Add coverity pipeline (#7828)

* Add pipeline for OSS coverity scan * Intercept and submit the build to coverity * Remove tests * Remove test dependencies installation
2021-10-05 17:43:10 +03:00 · 2021-10-05 17:43:10 +03:00 · 275d4838c5
commit 275d4838c5
parent 58e8893a26
1 changed files with 149 additions and 0 deletions
--- a/.ci/azure/linux_coverity.yml
+++ b/.ci/azure/linux_coverity.yml
@ -0,0 +1,149 @@
+resources:
+  repositories:
+  - repository: openvino_contrib
+    type: github
+    endpoint: openvinotoolkit
+    name: openvinotoolkit/openvino_contrib
+
+jobs:
+- job: Lin
+  # About 150% of total time
+  timeoutInMinutes: 90
+
+  pool:
+    name: LIN_VMSS_VENV_F16S_U20_WU2
+
+  variables:
+    system.debug: true
+    VSTS_HTTP_RETRY: 5
+    VSTS_HTTP_TIMEOUT: 200
+    BUILD_TYPE: Release
+    REPO_DIR: $(Build.Repository.LocalPath)
+    OPENVINO_CONTRIB_REPO_DIR: $(REPO_DIR)/../openvino_contrib
+    WORK_DIR: $(Pipeline.Workspace)/_w
+    BUILD_DIR: $(WORK_DIR)/build
+    BUILD_SAMPLES_DIR: $(WORK_DIR)/build_samples
+    INSTALL_DIR: $(WORK_DIR)/install_pkg
+    SETUPVARS: $(INSTALL_DIR)/setupvars.sh
+
+  steps:
+  - script: |
+      curl -H Metadata:true --noproxy "*" "http://169.254.169.254/metadata/instance?api-version=2019-06-01"
+      whoami
+      uname -a
+      echo Python3 info ; which python3 ; python3 --version
+      echo Python info ; which python ; python --version
+      echo Java info ; which java ; java -version
+      echo gcc info ; which gcc ; gcc --version
+      echo cmake info ; which cmake ; cmake --version
+      lsb_release
+      env
+      cat /proc/cpuinfo
+      cat /proc/meminfo
+      cat /etc/fstab
+      vmstat -s
+      df
+      lsblk -o NAME,HCTL,SIZE,MOUNTPOINT | grep -i "sd"
+      free -h
+    displayName: 'System info'
+
+  - script: |
+      rm -rf $(WORK_DIR) ; mkdir $(WORK_DIR)
+      rm -rf $(BUILD_DIR) ; mkdir $(BUILD_DIR)
+      rm -rf $(BUILD_SAMPLES_DIR) ; mkdir $(BUILD_SAMPLES_DIR)
+      echo TargetBranch: $(System.PullRequest.TargetBranch)
+      echo SourceBranch: $(Build.SourceBranch)
+    displayName: 'Make dir'
+
+  - checkout: self
+    clean: true
+    lfs: false
+    submodules: recursive
+    path: openvino
+
+  - checkout: openvino_contrib
+    clean: true
+    lfs: false
+    submodules: recursive
+    path: openvino_contrib
+
+  - script: |
+      set -e
+      $(REPO_DIR)/install_build_dependencies.sh
+      # Move jdk into contrib
+      sudo apt --assume-yes install openjdk-11-jdk
+      # Speed up build
+      wget https://github.com/ninja-build/ninja/releases/download/v1.10.2/ninja-linux.zip
+      unzip ninja-linux.zip
+      sudo cp -v ninja /usr/local/bin/
+      # Speed up tests
+      git clone https://github.com/google/gtest-parallel.git
+    workingDirectory: $(WORK_DIR)
+    displayName: 'Install dependencies'
+
+  - task: CMake@1
+    inputs:
+      # CMake must get Python 3.x version by default
+      cmakeArgs: >
+        -GNinja
+        -DVERBOSE_BUILD=ON
+        -DCMAKE_BUILD_TYPE=$(BUILD_TYPE)
+        -DENABLE_PYTHON=ON
+        -DPYTHON_EXECUTABLE=/usr/bin/python3.8
+        -DENABLE_WHEEL=ON
+      # Skipping tests from static analysis
+      # -DENABLE_TESTS=ON
+        -DNGRAPH_ONNX_FRONTEND_ENABLE=ON
+        -DENABLE_FASTER_BUILD=ON
+        -DENABLE_STRICT_DEPENDENCIES=OFF
+        -DENABLE_REQUIREMENTS_INSTALL=OFF
+        -DIE_EXTRA_MODULES=$(OPENVINO_CONTRIB_REPO_DIR)/modules
+        $(REPO_DIR)
+      workingDirectory: $(BUILD_DIR)
+
+  - script: ls -alR $(REPO_DIR)/inference-engine/temp/
+    displayName: 'List temp SDKs'
+
+  - script: |
+        wget https://scan.coverity.com/download/linux64 --post-data "token=$(COVERITY_TOKEN)&project=openvino" -O coverity_tool.tgz
+        tar xvf coverity_tool.tgz --directory $(Agent.ToolsDirectory)
+        rm coverity_tool.tgz
+    workingDirectory: $(TEMP)
+
+  - script: $(Agent.ToolsDirectory)/cov-analysis*/bin/cov-build --dir $(BUILD_DIR)/cov-int ninja
+    workingDirectory: $(BUILD_DIR)
+    displayName: 'Build Lin with Coverity'
+  
+  - script: ls -alR $(REPO_DIR)/bin/
+    displayName: 'List bin files'
+
+  - script: cmake -DCMAKE_INSTALL_PREFIX=$(INSTALL_DIR) -P cmake_install.cmake
+    workingDirectory: $(BUILD_DIR)
+    displayName: 'Install'
+
+  - script: ls -alR $(INSTALL_DIR)
+    displayName: 'List install files'
+
+  # todo add coverity intercept
+  - script: $(Agent.ToolsDirectory)/cov-analysis*/bin/cov-build --dir $(BUILD_DIR)/cov-int $(INSTALL_DIR)/samples/cpp/build_samples.sh
+    workingDirectory: $(BUILD_SAMPLES_DIR)
+    displayName: 'Build cpp samples with Coverity'
+
+  - script: $(Agent.ToolsDirectory)/cov-analysis*/bin/cov-build --dir $(BUILD_DIR)/cov-int $(INSTALL_DIR)/samples/c/build_samples.sh
+    workingDirectory: $(BUILD_SAMPLES_DIR)
+    displayName: 'Build c samples with Coverity'
+
+  - script: |
+        tar czvf openvino.tgz $(BUILD_DIR)/cov-int
+        curl --form token=$(COVERITY_TOKEN) \
+          --form email=$(COVERITY_USER) \
+          --form file=@openvino.tgz \
+          --form version="$(Build.SourceVersion)" \
+          --form description="https://github.com/openvinotoolkit/openvino/runs/$(Build.BuildNumber)" \
+          https://scan.coverity.com/builds?project=openvino
+    workingDirectory: $(BUILD_DIR)
+    displayName: 'Submit for analysis'
+
+  - script: rm -fr $(BUILD_DIR)
+    displayName: 'Clean build dir'
+    continueOnError: false