Move coverity to a reusable workflow, add a dispatcher workflow

rgacogne · Sep 20, 2024 · 863ab5d · 863ab5d
1 parent 72ae147
commit 863ab5d
Show file tree

Hide file tree

Showing 3 changed files with 165 additions and 88 deletions.
diff --git a/.github/workflows/coverity-dispatch.yml b/.github/workflows/coverity-dispatch.yml
@@ -0,0 +1,25 @@
+---
+name: Trigger specific coverity scan
+
+on:
+  workflow_dispatch:
+    inputs:
+      product:
+        description: Product to build
+        type: choice
+        options:
+        - authoritative
+        - recursor
+        - dnsdist
+
+permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+  contents: read
+
+jobs:
+  call-coverity:
+    uses: PowerDNS/pdns/.github/workflows/coverity.yml@master
+    with:
+      product: ${{ github.event.inputs.product }}
+    secrets:
+      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
+      COVERITY_EMAIL: ${{ secrets.COVERITY_EMAIL }}
diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
@@ -0,0 +1,122 @@
+---
+name: Coverity scan
+
+on:
+  workflow_call:
+    inputs:
+      product:
+        required: true
+        description: Product to build
+        type: string
+    secrets:
+      COVERITY_TOKEN:
+        required: true
+      COVERITY_EMAIL:
+        required: true
+
+permissions: # least privileges, see https://docs.github.com/en/actions/using-workflows/workflow-syntax-for-github-actions#permissions
+  contents: read
+
+env:
+  CLANG_VERSION: '12'
+
+jobs:
+  coverity-auth:
+    name: coverity scan of the auth
+    if: ${{ inputs.product == 'authoritative' }}
+    runs-on: ubuntu-22.04
+    env:
+      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
+      FUZZING_TARGETS: no
+      SANITIZERS:
+      UNIT_TESTS: no
+    steps:
+      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 5
+          submodules: recursive
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
+      - run: inv install-clang
+      - run: inv install-auth-build-deps
+      - run: inv install-coverity-tools PowerDNS
+      - run: inv coverity-clang-configure
+      - run: inv ci-autoconf
+      - run: inv ci-auth-configure
+      - run: inv coverity-make
+      - run: inv coverity-tarball auth.tar.bz2
+      - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} PowerDNS auth.tar.bz2
+
+  coverity-dnsdist:
+    name: coverity scan of dnsdist
+    if: ${{ inputs.product == 'dnsdist' }}
+    runs-on: ubuntu-22.04
+    env:
+      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
+      SANITIZERS:
+      UNIT_TESTS: no
+      REPO_HOME: ${{ github.workspace }}
+    steps:
+      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 5
+          submodules: recursive
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
+      - run: inv install-clang
+      - run: inv install-dnsdist-build-deps --skipXDP
+      - run: inv install-coverity-tools dnsdist
+      - run: inv coverity-clang-configure
+      - run: inv ci-autoconf
+        working-directory: ./pdns/dnsdistdist/
+      - run: inv ci-install-rust ${{ env.REPO_HOME }}
+        working-directory: ./pdns/dnsdistdist/
+      - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }}
+        working-directory: ./pdns/dnsdistdist/
+      - run: inv ci-dnsdist-configure full
+        working-directory: ./pdns/dnsdistdist/
+      - run: inv coverity-make
+        working-directory: ./pdns/dnsdistdist/
+      - run: inv coverity-tarball dnsdist.tar.bz2
+        working-directory: ./pdns/dnsdistdist/
+      - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} dnsdist dnsdist.tar.bz2
+        working-directory: ./pdns/dnsdistdist/
+
+  coverity-rec:
+    name: coverity scan of the rec
+    if: ${{ inputs.product == 'recursor' }}
+    runs-on: ubuntu-22.04
+    env:
+      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
+      SANITIZERS:
+      UNIT_TESTS: no
+    steps:
+      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
+      - uses: actions/checkout@v4
+        with:
+          fetch-depth: 5
+          submodules: recursive
+      - uses: actions/setup-python@v5
+        with:
+          python-version: '3.11'
+      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
+      - run: inv install-clang
+      - run: inv install-rec-build-deps
+      - run: inv install-coverity-tools 'PowerDNS+Recursor'
+      - run: inv coverity-clang-configure
+      - run: inv ci-autoconf
+        working-directory: ./pdns/recursordist/
+      - run: inv ci-rec-configure full
+        working-directory: ./pdns/recursordist/
+      - run: inv coverity-make
+        working-directory: ./pdns/recursordist/
+      - run: inv coverity-tarball recursor.tar.bz2
+        working-directory: ./pdns/recursordist/
+      - run: inv coverity-upload ${{ secrets.COVERITY_EMAIL }} 'PowerDNS+Recursor' recursor.tar.bz2
+        working-directory: ./pdns/recursordist/
diff --git a/.github/workflows/misc-dailies.yml b/.github/workflows/misc-dailies.yml
@@ -42,99 +42,29 @@ jobs:
   coverity-auth:
     name: coverity scan of the auth
     if: ${{ vars.SCHEDULED_MISC_DAILIES }}
-    runs-on: ubuntu-22.04
-    env:
-      COVERITY_TOKEN: ${{ secrets.coverity_auth_token }}
-      FUZZING_TARGETS: no
-      SANITIZERS:
-      UNIT_TESTS: no
-    steps:
-      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 5
-          submodules: recursive
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
-      - run: inv install-clang
-      - run: inv install-auth-build-deps
-      - run: inv install-coverity-tools PowerDNS
-      - run: inv coverity-clang-configure
-      - run: inv ci-autoconf
-      - run: inv ci-auth-configure
-      - run: inv coverity-make
-      - run: inv coverity-tarball auth.tar.bz2
-      - run: inv coverity-upload ${{ secrets.coverity_email }} PowerDNS auth.tar.bz2
+    uses: PowerDNS/pdns/.github/workflows/coverity.yml@master
+    with:
+      product: 'authoritative'
+    secrets:
+      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
+      COVERITY_EMAIL: ${{ secrets.COVERITY_EMAIL }}
 
