From: "Alex Bennée" <alex.bennee@linaro.org>
To: Peter Maydell <peter.maydell@linaro.org>
Cc: qemu-devel@nongnu.org, patches@linaro.org,
Paolo Bonzini <pbonzini@redhat.com>,
Markus Armbruster <armbru@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 2/3] scripts/run-coverity-scan: Script to run Coverity Scan build
Date: Wed, 14 Jun 2017 16:01:58 +0100 [thread overview]
Message-ID: <8760fyobo9.fsf@linaro.org> (raw)
In-Reply-To: <1497369290-20401-3-git-send-email-peter.maydell@linaro.org>
Peter Maydell <peter.maydell@linaro.org> writes:
> Add a new script to automate the process of running the Coverity
> Scan build tools and uploading the resulting tarball to the
> website. This is primarily intended to be driven from Travis,
> but it can be run locally (if you are a maintainer of the
> QEMU project on the Coverity Scan website and have the secret
> upload token).
>
> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Reviewed-by: Alex Bennée <alex.bennee@linaro.org>
> ---
> scripts/run-coverity-scan | 170 ++++++++++++++++++++++++++++++++++++++++++++++
> 1 file changed, 170 insertions(+)
> create mode 100755 scripts/run-coverity-scan
>
> diff --git a/scripts/run-coverity-scan b/scripts/run-coverity-scan
> new file mode 100755
> index 0000000..e6d5fc5
> --- /dev/null
> +++ b/scripts/run-coverity-scan
> @@ -0,0 +1,170 @@
> +#!/bin/sh -e
> +
> +# Upload a created tarball to Coverity Scan, as per
> +# https://scan.coverity.com/projects/qemu/builds/new
> +
> +# This work is licensed under the terms of the GNU GPL version 2,
> +# or (at your option) any later version.
> +# See the COPYING file in the top-level directory.
> +#
> +# Copyright (c) 2017 Linaro Limited
> +# Written by Peter Maydell
> +
> +# Note that this script will automatically download and
> +# run the (closed-source) coverity build tools, so don't
> +# use it if you don't trust them!
> +
> +# This script assumes that you're running it from a QEMU source
> +# tree, and that tree is a fresh clean one, because we do an in-tree
> +# build. (This is necessary so that the filenames that the Coverity
> +# Scan server sees are relative paths that match up with the component
> +# regular expressions it uses; an out-of-tree build won't work for this.)
> +# The host machine should have as many of QEMU's dependencies
> +# installed as possible, for maximum coverity coverage.
> +
> +# You need to pass the following environment variables to the script:
> +# COVERITY_TOKEN -- this is the secret 8 digit hex string which lets
> +# you upload to Coverity Scan. If you're a maintainer
> +# in Coverity then the web UI will tell you this.
> +# COVERITY_EMAIL -- the email address to use for uploads
> +
> +# and optionally
> +# COVERITY_DRYRUN -- set to not actually do the upload
> +# COVERITY_BUILD_CMD -- make command (defaults to 'make -j8')
> +# COVERITY_TOOL_BASE -- set to directory to put coverity tools
> +# (defaults to /tmp/coverity-tools)
> +
> +# The primary purpose of this script is to be run as part of
> +# a Travis build, but it is possible to run it manually locally.
> +
> +if [ -z "$COVERITY_TOKEN" ]; then
> + echo "COVERITY_TOKEN environment variable not set"
> + exit 1
> +fi
> +
> +if [ -z "$COVERITY_EMAIL" ]; then
> + echo "COVERITY_EMAIL environment variable not set"
> + exit 1
> +fi
> +
> +if [ -z "$COVERITY_BUILD_CMD" ]; then
> + echo "COVERITY_BUILD_CMD: using default 'make -j8'"
> + COVERITY_BUILD_CMD="make -j8"
> +fi
> +
> +if [ -z "$COVERITY_TOOL_BASE" ]; then
> + echo "COVERITY_TOOL_BASE: using default /tmp/coverity-tools"
> + COVERITY_TOOL_BASE=/tmp/coverity-tools
> +fi
> +
> +PROJTOKEN="$COVERITY_TOKEN"
> +PROJNAME=QEMU
> +TARBALL=cov-int.tar.xz
> +SRCDIR="$(pwd)"
> +
> +echo "Checking this is a QEMU source tree..."
> +if ! [ -e VERSION ]; then
> + echo "Not in a QEMU source tree?"
> + exit 1
> +fi
> +
> +echo "Checking upload permissions..."
> +
> +if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$PROJTOKEN&project=$PROJNAME" -q -O -)"; then
> + echo "Coverity Scan API access denied: bad token?"
> + exit 1
> +fi
> +
> +# Really up_perm is a JSON response with either
> +# {upload_permitted:true} or {next_upload_permitted_at:<date>}
> +# We do some hacky string parsing instead of properly parsing it.
> +case "$up_perm" in
> + *upload_permitted*true*)
> + echo "Coverity Scan: upload permitted"
> + ;;
> + *next_upload_permitted_at*)
> + if [ -z "$COVERITY_DRYRUN" ]; then
> + echo "Coverity Scan: upload quota reached; stopping here"
> + # Exit success as this isn't a build error.
