[PATCH 0/2] coverity: trigger scan as a github action

[PATCH 0/2] coverity: trigger scan as a github action

[Roger Pau Monne]

Hello,

Following series introduces a github workflow to trigger a Coverity
Scan. First patch attempts to move the logic currently in osstest into a
github action mostly as-is (same build targets).

Second patch removes the build of QEMU, SeaBIOS and OVMF from the
Coverity Scan.

Thanks, Roger.

Roger Pau Monne (2):
  github: add workflow to run Coverity scans
  coverity: do not build QEMU, SeaBIOS or OVMF

 .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 .github/workflows/coverity.yml

-- 
2.34.1

[PATCH 1/2] github: add workflow to run Coverity scans

[Roger Pau Monne]

Add a workflow that performs a build like it's done by osstest
Coverity flight and uploads the result to Coverity for analysis. The
build process is exactly the same as the one currently used in
osstest, and it's also run at the same time (bi-weekly).

This has one big benefit over using osstest: we no longer have to care
about keeping the Coverity tools up to date in osstest.

Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
 .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
 1 file changed, 35 insertions(+)
 create mode 100644 .github/workflows/coverity.yml

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
new file mode 100644
index 0000000000..12fc9c782b
--- /dev/null
+++ b/.github/workflows/coverity.yml
@@ -0,0 +1,35 @@
+name: Coverity Scan
+
+# We only want to test official release code, not every pull request.
+on:
+  schedule:
+    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
+
+jobs:
+  coverity:
+    runs-on: ubuntu-latest
+    steps:
+    - name: Install build dependencies
+      run: |
+        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
+          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
+          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
+          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
+          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
+          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
+          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
+          libtool libfuse-dev liblzma-dev ninja-build \
+          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
+    - uses: actions/checkout@v2
+    - name: Configure Xen
+      run: |
+        ./configure
+    - name: Pre build stuff
+      run: |
+        make -C tools/firmware/etherboot all && make mini-os-dir
+    - uses: vapier/coverity-scan-action@v1
+      with:
+        command: make xen tools && make -C extras/mini-os/
+        project: XenProject
+        email: ${{ secrets.COVERITY_SCAN_EMAIL }}
+        token: ${{ secrets.COVERITY_SCAN_TOKEN }}
-- 
2.34.1

[PATCH 2/2] coverity: do not build QEMU, SeaBIOS or OVMF

[Roger Pau Monne]

Such external projects should have their own Coverity runs, and
there's not much point in also making them part of our scan (apart
from greatly increasing the amount of code scanned).

Trim the dependencies now that QEMU is not built.

Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
---
 .github/workflows/coverity.yml | 22 +++++++++++-----------
 1 file changed, 11 insertions(+), 11 deletions(-)

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 12fc9c782b..e8d33bf70a 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -11,22 +11,22 @@ jobs:
     steps:
     - name: Install build dependencies
       run: |
-        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
-          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
-          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
-          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
-          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
-          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
-          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
-          libtool libfuse-dev liblzma-dev ninja-build \
-          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
+        sudo apt-get install -y wget git gawk bridge-utils \
+          iproute2 bzip2 build-essential \
+          make gcc zlib1g-dev libncurses5-dev patch iasl \
+          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml \
+          ocaml-findlib xz-utils gettext libyajl-dev \
+          autoconf libtool liblzma-dev \
+          python3-dev python3-pip golang python-dev libsystemd-dev
     - uses: actions/checkout@v2
     - name: Configure Xen
       run: |
-        ./configure
+        ./configure --with-system-qemu=/bin/true \
+                    --with-system-seabios=/bin/true \
+                    --with-system-ovmf=/bin/true
     - name: Pre build stuff
       run: |
-        make -C tools/firmware/etherboot all && make mini-os-dir
+        make mini-os-dir
     - uses: vapier/coverity-scan-action@v1
       with:
         command: make xen tools && make -C extras/mini-os/
-- 
2.34.1

Re: [PATCH 1/2] github: add workflow to run Coverity scans

[Andrew Cooper]

On 18/02/2022 12:00, Roger Pau Monne wrote:
> Add a workflow that performs a build like it's done by osstest
> Coverity flight and uploads the result to Coverity for analysis. The
> build process is exactly the same as the one currently used in
> osstest, and it's also run at the same time (bi-weekly).
>
> This has one big benefit over using osstest: we no longer have to care
> about keeping the Coverity tools up to date in osstest.
>
> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> ---
>  .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
>  1 file changed, 35 insertions(+)
>  create mode 100644 .github/workflows/coverity.yml
>
> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> new file mode 100644
> index 0000000000..12fc9c782b
> --- /dev/null
> +++ b/.github/workflows/coverity.yml
> @@ -0,0 +1,35 @@
> +name: Coverity Scan
> +
> +# We only want to test official release code, not every pull request.
> +on:
> +  schedule:
> +    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
> +
> +jobs:
> +  coverity:
> +    runs-on: ubuntu-latest
> +    steps:
> +    - name: Install build dependencies
> +      run: |
> +        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
> +          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
> +          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
> +          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
> +          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
> +          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
> +          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
> +          libtool libfuse-dev liblzma-dev ninja-build \
> +          kpartx python3-dev python3-pip golang python-dev libsystemd-dev

We dropped gettext as a dependency a few releases ago, and we don't need
python3-pip either.  Can fix on commit.

> +    - uses: actions/checkout@v2

I think we want

- uses: actions/checkout@v2
  with:
    ref: staging

Can also fix on commit.

Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I
can see that Coverity has done the right thing with this.)

> +    - name: Configure Xen
> +      run: |
> +        ./configure
> +    - name: Pre build stuff
> +      run: |
> +        make -C tools/firmware/etherboot all && make mini-os-dir
> +    - uses: vapier/coverity-scan-action@v1
> +      with:
> +        command: make xen tools && make -C extras/mini-os/
> +        project: XenProject
> +        email: ${{ secrets.COVERITY_SCAN_EMAIL }}
> +        token: ${{ secrets.COVERITY_SCAN_TOKEN }}

Re: [PATCH 2/2] coverity: do not build QEMU, SeaBIOS or OVMF

[Andrew Cooper]

On 18/02/2022 12:00, Roger Pau Monne wrote:
> Such external projects should have their own Coverity runs, and
> there's not much point in also making them part of our scan (apart
> from greatly increasing the amount of code scanned).
>
> Trim the dependencies now that QEMU is not built.
>
> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>

Acked-by: Andrew Cooper <andrew.cooper3@citrix.com>

Re: [PATCH 1/2] github: add workflow to run Coverity scans

[Andrew Cooper]

On 18/02/2022 12:21, Andrew Cooper wrote:
> On 18/02/2022 12:00, Roger Pau Monne wrote:
>> Add a workflow that performs a build like it's done by osstest
>> Coverity flight and uploads the result to Coverity for analysis. The
>> build process is exactly the same as the one currently used in
>> osstest, and it's also run at the same time (bi-weekly).
>>
>> This has one big benefit over using osstest: we no longer have to care
>> about keeping the Coverity tools up to date in osstest.
>>
>> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>> ---
>>  .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
>>  1 file changed, 35 insertions(+)
>>  create mode 100644 .github/workflows/coverity.yml
>>
>> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
>> new file mode 100644
>> index 0000000000..12fc9c782b
>> --- /dev/null
>> +++ b/.github/workflows/coverity.yml
>> @@ -0,0 +1,35 @@
>> +name: Coverity Scan
>> +
>> +# We only want to test official release code, not every pull request.
>> +on:
>> +  schedule:
>> +    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
>> +
>> +jobs:
>> +  coverity:
>> +    runs-on: ubuntu-latest
>> +    steps:
>> +    - name: Install build dependencies
>> +      run: |
>> +        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
>> +          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
>> +          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
>> +          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
>> +          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
>> +          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
>> +          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
>> +          libtool libfuse-dev liblzma-dev ninja-build \
>> +          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
> We dropped gettext as a dependency a few releases ago, and we don't need
> python3-pip either.  Can fix on commit.
>
>> +    - uses: actions/checkout@v2
> I think we want
>
> - uses: actions/checkout@v2
>   with:
>     ref: staging
>
> Can also fix on commit.
>
> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I
> can see that Coverity has done the right thing with this.)
>
>> +    - name: Configure Xen
>> +      run: |
>> +        ./configure

On second thoughts, we can probably --disable-docs here, because it's
just wasted processing time when all we care about is the C.

