subject:"\[PATCH\] enable coverity daily scan again"

Re: [PATCH] enable coverity daily scan again

2020-12-29 Thread Илья Шипицин

вт, 29 дек. 2020 г. в 17:15, Tim Düsterhus :

> Ilya,
>
> Am 29.12.20 um 13:01 schrieb Илья Шипицин:
> > It is coverity weirdness. Build was submitted. If you follow to findings,
> > dates are updated
>
> Perfect, thanks. Looking at the overview page:
> https://scan.coverity.com/projects/haproxy
>
> It appears as if the "Components" list is outdated since the refactoring
> of the repository. As an example the ebtree stuff now is in
> include/import/eb*tree.h. It probably should be updated.
>

I do not have access to that area


>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] enable coverity daily scan again

2020-12-29 Thread Tim Düsterhus

Ilya,

Am 29.12.20 um 13:01 schrieb Илья Шипицин:
> It is coverity weirdness. Build was submitted. If you follow to findings,
> dates are updated

Perfect, thanks. Looking at the overview page:
https://scan.coverity.com/projects/haproxy

It appears as if the "Components" list is outdated since the refactoring
of the repository. As an example the ebtree stuff now is in
include/import/eb*tree.h. It probably should be updated.

Best regards
Tim Düsterhus

Re: [PATCH] enable coverity daily scan again

2020-12-29 Thread Илья Шипицин

It is coverity weirdness. Build was submitted. If you follow to findings,
dates are updated

On Tue, Dec 29, 2020, 4:47 PM Tim Düsterhus  wrote:

> Willy,
>
> Am 28.12.20 um 12:05 schrieb Willy Tarreau:
> > Thanks to the name, I found it in a mail from Ilya on 2019-08-06 and
> > just uploaded it according to your procedure.
> >
> > Just push the patch now. Let's see if it works.
> >
>
> At least the build ran tonight:
> https://github.com/haproxy/haproxy/runs/1619717275?check_suite_focus=true
>
> I'm a bit confused by the last line "Coverity Scan upload failed: Build
> successfully submitted..".
>
> It says both "failed" and "successfully". I'm not sure if that is
> correct but Ilya will hopefully be able to tell us if it worked.
>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] enable coverity daily scan again

2020-12-29 Thread Tim Düsterhus

Willy,

Am 28.12.20 um 12:05 schrieb Willy Tarreau:
> Thanks to the name, I found it in a mail from Ilya on 2019-08-06 and
> just uploaded it according to your procedure.
> 
> Just push the patch now. Let's see if it works.
> 

At least the build ran tonight:
https://github.com/haproxy/haproxy/runs/1619717275?check_suite_focus=true

I'm a bit confused by the last line "Coverity Scan upload failed: Build
successfully submitted..".

It says both "failed" and "successfully". I'm not sure if that is
correct but Ilya will hopefully be able to tell us if it worked.

Best regards
Tim Düsterhus

Re: [PATCH] enable coverity daily scan again

2020-12-28 Thread Dinko Korunic

Dear all,

I’ve just sent Coverity project token to Willy; it’s the same as before as we 
haven’t regenerated project token yet.


Kind regards,
D.

> On 28.12.2020., at 12:02, Илья Шипицин  wrote:
> 
> 
> 
> пн, 28 дек. 2020 г. в 15:57, Tim Düsterhus  >:
> Willy,
> 
> Am 25.12.20 um 19:38 schrieb Илья Шипицин:
> > final patch attached.
> 
> That one looks good to me. Can you take it? When the patch is taken you
> will need to add a secret called 'COVERITY_SCAN_TOKEN' here:
> 
> https://github.com/haproxy/haproxy/settings/secrets/actions 
> 
> 
> (In case I messed up the direct link: It's at "Settings" -> "Secrets" ->
> "New Repository Secret")
> 
> I don't have it. Ilya will need to send it to you unless you happen to
> have it somewhere in your email archives.
> 
> it is supposed to be the next step :)
> 
> I do not have access neither to Coverity token, nor to github.
> Dinko can grab a token from Coverity and pass to Willy.
> 
>  
> 
> Best regards
> Tim Düsterhus

-- 
Dinko Korunic   ** Standard disclaimer applies **
Sent from OSF1 osf1v4b V4.0 564 alpha

