Merge pull request #36044 from ClickHouse/nightly-coverity

Nightly coverity
This commit is contained in:
Mikhail f. Shiryaev 2022-04-08 11:19:58 +02:00 committed by GitHub
commit 53793537da
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
5 changed files with 18 additions and 21 deletions

View File

@ -79,13 +79,14 @@ jobs:
- name: Set envs - name: Set envs
run: | run: |
cat >> "$GITHUB_ENV" << 'EOF' cat >> "$GITHUB_ENV" << 'EOF'
TEMP_PATH=${{runner.temp}}/build_check BUILD_NAME=coverity
IMAGES_PATH=${{runner.temp}}/images_path
REPO_COPY=${{runner.temp}}/build_check/ClickHouse
CACHES_PATH=${{runner.temp}}/../ccaches CACHES_PATH=${{runner.temp}}/../ccaches
CHECK_NAME=ClickHouse build check (actions) CHECK_NAME=ClickHouse build check (actions)
BUILD_NAME=coverity IMAGES_PATH=${{runner.temp}}/images_path
REPO_COPY=${{runner.temp}}/build_check/ClickHouse
TEMP_PATH=${{runner.temp}}/build_check
EOF EOF
echo "COVERITY_TOKEN=${{ secrets.COVERITY_TOKEN }}" >> "$GITHUB_ENV"
- name: Download changed images - name: Download changed images
uses: actions/download-artifact@v2 uses: actions/download-artifact@v2
with: with:
@ -105,12 +106,12 @@ jobs:
sudo rm -fr "$TEMP_PATH" sudo rm -fr "$TEMP_PATH"
mkdir -p "$TEMP_PATH" mkdir -p "$TEMP_PATH"
cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH" cp -r "$GITHUB_WORKSPACE" "$TEMP_PATH"
cd "$REPO_COPY/tests/ci" && python3 build_check.py "$CHECK_NAME" "$BUILD_NAME" "${{ secrets.COV_TOKEN }}" cd "$REPO_COPY/tests/ci" && python3 build_check.py "$CHECK_NAME" "$BUILD_NAME"
- name: Upload Coverity Analysis - name: Upload Coverity Analysis
if: ${{ success() || failure() }} if: ${{ success() || failure() }}
run: | run: |
curl --form token='${{ secrets.COV_TOKEN }}' \ curl --form token="${COVERITY_TOKEN}" \
--form email='${{ secrets.ROBOT_CLICKHOUSE_EMAIL }}' \ --form email='security+coverity@clickhouse.com' \
--form file="@$TEMP_PATH/$BUILD_NAME/clickhouse-scan.tgz" \ --form file="@$TEMP_PATH/$BUILD_NAME/clickhouse-scan.tgz" \
--form version="${GITHUB_REF#refs/heads/}-${GITHUB_SHA::6}" \ --form version="${GITHUB_REF#refs/heads/}-${GITHUB_SHA::6}" \
--form description="Nighly Scan: $(date +'%Y-%m-%dT%H:%M:%S')" \ --form description="Nighly Scan: $(date +'%Y-%m-%dT%H:%M:%S')" \

View File

@ -27,7 +27,9 @@ cmake --debug-trycompile --verbose=1 -DCMAKE_VERBOSE_MAKEFILE=1 -LA "-DCMAKE_BUI
if [ "coverity" == "$COMBINED_OUTPUT" ] if [ "coverity" == "$COMBINED_OUTPUT" ]
then then
wget --post-data "token=$COV_TOKEN&project=ClickHouse%2FClickHouse" -qO- https://scan.coverity.com/download/linux64 | tar xz -C /opt/cov-analysis --strip-components 1 mkdir -p /opt/cov-analysis
wget --post-data "token=$COVERITY_TOKEN&project=ClickHouse%2FClickHouse" -qO- https://scan.coverity.com/download/linux64 | tar xz -C /opt/cov-analysis --strip-components 1
export PATH=$PATH:/opt/cov-analysis/bin export PATH=$PATH:/opt/cov-analysis/bin
cov-configure --config ./coverity.config --template --comptype clangcc --compiler "$CC" cov-configure --config ./coverity.config --template --comptype clangcc --compiler "$CC"
SCAN_WRAPPER="cov-build --config ./coverity.config --dir cov-int" SCAN_WRAPPER="cov-build --config ./coverity.config --dir cov-int"

