Fix Coverity builds on Windows #1934
Closed
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
|
/submit |
|
Submitted as [email protected] To fetch this version into To fetch this version to local tag |
![gitgitgadget[bot]](https://avatars.githubusercontent.com/in/12836?s=60&v=4){kind=small}
| @@ -147,7 +147,7 @@ jobs: | |||
| key: cov-build-${{ env.COVERITY_LANGUAGE }}-${{ env.COVERITY_PLATFORM }}-${{ steps.lookup.outputs.hash }} | |||
There was a problem hiding this comment.
On the Git mailing list, Junio C Hamano wrote (reply to this):
"Johannes Schindelin via GitGitGadget" <[email protected]>
writes:
> ...
> In the meantime, the current Coverity documentation describes a very
> different way to install the analysis tool, recommending to add the
> `bin/` directory to the _end_ of `PATH` (when originally, IIRC, it was
> recommended to add it to the _beginning_ of the `PATH`).
> ..., and finding the "wrong" ones first on the
> `PATH` misleads that logic.
>
> Let's fix this problem by following Coverity's current recommendation
> and append the `bin/` directory in which `cov-int` can be found to the
> _end_ of `PATH`.
Wow, that is a very well described change.
> Signed-off-by: Johannes Schindelin <[email protected]>
> ---
> .github/workflows/coverity.yml | 2 +-
> 1 file changed, 1 insertion(+), 1 deletion(-)
>
> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> index 124301dbbe2f..a5d99e59d4eb 100644
> --- a/.github/workflows/coverity.yml
> +++ b/.github/workflows/coverity.yml
> @@ -147,7 +147,7 @@ jobs:
> key: cov-build-${{ env.COVERITY_LANGUAGE }}-${{ env.COVERITY_PLATFORM }}-${{ steps.lookup.outputs.hash }}
> - name: build with cov-build
> run: |
> - export PATH="$RUNNER_TEMP/cov-analysis/bin:$PATH" &&
> + export PATH="$PATH:$(cygpath -au "$RUNNER_TEMP")/cov-analysis/bin" &&
Additionally two things are lacking explanation in the proposed log
message, though, or an uninitiated will still be left scratching his
head:
- Why didn't the original need "cygpath -au"?
- Even though many steps in this job deals with different
env.COVERITY_PLATFORM, this part does not seem to be conditional.
Why is $(cygpath -au ...) safe outside Windows environment?
Other than that, nicely done and very nicely explained.
> cov-configure --gcc &&
> cov-build --dir cov-int make
> - name: package the buildThere was a problem hiding this comment.
On the Git mailing list, Johannes Schindelin wrote (reply to this):
Hi Junio,
On Wed, 11 Jun 2025, Junio C Hamano wrote:
> "Johannes Schindelin via GitGitGadget" <[email protected]>
> writes:
>
> > diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> > index 124301dbbe2f..a5d99e59d4eb 100644
> > --- a/.github/workflows/coverity.yml
> > +++ b/.github/workflows/coverity.yml
> > @@ -147,7 +147,7 @@ jobs:
> > key: cov-build-${{ env.COVERITY_LANGUAGE }}-${{ env.COVERITY_PLATFORM }}-${{ steps.lookup.outputs.hash }}
> > - name: build with cov-build
> > run: |
> > - export PATH="$RUNNER_TEMP/cov-analysis/bin:$PATH" &&
> > + export PATH="$PATH:$(cygpath -au "$RUNNER_TEMP")/cov-analysis/bin" &&
>
> Additionally two things are lacking explanation in the proposed log
> message, though, or an uninitiated will still be left scratching his
> head:
>
> - Why didn't the original need "cygpath -au"?
>
> - Even though many steps in this job deals with different
> env.COVERITY_PLATFORM, this part does not seem to be conditional.
> Why is $(cygpath -au ...) safe outside Windows environment?
I am delighted by your feedback which points out a functional problem. The
`cygpath -au` is a left-over from some interactive debugging session where
I _thought_ that `RUNNER_TEMP` contains a Windows path, and I wanted to
make sure that it is a Unix-like path.
But yes, this is totally in a cross-platform part of the workflow (which
is itself already guarded by that `if:
contains(fromJSON(vars.ENABLE_COVERITY_SCAN_FOR_BRANCHES || '[""]'),
github.ref_name)` condition so that it is skipped in forks that did not
enable this workflow explicitly.
As such, that `cygpath` call is incorrect, as it would fail on anything by
Windows. It is also unnecessary, as I just verified in a manual run.
Therefore I drop it from v2.
Thank you,
JohannesThere was a problem hiding this comment.
On the Git mailing list, Junio C Hamano wrote (reply to this):
Johannes Schindelin <[email protected]> writes:
> As such, that `cygpath` call is incorrect, as it would fail on anything by
> Windows. It is also unnecessary, as I just verified in a manual run.
> Therefore I drop it from v2.
