.1695642662.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Mon, 25 Sep 2023 11:51:00 +0000 Subject: [PATCH v2 4/6] coverity: support building on Windows Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Jeff King , Johannes Schindelin , Johannes Schindelin Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Johannes Schindelin From: Johannes Schindelin By adding the repository variable `ENABLE_COVERITY_SCAN_ON_OS` with a value, say, `["windows-latest"]`, this GitHub workflow now runs on Windows, allowing to analyze Windows-specific issues. This allows, say, the Git for Windows fork to submit Windows builds to Coverity Scan instead of Linux builds. Signed-off-by: Johannes Schindelin --- .github/workflows/coverity.yml | 57 ++++++++++++++++++++++++++++++---- 1 file changed, 51 insertions(+), 6 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 55a3a8f5acf..ca364c3d692 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -12,31 +12,62 @@ name: Coverity # email to which the Coverity reports should be sent and the latter can be # obtained from the Project Settings tab of the Coverity project). # +# The workflow runs on `ubuntu-latest` by default. This can be overridden by setting +# the repository variable `ENABLE_COVERITY_SCAN_ON_OS` to a JSON string array specifying +# the operating systems, e.g. `["ubuntu-latest", "windows-latest"]`. +# # By default, the builds are submitted to the Coverity project `git`. To override this, # set the repository variable `COVERITY_PROJECT`. on: push: +defaults: + run: + shell: bash + jobs: coverity: if: contains(fromJSON(vars.ENABLE_COVERITY_SCAN_FOR_BRANCHES || '[""]'), github.ref_name) - runs-on: ubuntu-latest + strategy: + matrix: + os: ${{ fromJSON(vars.ENABLE_COVERITY_SCAN_ON_OS || '["ubuntu-latest"]') }} + runs-on: ${{ matrix.os }} env: COVERITY_PROJECT: ${{ vars.COVERITY_PROJECT || 'git' }} COVERITY_LANGUAGE: cxx - COVERITY_PLATFORM: linux64 + COVERITY_PLATFORM: overridden-below steps: - uses: actions/checkout@v3 + - name: install minimal Git for Windows SDK + if: contains(matrix.os, 'windows') + uses: git-for-windows/setup-git-for-windows-sdk@v1 - run: ci/install-dependencies.sh + if: contains(matrix.os, 'ubuntu') env: - runs_on_pool: ubuntu-latest + runs_on_pool: ${{ matrix.os }} # The Coverity site says the tool is usually updated twice yearly, so the # MD5 of download can be used to determine whether there's been an update. - name: get the Coverity Build Tool hash id: lookup run: | + case "${{ matrix.os }}" in + *windows*) + COVERITY_PLATFORM=win64 + COVERITY_TOOL_FILENAME=cov-analysis.zip + ;; + *ubuntu*) + COVERITY_PLATFORM=linux64 + COVERITY_TOOL_FILENAME=cov-analysis.tgz + ;; + *) + echo '::error::unhandled OS ${{ matrix.os }}' >&2 + exit 1 + ;; + esac + echo "COVERITY_PLATFORM=$COVERITY_PLATFORM" >>$GITHUB_ENV + echo "COVERITY_TOOL_FILENAME=$COVERITY_TOOL_FILENAME" >>$GITHUB_ENV MD5=$(curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \ --fail \ --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \ @@ -57,14 +88,28 @@ jobs: run: | curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \ --fail --no-progress-meter \ - --output $RUNNER_TEMP/cov-analysis.tgz \ + --output $RUNNER_TEMP/$COVERITY_TOOL_FILENAME \ --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \ --form project="$COVERITY_PROJECT" - name: extract the Coverity Build Tool if: steps.cache.outputs.cache-hit != 'true' run: | - mkdir $RUNNER_TEMP/cov-analysis && - tar -xzf $RUNNER_TEMP/cov-analysis.tgz --strip 1 -C $RUNNER_TEMP/cov-analysis + case "$COVERITY_TOOL_FILENAME" in + *.tgz) + mkdir $RUNNER_TEMP/cov-analysis && + tar -xzf $RUNNER_TEMP/$COVERITY_TOOL_FILENAME --strip 1 -C $RUNNER_TEMP/cov-analysis + ;; + *.zip) + cd $RUNNER_TEMP && + mkdir cov-analysis-tmp && + unzip -d cov-analysis-tmp $COVERITY_TOOL_FILENAME && + mv cov-analysis-tmp/* cov-analysis + ;; + *) + echo "::error::unhandled archive type: $COVERITY_TOOL_FILENAME" >&2 + exit 1 + ;; + esac - name: cache the Coverity Build Tool if: steps.cache.outputs.cache-hit != 'true' uses: actions/cache/save@v3 From patchwork Mon Sep 25 11:51:01 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johannes Schindelin X-Patchwork-Id: 13397682 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 4BB69CE7A81 for ; Mon, 25 Sep 2023 11:51:27 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S229712AbjIYLvb (ORCPT ); Mon, 25 Sep 2023 07:51:31 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57080 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230445AbjIYLvQ (ORCPT ); Mon, 25 Sep 2023 07:51:16 -0400 Received: from mail-wm1-x32d.google.com (mail-wm1-x32d.google.com [IPv6:2a00:1450:4864:20::32d]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 0CBFDCF for ; Mon, 25 Sep 2023 04:51:09 -0700 (PDT) Received: by mail-wm1-x32d.google.com with SMTP id 5b1f17b1804b1-4053cf48670so49176995e9.0 for ; Mon, 25 Sep 2023 04:51:08 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695642667; x=1696247467; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=8izrTrOYmaFplwkN4Q1TaOq60ja4Yn5W1h0K1WMd7Qo=; b=GiKugahWZj1Rpkp0GfyDKfUaAJCHovS6CUIWwI5Q31AZC9JvlmDjBlOhCecOwpbqE5 VdcL75TkYbIdts/ojYWw60vG2M3a+RCnP4588uRysOCwJHuxpHNGlE7XKwHnFMtyCXZQ dSN4sSWaEPR3hb38Hr/t36FDG9Mk2ioDpV3KN6aQETil3WY/JFAol7O7MtLe+S4iz2Tu 5wN+UbHu8DbmSC6E855Q7NiI6OyXNgO0DU3mJv/6LqrB4B7wPC8UMtxMsKpSUIizg1nA HdNrhHCGp5zabjc7NSQkENP/7IQTXSCFjY9djWunhqJs1l71oMck5jr1yZLd7WSwBde8 T35w== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695642667; x=1696247467; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=8izrTrOYmaFplwkN4Q1TaOq60ja4Yn5W1h0K1WMd7Qo=; b=glZ0DQ8ciJtLXcHPGdfzg+QJgUKY18eFql9sJZp/Rt6i2KIJTGLynEmFD3dDoV0bc4 OeWYdXloG8IVO1u4ddmlkZ8CQA8u72yAEQSNcIkqLLm44UENSUOtnnHdxp2y5thNvXj2 yGKy+oOtoyui2oZG4iz8PVxA97PiX/RZF1q8vQtun3H53aiH235zestMmzd2zn5y0Wj1 qdkXxib9UoN3+DHW4WzzDCh26jKHA84rASZg++FqxgQ6q9Xb3k6RNkpBKOasm/caeHJy MfQa+bZWuzJuWAxcjbrvgfIdY69709OuUvFwcmHpUGUBJWcBMzaobF+63BkhICIu6fwW wZRw== X-Gm-Message-State: AOJu0Yzb6v/et6aGYhmn5Eno0LG2bQ3Tufi3svKbQz1hH6Wl4m5nrHSn 4tA592yHlfPDjx1R9oRMFwsCDKElXqQ= X-Google-Smtp-Source: AGHT+IEHCq9irKVT9d2pXDsQlQLV7UY6yGGxpQJ3TKaXt0J5qUf6h1glKOhw3SIbfSk8PnevxD0WgA== X-Received: by 2002:a7b:c4d1:0:b0:405:36d7:4581 with SMTP id g17-20020a7bc4d1000000b0040536d74581mr6158025wmk.9.1695642666989; Mon, 25 Sep 2023 04:51:06 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id g10-20020adffc8a000000b003176c6e87b1sm11713552wrr.81.2023.09.25.04.51.06 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 04:51:06 -0700 (PDT) Message-ID: <3d24b6f3b22f0c3b283f1c7a853c7784342588ad.1695642662.git.gitgitgadget@gmail.com> In-Reply-To: References: Date: Mon, 25 Sep 2023 11:51:01 +0000 Subject: [PATCH v2 5/6] coverity: allow running on macOS Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Jeff King , Johannes Schindelin , Johannes Schindelin Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Johannes Schindelin From: Johannes Schindelin