|
| 1 | +# ******************************************************************************* |
| 2 | +# Copyright (C) 2025 Intel Corporation |
| 3 | +# |
| 4 | +# Licensed under the Apache License, Version 2.0 (the "License"); |
| 5 | +# you may not use this file except in compliance with the License. |
| 6 | +# You may obtain a copy of the License at |
| 7 | +# |
| 8 | +# http://www.apache.org/licenses/LICENSE-2.0 |
| 9 | +# |
| 10 | +# Unless required by applicable law or agreed to in writing, |
| 11 | +# software distributed under the License is distributed on an "AS IS" BASIS, |
| 12 | +# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. |
| 13 | +# See the License for the specific language governing permissions |
| 14 | +# and limitations under the License. |
| 15 | +# |
| 16 | +# |
| 17 | +# SPDX-License-Identifier: Apache-2.0 |
| 18 | +# ******************************************************************************* |
| 19 | + |
| 20 | +name: Coverity Scan |
| 21 | + |
| 22 | +on: |
| 23 | + # Only run on push to main branch |
| 24 | + push: |
| 25 | + branches: [develop] |
| 26 | + |
| 27 | +permissions: read-all |
| 28 | + |
| 29 | +env: |
| 30 | + COVERITY_PROJECT: uxlfoundation%2FoneMath |
| 31 | + LAPACK_VERSION: 3.12.0 |
| 32 | + |
| 33 | +jobs: |
| 34 | + coverity_linux: |
| 35 | + name: Coverity Linux |
| 36 | + if: github.repository == 'uxlfoundation/oneMath' |
| 37 | + runs-on: [ubuntu-latest] |
| 38 | + steps: |
| 39 | + - uses: actions/checkout@v4 |
| 40 | + |
| 41 | + - name: Download Coverity Build Tool (linux64) |
| 42 | + run: | |
| 43 | + curl --fail https://scan.coverity.com/download/cxx/linux64 --output ${GITHUB_WORKSPACE}/cov-linux64-tool.tar.gz \ |
| 44 | + --data "token=${{secrets.COVERITY_TOKEN}}&project=${{env.COVERITY_PROJECT}}" || { echo "Download failed"; exit 1; } |
| 45 | + mkdir cov-linux64-tool |
| 46 | + tar -xzf cov-linux64-tool.tar.gz --strip 1 -C cov-linux64-tool |
| 47 | + cd cov-linux64-tool/config |
| 48 | + git apply --check ${GITHUB_WORKSPACE}/.github/workflows/fix.coverity-2024.12.patch |
| 49 | + if patch -p1 < ${GITHUB_WORKSPACE}/.github/workflows/fix.coverity-2024.12.patch; then |
| 50 | + echo "Coverity Build Tool configs successfully patched" |
| 51 | + else |
| 52 | + echo "Coverity Build Tool configs patching failed, check patch relevance to current Coverity Build Tool version" |
| 53 | + exit 1 |
| 54 | + fi |
| 55 | +
|
| 56 | + - name: Install Intel compiler |
| 57 | + run: | |
| 58 | + wget --progress=dot:giga https://registrationcenter-download.intel.com/akdlm/IRC_NAS/39c79383-66bf-4f44-a6dd-14366e34e255/intel-dpcpp-cpp-compiler-2025.2.0.527_offline.sh |
| 59 | + sudo bash intel-dpcpp-cpp-compiler-2025.2.0.527_offline.sh -s -a -s --action install --eula accept |
| 60 | +
|
| 61 | + - name: Install Intel oneMKL |
| 62 | + run: | |
| 63 | + wget --progress=dot:giga https://registrationcenter-download.intel.com/akdlm/IRC_NAS/47c7d946-fca1-441a-b0df-b094e3f045ea/intel-onemkl-2025.2.0.629_offline.sh |
| 64 | + sudo bash intel-onemkl-2025.2.0.629_offline.sh -s -a -s --action install --eula accept |
| 65 | +
|
| 66 | + - name: Restore netlib from cache |
| 67 | + id: cache-lapack |
| 68 | + uses: actions/cache@d4323d4df104b026a6aa633fdb11d772146be0bf # v4.2.2 |
| 69 | + with: |
| 70 | + path: lapack/install |
| 71 | + key: lapack-3.12.0 |
| 72 | + |
| 73 | + - name: Install netlib |
| 74 | + if: steps.cache-lapack.outputs.cache-hit != 'true' |
| 75 | + run: | |
| 76 | + curl -sL https://github.com/Reference-LAPACK/lapack/archive/refs/tags/v${LAPACK_VERSION}.tar.gz | tar zx |
| 77 | + SHARED_OPT="lapack-${LAPACK_VERSION} -DBUILD_SHARED_LIBS=on -DCBLAS=on -DLAPACKE=on -DCMAKE_INSTALL_PREFIX=${PWD}/lapack/install" |
| 78 | + # 32 bit int |
| 79 | + cmake ${SHARED_OPT} -B lapack/build32 |
| 80 | + cmake --build lapack/build32 ${PARALLEL} --target install |
| 81 | + # 64 bit int |
| 82 | + cmake ${SHARED_OPT} -DBUILD_INDEX64=on -B lapack/build64 |
| 83 | + cmake --build lapack/build64 ${PARALLEL} --target install |
| 84 | +
|
| 85 | + - name: Prepare and run Coverity build |
| 86 | + run: | |
| 87 | + source /opt/intel/oneapi/setvars.sh |
| 88 | + export PATH="${PWD}/cov-linux64-tool/bin:${PATH}" |
| 89 | + cov-configure --template --compiler icpx --comptype intel_icpx:linux |
| 90 | + export LD_LIBRARY_PATH=${LD_LIBRARY_PATH}:${GITHUB_WORKSPACE}/lapack/install/lib |
| 91 | + cmake -DTARGET_DOMAINS="blas rng lapack dft sparse_blas" -DREF_BLAS_ROOT=${GITHUB_WORKSPACE}/lapack/install -DREF_LAPACK_ROOT=${GITHUB_WORKSPACE}/lapack/install -B build |
| 92 | + cov-build --dir cov-int cmake --build build -j 2 --target all |
| 93 | +
|
| 94 | + - name: Archive Coverity build results |
| 95 | + id: check_size |
| 96 | + run: | |
| 97 | + tar -czvf cov-int.tgz cov-int |
| 98 | + size=$(du -m cov-int.tgz | cut -f1) |
| 99 | + echo "Artifact size: $size MB" |
| 100 | + echo "size=$size" >> $GITHUB_OUTPUT |
| 101 | +
|
| 102 | + - name: Submit Coverity results for analysis |
| 103 | + run: | |
| 104 | + curl \ |
| 105 | + --form token="${{secrets.COVERITY_TOKEN}}" \ |
| 106 | + --form email="${{secrets.COVERITY_EMAIL}}" \ |
| 107 | + --form file=@cov-int.tgz \ |
| 108 | + --form version="${GITHUB_SHA}" \ |
| 109 | + --form description="" \ |
| 110 | + "https://scan.coverity.com/builds?project=${{env.COVERITY_PROJECT}}" |
0 commit comments