From 99127d20ce69f566be6366afa28cafe9c471725b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Marek=20=C4=8Cerm=C3=A1k?= Date: Thu, 11 Jan 2018 11:41:35 +0100 Subject: [PATCH] Integration of Travis CI and Coverity Scan Analysis (#7691) - Coverity scan analysis tasks run as scheduled cron jobs - Stage separation for Build, Test and Coverity scan phase - Travis CI now uses Fedora container to build and run tests - Containers are accessible from Docker Hub and failed builds can be reproduced and examined - coverity.sh: separate build and upload --- .travis.yml | 182 ++++++++++++++++++- scripts/coverity.sh | 224 ++++++++++++++++++++++++ travis-ci/.dockerignore | 30 ++++ travis-ci/Dockerfile | 38 ++++ travis-ci/requirements.txt | 3 + travis-ci/scripts/build-docker-image.sh | 14 ++ travis-ci/tools/get-coverity.sh | 35 ++++ travis-ci/tools/get-docker-remote.sh | 20 +++ 8 files changed, 538 insertions(+), 8 deletions(-) create mode 100755 scripts/coverity.sh create mode 100644 travis-ci/.dockerignore create mode 100644 travis-ci/Dockerfile create mode 100644 travis-ci/requirements.txt create mode 100755 travis-ci/scripts/build-docker-image.sh create mode 100755 travis-ci/tools/get-coverity.sh create mode 100755 travis-ci/tools/get-docker-remote.sh diff --git a/.travis.yml b/.travis.yml index 5d63474c1d..1f09a78fa6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,12 +1,178 @@ -language: c -compiler: - - gcc -before_install: - - sudo apt-get update -qq - - sudo apt-get install autotools-dev automake autoconf libtool libdbus-1-dev libcap-dev libblkid-dev libmount-dev libpam-dev libcryptsetup-dev libaudit-dev libacl1-dev libattr1-dev libselinux-dev liblzma-dev libgcrypt-dev libqrencode-dev libmicrohttpd-dev gperf python2.7-dev -script: ./autogen.sh && ./configure && make V=1 && sudo ./systemd-machine-id-setup && make check && make distcheck -after_failure: cat test-suite.log +sudo: required + +services: + - docker + +jobs: + include: + - stage: build docker image + env: + # The machine id will be passed to Dockerfile for later checks + - MACHINE_ID=$(cat /var/lib/dbus/machine-id) + before_script: &update + # Ensure the latest version of docker is installed + - sudo apt-get update + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - docker --version + - env > .env + script: + # Copy content of CI_DIR into WORKDIR + - find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} + + - echo "ENV GIT_SHA ${TRAVIS_COMMIT}" >> Dockerfile + - echo "ENV MACHINE_ID ${MACHINE_ID}" >> Dockerfile + - echo "$(git log -1 ${TRAVIS_COMMIT})" >> COMMITINFO + # Build docker container + - $CI_SCRIPT_DIR/build-docker-image.sh + + - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" + - docker push ${DOCKER_REPOSITORY} + + - stage: build + language: c + compiler: gcc + env: + # The machine id will be passed to container + - MACHINE_ID=$(cat /var/lib/dbus/machine-id) + before_script: *update + script: + - docker run -dit --name travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash + - docker exec -u 0 -ti travis_build bash -c "echo ${MACHINE_ID} > /etc/machine-id" + - docker exec -ti travis_build meson build + - docker exec -ti travis_build ninja -C build + # Commit it to the new image that will be used for testing + - docker commit -m "systemd build state" -a "${AUTHOR_NAME}" travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" + - docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + + - stage: test + language: c + compiler: gcc + before_script: *update + script: + - docker run --privileged --net=host -dit --name travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash + - docker exec -ti travis_test ninja -C build test + - docker commit -m "systemd test state" -a "${AUTHOR_NAME}" travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" + - docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + + - stage: coverity scan + language: c + compiler: gcc + before_script: *update + env: + - COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG" + - COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}" + - COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH" + # Disable CCACHE for cov-build to compilation units correctly + - CCACHE_DISABLE=1 + # Token for systemd/systemd Coverity Scan Analysis + # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created + # via the "travis encrypt" command using the project repo's public key + - secure: "UNQLspT89GYWuVKFqW5W5RyqqnYg5RvX20IrNraOddhpdV9nhKBtozrfmhGXDGZwfHGWHt6g7YROlD/NIMvDvThVJIEYvSQiXCoo2zRrwkl2siET5MjPfRG8numiLq0KX47KGmyBJISJZCgDUdNGqqGwgf7AhDN78I3XtgqjFT1z0mGl8n0wiFpKPi7i3nECvF4Mk7xCCHqwByaq0z5G9NkVlOvP1EyCxwv3B6I5Umfch7ibp7iH44YnVXILK+yEry5dMuctYwYkDouR80ChEPQQ5fhhpO4++HJmFuSpfMTeCHpucAd2xwSUijejYeN/GNQ177GxSSk/8hRBGcuSK8T/WJ+KiuJPhZObV8mw+a6+qdQssWY4F9jya5ZKbZ/yTbxjtQ0m4AgtL28P9bEze8pLh16zFMX+hIEuoFSNmJqmtNttfbD5TKyYVZml59s9wvhlvMnlNpRSQva88OAOjXtiA41g+XtTxxpfW9mgd7HYhzSBs1efNiK7PfkANgve7KIYMAmCAqasgb1IIAyX7stOlJH06QOFXNH55PmJLkkKyL3SMQzgryMDWegU+XbS8t43r0x14WLuE7sc9JtnOr/G8hthFaMRp8xLy9aCBwyEIkEsyWa50VMoZDa3Spdb4r1CKBwcGdCbyE4rCehwEIznbfrsSovhwiUds7bbhBU=" + script: + # Copy content of CI_DIR into WORKDIR + - find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} + + # Build container for current user + - $CI_SCRIPT_DIR/build-docker-image.sh + + # For kernel version 4.8+ + - sudo sysctl vsyscall=emulate || true + # Prepare environment for Coverity tool + - | + PLATFORM=`uname` + export TOOL_BASE="/tmp/coverity-scan-analysis" + export SCAN_URL="https://scan.coverity.com" + export UPLOAD_URL="https://scan.coverity.com/builds" + export TOOL_ARCHIVE="/tmp/cov-analysis-${PLATFORM}.tgz" + + # Get Coverity tool + - $CI_TOOL_DIR/get-coverity.sh + - TOOL_DIR="$(find $TOOL_BASE -type d -name 'cov-analysis*')" + + # Export env variables for Coverity scan + - env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env + - | + docker run -dit --env-file .cov-env \ + -v ${TOOL_BASE}:${TOOL_BASE}:ro \ + --name travis_coverity_scan ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash + # Make sure Coverity script is executable + - docker cp scripts/coverity.sh travis_coverity_scan:/usr/local/bin + # Preconfigure with meson to prevent Coverity from capturing meson metadata + # Set compiler flag to prevent emit failure + - docker exec -it travis_coverity_scan sh -c "CFLAGS='-D_Float128=long\ double' meson cov-build -Dman=false" + # Run Coverity Analysis + - docker exec -it travis_coverity_scan coverity.sh build + - docker exec -it travis_coverity_scan coverity.sh upload + + - stage: clean docker + language: python + # python: + # - "3.6" Probably broken ATM + env: + - SIZE_LIMIT="3000" # Limit in MBs + - TAG_LIMIT="3" # Number of tags to be kept at the time + before-script: + - sudo apt-get -y install python3 + script: + # Get docker-remote tool and setup venv + - sudo $CI_TOOL_DIR/get-docker-remote.sh + # Activate virtual environment to be able to use docker-remote safely + - source venv/bin/activate + # Check the size and tag limit of the repo + - REPO_SIZE=$(docker-remote repository --size $DOCKER_REPOSITORY) + - TAG_COUNT=$(docker-remote tags --count $DOCKER_REPOSITORY) + - 'echo -e "\033[33;1mCurrent repository size: $REPO_SIZE in $TAG_COUNT tags \033[0m"' + - | + if [[ ${REPO_SIZE%.*} -gt $SIZE_LIMIT ]] || [[ $TAG_COUNT -gt $TAG_LIMIT ]] + then + docker-remote --login $DOCKER_USERNAME:$DOCKER_PASSWORD \ + tags --assumeyes --pop-back --keep $TAG_LIMIT $DOCKER_REPOSITORY + fi + + + +# Specify the order of stages and conditions +stages: + # Helper stage to determine whether coverity stage should be allowed + - name: initialization + + - name: build docker image + if: type != cron + - name: build + if: type != cron + - name: test + if: type != cron + + # These stages run separately, the resulting container will not be pushed to Docker Hub + # This stage will only run on special conditions + - name: coverity scan + if: type = cron + + # Check