URL: https://github.com/SSSD/sssd/pull/556 Author: fidencio Title: #556: COVERITY: Add coverity support Action: opened
PR body: """ Using travis-ci we can start doing coverity scans on every pushed code. This is not something new as so far we have been relying on sgallagh's internal infra to do so, unfortunatelly the infra is about to be retired ... thus, start to use public coverity's instance is a hard requirement for us. Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com> Signed-off-by: Edjunior Machado <emach...@redhat.com> """ To pull the PR as Git branch: git remote add ghsssd https://github.com/SSSD/sssd git fetch ghsssd pull/556/head:pr556 git checkout pr556
From 204b3e7292a466214d64070fd7b5520622dfb24f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Fabiano=20Fid=C3=AAncio?= <fiden...@redhat.com> Date: Thu, 12 Apr 2018 17:13:17 +0200 Subject: [PATCH] COVERITY: Add coverity support MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit Using travis-ci we can start doing coverity scans on every pushed code. This is not something new as so far we have been relying on sgallagh's internal infra to do so, unfortunatelly the infra is about to be retired ... thus, start to use public coverity's instance is a hard requirement for us. Signed-off-by: Fabiano FidĂȘncio <fiden...@redhat.com> Signed-off-by: Edjunior Machado <emach...@redhat.com> --- .travis.yml | 26 ++++++++++++++++++++++++++ .travis/travis-docker-build.sh | 15 +++++++++++++++ .travis/travis-tasks.sh | 27 +++++++++++++++++++++++++++ Dockerfile | 11 +++++++++++ Dockerfile.deps | 12 ++++++++++++ 5 files changed, 91 insertions(+) create mode 100644 .travis.yml create mode 100755 .travis/travis-docker-build.sh create mode 100755 .travis/travis-tasks.sh create mode 100644 Dockerfile create mode 100644 Dockerfile.deps diff --git a/.travis.yml b/.travis.yml new file mode 100644 index 000000000..585c9881a --- /dev/null +++ b/.travis.yml @@ -0,0 +1,26 @@ +language: c +compiler: gcc +sudo: required +dist: trusty + +services: + - docker + +addons: + apt: + packages: + - bash + - tar + - bzip2 + +env: + global: + # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created + # via the "travis encrypt" command using the project repo's public key + - secure: "gD4XB/tAquGTUFGvQ4+a+K9EbemQtyZs0Py+r7+HAEQ7h/B+fwwRX1h5bGzMUjyCUJ88u28wdRZ0TNxIiEVXuSi/0Ia9BOvdS9YurXdpZc7ha1OpYnJd1tYwxGrgozKW9qXB3R6XZmlcxVGzIHF3fwK9a1p+rNDUihWhasqeAPFFI3IhQhwDIIxO3paRGvHHO0UNlw0+lpgsiQLYIYFWYjHqq2voZ1UlV4Ga7LSP1Yh8F38hDSMk7ykSLedsV1kqxh3zky8p5fLSbDRI1y7PLNBYD63LagUCEk1o3nF+hF0l3nRfEApFJKUhBfccgNc2mdXbBdDxDCnwiArbTXQNxI2Iml85UJ/I5/CS3uE437A3H7ZdvL51w2592JGNMEwq9pxGK3vxcN8g/Yn2Xoo1F2KTVHBexT44LEnS0ADRj5K8AfDsyIUz/rB9+N05k5WXtqcDWblpC5gfD0nk3WQnpmc8hjeI2B9RTFTa3ydA4I5wfABkGfNARH39RxK10d+b176U8x3z05p/PgyraAYKi2kFpA3ha5fw9o1CIqcd5OpUcIWrIo5+FG8hYgtcIG+65PSOHz6gGVZkpZyR4vqIuHIfw4jdi68d6LfoophdhjuFSDTuwgXXGQNjdaYQSpeoZ5Gm9hvHbasabqIBpOfDo/Yjq6up20byvmDaGtoeojI=" + +before_install: + - ./.travis/travis-docker-build.sh + +script: + - docker run -e COVERITY_SCAN_TOKEN=$COVERITY_SCAN_TOKEN --rm sssd/sssd diff --git a/.travis/travis-docker-build.sh b/.travis/travis-docker-build.sh new file mode 100755 index 000000000..562af294f --- /dev/null +++ b/.travis/travis-docker-build.sh @@ -0,0 +1,15 @@ +#!