SELinux Archive on lore.kernel.org
 help / color / Atom feed
* [PATCH] CircleCI: run scan-build and publish its results automatically
@ 2019-09-21 21:30 Nicolas Iooss
  2019-09-26 13:46 ` Stephen Smalley
  0 siblings, 1 reply; 2+ messages in thread
From: Nicolas Iooss @ 2019-09-21 21:30 UTC (permalink / raw)
  To: selinux

CircleCI is a continuous integration system like Travis CI, which
provides different features. Contrary to Travis CI, it is quite harder
to build the project with several build configurations (so it is not a
replacement), but it provides short-term storage for files produced by a
build job in what is called "artifacts".

Use this feature in order to store the results of clang's static
analyzer (scan-build) after every pushed commit. This way makes it
possible to quickly compare the result of the analyzer after applying
some patches that were sent for review to the mailing list, as it no
longer requires running the analyzer several times on the development
machine.

An output example is available at
https://352-118970575-gh.circle-artifacts.com/0/output-scan-build/2019-09-21-164945-6152-1/index.html
These web pages were created by the job described at
https://circleci.com/gh/fishilico/selinux/352

Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
---
 .circleci/config.yml | 40 ++++++++++++++++++++++++++++++++++++++++
 1 file changed, 40 insertions(+)
 create mode 100644 .circleci/config.yml

diff --git a/.circleci/config.yml b/.circleci/config.yml
new file mode 100644
index 000000000000..5d3177da9956
--- /dev/null
+++ b/.circleci/config.yml
@@ -0,0 +1,40 @@
+# Configuration file for https://circleci.com/
+
+version: 2
+
+jobs:
+  build:
+    docker:
+      # Use a Python image from https://hub.docker.com/r/circleci/python/tags/
+      - image: circleci/python:3.6
+
+    steps:
+    - checkout
+
+    # Install dependencies
+    - run: sudo apt-get update -qq
+    - run: sudo apt-get install -qq bison clang clang-tools flex gawk gettext libaudit-dev libcap-dev libcap-ng-dev libcunit1-dev libdbus-glib-1-dev libpcre3-dev python3-dev python-dev ruby-dev swig xmlto
+
+    - run:
+        name: Setup environment variables
+        command: |
+          echo 'export DESTDIR=$HOME/destdir' >> "$BASH_ENV"
+
+    # Download and install refpolicy headers for sepolgen tests
+    - run:
+        name: Download refpolicy Makefile
+        command: |
+          curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20180701/refpolicy-2.20180701.tar.bz2
+          tar -xvjf refpolicy.tar.bz2
+          sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel
+          sudo make -C refpolicy install-headers
+          sudo mkdir -p /etc/selinux
+          echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
+          echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
+          sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py
+
+    # Run clang's scan-build and store the result as artifacts
+    - run: ./scripts/run-scan-build
+    - store_artifacts:
+        path: scripts/output-scan-build
+        destination: output-scan-build
-- 
2.22.0


^ permalink raw reply	[flat|nested] 2+ messages in thread

* Re: [PATCH] CircleCI: run scan-build and publish its results automatically
  2019-09-21 21:30 [PATCH] CircleCI: run scan-build and publish its results automatically Nicolas Iooss
@ 2019-09-26 13:46 ` Stephen Smalley
  0 siblings, 0 replies; 2+ messages in thread
From: Stephen Smalley @ 2019-09-26 13:46 UTC (permalink / raw)
  To: Nicolas Iooss, selinux

On 9/21/19 5:30 PM, Nicolas Iooss wrote:
> CircleCI is a continuous integration system like Travis CI, which
> provides different features. Contrary to Travis CI, it is quite harder
> to build the project with several build configurations (so it is not a
> replacement), but it provides short-term storage for files produced by a
> build job in what is called "artifacts".
> 
> Use this feature in order to store the results of clang's static
> analyzer (scan-build) after every pushed commit. This way makes it
> possible to quickly compare the result of the analyzer after applying
> some patches that were sent for review to the mailing list, as it no
> longer requires running the analyzer several times on the development
> machine.
> 
> An output example is available at
> https://352-118970575-gh.circle-artifacts.com/0/output-scan-build/2019-09-21-164945-6152-1/index.html
> These web pages were created by the job described at
> https://circleci.com/gh/fishilico/selinux/352
> 
> Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>

Thanks, applied.

> ---
>   .circleci/config.yml | 40 ++++++++++++++++++++++++++++++++++++++++
>   1 file changed, 40 insertions(+)
>   create mode 100644 .circleci/config.yml
> 
> diff --git a/.circleci/config.yml b/.circleci/config.yml
> new file mode 100644
> index 000000000000..5d3177da9956
> --- /dev/null
> +++ b/.circleci/config.yml
> @@ -0,0 +1,40 @@
> +# Configuration file for https://circleci.com/
> +
> +version: 2
> +
> +jobs:
> +  build:
> +    docker:
> +      # Use a Python image from https://hub.docker.com/r/circleci/python/tags/
> +      - image: circleci/python:3.6
> +
> +    steps:
> +    - checkout
> +
> +    # Install dependencies
> +    - run: sudo apt-get update -qq
> +    - run: sudo apt-get install -qq bison clang clang-tools flex gawk gettext libaudit-dev libcap-dev libcap-ng-dev libcunit1-dev libdbus-glib-1-dev libpcre3-dev python3-dev python-dev ruby-dev swig xmlto
> +
> +    - run:
> +        name: Setup environment variables
> +        command: |
> +          echo 'export DESTDIR=$HOME/destdir' >> "$BASH_ENV"
> +
> +    # Download and install refpolicy headers for sepolgen tests
> +    - run:
> +        name: Download refpolicy Makefile
> +        command: |
> +          curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20180701/refpolicy-2.20180701.tar.bz2
> +          tar -xvjf refpolicy.tar.bz2
> +          sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel
> +          sudo make -C refpolicy install-headers
> +          sudo mkdir -p /etc/selinux
> +          echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
> +          echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
> +          sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py
> +
> +    # Run clang's scan-build and store the result as artifacts
> +    - run: ./scripts/run-scan-build
> +    - store_artifacts:
> +        path: scripts/output-scan-build
> +        destination: output-scan-build
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, back to index

Thread overview: 2+ messages (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-09-21 21:30 [PATCH] CircleCI: run scan-build and publish its results automatically Nicolas Iooss
2019-09-26 13:46 ` Stephen Smalley

SELinux Archive on lore.kernel.org

Archives are clonable:
	git clone --mirror https://lore.kernel.org/selinux/0 selinux/git/0.git

	# If you have public-inbox 1.1+ installed, you may
	# initialize and index your mirror using the following commands:
	public-inbox-init -V2 selinux selinux/ https://lore.kernel.org/selinux \
		selinux@vger.kernel.org
	public-inbox-index selinux

Example config snippet for mirrors

Newsgroup available over NNTP:
	nntp://nntp.lore.kernel.org/org.kernel.vger.selinux


AGPL code for this site: git clone https://public-inbox.org/public-inbox.git