[Top] [All Lists]
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [PATCH 1/2] github: add workflow to run Coverity scans

  • To: Andrew Cooper <amc96@xxxxxxxx>
  • From: Roger Pau Monné <roger.pau@xxxxxxxxxx>
  • Date: Fri, 18 Feb 2022 13:27:27 +0100
  • Arc-authentication-results: i=1; mx.microsoft.com 1; spf=pass smtp.mailfrom=citrix.com; dmarc=pass action=none header.from=citrix.com; dkim=pass header.d=citrix.com; arc=none
  • Arc-message-signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=microsoft.com; s=arcselector9901; h=From:Date:Subject:Message-ID:Content-Type:MIME-Version:X-MS-Exchange-AntiSpam-MessageData-ChunkCount:X-MS-Exchange-AntiSpam-MessageData-0:X-MS-Exchange-AntiSpam-MessageData-1; bh=0gi1zub+GpucqWxCwkIGN7iC7DQk9TUFldlfyPdd1aw=; b=MY/ksQ9/44JfUoKJCMkYOQR9hN5sQpozkborEIvotZbkn+rBbsMrZ1HXfFjgPt1V6CmXQ1vtGULbj/LCTzOYwBymzYz6wrWX3grwl3M2BCnYW+lBr+P7rVWn+5yKsZAddzogzDAT/5M3xZhOegfeYIW/t6YcZsFS5jHeW1zdlDPx59+HonjSXiEcWJkWGEusGvWuRS7MlUfPClErydOKZcD2cQHQ40AdDYL6N+1xSocc2j1Xv7NkXZUaHjGtwlmJs7MdqnLeOlqUYAXjDYlp9aKng8FEbbOnLnfwhEMES0OVs94/lB5HSs/UXxZKpEibKoz4hsAUZdYPo27jUylx5Q==
  • Arc-seal: i=1; a=rsa-sha256; s=arcselector9901; d=microsoft.com; cv=none; b=flBIRRrgU63h71mYCQHVuEtJKarwNiNGlQvdjsXjfJeEYCMDfou3KYL6mLWwaND4g5SpywMqeN4V7gzmfClNq4TYUbKW1mQYlPBjrvsWNwj0RDbK97Fx9m766aDW3G9Hk2EMAt0TmfhXfT/kaoyq3v5ZKAbK5rENy96OeRYhwrs6qc99eYKyACDXuPo7oL7x2uuVd134JJxDHJQs/Hxy19Q0JXZpdYFXeX0PNI/ZIGIQ5nQHp5v9xdgb43YBD9HbIAyam9P/ImqQigR3KR+uVxmkV++5iuyGIsR0m9ITBIJzGJ9noINqoEUv330mOKVyUhnPcTAJKVSRNcgaPcBv8g==
  • Authentication-results: esa2.hc3370-68.iphmx.com; dkim=pass (signature verified) header.i=@citrix.onmicrosoft.com
  • Cc: <xen-devel@xxxxxxxxxxxxxxxxxxxx>, Andrew Cooper <andrew.cooper3@xxxxxxxxxx>, George Dunlap <george.dunlap@xxxxxxxxxx>, Jan Beulich <jbeulich@xxxxxxxx>, Julien Grall <julien@xxxxxxx>, Stefano Stabellini <sstabellini@xxxxxxxxxx>, Wei Liu <wl@xxxxxxx>
  • Delivery-date: Fri, 18 Feb 2022 12:27:47 +0000
  • Ironport-data: A9a23:NWezu6qs/+XCbcyOOhMD7oT3Sc5eBmLXZRIvgKrLsJaIsI4StFCzt garIBmPPaqKNjemLd9+OtyzpB8B6JeHyoNiGlBt/CBnFCga8puZCYyVIHmrMnLJJKUvbq7GA +byyDXkBJppJpMJjk71atANlVEliefQAOCU5NfsYkidfyc9IMsaoU8ly75RbrJA24DjWVvX4 IOq+qUzBXf+s9JKGjNMg068gEsHUMTa4Fv0aXRnOJinFHeH/5UkJMp3yZOZdhMUcaENdgKOf M7RzanRw4/s10xF5uVJMFrMWhZirrb6ZWBig5fNMkSoqkAqSicais7XOBeAAKv+Zvrgc91Zk b1wWZKMpQgBN7XjgeYWbRxkQwZdMalG6af4M2immJnGp6HGWyOEL/RGCUg3OcsT+/ptAHEI/ vsdQNwPRknd3aTsmuv9E7QywJR4RCXoFNp3VnVI1zbWAOxgWZnea67L+cVZzHE7gcUm8fP2O ZZEMGMxNkuojxtnGA8tJ5MjjcqSoDr2QgdUjkvKjJYU/D2GpOB2+Oe0a4eEEjCQfu1Xg0KZq 2Tu72n/RBYAO7S30iGZ+3ihguvOmyLTW48IErC8sPlwjzW72Wg7GBAQE1yhrpGRg0u1Cox3M FYf9GwooLRa3FymSJzxUgO1pFaAvwUAQJxAHusi8gaPx6HIpQGDCQAsTDRMddgnv88eXiEx2 xmCmNaBONB0mOTLEzTHrO7S9G7sf3hORYMfWcMaZQIdzMDhq782skLobdpnEL+tsc/lABill lhmsxMCr7kUiMcK0YCy8lbGny+gq/D1c+Il2unEdjn7t10kPeZJc6TtsAGGtqgYcO51W3Hc5 CBspiSI0AwZ4XhhfgSpSf5FIrym7u3t3Nb00Q82RMlJG9hAFheekWFsDNNWeBYB3iUsI2aBj KrvVeV5vc470JyCN/IfXm5JI552pZUM7Py8PhwuUvJAY4JqaCiM9zx0aEib0gjFyRZwzPhlZ c/KLZj1Vx727JiLKhLvFo/xNpdxm0gDKZ77H8inn3xLL5LFDJJqdVv1GATXNb1ohE91iA7U7 8xeJ6O3J+Z3C4XDjt3s2ddLdzgidCFjbbiv8pA/XrPTc2JORTB6Y9eMkOxJRmCQt/kM/gs+1 irmAREwJZuWrSCvFDhmnVg5Nuu0BM4n9ShT0O5FFQ/A5kXPqL2Htc83X5A2YaMm5Kpky/t1R OMCYMKOHrJETTGvxtjXRcCVQFBKHPhzuT+zAg==
