Google Git
Sign in
apache/cloudberry/refs/heads/fix_orca_empty_table/./.github/workflows/coverity.yml
blob: 4f7f74d54b22a21cae81a67677921ee16b598195 [file]
# --------------------------------------------------------------------
#
# Licensed to the Apache Software Foundation (ASF) under one or more
# contributor license agreements. See the NOTICE file distributed
# with this work for additional information regarding copyright
# ownership. The ASF licenses this file to You under the Apache
# License, Version 2.0 (the "License"); you may not use this file
# except in compliance with the License. You may obtain a copy of the
# License at
#
# http://www.apache.org/licenses/LICENSE-2.0
#
# Unless required by applicable law or agreed to in writing, software
# distributed under the License is distributed on an "AS IS" BASIS,
# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or
# implied. See the License for the specific language governing
# permissions and limitations under the License.
#
# --------------------------------------------------------------------
# GitHub Actions Workflow: Apache Cloudberry Coverity Scan Pipeline
# --------------------------------------------------------------------
# Description:
#
# This workflow performs scheduled coverity scan of Apache Cloudberry.
#
# Workflow Overview:
# 1. **Check Skip**:
# - workflow run currently is limited to "apache" GitHub organization, forks are ignored
#
# 2. **scan Job**:
# - performs scan and upload result to https://scan.coverity.com/builds?project=apache%2Fcloudberry
# Triggers:
# - daily schedule
# - optional manual dispatch.
#
# Notes:
# - COVERITY_SCAN_TOKEN secret is used.
# --------------------------------------------------------------------
name: Apache Cloudberry Coverity Scan
on:
schedule:
- cron: "0 0 * * 1"
workflow_dispatch:
permissions:
contents: read
jobs:
coverity-scan:
runs-on: ubuntu-22.04
if: ${{ github.repository_owner == 'apache' }}
container:
image: apache/incubator-cloudberry:cbdb-build-rocky9-latest
options: >-
--user root
-h cdw
steps:
- name: Checkout Apache Cloudberry
uses: actions/checkout@v4
with:
fetch-depth: 1
submodules: true
- name: Environment Initialization
run: |
if ! su - gpadmin -c "/tmp/init_system.sh"; then
echo "::error::Container initialization failed"
exit 1
fi
- name: Download Coverity build tool
run: |
set -euox pipefail
wget -c -N https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SCAN_TOKEN }}&project=apache%2Fcloudberry" -O coverity_tool.tar.gz
mkdir -p coverity_tool
tar xzf coverity_tool.tar.gz --strip 1 -C coverity_tool
chown -R gpadmin:gpadmin coverity_tool
- name: Build with Coverity build tool
run: |
set -euox pipefail
WORKSPACE="${GITHUB_WORKSPACE}"
sudo chmod a+w /usr/local
mkdir -p /usr/local/cloudberry-db/lib
sudo cp /usr/local/xerces-c/lib/libxerces-c.so \
/usr/local/xerces-c/lib/libxerces-c-3.3.so \
/usr/local/cloudberry-db/lib
sudo chown -R gpadmin:gpadmin /usr/local/cloudberry-db
su - gpadmin -c "cd $WORKSPACE"
export LD_LIBRARY_PATH=/usr/local/cloudberry-db/lib:LD_LIBRARY_PATH
export PATH=$WORKSPACE/coverity_tool/bin:$PATH
./configure --prefix=/usr/local/cloudberry-db \
--disable-external-fts \
--enable-gpcloud \
--enable-ic-proxy \
--enable-orafce \
--enable-orca \
--enable-pax \
--enable-pxf \
--enable-tap-tests \
--with-gssapi \
--with-ldap \
--with-libxml \
--with-lz4 \
--with-openssl \
--with-pam \
--with-perl \
--with-pgport=5432 \
--with-python \
--with-pythonsrc-ext \
--with-ssl=openssl \
--with-uuid=e2fs \
--with-includes=/usr/local/xerces-c/include \
--with-libraries=/usr/local/cloudberry-db/lib
cov-build --dir cov-int make -j$(nproc)
- name: Submit build result to Coverity Scan
run: |
tar czvf cov.tar.gz cov-int
curl --form token=${{ secrets.COVERITY_SCAN_TOKEN }} \
--form email=wangdianjin@gmail.com \
--form file=@cov.tar.gz \
--form version="Commit $GITHUB_SHA" \
--form description="Build submitted via CI" \
https://scan.coverity.com/builds?project=apache%2Fcloudberry