2828# - workflow run currently is limited to "apache" GitHub organization, forks are ignored
2929#
3030# 2. **scan Job**:
31- # - performs scan and upload result to https://scan.coverity.com/projects/cloudberry?tab=overview
31+ # - performs scan and upload result to https://scan.coverity.com/builds?project=apache%2Fcloudberry
3232# Triggers:
3333# - daily schedule
3434# - optional manual dispatch.
3535#
3636# Notes:
3737# - COVERITY_SCAN_TOKEN secret is used.
3838# --------------------------------------------------------------------
39- name : Coverity
39+ name : Apache Cloudberry Coverity Scan
4040
4141on :
4242 schedule :
@@ -47,31 +47,73 @@ permissions:
4747 contents : read
4848
4949jobs :
50- scan :
51- runs-on : ubuntu-latest
50+ coverity- scan
51+ runs-on : ubuntu-22.04
5252 if : ${{ github.repository_owner == 'apache' }}
5353
54- env :
55- DEBIAN_FRONTEND : noninteractive
54+ container :
55+ image : apache/incubator-cloudberry:cbdb-build-rocky9-latest
56+ options : >-
57+ --user root
58+ -h cdw
5659
5760steps :
58- - uses : actions/checkout@v4
59- - name : Install apt dependencies
61+ - name : Checkout Apache Cloudberry
62+ uses : actions/checkout@v4
63+ with :
64+ fetch-depth : 1
65+
66+ - name : Environment Initialization
6067 run : |
61- sudo apt-get update
62- sudo apt-get install -y bison cmake curl flex git-core gcc g++ inetutils-ping krb5-kdc krb5-admin-server libapr1-dev libbz2-dev libcurl4-gnutls-dev libevent-dev libkrb5-dev libpam-dev libperl-dev libreadline-dev libssl-dev libxerces-c-dev libxml2-dev libyaml-dev libzstd-dev locales net-tools ninja-build openssh-client openssh-server openssl pkg-config python3-dev python3-pip python3-psutil python3-pygresql python3-yaml zlib1g-dev
63- pip3 install conan
68+ if ! su - gpadmin -c "/tmp/init_system.sh"; then
69+ echo "::error::Container initialization failed"
70+ exit 1
71+ fi
6472
6573name : Download Coverity build tool
6674 run : |
6775 wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=apache%2Fcloudberry" -O coverity_tool.tar.gz
68- mkdir coverity_tool
76+ mkdir -p coverity_tool
6977 tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
78+ chown -R gpadmin:gpadmin coverity_tool
79+
7080name : Build with Coverity build tool
7181 run : |
72- ./configure --with-perl --with-python --with-libxml --with-gssapi --prefix=/usr/local/cloudberrydb
73- export PATH=`pwd`/coverity_tool/bin:$PATH
74- cov-build --dir cov-int make
82+ WORKSPACE="${GITHUB_WORKSPACE}"
83+ sudo rm -rf /usr/local/cloudberry-db
84+ sudo chmod a+w /usr/local
85+ mkdir -p /usr/local/cloudberry-db/lib
86+ sudo cp /usr/local/xerces-c/lib/libxerces-c.so \
87+ /usr/local/xerces-c/lib/libxerces-c-3.3.so \
88+ /usr/local/cloudberry-db/lib
89+ sudo chown -R gpadmin:gpadmin /usr/local/cloudberry-db
90+ su - gpadmin -c "cd $WORKSPACE"
91+ export LD_LIBRARY_PATH=/usr/local/cloudberry-db/lib:LD_LIBRARY_PATH
92+ export PATH=$WORKSPACE/coverity_tool/bin:$PATH
93+ ./configure --prefix=/usr/local/cloudberry-db \
94+ --disable-external-fts \
95+ --enable-gpcloud \
96+ --enable-ic-proxy \
97+ --enable-orafce \
98+ --enable-orca \
99+ --enable-pxf \
100+ --enable-tap-tests \
101+ --with-gssapi \
102+ --with-ldap \
103+ --with-libxml \
104+ --with-lz4 \
105+ --with-openssl \
106+ --with-pam \
107+ --with-perl \
108+ --with-pgport=5432 \
109+ --with-python \
110+ --with-pythonsrc-ext \
111+ --with-ssl=openssl \
112+ --with-uuid=e2fs \
113+ --with-includes=/usr/local/xerces-c/include \
114+ --with-libraries=/usr/local/cloudberry-db/lib
115+ cov-build --dir cov-int make -j$(nproc)
116+
75117name : Submit build result to Coverity Scan
76118 run : |
77119 tar czvf cov.tar.gz cov-int
80122 --form file=@cov.tar.gz \
81123 --form version="Commit $GITHUB_SHA" \
82124 --form description="Build submitted via CI" \
83- https://scan.coverity.com/builds?project=apache%2Fcloudberry
125+ https://scan.coverity.com/builds?project=apache%2Fcloudberry
0 commit comments