-
Notifications
You must be signed in to change notification settings - Fork 117
Commit
This commit does not belong to any branch on this repository, and may belong to a fork outside of the repository.
Merge pull request #2317 from lukaszstolarczuk/update-coverity
[CI] Move coverity job to public GHA runner
- Loading branch information
Showing
3 changed files
with
52 additions
and
60 deletions.
There are no files selected for viewing
27 changes: 0 additions & 27 deletions
27
.github/scripts/0001-travis-fix-travisci_build_coverity_scan.sh.patch
This file was deleted.
Oops, something went wrong.
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| Original file line number | Diff line number | Diff line change |
|---|---|---|
| @@ -1,63 +1,81 @@ | ||
| # | ||
| # Copyright (C) 2023-2024 Intel Corporation | ||
| # | ||
| # Part of the Unified-Runtime Project, under the Apache License v2.0 with LLVM Exceptions. | ||
| # See LICENSE.TXT | ||
| # SPDX-License-Identifier: Apache-2.0 WITH LLVM-exception | ||
| # | ||
| # Coverity - static analysis build. It requires Coverity's token (set in CI's secret). | ||
| name: coverity-unified-runtime | ||
| # It runs static analysis build - Coverity. It requires special token (set in CI's secret). | ||
|
|
||
| on: | ||
| workflow_dispatch: | ||
| schedule: | ||
| # Run every day at 22:00 UTC | ||
| - cron: '0 22 * * *' | ||
|
|
||
| env: | ||
| WORKDIR: ${{ github.workspace }} | ||
| COVERITY_SCAN_NOTIFICATION_EMAIL: ${{ secrets.COVERITY_SCAN_NOTIFICATION_EMAIL }} | ||
| COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }} | ||
| COVERITY_SCAN_PROJECT_NAME: ${{ github.repository }} | ||
| COVERITY_SCAN_BUILD_COMMAND: "cmake --build ${{github.workspace}}/build" | ||
| COVERITY_SCAN_BRANCH_PATTERN: "main" | ||
| TRAVIS_BRANCH: ${{ github.ref_name }} | ||
|
|
||
| permissions: | ||
| contents: read | ||
|
|
||
| jobs: | ||
| linux: | ||
| coverity: | ||
| name: Coverity | ||
| runs-on: coverity | ||
| # run only on upstream; forks don't have token for upstream's cov project | ||
| if: github.repository == 'oneapi-src/unified-memory-framework' | ||
| runs-on: ubuntu-latest | ||
|
|
||
| steps: | ||
| - name: Clone the git repo | ||
| - name: Checkout repository | ||
| uses: actions/checkout@b4ffde65f46336ab88eb53be808477a3936bae11 # v4.1.1 | ||
| with: | ||
| fetch-depth: 0 | ||
|
|
||
| - name: Install dependencies | ||
| run: | | ||
| wget https://developer.download.nvidia.com/compute/cuda/repos/ubuntu2204/x86_64/cuda-keyring_1.1-1_all.deb | ||
| sudo dpkg -i cuda-keyring_1.1-1_all.deb | ||
| sudo apt-get update | ||
| sudo apt-get install -y libhwloc-dev libtbb-dev cuda-toolkit-12-6 | ||
| - name: Install pip packages | ||
| run: pip install -r third_party/requirements.txt | ||
|
|
||
| - name: Download Coverity | ||
| run: | | ||
| wget -O coverity_tool.tgz -nv https://scan.coverity.com/download/linux64 \ | ||
| --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=oneapi-src%2Funified-runtime" | ||
| - name: Extract Coverity | ||
| run: tar xzf coverity_tool.tgz | ||
|
|
||
| # TODO: enable HIP adapter as well (requires proper package(s) installation) | ||
| - name: Configure CMake | ||
| run: > | ||
| cmake | ||
| -B $WORKDIR/build | ||
| -B ${{github.workspace}}/build | ||
| -DCMAKE_BUILD_TYPE=Release | ||
| -DUR_DEVELOPER_MODE=OFF | ||
| -DUR_FORMAT_CPP_STYLE=ON | ||
| -DUR_ENABLE_TRACING=ON | ||
| -DUR_DEVELOPER_MODE=ON | ||
| -DUR_BUILD_TESTS=ON | ||
| -DUMF_ENABLE_POOL_TRACKING=ON | ||
| -DUR_FORMAT_CPP_STYLE=ON | ||
| -DCMAKE_BUILD_TYPE=Debug | ||
| -DUR_BUILD_ADAPTER_L0=ON | ||
| -DUR_BUILD_ADAPTER_CUDA=ON | ||
| -DCUDA_CUDA_LIBRARY=/usr/local/cuda/lib64/stubs/libcuda.so | ||
| -DCUDA_CUDA_LIBRARY=/usr/local/cuda-12.6/targets/x86_64-linux/lib/stubs/libcuda.so | ||
| -DUR_BUILD_ADAPTER_NATIVE_CPU=ON | ||
| -DUR_BUILD_ADAPTER_HIP=ON | ||
| -DUR_BUILD_ADAPTER_HIP=OFF | ||
| -DUR_BUILD_ADAPTER_OPENCL=ON | ||
| - name: Run Coverity | ||
| - name: Build | ||
| run: | | ||
| export COVERITY_DIR=$(find . -maxdepth 1 -type d -name "cov-analysis-linux64-*" | head -n 1) | ||
| if [ -n "$COVERITY_DIR" ]; then | ||
| export PATH="$PATH:$COVERITY_DIR/bin" | ||
| fi | ||
| cov-build --dir ${{github.workspace}}/coverity-files cmake --build ${{github.workspace}}/build --config Release -j$(nproc) | ||
| - name: Create tarball to analyze | ||
| run: tar czvf ur-coverity-files.tgz coverity-files | ||
|
|
||
| - name: Push tarball to scan | ||
| run: | | ||
| cd $WORKDIR/build | ||
| wget https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh | ||
| patch < "../.github/scripts/0001-travis-fix-travisci_build_coverity_scan.sh.patch" | ||
| bash ./travisci_build_coverity_scan.sh | ||
| BRANCH_NAME=$(echo ${GITHUB_REF_NAME}) | ||
| COMMIT_ID=$(echo $GITHUB_SHA) | ||
| curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \ | ||
| --form [email protected] \ | ||
| --form [email protected] \ | ||
| --form version="$COMMIT_ID" \ | ||
| --form description="$BRANCH_NAME:$COMMIT_ID" \ | ||
| https://scan.coverity.com/builds\?project\=oneapi-src%2Funified-runtime |
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters