From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Jeff King <peff@peff.net>
Cc: Taylor Blau <me@ttaylorr.com>, Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org
Subject: Re: What's cooking in git.git (Oct 2021, #02; Wed, 6)
Date: Wed, 20 Oct 2021 14:27:30 +0200 (CEST) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.2110201416390.56@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <YWC49+xCh+zum8Ms@coredump.intra.peff.net>
Hi Peff,
On Fri, 8 Oct 2021, Jeff King wrote:
> On Fri, Oct 08, 2021 at 09:51:33AM +0200, Johannes Schindelin wrote:
>
> > FWIW I have set up an Azure Pipeline to keep Git for Windows' `main`
> > branch covered by Coverity:
> >
> > https://dev.azure.com/git-for-windows/git/_build?definitionId=35
> >
> > It essentially calls into this scripted code:
> > https://github.com/git-for-windows/build-extra/blob/4676f286a1ec830a5038b32400808a353dc6c48d/please.sh#L1820-L1915
>
> Do you have any objection to adding something like the Action I showed
> eariler? It would do nothing in git-for-windows/git unless you set up
> the right environment, so there shouldn't be any downside.
No objection. I'd just ask to use `${{github.repository}}` instead of
hard-coding `peff/git`, and to really not run the workflow unless
configured. So something like this:
name: coverity-scan
on:
push:
- master
- next
- seen
jobs:
coverity:
runs-on: ubuntu-latest
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
if: env.COVERITY_SCAN_TOKEN != '' && env.COVERITY_SCAN_EMAIL != ''
steps:
- uses: actions/checkout@v2
- run: ci/install-dependencies.sh
- name: Download Coverity Build Tool
run: |
wget -q https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
- name: Build with cov-build
run: |
export PATH=$(pwd)/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int make
- name: Submit the result to Coverity Scan
run: |
tar czvf git.tgz cov-int
curl \
--form project=$GITHUB_REPOSITORY \
--form token=$COVERITY_SCAN_TOKEN \
--form email=$COVERITY_SCAN_EMAIL \
--form file=@git.tgz \
--form version=$(git rev-parse HEAD) \
--form description="$(./git version)" \
https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY
Note the `jobs.coverity.if` attribute. This is what will let the entire
job be skipped unless the secrets are set up.
I am very much in favor of having this in git/git. Do you want to provide
the commit message, or do you want me to shepher this?
> I admit I was not really planning to try to suppress the false positives
> as you've done here; my plan was to just keep an eye on the "new"
> entries (having already gone through the existing ones years ago).
I think we will _have_ to suppress the false positives at some point, as
something like 9 out of 10 new reports I receive are about these, and it
takes time to analyze & dismiss them. In general, I have no trouble
finding more fun things to do with my time.
Ciao,
Dscho
next prev parent reply other threads:[~2021-10-20 12:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-07 0:24 What's cooking in git.git (Oct 2021, #02; Wed, 6) Junio C Hamano
2021-10-07 2:01 ` ab/make-sparse-for-real Ævar Arnfjörð Bjarmason
2021-10-07 2:24 ` What's cooking in git.git (Oct 2021, #02; Wed, 6) Jeff King
2021-10-07 2:38 ` Jeff King
2021-10-07 4:07 ` Taylor Blau
2021-10-08 3:55 ` Jeff King
2021-10-08 7:51 ` Johannes Schindelin
2021-10-08 21:32 ` Jeff King
2021-10-20 12:27 ` Johannes Schindelin [this message]
2021-10-20 14:30 ` Taylor Blau
2021-10-20 14:47 ` Junio C Hamano
2021-10-20 16:13 ` Jeff King
2022-08-16 9:05 ` Coverity, was " Johannes Schindelin
2022-08-17 0:57 ` Jeff King
2022-08-19 11:22 ` Johannes Schindelin
2021-10-07 7:42 ` Ævar Arnfjörð Bjarmason
2021-10-08 4:10 ` Jeff King
2021-10-08 20:03 ` Junio C Hamano
2021-10-08 20:19 ` Jeff King
2021-10-08 21:57 ` Junio C Hamano
2021-10-07 2:57 ` Ævar Arnfjörð Bjarmason
2021-10-07 4:15 ` Taylor Blau
2021-10-07 3:55 ` Taylor Blau
2021-10-07 18:02 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.2110201416390.56@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.