Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

ansible: move Coverity Scan build tool install #3752

Merged
merged 2 commits into from
Jun 7, 2024
Merged

ansible: move Coverity Scan build tool install #3752

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
2 commits
Select commit Hold shift + click to select a range
0d510d7
ansible: fix h2load install on benchmark machines
richardlau Jun 5, 2024
4018a21
ansible: move Coverity Scan build tool install
richardlau Jun 5, 2024
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
13 changes: 11 additions & 2 deletions ansible/MANUAL_STEPS.md
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -23,6 +23,8 @@
* [Control machine (where Ansible is run)](#control-machine-where-ansible-is-run)
* [Target machines](#target-machines)
* [jenkins-workspace](#jenkins-workspace)
* [benchmark](#benchmark)
* [Static analysis](#static-analysis)
* [Docker hosts](#docker-hosts)
* [SmartOS](#smartos)
* [IBM i](#ibm-i)
Expand Down Expand Up @@ -664,9 +666,15 @@ Note that not all jobs can use [jenkins-workspace] servers for execution, some a

The [jenkins-workspace] hosts are setup as standard Node.js nodes but are only given the [jenkins-workspace] label.

## benchmark

### Static analysis

The [benchmark][] machines are set up so they can run preinstalled tooling against the Node.js codebase and submit the results to [Coverity Scan][].

The playbook should download and install the Coverity build tool needed for static analysis into `/var/`. The extracted build tool should end up in a directory similar to `/var/cov-analysis-linux64-2023.6.2`. This directory must match the `PATH` setting in the [node-daily-coverity][] job. According to Synopsis the tool is usually updated twice yearly -- if it is updated the directory will change and the following steps should be done:

* Run the playbook on all [jenkins-workspace][] machines so that they have the same version of the Coverity build tool installed.
* Run the playbook on all [benchmark][] machines so that they have the same version of the Coverity build tool installed.
* Update the [node-daily-coverity][] job so that the set `PATH` contains the new directory name.

## Docker hosts
Expand Down Expand Up @@ -776,8 +784,9 @@ pax -rf /u/unix1/SDK8_64bit_SR6_FP10.PAX.Z -ppx
```



[Coverity Scan]: https://scan.coverity.com/projects/node-js
[Setting up a Windows Host]: https://docs.ansible.com/ansible/latest/user_guide/windows_setup.html
[benchmark]: https://ci.nodejs.org/label/benchmark/
[jenkins-workspace]: https://ci.nodejs.org/label/jenkins-workspace/
[newer Ansible configuration]: https://github.com/nodejs/build/tree/main/ansible
[node-daily-coverity]: https://ci.nodejs.org/job/node-daily-coverity/configure
Expand Down
3 changes: 3 additions & 0 deletions ansible/playbooks/jenkins/worker/create.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -16,6 +16,9 @@
- { role: 'benchmarking',
tags: 'benchmarking',
when: is_benchmark is defined and is_benchmark|bool == True }
- { role: 'static-analysis',
tags: 'static-analysis',
when: is_benchmark is defined and is_benchmark|bool == True }
#
# Install Linux perf on Benchmarking servers
#
Expand Down
3 changes: 3 additions & 0 deletions ansible/roles/benchmarking/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -28,6 +28,9 @@
shell: "autoreconf -i && automake && autoconf && ./configure --enable-app && make -j4"
args:
chdir: "/home/{{ server_user }}/nghttp2"
environment:
CC: gcc-12
CXX: g++-12

- name: Download wrk git repo
git:
Expand Down
1 change: 1 addition & 0 deletions ansible/roles/benchmarking/vars/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,5 +1,6 @@
---
packages:
- g++-12
- libc-ares-dev
- libcunit1-dev
- libev-dev
Expand Down
45 changes: 0 additions & 45 deletions ansible/roles/jenkins-workspace/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -141,48 +141,3 @@
name: pip
executable: pip3
state: latest

# Required to submit builds to Coverity.
- name: Install jq
ansible.builtin.package:
name: jq
state: latest
update_cache: yes

# Coverity build tool. See MANUAL_STEPS.md.
- name: Get md5sum for Coverity build tool
ansible.builtin.uri:
body:
md5: 1
token: "{{ secrets.coverity_token }}"
project: Node.js
body_format: form-urlencoded
method: POST
url: https://scan.coverity.com/download/linux64
return_content: true
register: coverity_build_tool_meta

- name: Download Coverity build tool
ansible.builtin.uri:
body:
token: "{{ secrets.coverity_token }}"
project: Node.js
body_format: form-urlencoded
dest: /tmp/
method: POST
url: https://scan.coverity.com/download/linux64
register: coverity_build_tool

- name: Validate checksum of downloaded Coverity build tool
ansible.builtin.stat:
checksum_algorithm: md5
path: "{{ coverity_build_tool.path }}"
failed_when: coverity_build_tool_file.stat.checksum != coverity_build_tool_meta.content
register: coverity_build_tool_file

- name: Unpack Coverity build tool
ansible.builtin.unarchive:
creates: "/var/{{ coverity_build_tool.path|regex_search('/tmp/(.+)\\.tar\\.gz', '\\1')|first }}"
dest: /var/
remote_src: true
src: "{{ coverity_build_tool.path }}"
7 changes: 7 additions & 0 deletions ansible/roles/static-analysis/meta/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,7 @@
---

# This role depends on read-secrets to get the token necessary to download the
# Coverity Scan Build Tool.

dependencies:
- role: read-secrets
49 changes: 49 additions & 0 deletions ansible/roles/static-analysis/tasks/main.yml
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -0,0 +1,49 @@
---

# Set up tooling required to perform static analysis builds.
# See MANUAL_STEPS.md for further steps if the Build tool is updated.

# Required to submit builds to Coverity.
- name: Install jq
ansible.builtin.package:
name: jq
state: latest
update_cache: yes

# Coverity build tool.
- name: Get md5sum for Coverity build tool
ansible.builtin.uri:
body:
md5: 1
token: "{{ secrets.coverity_token }}"
project: Node.js
body_format: form-urlencoded
method: POST
url: https://scan.coverity.com/download/linux64
return_content: true
register: coverity_build_tool_meta

- name: Download Coverity build tool
ansible.builtin.uri:
body:
token: "{{ secrets.coverity_token }}"
project: Node.js
body_format: form-urlencoded
dest: /tmp/
method: POST
url: https://scan.coverity.com/download/linux64
register: coverity_build_tool

- name: Validate checksum of downloaded Coverity build tool
ansible.builtin.stat:
checksum_algorithm: md5
path: "{{ coverity_build_tool.path }}"
failed_when: coverity_build_tool_file.stat.checksum != coverity_build_tool_meta.content
register: coverity_build_tool_file

- name: Unpack Coverity build tool
ansible.builtin.unarchive:
creates: "/var/{{ coverity_build_tool.path|regex_search('/tmp/(.+)\\.tar\\.gz', '\\1')|first }}"
dest: /var/
remote_src: true
src: "{{ coverity_build_tool.path }}"