URL: https://github.com/SSSD/sssd/pull/556
Author: fidencio
Title: #556: COVERITY: Add coverity support
Action: opened
PR body:
"""
Using travis-ci we can start doing coverity scans on every pushed code.
This is not something new as so far we have been relying on sgallagh's
internal infra to do so, unfortunatelly the infra is about to be
retired ... thus, start to use public coverity's instance is a hard
requirement for us.
Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
Signed-off-by: Edjunior Machado <emach...@redhat.com>
"""
To pull the PR as Git branch:
git remote add ghsssd https://github.com/SSSD/sssd
git fetch ghsssd pull/556/head:pr556
git checkout pr556
From 204b3e7292a466214d64070fd7b5520622dfb24f Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com>
Date: Thu, 12 Apr 2018 17:13:17 +0200
Subject: [PATCH] COVERITY: Add coverity support
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
Using travis-ci we can start doing coverity scans on every pushed code.
This is not something new as so far we have been relying on sgallagh's
internal infra to do so, unfortunatelly the infra is about to be
retired ... thus, start to use public coverity's instance is a hard
requirement for us.
Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com>
Signed-off-by: Edjunior Machado <emach...@redhat.com>
---
.travis.yml | 26 ++++++++++++++++++++++++++
.travis/travis-docker-build.sh | 15 +++++++++++++++
.travis/travis-tasks.sh | 27 +++++++++++++++++++++++++++
Dockerfile | 11 +++++++++++
Dockerfile.deps | 12 ++++++++++++
5 files changed, 91 insertions(+)
create mode 100644 .travis.yml
create mode 100755 .travis/travis-docker-build.sh
create mode 100755 .travis/travis-tasks.sh
create mode 100644 Dockerfile
create mode 100644 Dockerfile.deps
diff --git a/.travis.yml b/.travis.yml
new file mode 100644
index 000000000..585c9881a
--- /dev/null
+++ b/.travis.yml
@@ -0,0 +1,26 @@
+language: c
+compiler: gcc
+sudo: required
+dist: trusty
+
+services:
+ - docker
+
+addons:
+ apt:
+ packages:
+ - bash
+ - tar
+ - bzip2
+
+env:
+ global:
+ # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
+ # via the "travis encrypt" command using the project repo's public key
+ - secure: "gD4XB/tAquGTUFGvQ4+a+K9EbemQtyZs0Py+r7+HAEQ7h/B+fwwRX1h5bGzMUjyCUJ88u28wdRZ0TNxIiEVXuSi/0Ia9BOvdS9YurXdpZc7ha1OpYnJd1tYwxGrgozKW9qXB3R6XZmlcxVGzIHF3fwK9a1p+rNDUihWhasqeAPFFI3IhQhwDIIxO3paRGvHHO0UNlw0+lpgsiQLYIYFWYjHqq2voZ1UlV4Ga7LSP1Yh8F38hDSMk7ykSLedsV1kqxh3zky8p5fLSbDRI1y7PLNBYD63LagUCEk1o3nF+hF0l3nRfEApFJKUhBfccgNc2mdXbBdDxDCnwiArbTXQNxI2Iml85UJ/I5/CS3uE437A3H7ZdvL51w2592JGNMEwq9pxGK3vxcN8g/Yn2Xoo1F2KTVHBexT44LEnS0ADRj5K8AfDsyIUz/rB9+N05k5WXtqcDWblpC5gfD0nk3WQnpmc8hjeI2B9RTFTa3ydA4I5wfABkGfNARH39RxK10d+b176U8x3z05p/PgyraAYKi2kFpA3ha5fw9o1CIqcd5OpUcIWrIo5+FG8hYgtcIG+65PSOHz6gGVZkpZyR4vqIuHIfw4jdi68d6LfoophdhjuFSDTuwgXXGQNjdaYQSpeoZ5Gm9hvHbasabqIBpOfDo/Yjq6up20byvmDaGtoeojI="
+
+before_install:
+ - ./.travis/travis-docker-build.sh
+
+script:
+ - docker run -e COVERITY_SCAN_TOKEN=$COVERITY_SCAN_TOKEN --rm sssd/sssd
diff --git a/.travis/travis-docker-build.sh b/.travis/travis-docker-build.sh
new file mode 100755
index 000000000..562af294f
--- /dev/null
+++ b/.travis/travis-docker-build.sh
@@ -0,0 +1,15 @@
+#!/bin/bash
+
+set -e
+
+# Create an archive of the current checkout
+TARBALL=`mktemp -p . tarball-XXXXXX.tar.bz2`
+git ls-files |xargs tar cfj $TARBALL .git
+
+sudo docker build -f Dockerfile.deps -t sssd/sssd-deps .
