| Message ID | 20170622033231.19344-7-f4bug@amsat.org |
|---|---|
| State | Changes Requested, archived |
| Headers | show |
Philippe Mathieu-Daudé <f4bug@amsat.org> writes: > From: Peter Maydell <peter.maydell@linaro.org> > > Add config to travis to do a Coverity Scan build and upload, using > the new run-coverity-scan script. > > There is an official integration between Travis and Coverity Scan: > https://github.com/travis-ci/travis-build/blob/master/lib/travis/build/addons/coverity_scan.rb > which slurps values out of the .travis.yml and downloads a build > script from Coverity which does the bulk of the work: > https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh > > However we choose to roll our own since this seems less > confusing and also allows us to include debug features > (notably the ability to do a "dry run" test which doesn't > actually upload anything). > > Signed-off-by: Peter Maydell <peter.maydell@linaro.org> > Signed-off-by: Philippe Mathieu-Daudé <f4bug@amsat.org> > --- > .travis.yml | 24 ++++++++++++++++++++++++ > 1 file changed, 24 insertions(+) > > diff --git a/.travis.yml b/.travis.yml > index 0220f7472e..29c9ef72a4 100644 > --- a/.travis.yml > +++ b/.travis.yml > @@ -218,3 +218,27 @@ matrix: > - TEST_CMD="" > before_script: > - ./configure ${CONFIG} --extra-cflags="-g3 -O0 -fsanitize=thread -fuse-ld=gold" || cat config.log > + # Build and upload to Coverity Scan. > + # We do not impose any rate limiting here, but instead rely on the > + # limiting done by the coverity servers, which for a project of QEMU's > + # size means one build a day. The run-coverity-scan script will exit > + # early if the limiter does not permit a new upload, so the effect will > + # be that the first build (only) in each 24 hour period will be scanned. > + # If we needed to apply a limit at the Travis end, the simplest approach > + # would be to run the scan only if the branch was 'coverity-scan', and > + # use a cron job to push master to the 'coverity-scan' branch periodically. > + # We run on the trusty Travis hosts so that there's a wider set of > + # dependencies satisfied to improve coverage. > + - dist: trusty > + env: > + - COVERITY=1 > + - COVERITY_BUILD_CMD="make -j3" > + - COVERITY_EMAIL=peter.maydell@linaro.org > + # This 'secure' setting sets COVERITY_TOKEN=<secret token> > + # and was created with travis encrypt -r qemu/qemu COVERITY_TOKEN=... > + - secure: "D3E6E5bacui53fYBQrx0wQr8ZTvo6VIBPKfg0QHj2uwa6OPFkUlcMr/EHWvdbZNAa4Q1bv1vhlED5OPRfPmQYzxQNT4SAxDZeuZnikgIymfqQXNOjKw4kRUDO9P42QanyFd+EAu2JDVClAeJPgBpa/ns4CNrGDK+Q3coGndCP8o=" > + before_script: > + - if [ "$TRAVIS_PULL_REQUEST" = "true" ]; then echo "Skipping Coverity (pullreq)"; exit 0; fi > + - if [ "$TRAVIS_BRANCH" != "master" ]; then echo "Skipping > Coverity (wrong branch)"; exit 0; fi I think this is waiting on a fix I mention when reviewing Peter's original patches. -- Alex Bennée
On 06/22/2017 06:56 AM, Alex Bennée wrote:[...] > I think this is waiting on a fix I mention when reviewing Peter's > original patches. Ok! I'll wait or drop the Coverity part.
diff --git a/.travis.yml b/.travis.yml index 0220f7472e..29c9ef72a4 100644 --- a/.travis.yml +++ b/.travis.yml @@ -218,3 +218,27 @@ matrix: - TEST_CMD="" before_script: - ./configure ${CONFIG} --extra-cflags="-g3 -O0 -fsanitize=thread -fuse-ld=gold" || cat config.log + # Build and upload to Coverity Scan. + # We do not impose any rate limiting here, but instead rely on the + # limiting done by the coverity servers, which for a project of QEMU's + # size means one build a day. The run-coverity-scan script will exit + # early if the limiter does not permit a new upload, so the effect will + # be that the first build (only) in each 24 hour period will be scanned. + # If we needed to apply a limit at the Travis end, the simplest approach + # would be to run the scan only if the branch was 'coverity-scan', and + # use a cron job to push master to the 'coverity-scan' branch periodically. + # We run on the trusty Travis hosts so that there's a wider set of + # dependencies satisfied to improve coverage. + - dist: trusty + env: + - COVERITY=1 + - COVERITY_BUILD_CMD="make -j3" + - COVERITY_EMAIL=peter.maydell@linaro.org + # This 'secure' setting sets COVERITY_TOKEN=<secret token> + # and was created with travis encrypt -r qemu/qemu COVERITY_TOKEN=... + - secure: "D3E6E5bacui53fYBQrx0wQr8ZTvo6VIBPKfg0QHj2uwa6OPFkUlcMr/EHWvdbZNAa4Q1bv1vhlED5OPRfPmQYzxQNT4SAxDZeuZnikgIymfqQXNOjKw4kRUDO9P42QanyFd+EAu2JDVClAeJPgBpa/ns4CNrGDK+Q3coGndCP8o=" + before_script: + - if [ "$TRAVIS_PULL_REQUEST" = "true" ]; then echo "Skipping Coverity (pullreq)"; exit 0; fi + - if [ "$TRAVIS_BRANCH" != "master" ]; then echo "Skipping Coverity (wrong branch)"; exit 0; fi + script: + - ./scripts/run-coverity-scan