~Andrew

Re: [PATCH 1/2] github: add workflow to run Coverity scans

[Roger Pau Monné]

On Fri, Feb 18, 2022 at 12:21:34PM +0000, Andrew Cooper wrote:
> On 18/02/2022 12:00, Roger Pau Monne wrote:
> > Add a workflow that performs a build like it's done by osstest
> > Coverity flight and uploads the result to Coverity for analysis. The
> > build process is exactly the same as the one currently used in
> > osstest, and it's also run at the same time (bi-weekly).
> >
> > This has one big benefit over using osstest: we no longer have to care
> > about keeping the Coverity tools up to date in osstest.
> >
> > Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
> > Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> > ---
> >  .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
> >  1 file changed, 35 insertions(+)
> >  create mode 100644 .github/workflows/coverity.yml
> >
> > diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> > new file mode 100644
> > index 0000000000..12fc9c782b
> > --- /dev/null
> > +++ b/.github/workflows/coverity.yml
> > @@ -0,0 +1,35 @@
> > +name: Coverity Scan
> > +
> > +# We only want to test official release code, not every pull request.
> > +on:
> > +  schedule:
> > +    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
> > +
> > +jobs:
> > +  coverity:
> > +    runs-on: ubuntu-latest
> > +    steps:
> > +    - name: Install build dependencies
> > +      run: |
> > +        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
> > +          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
> > +          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
> > +          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
> > +          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
> > +          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
> > +          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
> > +          libtool libfuse-dev liblzma-dev ninja-build \
> > +          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
> 
> We dropped gettext as a dependency a few releases ago, and we don't need
> python3-pip either.  Can fix on commit.
> 
> > +    - uses: actions/checkout@v2
> 
> I think we want
> 
> - uses: actions/checkout@v2
>   with:
>     ref: staging

I've assumed we wanted master as that at least functional per the
testing done in osstest. But maybe it's indeed better to use staging
in order to catch issues before they reach master.

I'm fine with this.

Thanks, Roger.

Re: [PATCH 1/2] github: add workflow to run Coverity scans

[Andrew Cooper]

On 18/02/2022 12:27, Roger Pau Monne wrote:
> On Fri, Feb 18, 2022 at 12:21:34PM +0000, Andrew Cooper wrote:
>> On 18/02/2022 12:00, Roger Pau Monne wrote:
>>> Add a workflow that performs a build like it's done by osstest
>>> Coverity flight and uploads the result to Coverity for analysis. The
>>> build process is exactly the same as the one currently used in
>>> osstest, and it's also run at the same time (bi-weekly).
>>>
>>> This has one big benefit over using osstest: we no longer have to care
>>> about keeping the Coverity tools up to date in osstest.
>>>
>>> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>>> ---
>>>  .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
>>>  1 file changed, 35 insertions(+)
>>>  create mode 100644 .github/workflows/coverity.yml
>>>
>>> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
>>> new file mode 100644
>>> index 0000000000..12fc9c782b
>>> --- /dev/null
>>> +++ b/.github/workflows/coverity.yml
>>> @@ -0,0 +1,35 @@
>>> +name: Coverity Scan
>>> +
>>> +# We only want to test official release code, not every pull request.
>>> +on:
>>> +  schedule:
>>> +    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
>>> +
>>> +jobs:
>>> +  coverity:
>>> +    runs-on: ubuntu-latest
>>> +    steps:
>>> +    - name: Install build dependencies
>>> +      run: |
>>> +        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
>>> +          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
>>> +          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
>>> +          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
>>> +          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
>>> +          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
>>> +          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
>>> +          libtool libfuse-dev liblzma-dev ninja-build \
>>> +          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
>> We dropped gettext as a dependency a few releases ago, and we don't need
>> python3-pip either.  Can fix on commit.
>>
>>> +    - uses: actions/checkout@v2
>> I think we want
>>
>> - uses: actions/checkout@v2
>>   with:
>>     ref: staging
> I've assumed we wanted master as that at least functional per the
> testing done in osstest. But maybe it's indeed better to use staging
> in order to catch issues before they reach master.

IIRC, OSSTest has Coverity following smoke, but these days we're far
better are not breaking the build now that Gitlab CI is in place.

But it might be prudent to check that if the build fails, we don't
submit a partial result to Coverity.

The difference between staging and master is purely how early we get the
report.