View File

@ -86,7 +86,6 @@ def parse_env_variables(
additional_pkgs, additional_pkgs,
with_coverage, with_coverage,
with_binaries, with_binaries,
coverity_scan,
): ):
DARWIN_SUFFIX = "-darwin" DARWIN_SUFFIX = "-darwin"
DARWIN_ARM_SUFFIX = "-darwin-aarch64" DARWIN_ARM_SUFFIX = "-darwin-aarch64"
@ -179,7 +178,7 @@ def parse_env_variables(
cmake_flags.append("-DENABLE_TESTS=0") cmake_flags.append("-DENABLE_TESTS=0")
elif package_type == "coverity": elif package_type == "coverity":
result.append("COMBINED_OUTPUT=coverity") result.append("COMBINED_OUTPUT=coverity")
result.append("COV_TOKEN={}".format(cov_token)) result.append('COVERITY_TOKEN="$COVERITY_TOKEN"')
elif split_binary: elif split_binary:
result.append("COMBINED_OUTPUT=shared_build") result.append("COMBINED_OUTPUT=shared_build")
@ -328,13 +327,16 @@ if __name__ == "__main__":
parser.add_argument( parser.add_argument(
"--docker-image-version", default="latest", help="docker image tag to use" "--docker-image-version", default="latest", help="docker image tag to use"
) )
parser.add_argument("--cov_token", default="")
args = parser.parse_args() args = parser.parse_args()
if not os.path.isabs(args.output_dir): if not os.path.isabs(args.output_dir):
args.output_dir = os.path.abspath(os.path.join(os.getcwd(), args.output_dir)) args.output_dir = os.path.abspath(os.path.join(os.getcwd(), args.output_dir))
image_type = "binary" if args.package_type in ("performance", "coverity") else args.package_type image_type = (
"binary"
if args.package_type in ("performance", "coverity")
else args.package_type
)
image_name = "clickhouse/binary-builder" image_name = "clickhouse/binary-builder"
if not os.path.isabs(args.clickhouse_repo_path): if not os.path.isabs(args.clickhouse_repo_path):
@ -376,7 +378,6 @@ if __name__ == "__main__":
args.additional_pkgs, args.additional_pkgs,
args.with_coverage, args.with_coverage,
args.with_binaries, args.with_binaries,
args.cov_token,
) )
run_docker_image_with_env( run_docker_image_with_env(

View File

@ -55,7 +55,6 @@ def get_packager_cmd(
image_version: str, image_version: str,
ccache_path: str, ccache_path: str,
official: bool, official: bool,
cov_token: str,
) -> str: ) -> str:
package_type = build_config["package_type"] package_type = build_config["package_type"]
comp = build_config["compiler"] comp = build_config["compiler"]
@ -88,8 +87,6 @@ def get_packager_cmd(
if official: if official:
cmd += " --official" cmd += " --official"
if cov_token:
cmd += " --cov-token={}".format(cov_token)
return cmd return cmd
@ -206,9 +203,6 @@ def main():
build_check_name = sys.argv[1] build_check_name = sys.argv[1]
build_name = sys.argv[2] build_name = sys.argv[2]
cov_token = ""
if len(sys.argv) > 3:
cov_token = sys.argv[3]
build_config = get_build_config(build_check_name, build_name) build_config = get_build_config(build_check_name, build_name)
@ -303,7 +297,6 @@ def main():
image_version, image_version,
ccache_path, ccache_path,
official_flag, official_flag,
cov_token,
) )
logging.info("Going to run packager with %s", packager_cmd) logging.info("Going to run packager with %s", packager_cmd)

View File

@ -15,7 +15,7 @@ GITHUB_RUN_ID = os.getenv("GITHUB_RUN_ID", "0")
GITHUB_SERVER_URL = os.getenv("GITHUB_SERVER_URL", "https://github.com") GITHUB_SERVER_URL = os.getenv("GITHUB_SERVER_URL", "https://github.com")
GITHUB_WORKSPACE = os.getenv("GITHUB_WORKSPACE", git_root) GITHUB_WORKSPACE = os.getenv("GITHUB_WORKSPACE", git_root)
GITHUB_RUN_URL = f"{GITHUB_SERVER_URL}/{GITHUB_REPOSITORY}/actions/runs/{GITHUB_RUN_ID}" GITHUB_RUN_URL = f"{GITHUB_SERVER_URL}/{GITHUB_REPOSITORY}/actions/runs/{GITHUB_RUN_ID}"
IMAGES_PATH = os.getenv("IMAGES_PATH") IMAGES_PATH = os.getenv("IMAGES_PATH", TEMP_PATH)
REPORTS_PATH = os.getenv("REPORTS_PATH", p.abspath(p.join(module_dir, "./reports"))) REPORTS_PATH = os.getenv("REPORTS_PATH", p.abspath(p.join(module_dir, "./reports")))
REPO_COPY = os.getenv("REPO_COPY", git_root) REPO_COPY = os.getenv("REPO_COPY", git_root)
RUNNER_TEMP = os.getenv("RUNNER_TEMP", p.abspath(p.join(module_dir, "./tmp"))) RUNNER_TEMP = os.getenv("RUNNER_TEMP", p.abspath(p.join(module_dir, "./tmp")))