Re: [PATCH] enable coverity daily scan again

2020-12-28 Thread Willy Tarreau

On Mon, Dec 28, 2020 at 04:02:13PM +0500,  ??? wrote:
> > That one looks good to me. Can you take it? When the patch is taken you
> > will need to add a secret called 'COVERITY_SCAN_TOKEN' here:
> >
> > https://github.com/haproxy/haproxy/settings/secrets/actions
> >
> > (In case I messed up the direct link: It's at "Settings" -> "Secrets" ->
> > "New Repository Secret")
> >
> > I don't have it. Ilya will need to send it to you unless you happen to
> > have it somewhere in your email archives.
> >
> 
> it is supposed to be the next step :)

Thanks to the name, I found it in a mail from Ilya on 2019-08-06 and
just uploaded it according to your procedure.

Just push the patch now. Let's see if it works.

Thanks,
Willy

Re: [PATCH] enable coverity daily scan again

2020-12-28 Thread Илья Шипицин

пн, 28 дек. 2020 г. в 15:57, Tim Düsterhus :

> Willy,
>
> Am 25.12.20 um 19:38 schrieb Илья Шипицин:
> > final patch attached.
>
> That one looks good to me. Can you take it? When the patch is taken you
> will need to add a secret called 'COVERITY_SCAN_TOKEN' here:
>
> https://github.com/haproxy/haproxy/settings/secrets/actions
>
> (In case I messed up the direct link: It's at "Settings" -> "Secrets" ->
> "New Repository Secret")
>
> I don't have it. Ilya will need to send it to you unless you happen to
> have it somewhere in your email archives.
>

it is supposed to be the next step :)

I do not have access neither to Coverity token, nor to github.
Dinko can grab a token from Coverity and pass to Willy.



>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] enable coverity daily scan again

2020-12-28 Thread Tim Düsterhus

Willy,

Am 25.12.20 um 19:38 schrieb Илья Шипицин:
> final patch attached.

That one looks good to me. Can you take it? When the patch is taken you
will need to add a secret called 'COVERITY_SCAN_TOKEN' here:

https://github.com/haproxy/haproxy/settings/secrets/actions

(In case I messed up the direct link: It's at "Settings" -> "Secrets" ->
"New Repository Secret")

I don't have it. Ilya will need to send it to you unless you happen to
have it somewhere in your email archives.

Best regards
Tim Düsterhus

Re: [PATCH] enable coverity daily scan again

2020-12-25 Thread Илья Шипицин

final patch attached.

пт, 25 дек. 2020 г. в 17:05, Илья Шипицин :

> seems we need " ... || true" back
> https://github.com/chipitsine/haproxy/runs/1608451465
>
> пт, 25 дек. 2020 г. в 16:04, Tim Düsterhus :
>
>> Ilya,
>>
>> Am 25.12.20 um 06:28 schrieb Илья Шипицин:
>> > I modified patch to run against my own coverity repo
>> 'chipitsine/haproxy'
>> >
>> >
>> > Tim, can you have a look ?
>> >
>> > https://github.com/chipitsine/haproxy/actions/runs/443552484
>> >
>>
>> Apparently it is not possible to use secrets within an `if` condition.
>> See this one: https://github.com/actions/runner/issues/520.
>>
>> In one comment the following example was posted:
>>
>> if: ${{ github.repository_owner == 'haproxy' }}
>>
>> It's not perfect, because it does not actually check the token, but it
>> will prevent the job from running in forks. And for our repository it
>> will effectively always have the token.
>>
>> Best regards
>> Tim Düsterhus
>>
>
From 12c9385c962ab511f143751df99b8f9f5b99124c Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Fri, 25 Dec 2020 23:36:52 +0500
Subject: [PATCH] CI: GitHub Actions: enable daily Coverity scan

That scan was previously implemented on Travis. Let us migrate
it to GitHub Actions.

Co-authored-by: Tim Duesterhus 
---
 .github/workflows/coverity.yml | 34 ++
 1 file changed, 34 insertions(+)
 create mode 100644 .github/workflows/coverity.yml

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0..51051cc1f
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,34 @@
+
+#
+# scan results: https://scan.coverity.com/projects/haproxy
+#
+
+name: Coverity
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  scan:
+runs-on: ubuntu-latest
+if: ${{ github.repository_owner == 'haproxy' }}
+env:
+  COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
+  COVERITY_SCAN_BRANCH_PATTERN: '*' 
+  COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com'
+  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEFINE=-DDEBUG_USE_ABORT TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1 51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1"
+steps:
+- uses: actions/checkout@v2
+- name: Install apt dependencies
+  run: |
+sudo apt-get update 
+sudo apt-get install -y \
+  liblua5.3-dev \
+  libsystemd-dev
+- name: Run Coverity Scan
+  env:
+COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+  run: |
+make -C contrib/wurfl
+curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh; | bash || true
-- 
2.29.2