for repository size and clean Docker repo if necessary + - name: clean Docker + if: type = cron + +env: + global: + # Secure Docker Hub credentials + - secure: "TY61ufmEJyxCer8vuAlQ3mYwGRynFZXPCFTxKgIzobAHHyE1Zwx0bZDDwDd88Gdgz7EGnOJtMABfa0axfPOK9il5u7lYmmZ8Usa0HAvKavkpSRnw2b16zz88N98x3DyaIquvg2J8iQpHHoM32+BGiAS7P8BiYTO6r+E0CMPYC0Ylh7eHVSBGfWbR9m+yCo/mDIEAWyop6Jv4rTMN4qP9U7e6Kou7m/AJeiCWMaR7rlanpLFNQi3+qF/Mt5dbE7LVLNSOkmpg/FPw34g4RC5mfLAh+c8YBadqo6kFA6qV1b931or0aZUYVtobI6UwC9U1GGqzfCTjXuVMNgPBBQ6n3JMt91mFFkP0lXdGMxpBNbwFL/btBrt2a359L/wNtqv6PuSJwJ3oTe/FP++X6xjbM7LcAHZMWZiK+0BFefNOUcRzBpaEJ2nGNzcLKHn4Bl0pl4LwZ0uVocN8RBwHnDX+hyUwwQPoQTLJQB9tpwDweIzftt9KmrIHmL9v7KZXR4s/8CKpNfVQ/XSysdtsK+7EKK5AsnbMNrZLjpH7D0Lo/Xp92/eJ2UGyqI7awJbJGPV2FNwyGcojDEXIBUsVssUjb5+B4LpHP1x4UQe/m9SuPJdtRB0R7PKe/tyPD3GTyfVO9K7imQATDdnMY32nkWXmXej8YWo76yA732rTZRZtFAc=" + - secure: "NAEzWn5Ru6IqDA1RSyTVhpIp2iQluumg0EOI111EN7qWWGUDNgAZi+QgvRI+OBNyuMpBpN/GX1Ys4YxUDos1F/fhm2vytoB4A/LG463FQsSVP3wnyMFJTSOI8H0jgK41xj79qiww7edbfq93MZ/XS95Ws4tUTi/0etUGvAgIHGgofFCPPdMNkOvSHLgzSnYfydzLuD9FVpCgvpbJnQ+47XHyN+sKoA+OlZ+EfIOVZt+Mk/dqYrsM7MRKEfplk1MvUiJpHvrw+xWTslCIiO03V6ws091fBMgedIFRpsySrsd1KwH8JIeOK6KFn5W7Q53auzZkKYk7ymknlJt4WVBy7Qg33njMQ53t3qMQYTRUIV4dcR60cdII7tatzgpKBcycxHQMAshOYPT6pYhSsO6JEKgiO+ZhOxvqWGwtEeH9Zq7P4ft8Q7GJhRkdi0X0WY7/6RjwinO/1LLj1LODim3mDFfAK7xS7e+nQW/JEOdWohT2+qm97j9IOZeQtPtdqZP9F8HJXgw6WjiGJIXMF3Ov9GkQh4uJyMYJ6hN7T3iRoenV86Dzgg6u5Ku131Ziwvlm+n94qlXF8Jl47wCcAS7VmyYxMft1gH+Zs+4Wq7KO0vysmnEk6rCqb87ZQSDOdTzBfK9HTyyAqmBCgS4Dp5x7/xOBMVXfq/SOb9c3Sh/JItA=" + - DOCKER_REPOSITORY=$DOCKER_USERNAME/systemd + + - ADMIN_EMAIL=macermak@redhat.com + + - AUTHOR_NAME="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aN\")" + - AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")" + + - CI_DIR="$TRAVIS_BUILD_DIR/travis-ci" + - CI_TOOL_DIR="$CI_DIR/tools" + - CI_SCRIPT_DIR="$CI_DIR/scripts" + notifications: + email: + recipients: + - ${ADMIN_EMAIL} + - ${AUTHOR_EMAIL} irc: channels: - "irc.freenode.org#systemd" diff --git a/scripts/coverity.sh b/scripts/coverity.sh new file mode 100755 index 0000000000..3e8d874728 --- /dev/null +++ b/scripts/coverity.sh @@ -0,0 +1,224 @@ +#!/bin/env bash + +# Declare build command +COVERITY_SCAN_BUILD_COMMAND="ninja -C cov-build" + +# Environment check +# Use default values if not set +SCAN_URL=${SCAN_URL:="https://scan.coverity.com"} +TOOL_BASE=${TOOL_BASE:="/tmp/coverity-scan-analysis"} +UPLOAD_URL=${UPLOAD_URL:="https://scan.coverity.com/builds"} + +# These must be set by environment +echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m" +[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1 +[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1 +[ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1 +[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1 +[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1 + +# Do not run on pull requests +if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then + echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m" + exit 0 +fi + +# Verify this branch should run +if [[ "${TRAVIS_BRANCH^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then + echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m" +else + echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m" + exit 1 +fi + +# Verify upload is permitted +AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted` +if [ "$AUTH_RES" = "Access denied" ]; then + echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m" + exit 1 +else + AUTH=`echo $AUTH_RES | python -c "import sys, json; print json.load(sys.stdin)['upload_permitted']"` + if [ "$AUTH" = "True" ]; then + echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m" + else + WHEN=`echo $AUTH_RES | python -c "import sys; json; print json.load(sys.stdin)['next_upload_permitted_at']"` + echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m" + exit 0 + fi +fi + +TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'` +export