/bin/bash + +set -e + +# Create an archive of the current checkout +TARBALL=`mktemp -p . tarball-XXXXXX.tar.bz2` +git ls-files |xargs tar cfj $TARBALL .git + +sudo docker build -f Dockerfile.deps -t sssd/sssd-deps . + +sudo docker build -t sssd/sssd --build-arg TARBALL=$TARBALL . + +rm -f $TARBALL + +exit 0 diff --git a/.travis/travis-tasks.sh b/.travis/travis-tasks.sh new file mode 100755 index 000000000..a11ac3f70 --- /dev/null +++ b/.travis/travis-tasks.sh @@ -0,0 +1,27 @@ +#!/bin/bash + +#Exit on failures +set -e + +pushd /builddir/ + +# We have to define the _Float* types as those are not defined by coverity and as result +# the codes linking agains those (pretty much anything linking against stdlib.h and math.h) +# won't be covered. +echo "#define _Float128 long double" > /tmp/coverity.h +echo "#define _Float64x long double" >> /tmp/coverity.h +echo "#define _Float64 double" >> /tmp/coverity.h +echo "#define _Float32x double" >> /tmp/coverity.h +echo "#define _Float32 float" >> /tmp/coverity.h + +# The coverity scan script returns an error despite succeeding... + CFLAGS="${CFLAGS:- -include /tmp/coverity.h}" \ + TRAVIS_BRANCH="${TRAVIS_BRANCH:-master}" \ + COVERITY_SCAN_PROJECT_NAME="${COVERITY_SCAN_PROJECT_NAME:-SSSD/sssd}" \ + COVERITY_SCAN_NOTIFICATION_EMAIL="${COVERITY_SCAN_NOTIFICATION_EMAIL:-sssd-ma...@redhat.com}" \ + COVERITY_SCAN_BUILD_COMMAND_PREPEND="${COVERITY_SCAN_BUILD_COMMAND_PREPEND:-source contrib/fedora/bashrc_sssd && reconfig}" \ + COVERITY_SCAN_BUILD_COMMAND="${COVERITY_SCAN_BUILD_COMMAND:-make all check TESTS= }" \ + COVERITY_SCAN_BRANCH_PATTERN=${COVERITY_SCAN_BRANCH_PATTERN:-master} \ + /usr/bin/travisci_build_coverity_scan.sh ||: + +popd #builddir diff --git a/Dockerfile b/Dockerfile new file mode 100644 index 000000000..ba3ff6af8 --- /dev/null +++ b/Dockerfile @@ -0,0 +1,11 @@ +FROM sssd/sssd-deps + +MAINTAINER SSSD Maintainers <sssd-ma...@redhat.com> + +ARG TARBALL + +RUN echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- && curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh -o /usr/bin/travisci_build_coverity_scan.sh && chmod a+x /usr/bin/travisci_build_coverity_scan.sh + +ADD $TARBALL /builddir/ + +ENTRYPOINT /builddir/.travis/travis-tasks.sh diff --git a/Dockerfile.deps b/Dockerfile.deps new file mode 100644 index 000000000..57813a1a6 --- /dev/null +++ b/Dockerfile.deps @@ -0,0 +1,12 @@ +FROM fedora:latest + +MAINTAINER SSSD Maintainers <sssd-ma...@redhat.com> + +ARG TARBALL + +RUN dnf -y install git openssl sudo curl wget ruby rubygems "rubygem(json)" wget rpm-build dnf-plugins-core libldb-devel && \ + git clone --depth=50 --branch=master https://github.com/SSSD/sssd.git /tmp/sssd && \ + cd /tmp/sssd && \ + ./contrib/fedora/make_srpm.sh && \ + dnf builddep -y rpmbuild/SRPMS/sssd-*.src.rpm && \ + dnf -y clean all
_______________________________________________ sssd-devel mailing list -- sssd-devel@lists.fedorahosted.org To unsubscribe send an email to sssd-devel-le...@lists.fedorahosted.org