Re: [PATCH] enable coverity daily scan again

2020-12-25 Thread Илья Шипицин

seems we need " ... || true" back
https://github.com/chipitsine/haproxy/runs/1608451465

пт, 25 дек. 2020 г. в 16:04, Tim Düsterhus :

> Ilya,
>
> Am 25.12.20 um 06:28 schrieb Илья Шипицин:
> > I modified patch to run against my own coverity repo 'chipitsine/haproxy'
> >
> >
> > Tim, can you have a look ?
> >
> > https://github.com/chipitsine/haproxy/actions/runs/443552484
> >
>
> Apparently it is not possible to use secrets within an `if` condition.
> See this one: https://github.com/actions/runner/issues/520.
>
> In one comment the following example was posted:
>
> if: ${{ github.repository_owner == 'haproxy' }}
>
> It's not perfect, because it does not actually check the token, but it
> will prevent the job from running in forks. And for our repository it
> will effectively always have the token.
>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] enable coverity daily scan again

2020-12-25 Thread Tim Düsterhus

Ilya,

Am 25.12.20 um 06:28 schrieb Илья Шипицин:
> I modified patch to run against my own coverity repo 'chipitsine/haproxy'
> 
> 
> Tim, can you have a look ?
> 
> https://github.com/chipitsine/haproxy/actions/runs/443552484
> 

Apparently it is not possible to use secrets within an `if` condition.
See this one: https://github.com/actions/runner/issues/520.

In one comment the following example was posted:

if: ${{ github.repository_owner == 'haproxy' }}

It's not perfect, because it does not actually check the token, but it
will prevent the job from running in forks. And for our repository it
will effectively always have the token.

Best regards
Tim Düsterhus

Re: [PATCH] enable coverity daily scan again

2020-12-24 Thread Илья Шипицин

I modified patch to run against my own coverity repo 'chipitsine/haproxy'


Tim, can you have a look ?

https://github.com/chipitsine/haproxy/actions/runs/443552484

чт, 24 дек. 2020 г. в 17:41, Илья Шипицин :

> Willy, patch is good. Let us apply that.
>
> чт, 24 дек. 2020 г. в 16:44, Tim Düsterhus :
>
>> Ilya,
>>
>> Am 24.12.20 um 03:53 schrieb Илья Шипицин:
>> > I particularly like this one:
>> >
>> > if: ${{ env.COVERITY_SCAN_TOKEN != '' }}
>> >
>> >
>> > can it be done job wide ? i.e. nothing should start, neither checkout,
>> nor
>> > job itself if token is not set (which is true for forks)
>>
>> Yes, I think it is possible:
>>
>> https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idif
>>
>> By the way: I don't think secrets are exposed via environment variables
>> automatically. You would need to pass them explicitly. See:
>>
>> https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow
>>
>> I've attached an updated patch that I believe does the correct thing:
>>
>> 1. The `if` is on the job level now.
>> 2. It takes the secret from the `secrets` variable and passes it as the
>> `env` for the actual step.
>>
>> Can you test this in your repository, please?
>>
>> >
>> > Also, Tim, I've forgotten to limit builds to "master" branch.  Should we
>> > add some condition as well to prevent coverity scan for other branches ?
>> >
>>
>> According to the documentation
>> (
>> https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#schedule
>> )
>> any workflows that are triggered by a schedule will run on the default
>> branch (i.e. `master`). So I don't think we need to change anything for
>> that.
>>
>> Best regards
>> Tim Düsterhus
>>
>

Re: [PATCH] enable coverity daily scan again

2020-12-24 Thread Илья Шипицин

Willy, patch is good. Let us apply that.

