forked from openvinotoolkit/openvino
-
Notifications
You must be signed in to change notification settings - Fork 0
160 lines (140 loc) · 5.39 KB
/
coverity.yml
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
name: Coverity (Ubuntu 20.04, Python 3.11)
on:
workflow_dispatch:
inputs:
openvinoRef:
description: 'Branch, tag or commit hash to clone openvino from. Taken from event context if not set'
type: string
schedule:
# run daily at 00:00
- cron: '0 0 * * *'
concurrency:
# github.ref is not unique in post-commit
group: ${{ github.event_name == 'push' && github.run_id || github.ref }}-linux-coverity
cancel-in-progress: true
env:
PIP_CACHE_PATH: /mount/caches/pip/linux
PYTHON_VERSION: '3.11'
jobs:
Build:
timeout-minutes: 150
defaults:
run:
shell: bash
runs-on: aks-linux-16-cores-32gb
container:
image: openvinogithubactions.azurecr.io/dockerhub/ubuntu:20.04
volumes:
- /mount/caches:/mount/caches
options: -e SCCACHE_AZURE_BLOB_CONTAINER -e SCCACHE_AZURE_CONNECTION_STRING
env:
DEBIAN_FRONTEND: noninteractive # to prevent apt-get from waiting user input
CMAKE_BUILD_TYPE: 'Release'
CMAKE_GENERATOR: 'Ninja Multi-Config'
CMAKE_CXX_COMPILER_LAUNCHER: sccache
CMAKE_C_COMPILER_LAUNCHER: sccache
SCCACHE_IGNORE_SERVER_IO_ERROR: 1
SCCACHE_SERVER_PORT: 35555
GITHUB_WORKSPACE: '/__w/openvino/openvino'
OPENVINO_REPO: /__w/openvino/openvino/openvino
OPENVINO_CONTRIB_REPO: /__w/openvino/openvino/openvino_contrib
BUILD_DIR: /__w/openvino/openvino/openvino_build
SCCACHE_AZURE_KEY_PREFIX: coverity_ubuntu20_x86_64
COVERITY_TOOL_DIR: /__w/openvino/openvino/coverity_tool
steps:
- name: Install git
run: |
apt-get update
apt-get install --assume-yes --no-install-recommends git ca-certificates
- name: Clone OpenVINO
uses: actions/checkout@v4
with:
path: ${{ env.OPENVINO_REPO }}
submodules: 'true'
ref: ${{ inputs.openvinoRef }}
- name: Clone OpenVINO Contrib
uses: actions/checkout@v4
with:
repository: 'openvinotoolkit/openvino_contrib'
path: ${{ env.OPENVINO_CONTRIB_REPO }}
submodules: 'true'
ref: 'master'
#
# Dependencies
#
- name: Install build dependencies
run: |
bash ${OPENVINO_REPO}/install_build_dependencies.sh
# default-jdk - Java API
apt install --assume-yes --no-install-recommends default-jdk
- name: Install sccache
uses: mozilla-actions/[email protected]
with:
version: "v0.7.5"
- name: Setup Python ${{ env.PYTHON_VERSION }}
uses: ./openvino/.github/actions/setup_python
with:
version: ${{ env.PYTHON_VERSION }}
pip-cache-path: ${{ env.PIP_CACHE_PATH }}
should-setup-pip-paths: 'true'
self-hosted-runner: 'true'
#
# Build
#
- name: CMake configure - OpenVINO
run: |
cmake \
-G "${{ env.CMAKE_GENERATOR }}" \
-DENABLE_CPPLINT=OFF \
-DENABLE_STRICT_DEPENDENCIES=OFF \
-DENABLE_SYSTEM_TBB=ON \
-DENABLE_SYSTEM_OPENCL=ON \
-DCMAKE_VERBOSE_MAKEFILE=ON \
-DCPACK_GENERATOR=TGZ \
-DBUILD_nvidia_plugin=OFF \
-DOPENVINO_EXTRA_MODULES=${OPENVINO_CONTRIB_REPO}/modules \
-DCMAKE_CXX_COMPILER_LAUNCHER=${{ env.CMAKE_CXX_COMPILER_LAUNCHER }} \
-DCMAKE_C_COMPILER_LAUNCHER=${{ env.CMAKE_C_COMPILER_LAUNCHER }} \
-S ${OPENVINO_REPO} \
-B ${BUILD_DIR}
- name: Clean sccache stats
run: ${SCCACHE_PATH} --zero-stats
- name: Install Coverity tool
run: |
rm -rf ${COVERITY_TOOL_DIR} && mkdir -p ${COVERITY_TOOL_DIR}
pushd ${COVERITY_TOOL_DIR}
wget https://scan.coverity.com/download/linux64 --progress=bar:force:noscroll --post-data "token=${{ secrets.COVERITY_TOKEN }}&project=openvino" -O coverity_tool.tgz
tar xvf coverity_tool.tgz && rm coverity_tool.tgz
popd
- name: Cmake build - OpenVINO with Coverity
run: |
${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-build --dir ${BUILD_DIR}/cov-int \
cmake --build ${BUILD_DIR} --parallel --config ${{ env.CMAKE_BUILD_TYPE }}
- name: Show sccache stats
run: ${SCCACHE_PATH} --show-stats
- name: Pack Artefacts
run: |
pushd ${BUILD_DIR}
tar -C ${BUILD_DIR} -czvf openvino.tgz cov-int
popd
- name: Submit artefacts
run: |
apt-get update && apt-get install -y curl
pushd ${BUILD_DIR}
curl --form token=${{ secrets.COVERITY_TOKEN }} \
--form email=${{ secrets.COVERITY_USER }} \
--form [email protected] \
--form version="${{ github.sha }}" \
--form description="https://github.com/openvinotoolkit/openvino/runs/${{ github.run_number }}" \
https://scan.coverity.com/builds?project=openvino
popd
- name: Show Coverity configure logs
continue-on-error: true
run: ${COVERITY_TOOL_DIR}/cov-analysis*/bin/cov-configure -c ${COVERITY_TOOL_DIR}/cov-analysis-linux64-2023.6.2/config/coverity_config.xml -lscc text
- name: Upload Coverity logs
uses: actions/upload-artifact@v3
if: always()
with:
name: coverity_logs
path: ${{ env.BUILD_DIR }}/cov-int/build-log.txt
if-no-files-found: 'error'