   coverity-dnsdist:
     name: coverity scan of dnsdist
     if: ${{ vars.SCHEDULED_MISC_DAILIES }}
-    runs-on: ubuntu-22.04
-    env:
-      COVERITY_TOKEN: ${{ secrets.coverity_dnsdist_token }}
-      SANITIZERS:
-      UNIT_TESTS: no
-      REPO_HOME: ${{ github.workspace }}
-    steps:
-      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 5
-          submodules: recursive
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
-      - run: inv install-clang
-      - run: inv install-dnsdist-build-deps --skipXDP
-      - run: inv install-coverity-tools dnsdist
-      - run: inv coverity-clang-configure
-      - run: inv ci-autoconf
-        working-directory: ./pdns/dnsdistdist/
-      - run: inv ci-install-rust ${{ env.REPO_HOME }}
-        working-directory: ./pdns/dnsdistdist/
-      - run: inv ci-build-and-install-quiche ${{ env.REPO_HOME }}
-        working-directory: ./pdns/dnsdistdist/
-      - run: inv ci-dnsdist-configure full
-        working-directory: ./pdns/dnsdistdist/
-      - run: inv coverity-make
-        working-directory: ./pdns/dnsdistdist/
-      - run: inv coverity-tarball dnsdist.tar.bz2
-        working-directory: ./pdns/dnsdistdist/
-      - run: inv coverity-upload ${{ secrets.coverity_email }} dnsdist dnsdist.tar.bz2
-        working-directory: ./pdns/dnsdistdist/
+    uses: PowerDNS/pdns/.github/workflows/coverity.yml@master
+    with:
+      product: 'dnsdist'
+    secrets:
+      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
+      COVERITY_EMAIL: ${{ secrets.COVERITY_EMAIL }}
 
   coverity-rec:
     name: coverity scan of the rec
     if: ${{ vars.SCHEDULED_MISC_DAILIES }}
-    runs-on: ubuntu-22.04
-    env:
-      COVERITY_TOKEN: ${{ secrets.coverity_rec_token }}
-      SANITIZERS:
-      UNIT_TESTS: no
-    steps:
-      - uses: PowerDNS/pdns/set-ubuntu-mirror@meta
-      - uses: actions/checkout@v4
-        with:
-          fetch-depth: 5
-          submodules: recursive
-      - uses: actions/setup-python@v5
-        with:
-          python-version: '3.11'
-      - run: build-scripts/gh-actions-setup-inv-no-dist-upgrade
-      - run: inv install-clang
-      - run: inv install-rec-build-deps
-      - run: inv install-coverity-tools 'PowerDNS+Recursor'
-      - run: inv coverity-clang-configure
-      - run: inv ci-autoconf
-        working-directory: ./pdns/recursordist/
-      - run: inv ci-rec-configure full
-        working-directory: ./pdns/recursordist/
-      - run: inv coverity-make
-        working-directory: ./pdns/recursordist/
-      - run: inv coverity-tarball recursor.tar.bz2
-        working-directory: ./pdns/recursordist/
-      - run: inv coverity-upload ${{ secrets.coverity_email }} 'PowerDNS+Recursor' recursor.tar.bz2
-        working-directory: ./pdns/recursordist/
+    uses: PowerDNS/pdns/.github/workflows/coverity.yml@master
+    with:
+      product: 'recursor'
+    secrets:
+      COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }}
+      COVERITY_EMAIL: ${{ secrets.COVERITY_EMAIL }}