чт, 24 дек. 2020 г. в 16:44, Tim Düsterhus :

> Ilya,
>
> Am 24.12.20 um 03:53 schrieb Илья Шипицин:
> > I particularly like this one:
> >
> > if: ${{ env.COVERITY_SCAN_TOKEN != '' }}
> >
> >
> > can it be done job wide ? i.e. nothing should start, neither checkout,
> nor
> > job itself if token is not set (which is true for forks)
>
> Yes, I think it is possible:
>
> https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idif
>
> By the way: I don't think secrets are exposed via environment variables
> automatically. You would need to pass them explicitly. See:
>
> https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow
>
> I've attached an updated patch that I believe does the correct thing:
>
> 1. The `if` is on the job level now.
> 2. It takes the secret from the `secrets` variable and passes it as the
> `env` for the actual step.
>
> Can you test this in your repository, please?
>
> >
> > Also, Tim, I've forgotten to limit builds to "master" branch.  Should we
> > add some condition as well to prevent coverity scan for other branches ?
> >
>
> According to the documentation
> (
> https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#schedule
> )
> any workflows that are triggered by a schedule will run on the default
> branch (i.e. `master`). So I don't think we need to change anything for
> that.
>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] enable coverity daily scan again

2020-12-24 Thread Илья Шипицин

чт, 24 дек. 2020 г. в 16:44, Tim Düsterhus :

> Ilya,
>
> Am 24.12.20 um 03:53 schrieb Илья Шипицин:
> > I particularly like this one:
> >
> > if: ${{ env.COVERITY_SCAN_TOKEN != '' }}
> >
> >
> > can it be done job wide ? i.e. nothing should start, neither checkout,
> nor
> > job itself if token is not set (which is true for forks)
>
> Yes, I think it is possible:
>
> https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idif
>
> By the way: I don't think secrets are exposed via environment variables
> automatically. You would need to pass them explicitly. See:
>
> https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow



I specified  COVERITY_SCAN_TOKEN in my github fork, indeed it was not
exposed.
I thought it might be due to variables are not exposed for forks
(documentation is not very clear).


I tested in my fork using "export COVERITY_SCAN_TOKEN=."


I'm ok with not specifiyn secrets in a file, but in github variables
instead. if so, every fork will skip that pipeline (good thing).


>
>
> I've attached an updated patch that I believe does the correct thing:
>
> 1. The `if` is on the job level now.
> 2. It takes the secret from the `secrets` variable and passes it as the
> `env` for the actual step.
>
> Can you test this in your repository, please?
>
> >
> > Also, Tim, I've forgotten to limit builds to "master" branch.  Should we
> > add some condition as well to prevent coverity scan for other branches ?
> >
>
> According to the documentation
> (
> https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#schedule
> )
> any workflows that are triggered by a schedule will run on the default
> branch (i.e. `master`). So I don't think we need to change anything for
> that.
>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] enable coverity daily scan again

2020-12-24 Thread Tim Düsterhus

Ilya,

Am 24.12.20 um 04:13 schrieb Илья Шипицин:
> I'm not sure for Github Actions, we use the following in gitlab for
> limiting jobs to parent repo only (i.e. no forks allowed). Is there similar
> thing in Github Actions ?
> 
>   only:refs:  - master@haproxy/haproxy
> 

I don't think so. But my understanding is that the job won't run on pull
requests and with the new `job` level `if` I added in response to your
other mail it should automatically be skipped on forks. So there is no
useless running in forks and it will not leak the token either.

Best regards
Tim Düsterhus

Re: [PATCH] enable coverity daily scan again

2020-12-24 Thread Tim Düsterhus

Ilya,

Am 24.12.20 um 03:53 schrieb Илья Шипицин:
> I particularly like this one:
> 
> if: ${{ env.COVERITY_SCAN_TOKEN != '' }}
> 
> 
> can it be done job wide ? i.e. nothing should start, neither checkout, nor
> job itself if token is not set (which is true for forks)

Yes, I think it is possible:
https://docs.github.com/en/free-pro-team@latest/actions/reference/workflow-syntax-for-github-actions#jobsjob_idif

By the way: I don't think secrets are exposed via environment variables
automatically. You would need to pass them explicitly. See:
https://docs.github.com/en/free-pro-team@latest/actions/reference/encrypted-secrets#using-encrypted-secrets-in-a-workflow

I've attached an updated patch that I believe does the correct thing:

1. The `if` is on the job level now.
2. It takes the secret from the `secrets` variable and passes it as the
`env` for the actual step.

Can you test this in your repository, please?

> 
> Also, Tim, I've forgotten to limit builds to "master" branch.  Should we
> add some condition as well to prevent coverity scan for other branches ?
> 

According to the documentation
(https://docs.github.com/en/free-pro-team@latest/actions/reference/events-that-trigger-workflows#schedule)
any workflows that are triggered by a schedule will run on the default
branch (i.e. `master`). So I don't think we need to change anything for
that.