~Andrew

Re: [PATCH 1/2] github: add workflow to run Coverity scans

[Roger Pau Monné]

On Fri, Feb 18, 2022 at 12:23:47PM +0000, Andrew Cooper wrote:
> On 18/02/2022 12:21, Andrew Cooper wrote:
> > On 18/02/2022 12:00, Roger Pau Monne wrote:
> >> Add a workflow that performs a build like it's done by osstest
> >> Coverity flight and uploads the result to Coverity for analysis. The
> >> build process is exactly the same as the one currently used in
> >> osstest, and it's also run at the same time (bi-weekly).
> >>
> >> This has one big benefit over using osstest: we no longer have to care
> >> about keeping the Coverity tools up to date in osstest.
> >>
> >> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
> >> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
> >> ---
> >>  .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
> >>  1 file changed, 35 insertions(+)
> >>  create mode 100644 .github/workflows/coverity.yml
> >>
> >> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> >> new file mode 100644
> >> index 0000000000..12fc9c782b
> >> --- /dev/null
> >> +++ b/.github/workflows/coverity.yml
> >> @@ -0,0 +1,35 @@
> >> +name: Coverity Scan
> >> +
> >> +# We only want to test official release code, not every pull request.
> >> +on:
> >> +  schedule:
> >> +    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
> >> +
> >> +jobs:
> >> +  coverity:
> >> +    runs-on: ubuntu-latest
> >> +    steps:
> >> +    - name: Install build dependencies
> >> +      run: |
> >> +        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
> >> +          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
> >> +          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
> >> +          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
> >> +          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
> >> +          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
> >> +          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
> >> +          libtool libfuse-dev liblzma-dev ninja-build \
> >> +          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
> > We dropped gettext as a dependency a few releases ago, and we don't need
> > python3-pip either.  Can fix on commit.
> >
> >> +    - uses: actions/checkout@v2
> > I think we want
> >
> > - uses: actions/checkout@v2
> >   with:
> >     ref: staging
> >
> > Can also fix on commit.
> >
> > Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I
> > can see that Coverity has done the right thing with this.)
> >
> >> +    - name: Configure Xen
> >> +      run: |
> >> +        ./configure
> 
> On second thoughts, we can probably --disable-docs here, because it's
> just wasted processing time when all we care about is the C.

We do not build the docs already, because the build command is `make
xen tools`.

Thanks, Roger.

Re: [PATCH 1/2] github: add workflow to run Coverity scans

[Brian Olson]

Can someone please tell me how to remove my email account from this 
list? Thank you.

On 2/18/22 07:36, Roger Pau Monné wrote:
> On Fri, Feb 18, 2022 at 12:23:47PM +0000, Andrew Cooper wrote:
>> On 18/02/2022 12:21, Andrew Cooper wrote:
>>> On 18/02/2022 12:00, Roger Pau Monne wrote:
>>>> Add a workflow that performs a build like it's done by osstest
>>>> Coverity flight and uploads the result to Coverity for analysis. The
>>>> build process is exactly the same as the one currently used in
>>>> osstest, and it's also run at the same time (bi-weekly).
>>>>
>>>> This has one big benefit over using osstest: we no longer have to care
>>>> about keeping the Coverity tools up to date in osstest.
>>>>
>>>> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>>>> ---
>>>>   .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
>>>>   1 file changed, 35 insertions(+)
>>>>   create mode 100644 .github/workflows/coverity.yml
>>>>
>>>> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
>>>> new file mode 100644
>>>> index 0000000000..12fc9c782b
>>>> --- /dev/null
>>>> +++ b/.github/workflows/coverity.yml
>>>> @@ -0,0 +1,35 @@
>>>> +name: Coverity Scan
>>>> +
>>>> +# We only want to test official release code, not every pull request.
>>>> +on:
>>>> +  schedule:
>>>> +    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
>>>> +
>>>> +jobs:
>>>> +  coverity:
>>>> +    runs-on: ubuntu-latest
>>>> +    steps:
>>>> +    - name: Install build dependencies
>>>> +      run: |
>>>> +        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
>>>> +          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
>>>> +          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
>>>> +          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
>>>> +          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
>>>> +          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
>>>> +          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
>>>> +          libtool libfuse-dev liblzma-dev ninja-build \
>>>> +          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
>>> We dropped gettext as a dependency a few releases ago, and we don't need
>>> python3-pip either.  Can fix on commit.
>>>
>>>> +    - uses: actions/checkout@v2
>>> I think we want
>>>
>>> - uses: actions/checkout@v2
>>>    with:
>>>      ref: staging
>>>
>>> Can also fix on commit.
>>>
>>> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I
>>> can see that Coverity has done the right thing with this.)
>>>
>>>> +    - name: Configure Xen
>>>> +      run: |
>>>> +        ./configure
>> On second thoughts, we can probably --disable-docs here, because it's
>> just wasted processing time when all we care about is the C.
> We do not build the docs already, because the build command is `make
> xen tools`.
>
> Thanks, Roger.
>

[unsubscribe from xen-devel] Re: [PATCH 1/2] github: add workflow to run Coverity scans

[Andrew Cooper]

On 18/02/2022 13:38, Brian Olson wrote:
> Can someone please tell me how to remove my email account from this
> list? Thank you.

