From: Johannes Schindelin <Johannes.Schindelin@gmx.de>
To: Jeff King <peff@peff.net>
Cc: Taylor Blau <me@ttaylorr.com>, Junio C Hamano <gitster@pobox.com>,
git@vger.kernel.org
Subject: Re: What's cooking in git.git (Oct 2021, #02; Wed, 6)
Date: Wed, 20 Oct 2021 14:27:30 +0200 (CEST) [thread overview]
Message-ID: <nycvar.QRO.7.76.6.2110201416390.56@tvgsbejvaqbjf.bet> (raw)
In-Reply-To: <YWC49+xCh+zum8Ms@coredump.intra.peff.net>
Hi Peff,
On Fri, 8 Oct 2021, Jeff King wrote:
> On Fri, Oct 08, 2021 at 09:51:33AM +0200, Johannes Schindelin wrote:
>
> > FWIW I have set up an Azure Pipeline to keep Git for Windows' `main`
> > branch covered by Coverity:
> >
> > https://dev.azure.com/git-for-windows/git/_build?definitionId=35
> >
> > It essentially calls into this scripted code:
> > https://github.com/git-for-windows/build-extra/blob/4676f286a1ec830a5038b32400808a353dc6c48d/please.sh#L1820-L1915
>
> Do you have any objection to adding something like the Action I showed
> eariler? It would do nothing in git-for-windows/git unless you set up
> the right environment, so there shouldn't be any downside.
No objection. I'd just ask to use `${{github.repository}}` instead of
hard-coding `peff/git`, and to really not run the workflow unless
configured. So something like this:
name: coverity-scan
on:
push:
- master
- next
- seen
jobs:
coverity:
runs-on: ubuntu-latest
env:
COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
COVERITY_SCAN_EMAIL: ${{ secrets.COVERITY_SCAN_EMAIL }}
if: env.COVERITY_SCAN_TOKEN != '' && env.COVERITY_SCAN_EMAIL != ''
steps:
- uses: actions/checkout@v2
- run: ci/install-dependencies.sh
- name: Download Coverity Build Tool
run: |
wget -q https://scan.coverity.com/download/linux64 --post-data "token=$COVERITY_SCAN_TOKEN&project=$GITHUB_REPOSITORY" -O cov-analysis-linux64.tar.gz
mkdir cov-analysis-linux64
tar xzf cov-analysis-linux64.tar.gz --strip 1 -C cov-analysis-linux64
- name: Build with cov-build
run: |
export PATH=$(pwd)/cov-analysis-linux64/bin:$PATH
cov-build --dir cov-int make
- name: Submit the result to Coverity Scan
run: |
tar czvf git.tgz cov-int
curl \
--form project=$GITHUB_REPOSITORY \
--form token=$COVERITY_SCAN_TOKEN \
--form email=$COVERITY_SCAN_EMAIL \
--form file=@git.tgz \
--form version=$(git rev-parse HEAD) \
--form description="$(./git version)" \
https://scan.coverity.com/builds?project=$GITHUB_REPOSITORY
Note the `jobs.coverity.if` attribute. This is what will let the entire
job be skipped unless the secrets are set up.
I am very much in favor of having this in git/git. Do you want to provide
the commit message, or do you want me to shepher this?
> I admit I was not really planning to try to suppress the false positives
> as you've done here; my plan was to just keep an eye on the "new"
> entries (having already gone through the existing ones years ago).
I think we will _have_ to suppress the false positives at some point, as
something like 9 out of 10 new reports I receive are about these, and it
takes time to analyze & dismiss them. In general, I have no trouble
finding more fun things to do with my time.
Ciao,
Dscho
next prev parent reply other threads:[~2021-10-20 12:27 UTC|newest]
Thread overview: 24+ messages / expand[flat|nested] mbox.gz Atom feed top
2021-10-07 0:24 What's cooking in git.git (Oct 2021, #02; Wed, 6) Junio C Hamano
2021-10-07 2:01 ` ab/make-sparse-for-real Ævar Arnfjörð Bjarmason
2021-10-07 2:24 ` What's cooking in git.git (Oct 2021, #02; Wed, 6) Jeff King
2021-10-07 2:38 ` Jeff King
2021-10-07 4:07 ` Taylor Blau
2021-10-08 3:55 ` Jeff King
2021-10-08 7:51 ` Johannes Schindelin
2021-10-08 21:32 ` Jeff King
2021-10-20 12:27 ` Johannes Schindelin [this message]
2021-10-20 14:30 ` Taylor Blau
2021-10-20 14:47 ` Junio C Hamano
2021-10-20 16:13 ` Jeff King
2022-08-16 9:05 ` Coverity, was " Johannes Schindelin
2022-08-17 0:57 ` Jeff King
2022-08-19 11:22 ` Johannes Schindelin
2021-10-07 7:42 ` Ævar Arnfjörð Bjarmason
2021-10-08 4:10 ` Jeff King
2021-10-08 20:03 ` Junio C Hamano
2021-10-08 20:19 ` Jeff King
2021-10-08 21:57 ` Junio C Hamano
2021-10-07 2:57 ` Ævar Arnfjörð Bjarmason
2021-10-07 4:15 ` Taylor Blau
2021-10-07 3:55 ` Taylor Blau
2021-10-07 18:02 ` Junio C Hamano
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=nycvar.QRO.7.76.6.2110201416390.56@tvgsbejvaqbjf.bet \
--to=johannes.schindelin@gmx.de \
--cc=git@vger.kernel.org \
--cc=gitster@pobox.com \
--cc=me@ttaylorr.com \
--cc=peff@peff.net \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).