+
+sudo docker build -t sssd/sssd --build-arg TARBALL=$TARBALL .
+
+rm -f $TARBALL
+
+exit 0
diff --git a/.travis/travis-tasks.sh b/.travis/travis-tasks.sh
new file mode 100755
index 000000000..a11ac3f70
--- /dev/null
+++ b/.travis/travis-tasks.sh
@@ -0,0 +1,27 @@
+#!/bin/bash
+
+#Exit on failures
+set -e
+
+pushd /builddir/
+
+# We have to define the _Float* types as those are not defined by coverity and as result
+# the codes linking agains those (pretty much anything linking against stdlib.h and math.h)
+# won't be covered.
+echo "#define _Float128 long double" > /tmp/coverity.h
+echo "#define _Float64x long double" >> /tmp/coverity.h
+echo "#define _Float64 double" >> /tmp/coverity.h
+echo "#define _Float32x double" >> /tmp/coverity.h
+echo "#define _Float32 float" >> /tmp/coverity.h
+
+# The coverity scan script returns an error despite succeeding...
+ CFLAGS="${CFLAGS:- -include /tmp/coverity.h}" \
+ TRAVIS_BRANCH="${TRAVIS_BRANCH:-master}" \
+ COVERITY_SCAN_PROJECT_NAME="${COVERITY_SCAN_PROJECT_NAME:-SSSD/sssd}" \
+ COVERITY_SCAN_NOTIFICATION_EMAIL="${COVERITY_SCAN_NOTIFICATION_EMAIL:-sssd-ma...@redhat.com}" \
+ COVERITY_SCAN_BUILD_COMMAND_PREPEND="${COVERITY_SCAN_BUILD_COMMAND_PREPEND:-source contrib/fedora/bashrc_sssd && reconfig}" \
+ COVERITY_SCAN_BUILD_COMMAND="${COVERITY_SCAN_BUILD_COMMAND:-make all check TESTS= }" \
+ COVERITY_SCAN_BRANCH_PATTERN=${COVERITY_SCAN_BRANCH_PATTERN:-master} \
+ /usr/bin/travisci_build_coverity_scan.sh ||:
+
+popd #builddir
diff --git a/Dockerfile b/Dockerfile
new file mode 100644
index 000000000..ba3ff6af8
--- /dev/null
+++ b/Dockerfile
@@ -0,0 +1,11 @@
+FROM sssd/sssd-deps
+
+MAINTAINER SSSD Maintainers <sssd-ma...@redhat.com>
+
+ARG TARBALL
+
+RUN echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- && curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh -o /usr/bin/travisci_build_coverity_scan.sh && chmod a+x /usr/bin/travisci_build_coverity_scan.sh
+
+ADD $TARBALL /builddir/
+
+ENTRYPOINT /builddir/.travis/travis-tasks.sh
diff --git a/Dockerfile.deps b/Dockerfile.deps
new file mode 100644
index 000000000..57813a1a6
--- /dev/null
+++ b/Dockerfile.deps
@@ -0,0 +1,12 @@
+FROM fedora:latest
+
+MAINTAINER SSSD Maintainers <sssd-ma...@redhat.com>
+
+ARG TARBALL
+
+RUN dnf -y install git openssl sudo curl wget ruby rubygems "rubygem(json)" wget rpm-build dnf-plugins-core libldb-devel && \
+ git clone --depth=50 --branch=master https://github.com/SSSD/sssd.git /tmp/sssd && \
+ cd /tmp/sssd && \
+ ./contrib/fedora/make_srpm.sh && \
+ dnf builddep -y rpmbuild/SRPMS/sssd-*.src.rpm && \
+ dnf -y clean all
_______________________________________________
sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org
To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org
