-
Notifications
You must be signed in to change notification settings - Fork 19
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
add coverity support for github actions #128
Conversation
3e39b48
to
fa53892
Compare
Codecov Report
@@ Coverage Diff @@
## master #128 +/- ##
=========================================
Coverage 100.00% 100.00%
=========================================
Files 2 2
Lines 16 16
Branches 7 7
=========================================
Hits 16 16 Continue to review full report at Codecov.
|
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
A few comments.
BTW: Where is the yamllint used actually? Should we have a boost-ci exclusive job running that?
Also good idea about the if: env.B2_USE_CCACHE
condition for the cache action. Missed that.
You will see a number of force pushes to this PR so I can test the changes. |
I used yamllint to make sure the ci.yml file was okay structurally. We could have a CI job for it if we want but I did not add it. |
fa53892
to
0d82588
Compare
I'm using a separate branch to prove out changes so this doesn't keep running CI. |
0d82588
to
c2e9742
Compare
@Flamefire got this passing with uuid again, I think I addressed concerns. Let me know! |
c2e9742
to
739bd54
Compare
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Sorry forgot to submit the review.
A few minor things, check what you like to do.
739bd54
to
52c2deb
Compare
52c2deb
to
c3c170d
Compare
c3c170d
to
c53cae1
Compare
I simplified the changes. The feature branch push resulted in a Coverity Scan upload: https://scan.coverity.com/projects/boostorg-boost-ci?tab=overview I could not get a job to be skipped from a matrix input. The if statement at the job level cannot see the matrix object. So this is the best we're going to have for now. |
@Flamefire ready for another review |
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Thanks! Almost done. Found 2 remaining issues (1 only stylistic) and added my thoughts to the coverity-not-skip-issue.
Match the documentation
This change adds Coverity Scan integration.
It requires two GitHub Secrets in your repository.
I created a Coverity Scan project for boost-ci so we can test this is isolation.
I added GitHub Secrets COVERITY_SCAN_NOTIFICATION_EMAIL and COVERITY_SCAN_TOKEN to the repo.
Note that there is no way to disable a matrix run at the job level (easily). I configured it so coverity does not run on pull requests, only on pushes into develop, master, and feature/* branches by default. Therefore, in the checks for this pull request you will see a Coverity job that completes, but it does not submit anything as the Coverity step is skipped in pull requests. I also pushed a feature branch called feature/coverity, which does push results. Here's the fully enabled job in that branch push: https://github.com/boostorg/boost-ci/runs/5013565237?check_suite_focus=true, and here's a link to Coverity where it uploaded: https://scan.coverity.com/projects/boostorg-boost-ci?tab=overview
To eliminate the coverity job on pull requests I would have to copy most of the posix job steps into their own coverity job, and I figured that level of step code duplication without GHA support for YAML anchors would be less than awesome. So this is the best compromise.
I also did more work to allow ccache to be fully disabled; this is important because I could not get coverity to work correctly with ccache running before the compiler (I tried at least 20 times with different options and whatnot).