qemu-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [Qemu-devel] [PATCH 3/3] travis: Add config to do a Coverity Scan up

From: Peter Maydell
Subject: Re: [Qemu-devel] [PATCH 3/3] travis: Add config to do a Coverity Scan upload
Date: Wed, 14 Jun 2017 16:46:38 +0100 
On 14 June 2017 at 16:14, Alex Bennée <address@hidden> wrote:
>
> Peter Maydell <address@hidden> writes:
>
>> Add config to travis to do a Coverity Scan build and upload, using
>> the new run-coverity-scan script.
>>
>> There is an official integration between Travis and Coverity Scan:
>>  
>> https://github.com/travis-ci/travis-build/blob/master/lib/travis/build/addons/coverity_scan.rb
>> which slurps values out of the .travis.yml and downloads a build
>> script from Coverity which does the bulk of the work:
>>  https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh
>>
>> However we choose to roll our own since this seems less
>> confusing and also allows us to include debug features
>> (notably the ability to do a "dry run" test which doesn't
>> actually upload anything).
>>
>> Signed-off-by: Peter Maydell <address@hidden>
>> ---
>>  .travis.yml | 24 ++++++++++++++++++++++++
>>  1 file changed, 24 insertions(+)
>>
>> diff --git a/.travis.yml b/.travis.yml
>> index 26dabb6..d772a4a 100644
>> --- a/.travis.yml
>> +++ b/.travis.yml
>> @@ -210,3 +210,27 @@ matrix:
>>          - TEST_CMD=""
>>        before_script:
>>          - ./configure ${CONFIG} --extra-cflags="-g3 -O0 -fsanitize=thread 
>> -fuse-ld=gold" || cat config.log
>> +    # Build and upload to Coverity Scan.
>> +    # We do not impose any rate limiting here, but instead rely on the
>> +    # limiting done by the coverity servers, which for a project of QEMU's
>> +    # size means one build a day. The run-coverity-scan script will exit
>> +    # early if the limiter does not permit a new upload, so the effect will
>> +    # be that the first build (only) in each 24 hour period will be scanned.
>> +    # If we needed to apply a limit at the Travis end, the simplest approach
>> +    # would be to run the scan only if the branch was 'coverity-scan', and
>> +    # use a cron job to push master to the 'coverity-scan' branch 
>> periodically.
>> +    # We run on the trusty Travis hosts so that there's a wider set of
>> +    # dependencies satisfied to improve coverage.
>> +    - dist: trusty
>
> I think we ought to add a sudo: stanza here to make it explicit if we
> want the containerised or VM based trusty image here. I'm wildly
> assuming we need lots of memory for this build so I would suggest:
>
>  sudo: required

It works with both, and the default as set in the top of the travis
config is for not-required so that's what I went with. I think the
sudo:required setups give you less CPU which makes it even more
likely to hit the 50 minute timeout.

>> +      env:
>> +        - COVERITY=1
>> +        - COVERITY_BUILD_CMD="make -j3"
>> +        - address@hidden
>> +        # This 'secure' setting sets COVERITY_TOKEN=<secret token>
>> +        # and was created with travis encrypt -r qemu/qemu 
>> COVERITY_TOKEN=...
>> +        - secure: 
>> "D3E6E5bacui53fYBQrx0wQr8ZTvo6VIBPKfg0QHj2uwa6OPFkUlcMr/EHWvdbZNAa4Q1bv1vhlED5OPRfPmQYzxQNT4SAxDZeuZnikgIymfqQXNOjKw4kRUDO9P42QanyFd+EAu2JDVClAeJPgBpa/ns4CNrGDK+Q3coGndCP8o="
>> +      before_script:
>> +        - if [ "$TRAVIS_PULL_REQUEST" = "true" ]; then echo "Skipping 
>> Coverity (pullreq)"; exit 0; fi
>> +        - if [ "$TRAVIS_BRANCH" != "master" ]; then echo "Skipping
>> Coverity (wrong branch)"; exit 0; fi
>
> This doesn't actually skip anything - but you can't exit non-zero
> without breaking the build. You would need to touch a file or something
> to make run-coverity-scan skip its work.

Yes, you're right. That's a bit awkward.

thanks
-- PMM
reply via email to
[Prev in Thread] Current Thread [Next in Thread]