Use https://lists.xenproject.org/mailman/listinfo/xen-devel to unsubscribe.

~Andrew

Re: [PATCH 1/2] github: add workflow to run Coverity scans

[Andrew Cooper]

On 18/02/2022 13:36, Roger Pau Monne wrote:
> On Fri, Feb 18, 2022 at 12:23:47PM +0000, Andrew Cooper wrote:
>> On 18/02/2022 12:21, Andrew Cooper wrote:
>>> On 18/02/2022 12:00, Roger Pau Monne wrote:
>>>> Add a workflow that performs a build like it's done by osstest
>>>> Coverity flight and uploads the result to Coverity for analysis. The
>>>> build process is exactly the same as the one currently used in
>>>> osstest, and it's also run at the same time (bi-weekly).
>>>>
>>>> This has one big benefit over using osstest: we no longer have to care
>>>> about keeping the Coverity tools up to date in osstest.
>>>>
>>>> Suggested-by: Andrew Cooper <andrew.cooper3@citrix.com>
>>>> Signed-off-by: Roger Pau Monné <roger.pau@citrix.com>
>>>> ---
>>>>  .github/workflows/coverity.yml | 35 ++++++++++++++++++++++++++++++++++
>>>>  1 file changed, 35 insertions(+)
>>>>  create mode 100644 .github/workflows/coverity.yml
>>>>
>>>> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
>>>> new file mode 100644
>>>> index 0000000000..12fc9c782b
>>>> --- /dev/null
>>>> +++ b/.github/workflows/coverity.yml
>>>> @@ -0,0 +1,35 @@
>>>> +name: Coverity Scan
>>>> +
>>>> +# We only want to test official release code, not every pull request.
>>>> +on:
>>>> +  schedule:
>>>> +    - cron: '18 9 * * WED,SUN' # Bi-weekly at 9:18 UTC
>>>> +
>>>> +jobs:
>>>> +  coverity:
>>>> +    runs-on: ubuntu-latest
>>>> +    steps:
>>>> +    - name: Install build dependencies
>>>> +      run: |
>>>> +        sudo apt-get install -y wget git bcc bin86 gawk bridge-utils \
>>>> +          iproute2 libcurl4-openssl-dev bzip2 libpci-dev build-essential \
>>>> +          make gcc libc6-dev libc6-dev-i386 linux-libc-dev zlib1g-dev \
>>>> +          libncurses5-dev patch libvncserver-dev libssl-dev libsdl-dev iasl \
>>>> +          libbz2-dev e2fslibs-dev git-core uuid-dev ocaml libx11-dev \
>>>> +          ocaml-findlib xz-utils gettext libyajl-dev libpixman-1-dev \
>>>> +          libaio-dev libfdt-dev cabextract libglib2.0-dev autoconf automake \
>>>> +          libtool libfuse-dev liblzma-dev ninja-build \
>>>> +          kpartx python3-dev python3-pip golang python-dev libsystemd-dev
>>> We dropped gettext as a dependency a few releases ago, and we don't need
>>> python3-pip either.  Can fix on commit.
>>>
>>>> +    - uses: actions/checkout@v2
>>> I think we want
>>>
>>> - uses: actions/checkout@v2
>>>   with:
>>>     ref: staging
>>>
>>> Can also fix on commit.
>>>
>>> Acked-by: Andrew Cooper <andrew.cooper3@citrix.com> (mainly because I
>>> can see that Coverity has done the right thing with this.)
>>>
>>>> +    - name: Configure Xen
>>>> +      run: |
>>>> +        ./configure
>> On second thoughts, we can probably --disable-docs here, because it's
>> just wasted processing time when all we care about is the C.
> We do not build the docs already, because the build command is `make
> xen tools`.
>
> Thanks, Roger.

Good point.

~Andrew