Bump actions/checkout from 5.0.1 to 6.0.0 #400
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
| name: Coverity (Ubuntu 22.04, Python 3.11) | |
| on: | |
| workflow_dispatch: | |
| schedule: | |
| # run daily at 00:00 | |
| - cron: '0 0 * * *' | |
| pull_request: | |
| paths: | |
| - '.github/workflows/coverity.yml' | |
| permissions: read-all # Required by https://github.com/ossf/scorecard/blob/e23b8ad91fd6a64a0a971ca4fc0a4d1650725615/docs/checks.md#token-permissions | |
| concurrency: | |
| group: ${{ github.ref }}-genai-cov-linux | |
| cancel-in-progress: true | |
| env: | |
| PYTHON_VERSION: '3.11' | |
| OV_BRANCH: ${{ github.base_ref || github.event.merge_group.base_ref || github.ref }} | |
| jobs: | |
| openvino_download: | |
| name: Download OpenVINO | |
| outputs: | |
| status: ${{ steps.openvino_download.outcome }} | |
| ov_artifact_name: ${{ steps.openvino_download.outputs.ov_artifact_name }} | |
| ov_wheel_source: ${{ steps.openvino_download.outputs.ov_wheel_source }} | |
| docker_tag: ${{ steps.get_docker_tag.outputs.docker_tag }} | |
| timeout-minutes: 10 | |
| defaults: | |
| run: | |
| shell: bash | |
| runs-on: aks-linux-medium | |
| container: | |
| image: 'openvinogithubactions.azurecr.io/openvino_provider:0.1.0' | |
| volumes: | |
| - /mount:/mount | |
| - ${{ github.workspace }}:${{ github.workspace }} | |
| steps: | |
| - uses: openvinotoolkit/openvino/.github/actions/openvino_provider@master | |
| id: openvino_download | |
| with: | |
| platform: ubuntu22 | |
| commit_packages_to_provide: wheels | |
| revision: latest_available_commit | |
| # Set specific revision and uncomment to use OV from its PR build: | |
| # branch_name: master | |
| # event_name: pull_request | |
| - name: Clone docker tag from OpenVINO repo | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| repository: 'openvinotoolkit/openvino' | |
| path: 'openvino' | |
| ref: ${{ env.OV_BRANCH }} | |
| sparse-checkout: | | |
| .github/dockerfiles/docker_tag | |
| - name: Save docker tag to output | |
| id: get_docker_tag | |
| run: | | |
| docker_tag=$(cat openvino/.github/dockerfiles/docker_tag) | |
| echo "docker_tag=$docker_tag" >> $GITHUB_OUTPUT | |
| coverity_build: | |
| name: Build for coverity | |
| needs: [ openvino_download ] | |
| timeout-minutes: 20 | |
| defaults: | |
| run: | |
| shell: bash | |
| runs-on: aks-linux-16-cores-64gb | |
| container: | |
| image: openvinogithubactions.azurecr.io/ov_build/ubuntu_22_04_x64:${{ needs.openvino_download.outputs.docker_tag }} | |
| volumes: | |
| - /mount:/mount | |
| options: -v ${{ github.workspace }}:${{ github.workspace }} | |
| env: | |
| CMAKE_GENERATOR: Unix Makefiles | |
| OV_INSTALL_DIR: ${{ github.workspace }}/ov | |
| INSTALL_DIR: ${{ github.workspace }}/install | |
| BUILD_DIR: ${{ github.workspace }}/build | |
| BUILD_TYPE: Release | |
| COV_TOOL_DIR: ${{ github.workspace }}/coverity_tool | |
| steps: | |
| - name: Clone openvino.genai | |
| uses: actions/checkout@1af3b93b6815bc44a9784bd300feb67ff0d1eeb3 # v6.0.0 | |
| with: | |
| path: openvino.genai | |
| - name: Download OpenVINO package | |
| uses: akashchi/download-artifact@d59a9c15fec3fdb7c9adf09464124d00f9c11415 | |
| with: | |
| name: ${{ needs.openvino_download.outputs.ov_artifact_name }} | |
| path: ${{ env.OV_INSTALL_DIR }} | |
| merge-multiple: true | |
| - name: Restore Coverity Tool | |
| if: github.event_name == 'pull_request' | |
| id: cache-coverity | |
| uses: actions/cache@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| path: ${{ env.COV_TOOL_DIR }} | |