For completeness' sake, let's add support for submitting macOS builds to Coverity Scan. Signed-off-by: Johannes Schindelin --- .github/workflows/coverity.yml | 22 ++++++++++++++++++++-- 1 file changed, 20 insertions(+), 2 deletions(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index ca364c3d692..53f9ee6a418 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -43,7 +43,7 @@ jobs: if: contains(matrix.os, 'windows') uses: git-for-windows/setup-git-for-windows-sdk@v1 - run: ci/install-dependencies.sh - if: contains(matrix.os, 'ubuntu') + if: contains(matrix.os, 'ubuntu') || contains(matrix.os, 'macos') env: runs_on_pool: ${{ matrix.os }} @@ -56,10 +56,17 @@ jobs: *windows*) COVERITY_PLATFORM=win64 COVERITY_TOOL_FILENAME=cov-analysis.zip + MAKEFLAGS=-j$(nproc) + ;; + *macos*) + COVERITY_PLATFORM=macOSX + COVERITY_TOOL_FILENAME=cov-analysis.dmg + MAKEFLAGS=-j$(sysctl -n hw.physicalcpu) ;; *ubuntu*) COVERITY_PLATFORM=linux64 COVERITY_TOOL_FILENAME=cov-analysis.tgz + MAKEFLAGS=-j$(nproc) ;; *) echo '::error::unhandled OS ${{ matrix.os }}' >&2 @@ -68,6 +75,7 @@ jobs: esac echo "COVERITY_PLATFORM=$COVERITY_PLATFORM" >>$GITHUB_ENV echo "COVERITY_TOOL_FILENAME=$COVERITY_TOOL_FILENAME" >>$GITHUB_ENV + echo "MAKEFLAGS=$MAKEFLAGS" >>$GITHUB_ENV MD5=$(curl https://scan.coverity.com/download/$COVERITY_LANGUAGE/$COVERITY_PLATFORM \ --fail \ --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \ @@ -99,6 +107,16 @@ jobs: mkdir $RUNNER_TEMP/cov-analysis && tar -xzf $RUNNER_TEMP/$COVERITY_TOOL_FILENAME --strip 1 -C $RUNNER_TEMP/cov-analysis ;; + *.dmg) + cd $RUNNER_TEMP && + attach="$(hdiutil attach $COVERITY_TOOL_FILENAME)" && + volume="$(echo "$attach" | cut -f 3 | grep /Volumes/)" && + mkdir cov-analysis && + cd cov-analysis && + sh "$volume"/cov-analysis-macosx-*.sh && + ls -l && + hdiutil detach "$volume" + ;; *.zip) cd $RUNNER_TEMP && mkdir cov-analysis-tmp && @@ -120,7 +138,7 @@ jobs: run: | export PATH="$RUNNER_TEMP/cov-analysis/bin:$PATH" && cov-configure --gcc && - cov-build --dir cov-int make -j$(nproc) + cov-build --dir cov-int make - name: package the build run: tar -czvf cov-int.tgz cov-int - name: submit the build to Coverity Scan From patchwork Mon Sep 25 11:51:02 2023 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Johannes Schindelin X-Patchwork-Id: 13397681 Return-Path: X-Spam-Checker-Version: SpamAssassin 3.4.0 (2014-02-07) on aws-us-west-2-korg-lkml-1.web.codeaurora.org Received: from vger.kernel.org (vger.kernel.org [23.128.96.18]) by smtp.lore.kernel.org (Postfix) with ESMTP id 8CA53CE7A94 for ; Mon, 25 Sep 2023 11:51:25 +0000 (UTC) Received: (majordomo@vger.kernel.org) by vger.kernel.org via listexpand id S231201AbjIYLv3 (ORCPT ); Mon, 25 Sep 2023 07:51:29 -0400 Received: from lindbergh.monkeyblade.net ([23.128.96.19]:57058 "EHLO lindbergh.monkeyblade.net" rhost-flags-OK-OK-OK-OK) by vger.kernel.org with ESMTP id S230403AbjIYLvP (ORCPT ); Mon, 25 Sep 2023 07:51:15 -0400 Received: from mail-wm1-x32f.google.com (mail-wm1-x32f.google.com [IPv6:2a00:1450:4864:20::32f]) by lindbergh.monkeyblade.net (Postfix) with ESMTPS id 48B89DA for ; Mon, 25 Sep 2023 04:51:09 -0700 (PDT) Received: by mail-wm1-x32f.google.com with SMTP id 5b1f17b1804b1-40528376459so62615385e9.3 for ; Mon, 25 Sep 2023 04:51:09 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20230601; t=1695642667; x=1696247467; darn=vger.kernel.org; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:from:to:cc:subject:date :message-id:reply-to; bh=g9dUm89CGfIwaCERGUXZ4FfAtS4+A06lMXPHusBs8+k=; b=dF0h6IIHK/k88BvzYFgApkPUKeyB1xdOTmoW2zuGcU9IfoiPvRkYay5Jq4EgrmKfL7 NCMU8mGj6SZ2svQz8xolqrsozpoMOgshi5SoEy5j8V6GKhqBa6L3+MzD6uSh9SuM7BqB LDsUPNJ3/cfRIg3njEXDxt/cKQQo7r8QUsAUb06NYL8neqpCjj2esjCe4FuNf0GngOUG RcISqMzSd4U9ak1UBiex/4s4POY6x7RMJjPmdtrFYQ+31n8HhB5eLjTnhbjXNN/YWUrf 3xRlaQiRlTWZfOQ5xD7oopuLIMwpmfzC8S7ctY+IgXQWph2DmwDod4xKl+cs4kpTJKlr IHRA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20230601; t=1695642667; x=1696247467; h=cc:to:mime-version:content-transfer-encoding:fcc:subject:date:from :references:in-reply-to:message-id:x-gm-message-state:from:to:cc :subject:date:message-id:reply-to; bh=g9dUm89CGfIwaCERGUXZ4FfAtS4+A06lMXPHusBs8+k=; b=SX3UPT9K7K5Y7MmkPrGcNjO3KHFHj2usg3fMXrn8nPXqeeEjKVWDOHy3QHRXU/0E+Y c5oz+Byr0HiFh9NtqBZFmqMOZNGH2y31BKOHUgGJFEVKRgzhFU5juOhYEkPgyEiuZGn2 yn94LeM/emSe/e4ELwx5hSbJlZrK/MGx5tAzTVffITP96KufvDtlNDe5Reqqta8+yhdG T9kDgBl/IW8OBhhiCWPrGWByTfw6SqEI8LY8EdexGrlUQrMdvBAxrvF/CUxDk+TqydSj KON0yNF+Fnwzh2RXNWGXISKwe6rQ0I8yLadWAmcQHeFsRK09VeqDwSnoRr+0a2wllHVo aGiw== X-Gm-Message-State: AOJu0YzrWNj5+fXJULdR98m3api0YTySWSz+V9GetPngbIn1FrRPlUo+ qV4/XIWyoGd9RbpNi5tsxzzks5BguWg= X-Google-Smtp-Source: AGHT+IEQ5218rnquorW+7EcpmiphlnDzVH/oC7XYBPqkbcCn0CTIYIT5Qc91hl6nuBii9mdyhwUTVw== X-Received: by 2002:a7b:ca5a:0:b0:3fe:f74c:b4f6 with SMTP id m26-20020a7bca5a000000b003fef74cb4f6mr5714913wml.17.1695642667582; Mon, 25 Sep 2023 04:51:07 -0700 (PDT) Received: from [127.0.0.1] ([13.74.141.28]) by smtp.gmail.com with ESMTPSA id n6-20020a05600c294600b0040472ad9a3dsm11917014wmd.14.2023.09.25.04.51.07 (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 25 Sep 2023 04:51:07 -0700 (PDT) Message-ID: In-Reply-To: References: Date: Mon, 25 Sep 2023 11:51:02 +0000 Subject: [PATCH v2 6/6] coverity: detect and report when the token or project is incorrect Fcc: Sent MIME-Version: 1.0 To: git@vger.kernel.org Cc: Jeff King , Johannes Schindelin , Johannes Schindelin Precedence: bulk List-ID: X-Mailing-List: git@vger.kernel.org From: Johannes Schindelin From: Johannes Schindelin When trying to obtain the MD5 of the Coverity Scan Tool (in order to decide whether a cached version can be used or a new version has to be downloaded), it is possible to get a 401 (Authorization required) due to either an incorrect token, or even more likely due to an incorrect Coverity project name. Seeing an authorization failure that is caused by an incorrect project name was somewhat surprising to me when developing the Coverity workflow, as I found such a failure suggestive of an incorrect token instead. So let's provide a helpful error message about that specifically when encountering authentication issues. Signed-off-by: Johannes Schindelin --- .github/workflows/coverity.yml | 13 ++++++++++++- 1 file changed, 12 insertions(+), 1 deletion(-) diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml index 53f9ee6a418..ae76c06e7ce 100644 --- a/.github/workflows/coverity.yml +++ b/.github/workflows/coverity.yml @@ -80,7 +80,18 @@ jobs: --fail \ --form token='${{ secrets.COVERITY_SCAN_TOKEN }}' \ --form project="$COVERITY_PROJECT" \ - --form md5=1) && + --form md5=1) + case $? in + 0) ;; # okay + *22*) # 40x, i.e. access denied + echo "::error::incorrect token or project?" >&2 + exit 1 + ;; + *) # other error + echo "::error::Failed to retrieve MD5" >&2 + exit 1 + ;; + esac echo "hash=$MD5" >>$GITHUB_OUTPUT # Try to cache the tool to avoid downloading 1GB+ on every run.