Great. Thanks. Will replace with v2.
| @@ -147,9 +147,13 @@ jobs: | |||
| key: cov-build-${{ env.COVERITY_LANGUAGE }}-${{ env.COVERITY_PLATFORM }}-${{ steps.lookup.outputs.hash }} | |||
| - name: build with cov-build | |||
| run: | | |||
There was a problem hiding this comment.
On the Git mailing list, Junio C Hamano wrote (reply to this):
"Johannes Schindelin via GitGitGadget" <[email protected]>
writes:
> From: Johannes Schindelin <[email protected]>
>
> It is quite helpful to know what Coverity said, exactly, in case it
> fails to analyze the code.
>
> Signed-off-by: Johannes Schindelin <[email protected]>
> ---
> .github/workflows/coverity.yml | 6 +++++-
> 1 file changed, 5 insertions(+), 1 deletion(-)
Wonderful. Will queue, together with 1/2. Thanks.
>
> diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
> index a5d99e59d4eb..1e8bd85ecd4e 100644
> --- a/.github/workflows/coverity.yml
> +++ b/.github/workflows/coverity.yml
> @@ -149,7 +149,11 @@ jobs:
> run: |
> export PATH="$PATH:$(cygpath -au "$RUNNER_TEMP")/cov-analysis/bin" &&
> cov-configure --gcc &&
> - cov-build --dir cov-int make
> + if ! cov-build --dir cov-int make
> + then
> + cat cov-int/build-log.txt
> + exit 1
> + fi
> - name: package the build
> run: tar -czvf cov-int.tgz cov-int
> - name: submit the build to Coverity ScanWhen I added the Coverity workflow in a56b623 (ci: add a GitHub workflow to submit Coverity scans, 2023-09-25), I merely converted an Azure Pipeline definition that had been running successfully for ages. In the meantime, the current Coverity documentation describes a very different way to install the analysis tool, recommending to add the `bin/` directory to the _end_ of `PATH` (when originally, IIRC, it was recommended to add it to the _beginning_ of the `PATH`). This is crucial! The reason is that the current incarnation of the Windows variant of Coverity's analysis tools come with a _lot_ of DLL files in their `bin/` directory, some of them interferring rather badly with the `gcc.exe` in Git for Windows' SDK that we use to run the Coverity build. The symptom is a cryptic error message: make: *** [Makefile:2960: headless-git.o] Error 1 make: *** Waiting for unfinished jobs.... D:\git-sdk-64-minimal\mingw64\bin\windres.exe: preprocessing failed. make: *** [Makefile:2679: git.res] Error 1 make: *** [Makefile:2893: git.o] Error 1 make: *** [Makefile:2893: builtin/add.o] Error 1 Attempting to detect unconfigured compilers in build |0----------25-----------50----------75---------100| **************************************************** Warning: Build command make.exe exited with code 2. Please verify that the build completed successfully. Warning: Emitted 0 C/C++ compilation units (0%) successfully 0 C/C++ compilation units (0%) are ready for analysis For more details, please look at: D:/a/git/git/cov-int/build-log.txt The log (which the workflow is currently not configured to reveal) then points out that the `windows.h` header cannot be found, which is _still_ not very helpful. The underlying root cause is that the `gcc.exe` in Git for Windows' SDK determines the location of the header files via the location of certain DLL files, and finding the "wrong" ones first on the `PATH` misleads that logic. Let's fix this problem by following Coverity's current recommendation and append the `bin/` directory in which `cov-int` can be found to the _end_ of `PATH`. Signed-off-by: Johannes Schindelin <[email protected]>
It is quite helpful to know what Coverity said, exactly, in case it fails to analyze the code. Signed-off-by: Johannes Schindelin <[email protected]>
dscho
force-pushed
the
fix-coverity-builds
branch
from
3a829f1 to
52c3497
Compare
|
/submit |
|
Submitted as [email protected] To fetch this version into To fetch this version to local tag |
|
This patch series was integrated into seen via git@082f941. |
|
This patch series was integrated into seen via git@1a71deb. |
|
This patch series was integrated into seen via git@7f072ec. |
|
This patch series was integrated into next via git@e0f5ed5. |
|
This patch series was integrated into seen via git@7bd3e53. |
|
This patch series was integrated into master via git@7bd3e53. |
|
This patch series was integrated into next via git@7bd3e53. |
|
Closed via 7bd3e53. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
As of three weeks ago, Git for Windows' Coverity builds fail.
The reason is most likely the most recent Coverity release, 2025.3. Its release notes do not shed any light into the issue (and do not mention that they bundle JDK20 and JDK22 in addition to a JRE, because what's better than a single Java installation: three, right?).
My investigation turned up
.dllfiles that are located in Coverity'sbin/directory which have the same name as.dllfiles in Git for Windows' SDK. As a consequence, the former override the latter and throw off MSYS2's logic to find the MSYS2 root directory given the location of certain.dllfiles.This patch series fixes this issue, and while at it, enhances the Coverity workflow to print out the build log in case of failure. It is a companion of git-for-windows#5672 and of (microsoft#764.
Changes since v1:
cygpathcall.