  • Ironport-hdrordr: A9a23:MTtx5aCMHED/44rlHeg0sceALOsnbusQ8zAXPh9KJiC9I/b1qy nxppkmPH/P6Qr4WBkb6Le90Y27MAnhHPlOkPQs1NaZLXLbUQ6TQr2KgrGSoQEIdxeOk9K1kJ 0QD5SWa+eAfGSS7/yKmTVQeuxIqLLskNHKuQ6d9QYUcegDUdAf0+4TMHf8LqQZfngjOXJvf6 Dsmfav6gDQMkg/X4CePD0oTuLDr9rEmNbPZgMHPQcu7E2rgSmz4LD3PhCE1lNGOgk/jIsKwC zgqUjU96+ju/a0xlv10HLS1Y1fnJ/ExsFYDMKBp8AJInHHixquZq5mR7qe1QpF6t2H2RIPqp 3hsh0gN8N85zf4eXy0mwLk303a3DMn+xbZuCmlqEqmhfa8aCMxCsJHi44cWADe8VAcsNZ117 8O936FtrJMZCmw0hjV1pztbVVHh0C0qX0tnao4lHpES7YTb7dXsMg24F5VKpEdByj3gbpXX9 WGNPuspMq+TGnqLEww5gJUsZ6RtzUIb1u7q3E5y42oO2M8pgE986MarPZv6UvouqhND6Ws3N 60QZiAoos+OvP+XZgNdNvpfvHHeFAlYSi8eV56cm6XXJ3uBRr22uvKCfMOlaaXRKA=
  • List-id: Xen developer discussion <xen-devel.lists.xenproject.org>
On Fri, Feb 18, 2022 at 12:21:34PM +0000, Andrew Cooper wrote:
> On 18/02/2022 12:00, Roger Pau Monne wrote:
> > Add a workflow that performs a build like it's done by osstest
> > Coverity flight and uploads the result to Coverity for analysis. The
> > build process is exactly the same as the one currently used in
> > osstest, and it's also run at the same time (bi-weekly).
> >
> > This has one big benefit over using osstest: we no longer have to care
> > about keeping the Coverity tools up to date in osstest.
> >
> > Suggested-by: Andrew Cooper <andrew.cooper3@xxxxxxxxxx>
> > Signed-off-by: Roger Pau Monné <roger.pau@xxxxxxxxxx>
> > ---
> >  .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
> >  1 file changed, 35 insertions(+)
> >  create mode 100644 .github/workflows/coverity.yml
> >
> > diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> > new file mode 100644
> > index 0000000000..12fc9c782b
> > --- /dev/null
> > +++ b/.github/workflows/coverity.yml
> > @@ -0,0 +1,35 @@
> > +name: Coverity Scan
> > +
> > +# We only want to test official release code, not every pull request.
> > +on:
> > +  schedule:
> > +    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
> > +
> > +jobs:
> > +  coverity:
> > +    runs-on: ubuntu-latest
> > +    steps:
> > +    - name: Install build dependencies
> > +      run: |
> > +        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
> > +          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
> > +          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
> > +          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev 
> > iasl \
> > +          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
> > +          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
> > +          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf 
> > automake \
> > +          libtool libfuse-dev liblzma-dev ninja-build \
> > +          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
> 
> We dropped gettext as a dependency a few releases ago, and we don't need
> python3-pip either.  Can fix on commit.
> 
> > +    - uses: actions/checkout@v2
> 
> I think we want
> 
> - uses: actions/checkout@v2
>   with:
>     ref: staging

I've assumed we wanted master as that at least functional per the
testing done in osstest. But maybe it's indeed better to use staging
in order to catch issues before they reach master.

I'm fine with this.

Thanks, Roger.

 

©2013 Xen Project, A Linux Foundation Collaborative Project. All Rights Reserved.
Linux Foundation is a registered trademark of The Linux Foundation.
Xen Project is a trademark of The Linux Foundation.

Rackspace

Lists.xenproject.org is hosted with RackSpace, monitoring our
servers 24x7x365 and backed by RackSpace's Fanatical Support®.