Best regards
Tim Düsterhus
From 63ed5405668799f45b65a9f3ba4a825c549996d5 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Thu, 24 Dec 2020 01:18:04 +0500
Subject: [PATCH] CI: GitHub Actions: enable daily Coverity scan

That scan was previously implemented on Travis. Let us migrate
it to GitHub Actions.

Co-authored-by: Tim Duesterhus 
---
 .github/workflows/coverity.yml | 29 +
 1 file changed, 29 insertions(+)
 create mode 100644 .github/workflows/coverity.yml

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0..0b75ecef2
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,29 @@
+name: Coverity
+
+on:
+  schedule:
+  - cron: "0 0 * * *"
+
+jobs:
+  scan:
+runs-on: ubuntu-latest
+if: ${{ secrets.COVERITY_SCAN_TOKEN != '' }}
+env:
+  COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
+  COVERITY_SCAN_BRANCH_PATTERN: '*' 
+  COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com'
+  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEFINE=-DDEBUG_USE_ABORT TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1 51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1"
+steps:
+- uses: actions/checkout@v2
+- name: Install apt dependencies
+  run: |
+sudo apt-get update 
+sudo apt-get install -y \
+  liblua5.3-dev \
+  libsystemd-dev
+- name: Run Coverity Scan
+  env:
+COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
+  run: |
+make -C contrib/wurfl
+curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh; | bash
-- 
2.29.0

Re: [PATCH] enable coverity daily scan again

2020-12-23 Thread Илья Шипицин

чт, 24 дек. 2020 г. в 07:53, Илья Шипицин :

>
>
> чт, 24 дек. 2020 г. в 01:51, Tim Düsterhus :
>
>> Ilya,
>>
>> Am 23.12.20 um 21:21 schrieb Илья Шипицин:
>> > this adds daily job.
>> > token specification also must be done, let us do it after merge.
>>
>> I've cleaned up the YML and commit message a bit:
>>
>> a) Fixed some typos.
>> b) Improved the naming of the Workflow and the workflow steps.
>> c) Add newlines to `apt-get install`.
>> d) Move the `if` out of bash into the YML definition.
>> e) Use `-fsSL` flags for curl to make sure it catches all errors and
>> works for redirects.
>>
>> Can you please check that the changes did not break anything? I attached
>> the updated patch.
>>
>
> I particularly like this one:
>
> if: ${{ env.COVERITY_SCAN_TOKEN != '' }}
>
>
> can it be done job wide ? i.e. nothing should start, neither checkout, nor
> job itself if token is not set (which is true for forks)
>
>
> Also, Tim, I've forgotten to limit builds to "master" branch.  Should we
> add some condition as well to prevent coverity scan for other branches ?
>

I'm not sure for Github Actions, we use the following in gitlab for
limiting jobs to parent repo only (i.e. no forks allowed). Is there similar
thing in Github Actions ?

  only:refs:  - master@haproxy/haproxy



>
>
>>
>> Best regards
>> Tim Düsterhus
>>
>

Re: [PATCH] enable coverity daily scan again

2020-12-23 Thread Илья Шипицин

чт, 24 дек. 2020 г. в 01:51, Tim Düsterhus :

> Ilya,
>
> Am 23.12.20 um 21:21 schrieb Илья Шипицин:
> > this adds daily job.
> > token specification also must be done, let us do it after merge.
>
> I've cleaned up the YML and commit message a bit:
>
> a) Fixed some typos.
> b) Improved the naming of the Workflow and the workflow steps.
> c) Add newlines to `apt-get install`.
> d) Move the `if` out of bash into the YML definition.
> e) Use `-fsSL` flags for curl to make sure it catches all errors and
> works for redirects.
>
> Can you please check that the changes did not break anything? I attached
> the updated patch.
>

I particularly like this one:

if: ${{ env.COVERITY_SCAN_TOKEN != '' }}


can it be done job wide ? i.e. nothing should start, neither checkout, nor
job itself if token is not set (which is true for forks)


Also, Tim, I've forgotten to limit builds to "master" branch.  Should we
add some condition as well to prevent coverity scan for other branches ?