> + exit 0
> + else
> + echo "Coverity Scan: upload quota reached, continuing dry run"
> + fi
> + ;;
> + *)
> + echo "Coverity Scan upload check: unexpected result $up_perm"
> + exit 1
> + ;;
> +esac
> +
> +mkdir -p "$COVERITY_TOOL_BASE"
> +cd "$COVERITY_TOOL_BASE"
> +
> +echo "Checking for new version of coverity build tools..."
> +wget https://scan.coverity.com/download/linux64 --post-data "token=$PROJTOKEN&project=$PROJNAME&md5=1" -O coverity_tool.md5.new
> +
> +if ! cmp -s coverity_tool.md5 coverity_tool.md5.new; then
> + # out of date md5 or no md5: download new build tool
> + # blow away the old build tool
> + echo "Downloading coverity build tools..."
> + rm -rf coverity_tool coverity_tool.tgz
> + wget https://scan.coverity.com/download/linux64 --post-data "token=$PROJTOKEN&project=$PROJNAME" -O coverity_tool.tgz
> + if ! (cat coverity_tool.md5.new; echo " coverity_tool.tgz") | md5sum -c --status; then
> + echo "Downloaded tarball didn't match md5sum!"
> + exit 1
> + fi
> + # extract the new one, keeping it corralled in a 'coverity_tool' directory
> + echo "Unpacking coverity build tools..."
> + mkdir -p coverity_tool
> + cd coverity_tool
> + tar xf ../coverity_tool.tgz
> + cd ..
> + mv coverity_tool.md5.new coverity_tool.md5
> +fi
> +
> +rm -f coverity_tool.md5.new
> +
> +TOOLBIN="$(echo $(pwd)/coverity_tool/cov-analysis-*/bin)"
> +
> +if ! test -x "$TOOLBIN/cov-build"; then
> + echo "Couldn't find cov-build in the coverity build-tool directory??"
> + exit 1
> +fi
> +
> +export PATH="$TOOLBIN:$PATH"
> +
> +cd "$SRCDIR"
> +
> +echo "Doing make distclean..."
> +make distclean
> +
> +echo "Configuring..."
> +./configure --audio-drv-list=oss,alsa,sdl,pa --disable-werror
> +
> +echo "Making libqemustub.a..."
> +make libqemustub.a
> +
> +echo "Running cov-build..."
> +rm -rf cov-int
> +mkdir cov-int
> +cov-build --dir cov-int $COVERITY_BUILD_CMD
> +
> +echo "Creating results tarball..."
> +tar cvf - cov-int | xz > "$TARBALL"
> +
> +echo "Uploading results tarball..."
> +
> +VERSION="$(git describe --always HEAD)"
> +DESCRIPTION="$(git rev-parse HEAD)"
> +
> +if ! [ -z "$COVERITY_DRYRUN" ]; then
> + echo "Dry run only, not uploading $TARBALL"
> + exit 0
> +fi
> +
> +curl --form token="$PROJTOKEN" --form email="$COVERITY_EMAIL" \
> + --form file=@"$TARBALL" --form version="$VERSION" \
> + --form description="$DESCRIPTION" \
> + https://scan.coverity.com/builds?project="$PROJNAME"
> +
> +echo "Done."
--
Alex Bennée
next prev parent reply other threads:[~2017-06-14 15:01 UTC|newest]
Thread overview: 20+ messages / expand[flat|nested] mbox.gz Atom feed top
2017-06-13 15:54 [Qemu-devel] [PATCH 0/3] Automate coverity scan uploads via Travis Peter Maydell
2017-06-13 15:54 ` [Qemu-devel] [PATCH 1/3] travis: install more library dependencies Peter Maydell
2017-06-14 3:52 ` Philippe Mathieu-Daudé
2017-06-14 15:07 ` Paolo Bonzini
2017-06-14 15:37 ` Philippe Mathieu-Daudé
2017-06-14 16:49 ` Paolo Bonzini
2017-06-14 17:04 ` Peter Maydell
2017-06-14 17:20 ` Paolo Bonzini
2017-06-29 14:37 ` Peter Maydell
2017-06-14 14:45 ` Alex Bennée
2017-06-14 15:15 ` Daniel P. Berrange
2017-06-14 15:25 ` Philippe Mathieu-Daudé
2017-06-13 15:54 ` [Qemu-devel] [PATCH 2/3] scripts/run-coverity-scan: Script to run Coverity Scan build Peter Maydell
2017-06-14 15:01 ` Alex Bennée [this message]
2017-06-29 16:12 ` Eric Blake
2017-06-29 16:15 ` Peter Maydell
2017-06-13 15:54 ` [Qemu-devel] [PATCH 3/3] travis: Add config to do a Coverity Scan upload Peter Maydell
2017-06-14 15:14 ` Alex Bennée
2017-06-14 15:46 ` Peter Maydell
2017-06-13 16:15 ` [Qemu-devel] [PATCH 0/3] Automate coverity scan uploads via Travis no-reply
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=8760fyobo9.fsf@linaro.org \
--to=alex.bennee@linaro.org \
--cc=armbru@redhat.com \
--cc=patches@linaro.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.