Commit 28436b5 COVERITY: Add coverity support

5 files Authored and Committed by fidencio 3 months ago
COVERITY: Add coverity support

Using travis-ci we can start doing coverity scans on every pushed code.
This is not something new as so far we have been relying on sgallagh's
internal infra to do so, unfortunatelly the infra is about to be
retired ... thus, start to use public coverity's instance is a hard
requirement for us.

Signed-off-by: Fabiano Fidêncio <fidencio@redhat.com>
Signed-off-by: Edjunior Machado <emachado@redhat.com>
Reviewed-by: Jakub Hrozek <jhrozek@redhat.com>
Reviewed-by: Pavel Březina <pbrezina@redhat.com>

    
 1 @@ -0,0 +1,26 @@
 2 + language: c
 3 + compiler: gcc
 4 + sudo: required
 5 + dist: trusty
 6 + 
 7 + services:
 8 +   - docker
 9 + 
10 + addons:
11 +   apt:
12 +     packages:
13 +     - bash
14 +     - tar
15 +     - bzip2
16 + 
17 + env:
18 +   global:
19 +     # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
20 +     # via the "travis encrypt" command using the project repo's public key
21 +       - secure: "gD4XB/tAquGTUFGvQ4+a+K9EbemQtyZs0Py+r7+HAEQ7h/B+fwwRX1h5bGzMUjyCUJ88u28wdRZ0TNxIiEVXuSi/0Ia9BOvdS9YurXdpZc7ha1OpYnJd1tYwxGrgozKW9qXB3R6XZmlcxVGzIHF3fwK9a1p+rNDUihWhasqeAPFFI3IhQhwDIIxO3paRGvHHO0UNlw0+lpgsiQLYIYFWYjHqq2voZ1UlV4Ga7LSP1Yh8F38hDSMk7ykSLedsV1kqxh3zky8p5fLSbDRI1y7PLNBYD63LagUCEk1o3nF+hF0l3nRfEApFJKUhBfccgNc2mdXbBdDxDCnwiArbTXQNxI2Iml85UJ/I5/CS3uE437A3H7ZdvL51w2592JGNMEwq9pxGK3vxcN8g/Yn2Xoo1F2KTVHBexT44LEnS0ADRj5K8AfDsyIUz/rB9+N05k5WXtqcDWblpC5gfD0nk3WQnpmc8hjeI2B9RTFTa3ydA4I5wfABkGfNARH39RxK10d+b176U8x3z05p/PgyraAYKi2kFpA3ha5fw9o1CIqcd5OpUcIWrIo5+FG8hYgtcIG+65PSOHz6gGVZkpZyR4vqIuHIfw4jdi68d6LfoophdhjuFSDTuwgXXGQNjdaYQSpeoZ5Gm9hvHbasabqIBpOfDo/Yjq6up20byvmDaGtoeojI="
22 + 
23 + before_install:
24 +   - ./.travis/travis-docker-build.sh
25 + 
26 + script:
27 +   - docker run -e COVERITY_SCAN_TOKEN=$COVERITY_SCAN_TOKEN --rm sssd/sssd
 1 @@ -0,0 +1,15 @@
 2 + #!/bin/bash
 3 + 
 4 + set -e
 5 + 
 6 + # Create an archive of the current checkout
 7 + TARBALL=`mktemp -p . tarball-XXXXXX.tar.bz2`
 8 + git ls-files |xargs tar cfj $TARBALL .git
 9 + 
10 + sudo docker build -f Dockerfile.deps -t sssd/sssd-deps .
11 + 
12 + sudo docker build -t sssd/sssd --build-arg TARBALL=$TARBALL .
13 + 
14 + rm -f $TARBALL
15 + 
16 + exit 0
 1 @@ -0,0 +1,27 @@
 2 + #!/bin/bash
 3 + 
 4 + #Exit on failures
 5 + set -e
 6 + 
 7 + pushd /builddir/
 8 + 
 9 + # We have to define the _Float* types as those are not defined by coverity and as result
10 + # the codes linking agains those (pretty much anything linking against stdlib.h and math.h)
11 + # won't be covered.
12 + echo "#define _Float128 long double" > /tmp/coverity.h
13 + echo "#define _Float64x long double" >> /tmp/coverity.h
14 + echo "#define _Float64 double" >> /tmp/coverity.h
15 + echo "#define _Float32x double" >> /tmp/coverity.h
16 + echo "#define _Float32 float" >> /tmp/coverity.h
17 + 
18 + # The coverity scan script returns an error despite succeeding...
19 +  CFLAGS="${CFLAGS:- -include /tmp/coverity.h}" \
20 +  TRAVIS_BRANCH="${TRAVIS_BRANCH:-master}" \
21 +  COVERITY_SCAN_PROJECT_NAME="${COVERITY_SCAN_PROJECT_NAME:-SSSD/sssd}" \
22 +  COVERITY_SCAN_NOTIFICATION_EMAIL="${COVERITY_SCAN_NOTIFICATION_EMAIL:-sssd-maint@redhat.com}" \
23 +  COVERITY_SCAN_BUILD_COMMAND_PREPEND="${COVERITY_SCAN_BUILD_COMMAND_PREPEND:-source contrib/fedora/bashrc_sssd && reconfig}" \
24 +  COVERITY_SCAN_BUILD_COMMAND="${COVERITY_SCAN_BUILD_COMMAND:-make all check TESTS= }" \
25 +  COVERITY_SCAN_BRANCH_PATTERN=${COVERITY_SCAN_BRANCH_PATTERN:-master} \
26 +  /usr/bin/travisci_build_coverity_scan.sh ||:
27 + 
28 + popd #builddir
 1 @@ -0,0 +1,11 @@
 2 + FROM sssd/sssd-deps
 3 + 
 4 + MAINTAINER SSSD Maintainers <sssd-maint@redhat.com>
 5 + 
 6 + ARG TARBALL
 7 + 
 8 + RUN  echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- && curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh -o /usr/bin/travisci_build_coverity_scan.sh && chmod a+x /usr/bin/travisci_build_coverity_scan.sh
 9 + 
10 + ADD $TARBALL /builddir/
11 + 
12 + ENTRYPOINT /builddir/.travis/travis-tasks.sh
 1 @@ -0,0 +1,12 @@
 2 + FROM fedora:latest
 3 + 
 4 + MAINTAINER SSSD Maintainers <sssd-maint@redhat.com>
 5 + 
 6 + ARG TARBALL
 7 + 
 8 + RUN dnf -y install git openssl sudo curl wget ruby rubygems "rubygem(json)" wget rpm-build dnf-plugins-core libldb-devel && \
 9 +     git clone --depth=50 --branch=master https://github.com/SSSD/sssd.git /tmp/sssd && \
10 +     cd /tmp/sssd && \
11 +     ./contrib/fedora/make_srpm.sh && \
12 +     dnf builddep -y rpmbuild/SRPMS/sssd-*.src.rpm && \
13 +     dnf -y clean all