On 14 June 2017 at 16:14, Alex Bennée <alex.ben...@linaro.org> wrote: > > Peter Maydell <peter.mayd...@linaro.org> writes: > >> Add config to travis to do a Coverity Scan build and upload, using >> the new run-coverity-scan script. >> >> There is an official integration between Travis and Coverity Scan: >> >> https://github.com/travis-ci/travis-build/blob/master/lib/travis/build/addons/coverity_scan.rb >> which slurps values out of the .travis.yml and downloads a build >> script from Coverity which does the bulk of the work: >> https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh >> >> However we choose to roll our own since this seems less >> confusing and also allows us to include debug features >> (notably the ability to do a "dry run" test which doesn't >> actually upload anything). >> >> Signed-off-by: Peter Maydell <peter.mayd...@linaro.org> >> --- >> .travis.yml | 24 ++++++++++++++++++++++++ >> 1 file changed, 24 insertions(+) >> >> diff --git a/.travis.yml b/.travis.yml >> index 26dabb6..d772a4a 100644 >> --- a/.travis.yml >> +++ b/.travis.yml >> @@ -210,3 +210,27 @@ matrix: >> - TEST_CMD="" >> before_script: >> - ./configure ${CONFIG} --extra-cflags="-g3 -O0 -fsanitize=thread >> -fuse-ld=gold" || cat config.log >> + # Build and upload to Coverity Scan. >> + # We do not impose any rate limiting here, but instead rely on the >> + # limiting done by the coverity servers, which for a project of QEMU's >> + # size means one build a day. The run-coverity-scan script will exit >> + # early if the limiter does not permit a new upload, so the effect will >> + # be that the first build (only) in each 24 hour period will be scanned. >> + # If we needed to apply a limit at the Travis end, the simplest approach >> + # would be to run the scan only if the branch was 'coverity-scan', and >> + # use a cron job to push master to the 'coverity-scan' branch >> periodically. >> + # We run on the trusty Travis hosts so that there's a wider set of >> + # dependencies satisfied to improve coverage. >> + - dist: trusty > > I think we ought to add a sudo: stanza here to make it explicit if we > want the containerised or VM based trusty image here. I'm wildly > assuming we need lots of memory for this build so I would suggest: > > sudo: required
It works with both, and the default as set in the top of the travis config is for not-required so that's what I went with. I think the sudo:required setups give you less CPU which makes it even more likely to hit the 50 minute timeout. >> + env: >> + - COVERITY=1 >> + - COVERITY_BUILD_CMD="make -j3" >> + - COVERITY_EMAIL=peter.mayd...@linaro.org >> + # This 'secure' setting sets COVERITY_TOKEN=<secret token> >> + # and was created with travis encrypt -r qemu/qemu >> COVERITY_TOKEN=... >> + - secure: >> "D3E6E5bacui53fYBQrx0wQr8ZTvo6VIBPKfg0QHj2uwa6OPFkUlcMr/EHWvdbZNAa4Q1bv1vhlED5OPRfPmQYzxQNT4SAxDZeuZnikgIymfqQXNOjKw4kRUDO9P42QanyFd+EAu2JDVClAeJPgBpa/ns4CNrGDK+Q3coGndCP8o=" >> + before_script: >> + - if [ "$TRAVIS_PULL_REQUEST" = "true" ]; then echo "Skipping >> Coverity (pullreq)"; exit 0; fi >> + - if [ "$TRAVIS_BRANCH" != "master" ]; then echo "Skipping >> Coverity (wrong branch)"; exit 0; fi > > This doesn't actually skip anything - but you can't exit non-zero > without breaking the build. You would need to touch a file or something > to make run-coverity-scan skip its work. Yes, you're right. That's a bit awkward. thanks -- PMM