ci: move the Coverity job to GitHub Actions

2025-03-28 02:50:16 +03:00 · 2021-01-08 21:45:08 +01:00 · 2021-01-08 21:45:08 +01:00 · 86660d160b
commit 86660d160b
parent 0506d05ab2
4 changed files with 42 additions and 71 deletions
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@ -0,0 +1,39 @@
+---
+# vi: ts=2 sw=2 et:
+#
+name: Coverity
+
+on:
+  schedule:
+    # Run Coverity daily at midnight
+    - cron:  '0 0 * * *'
+
+jobs:
+  build:
+    runs-on: ubuntu-20.04
+    if: github.repository == 'systemd/systemd'
+    env:
+      COVERITY_SCAN_BRANCH_PATTERN:     "${{ github.ref}}"
+      COVERITY_SCAN_NOTIFICATION_EMAIL: ""
+      COVERITY_SCAN_PROJECT_NAME:       "${{ github.repository }}"
+      # Set in repo settings -> secrets -> repository secrets
+      COVERITY_SCAN_TOKEN:              "${{ secrets.COVERITY_SCAN_TOKEN }}"
+      CURRENT_REF:                      "${{ github.ref }}"
+    steps:
+      - name: Repository checkout
+        uses: actions/checkout@v1
+      # https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-commands-for-github-actions#setting-an-environment-variable
+      - name: Set the $COVERITY_SCAN_NOTIFICATION_EMAIL env variable
+        run: echo "COVERITY_SCAN_NOTIFICATION_EMAIL=$(git log -1 ${{ github.sha }} --pretty=\"%aE\")" >> $GITHUB_ENV
+      - name: Install Coverity tools
+        run: tools/get-coverity.sh
+      # Reuse the setup phase of the unit test script to avoid code duplication
+      - name: Install build dependencies
+        run: sudo -E .github/workflows/ubuntu-unit-tests.sh SETUP
+      # Preconfigure with meson to prevent Coverity from capturing meson metadata
+      - name: Preconfigure the build directory
+        run: meson cov-build -Dman=false
+      - name: Build
+        run: tools/coverity.sh build
+      - name: Upload the results
+        run: tools/coverity.sh upload
--- a/.travis.yml
+++ b/.travis.yml
@ -1,62 +0,0 @@
---
-# vi: ts=2 sw=2 et:
-
-language: bash
-dist: bionic
-services:
-  - docker
-
-env:
-  global:
-    - AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")"
-    - CI_MANAGERS="$TRAVIS_BUILD_DIR/travis-ci/managers"
-    - CI_TOOLS="$TRAVIS_BUILD_DIR/travis-ci/tools"
-    - REPO_ROOT="$TRAVIS_BUILD_DIR"
-
-stages:
-    # Run Coverity periodically instead of for each commit/PR
-  - name: Coverity
-    if: type = cron
-
-jobs:
-  include:
-    - stage: Coverity
-      language: bash
-      env:
-        - FEDORA_RELEASE="31"
-        - TOOL_BASE="/var/tmp/coverity-scan-analysis"
-        - CONT_NAME="coverity-fedora-$FEDORA_RELEASE"
-        - DOCKER_EXEC="docker exec -ti $CONT_NAME"
-        - DOCKER_RUN="docker run -v $TOOL_BASE:$TOOL_BASE:rw --env-file .cov-env"
-          # Coverity env variables
-        - PLATFORM="$(uname)"
-        - TOOL_ARCHIVE="/var/tmp/cov-analysis-$PLATFORM.tgz"
-        - SCAN_URL="https://scan.coverity.com"
-        - UPLOAD_URL="https://scan.coverity.com/builds"
-        - COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
-        - COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}"
-        - COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH"
-          # Encrypted COVERITY_SCAN_TOKEN env variable
-          # Generated using `travis encrypt -r systemd/systemd COVERITY_SCAN_TOKEN=xxxx`
-        - secure: "jKSz+Y1Mv8xMpQHh7g5lzW7E6HQGndFz/vKDJQ1CVShwFoyjV3Zu+MFS3UYKlh1236zL0Z4dvsYFx/b3Hq8nxZWCrWeZs2NdXgy/wh8LZhxwzcGYigp3sIA/cYdP5rDjFJO0MasNkl25/rml8+eZWz+8/xQic98UQHjSco/EOWtssoRcg0J0c4eDM7bGLfIQWE73NNY1Q1UtWjKmx1kekVrM8dPmHXJ9aERka7bmcbJAcKd6vabs6DQ5AfWccUPIn/EsRYqIJTRxJrFYU6XizANZ1a7Vwk/DWHZUEn2msxcZw5BbAMDTMx0TbfrNkKSHMHuvQUCu6KCBAq414i+LgkMfmQ2SWwKiIUsud1kxXX3ZPl9bxDv1HkvVdcniC/EM7lNEEVwm4meOnjuhI2lhOyOjmP3FTSlMHGP7xlK8DS2k9fqL58vn0BaSjwWgd+2+HuL2+nJmxcK1eLGzKqaostFxrk2Xs2vPZkUdV2nWY/asUrcWHml6YlWDn2eP83pfwxHYsMiEHY/rTKvxeVY+iirO/AphoO+eaYu7LvjKZU1Yx5Z4u/SnGWAiCH0yhMis0bWmgi7SCbw+sDd2uya+aoiLIGiB2ChW7hXHXCue/dif6/gLU7b+L8R00pQwnWdvKUPoIJCmZJYCluTeib4jpW+EmARB2+nR8wms2K9FGKM="
-      before_install:
-        - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
-        - docker --version
-      install:
-        # Install Coverity on the host
-        - $CI_TOOLS/get-coverity.sh
-          # Export necessary env variables for Coverity
-        - env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env
-          # Pull a Docker image and start a new container
-        - $CI_MANAGERS/fedora.sh SETUP
-      script:
-        - set -e
-          # Preconfigure with meson to prevent Coverity from capturing meson metadata
-        - $DOCKER_EXEC meson cov-build -Dman=false
-          # Run Coverity
-        - $DOCKER_EXEC tools/coverity.sh build
-        - $DOCKER_EXEC tools/coverity.sh upload
-
-        - set +e
-      after_script:
-        - $CI_MANAGERS/fedora.sh CLEANUP
--- a/tools/coverity.sh
+++ b/tools/coverity.sh
@ -22,17 +22,11 @@ echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are
 [ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
 [ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1

-# Do not run on pull requests
-if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
-    echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m"
-    exit 0
-fi
-
 # Verify this branch should run
-if [[ "${TRAVIS_BRANCH^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then
-    echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m"
+if [[ "${CURRENT_REF^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then
+    echo -e "\033[33;1mCoverity Scan configured to run on branch ${CURRENT_REF}\033[0m"
 else
-    echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m"
+    echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${CURRENT_REF}\033[0m"
    exit 1
 fi

--- a/travis-ci/tools/get-coverity.sh
+++ b/travis-ci/tools/get-coverity.sh