| key: coverity-${{ runner.os }}-${{ github.sha }} | |
| restore-keys: coverity-${{ runner.os }} | |
| - name: Download coverity tool | |
| if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' | |
| run: | | |
| wget -q https://scan.coverity.com/download/linux64 --post-data "token=${{ secrets.COVERITY_SECRET_TOKEN }}&project=openvino.genai" -O coverity_tool.tgz | |
| mkdir -p ${{ env.COV_TOOL_DIR }} | |
| pigz -dc coverity_tool.tgz | tar --strip-components=1 -xf - -C ${{ env.COV_TOOL_DIR }} | |
| - name: Create config file for coverity build | |
| run: | | |
| ${{ env.COV_TOOL_DIR }}/bin/cov-configure --delete-compiler-config template-python-config-0 | |
| ${{ env.COV_TOOL_DIR }}/bin/cov-configure --python --no-capture-config-files --version 3 | |
| - name: Create build.sh | |
| run: | | |
| echo """ | |
| mkdir -p ${{ github.workspace }}/build | |
| cmake -DCMAKE_BUILD_TYPE=${BUILD_TYPE} -DBUILD_TOKENIZERS=NO -DOpenVINO_DIR=${OV_INSTALL_DIR}/runtime/cmake/ -DCMAKE_C_COMPILER_LAUNCHER= -DCMAKE_CXX_COMPILER_LAUNCHER= -B${BUILD_DIR} ${{ github.workspace }}/openvino.genai | |
| cmake --build ${BUILD_DIR} --config ${BUILD_TYPE} --parallel $(nproc) | |
| """ > build.sh | |
| - name: Build for coverity | |
| run: | | |
| ${{ env.COV_TOOL_DIR }}/bin/cov-build --config ${{ env.COV_TOOL_DIR }}/config/coverity_config.xml --tmpdir cov_temp --dir ${BUILD_DIR}/cov-int sh build.sh | |
| - name: Pack for analysis submission | |
| run: tar -cvf - cov-int | pigz > openvino-genai.tgz | |
| working-directory: ${{ env.BUILD_DIR }} | |
| - name: Submit to coverity | |
| if: github.event_name == 'schedule' || github.event_name == 'workflow_dispatch' | |
| run: | | |
| apt-get update && apt-get install -y curl jq | |
| pushd ${BUILD_DIR} | |
| curl -X POST -d token=${{ secrets.COVERITY_SECRET_TOKEN }} \ | |
| -d email=${{ secrets.COVERITY_USER }} \ | |
| -d file_name="openvino-genai.tgz" \ | |
| -d version="${{ github.sha }}" \ | |
| -d description="https://github.com/openvinotoolkit/openvino.genai/actions/runs/${{ github.run_id }}" \ | |
| https://scan.coverity.com/projects/30357/builds/init | tee response | |
| upload_url=$(jq -r '.url' response) | |
| build_id=$(jq -r '.build_id' response) | |
| curl -X PUT \ | |
| --header 'Content-Type: application/json' \ | |
| --upload-file openvino-genai.tgz \ | |
| $upload_url | |
| curl -X PUT \ | |
| -d token=${{ secrets.COVERITY_SECRET_TOKEN }} \ | |
| https://scan.coverity.com/projects/30357/builds/$build_id/enqueue | |
| popd | |
| - name: Show Coverity configure logs | |
| continue-on-error: true | |
| run: ${{ env.COV_TOOL_DIR }}/bin/cov-configure -c ${{ env.COV_TOOL_DIR }}/config/coverity_config.xml -lscc text | |
| - name: Save Coverity Tool | |
| if: always() && github.event_name == 'schedule' | |
| uses: actions/cache/save@0057852bfaa89a56745cba8c7296529d2fc39830 # v4.3.0 | |
| with: | |
| key: coverity-${{ runner.os }}-${{ github.sha }} | |
| path: ${{ env.COV_TOOL_DIR }} | |
| - name: Upload Coverity build log | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: always() | |
| with: | |
| name: coverity_logs | |
| path: ${{ env.BUILD_DIR }}/cov-int/build-log.txt | |
| if-no-files-found: 'error' | |
| - name: Upload Coverity build archive | |
| uses: actions/upload-artifact@330a01c490aca151604b8cf639adc76d48f6c5d4 # v5.0.0 | |
| if: always() | |
| with: | |
| name: coverity_archive | |
| path: ${{ env.BUILD_DIR }}/openvino-genai.tgz | |
| if-no-files-found: 'error' |