[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [PATCH 4/8] run-coverity-scan: use docker.py
From: |
Peter Maydell |
Subject: |
Re: [PATCH 4/8] run-coverity-scan: use docker.py |
Date: |
Mon, 27 Apr 2020 13:42:56 +0100 |
On Wed, 22 Apr 2020 at 18:24, Paolo Bonzini <address@hidden> wrote:
>
> Our trusted docker wrapper allows run-coverity-scan to run with both
> docker and podman.
>
> For the "run" phase this is transparent; for the "build" phase however
> scripts are replaced with a bind mount (-v). This is not an issue
> because the secret option is meant for secrets stored globally in the
> system and bind mounts are a valid substitute for secrets that are known
> to whoever builds the container.
>
> This also removes the need for DOCKER_BUILDKIT=1.
>
> Signed-off-by: Paolo Bonzini <address@hidden>
> --- a/scripts/coverity-scan/run-coverity-scan
> +++ b/scripts/coverity-scan/run-coverity-scan
> @@ -197,6 +197,12 @@ while [ "$#" -ge 1 ]; do
> ;;
> --docker)
> DOCKER=yes
> + DOCKER_ENGINE=auto
> + shift
> + ;;
> + --docker=*)
> + DOCKER=yes
> + DOCKER_ENGINE=${1#--docker=}
> shift
The comment at the top of the file documenting the command line
options needs updating.
We don't accept --foo=bar for anything else: options either take
no argument, or take an argument as a following (ie space separated)
parameter. It would be more consistent with that to have
"--docker-engine foo" as a separate option from "--docker".
Otherwise looks OK.
thanks
-- PMM
- [PATCH 0/8] run-coverity-scan: misc improvements, especially for docker mode, Paolo Bonzini, 2020/04/22
- [PATCH 6/8] run-coverity-scan: use --no-update-tools in docker run, Paolo Bonzini, 2020/04/22
- [PATCH 7/8] run-coverity-scan: download tools outside the container, Paolo Bonzini, 2020/04/22
- [PATCH 1/8] docker.py/build: support -t and -f arguments, Paolo Bonzini, 2020/04/22
- [PATCH 4/8] run-coverity-scan: use docker.py, Paolo Bonzini, 2020/04/22
- Re: [PATCH 4/8] run-coverity-scan: use docker.py,
Peter Maydell <=
- [PATCH 2/8] docker.py/build: support binary files in --extra-files, Paolo Bonzini, 2020/04/22
- [PATCH 8/8] run-coverity-scan: support --update-tools-only --docker, Paolo Bonzini, 2020/04/22
- [PATCH 3/8] run-coverity-scan: get Coverity token and email from special git config section, Paolo Bonzini, 2020/04/22
- [PATCH 5/8] run-coverity-scan: add --no-update-tools option, Paolo Bonzini, 2020/04/22