>
> Best regards
> Tim Düsterhus
>

Re: [PATCH] enable coverity daily scan again

2020-12-23 Thread Tim Düsterhus

Ilya,

Am 23.12.20 um 21:21 schrieb Илья Шипицин:
> this adds daily job.
> token specification also must be done, let us do it after merge.

I've cleaned up the YML and commit message a bit:

a) Fixed some typos.
b) Improved the naming of the Workflow and the workflow steps.
c) Add newlines to `apt-get install`.
d) Move the `if` out of bash into the YML definition.
e) Use `-fsSL` flags for curl to make sure it catches all errors and
works for redirects.

Can you please check that the changes did not break anything? I attached
the updated patch.

Best regards
Tim Düsterhus
From 86fab31956b14f39b143d87418c7571642c58201 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Thu, 24 Dec 2020 01:18:04 +0500
Subject: [PATCH] CI: GitHub Actions: enable daily Coverity scan

That scan was previously implemented on Travis. Let us migrate
it to GitHub Actions.

Co-authored-by: Tim Duesterhus 
---
 .github/workflows/coverity.yml | 27 +++
 1 file changed, 27 insertions(+)
 create mode 100644 .github/workflows/coverity.yml

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0..38cfa699e
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,27 @@
+name: Coverity
+
+on:
+  schedule:
+- cron: "0 0 * * *"
+
+jobs:
+  scan:
+runs-on: ubuntu-latest
+env:
+  COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
+  COVERITY_SCAN_BRANCH_PATTERN: '*' 
+  COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com'
+  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEFINE=-DDEBUG_USE_ABORT TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1 51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1"
+steps:
+- uses: actions/checkout@v2
+- name: Install apt dependencies
+  run: |
+sudo apt-get update 
+sudo apt-get install -y \
+  liblua5.3-dev \
+  libsystemd-dev
+- name: Run Coverity Scan
+  if: ${{ env.COVERITY_SCAN_TOKEN != '' }}
+  run: |
+make -C contrib/wurfl
+curl -fsSL "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh; | bash
-- 
2.29.0

[PATCH] enable coverity daily scan again

2020-12-23 Thread Илья Шипицин

Hello,

this adds daily job.
token specification also must be done, let us do it after merge.

Ilya
From 6f52831ee614a334ac5b8ab2c2b29d5e51a681d2 Mon Sep 17 00:00:00 2001
From: Ilya Shipitsin 
Date: Thu, 24 Dec 2020 01:18:04 +0500
Subject: [PATCH] CI: Github ACtions: enable daily Coverity scan

that scan was previously implemented on Travis. Let us migrate
it to Github Actions
---
 .github/workflows/coverity.yml | 30 ++
 1 file changed, 30 insertions(+)
 create mode 100644 .github/workflows/coverity.yml

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0..20259d16b
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,30 @@
+
+name: coverity
+
+on:
+  schedule:
+- cron: "0 0 * * *"
+
+jobs:
+  scan:
+
+runs-on: ubuntu-latest
+
+env:
+  COVERITY_SCAN_PROJECT_NAME: 'Haproxy'
+  COVERITY_SCAN_BRANCH_PATTERN: '*' 
+  COVERITY_SCAN_NOTIFICATION_EMAIL: 'chipits...@gmail.com'
+  COVERITY_SCAN_BUILD_COMMAND: "make CC=clang DEFINE=-DDEBUG_USE_ABORT TARGET=linux-glibc USE_ZLIB=1 USE_PCRE=1 USE_PCRE_JIT=1 USE_LUA=1 USE_OPENSSL=1 USE_SYSTEMD=1 USE_WURFL=1 WURFL_INC=contrib/wurfl WURFL_LIB=contrib/wurfl USE_DEVICEATLAS=1 DEVICEATLAS_SRC=contrib/deviceatlas USE_51DEGREES=1 51DEGREES_SRC=contrib/51d/src/pattern DEBUG_STRICT=1"
+
+steps:
+- uses: actions/checkout@v2
+- name: install prerequisites
+  run: |
+sudo apt-get update 
+sudo apt-get install -y liblua5.3-dev libsystemd-dev
+- name: scan
+  run: |
+if [ ! -z ${COVERITY_SCAN_TOKEN+x} ]; then
+ make -C contrib/wurfl
+ curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh; | bash
+fi
-- 
2.28.0

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

Re: [PATCH] enable coverity daily scan again

[PATCH] enable coverity daily scan again

20 matches

Site Navigation

Mail list logo

Footer information