PATH="$TOOL_DIR/bin:$PATH" + +# Disable CCACHE for cov-build to compilation units correctly +export CCACHE_DISABLE=1 + +# FUNCTION DEFINITIONS +# -------------------- +_help() +{ + # displays help and exits + cat <<-EOF + USAGE: $0 [CMD] [OPTIONS] + + CMD + build Issue Coverity build + upload Upload coverity archive for analysis + Note: By default, archive is created from default results directory. + To provide custom archive or results directory, see --result-dir + and --tar options below. + + OPTIONS + -h,--help Display this menu and exits + + Applicable to build command + --------------------------- + -o,--out-dir Specify Coverity intermediate directory (defaults to 'cov-int') + -t,--tar bool, archive the output to .tgz file (defaults to false) + + Applicable to upload command + ---------------------------- + -d, --result-dir Specify result directory if different from default ('cov-int') + -t, --tar ARCHIVE Use custom .tgz archive instead of intermediate directory or pre-archived .tgz + (by default 'analysis-result.tgz' + EOF + return; +} + +_pack() +{ + RESULTS_ARCHIVE=${RESULTS_ARCHIVE:-'analysis-results.tgz'} + + echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m" + tar czf $RESULTS_ARCHIVE $RESULTS_DIR + SHA=`git rev-parse --short HEAD` + + PACKED=true +} + + +_build() +{ + echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m" + local _cov_build_options="" + #local _cov_build_options="--return-emit-failures 8 --parse-error-threshold 85" + eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}" + COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $_cov_build_options sh -c "$COVERITY_SCAN_BUILD_COMMAND" + cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt + + if [ $? != 0 ]; then + echo -e "\033[33;1mCoverity Scan Build failed: $TEXT.\033[0m" + return 1 + fi + + [ -z $TAR ] || [ $TAR = false ] && return 0 + + if [ "$TAR" = true ]; then + _pack + fi +} + + +_upload() +{ + # pack results + [ -z $PACKED ] || [ $PACKED = false ] && _pack + + # Upload results + echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m" + response=$(curl \ + --silent --write-out "\n%{http_code}\n" \ + --form project=$COVERITY_SCAN_PROJECT_NAME \ + --form token=$COVERITY_SCAN_TOKEN \ + --form email=$COVERITY_SCAN_NOTIFICATION_EMAIL \ + --form file=@$RESULTS_ARCHIVE \ + --form version=$SHA \ + --form description="Travis CI build" \ + $UPLOAD_URL) + status_code=$(echo "$response" | sed -n '$p') + if [ "$status_code" != "201" ]; then + TEXT=$(echo "$response" | sed '$d') + echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m" + exit 1 + fi + + echo -e "\n\033[33;1mCoverity Scan Analysis completed succesfully.\033[0m" + exit 0 +} + +# PARSE COMMAND LINE OPTIONS +# -------------------------- + +case $1 in + -h|--help) + _help + exit 0 + ;; + build) + CMD='build' + TEMP=`getopt -o ho:t --long help,out-dir:,tar -n '$0' -- "$@"` + _ec=$? + [[ $_ec -gt 0 ]] && _help && exit $_ec + shift + ;; + upload) + CMD='upload' + TEMP=`getopt -o hd:t: --long help,result-dir:tar: -n '$0' -- "$@"` + _ec=$? + [[ $_ec -gt 0 ]] && _help && exit $_ec + shift + ;; + *) + _help && exit 1 ;; +esac + +RESULTS_DIR='cov-int' + +eval set -- "$TEMP" +if [ $? != 0 ] ; then exit 1 ; fi + +# extract options and their arguments into variables. +if [[ $CMD == 'build' ]]; then + TAR=false + while true ; do + case $1 in + -h|--help) + _help + exit 0 + ;; + -o|--out-dir) + RESULTS_DIR="$2" + shift 2 + ;; + -t|--tar) + TAR=true + shift + ;; + --) _build; shift ; break ;; + *) echo "Internal error" ; _help && exit 6 ;; + esac + done + +elif [[ $CMD == 'upload' ]]; then + while true ; do + case $1 in + -h|--help) + _help + exit 0 + ;; + -d|--result-dir) + CHANGE_DEFAULT_DIR=true + RESULTS_DIR="$2" + shift 2 + ;; + -t|--tar) + RESULTS_ARCHIVE="$2" + [ -z $CHANGE_DEFAULT_DIR ] || [ $CHANGE_DEFAULT_DIR = false ] && PACKED=true + shift 2 + ;; + --) _upload; shift ; break ;; + *) echo "Internal error" ; _help && exit 6 ;; + esac + done + +fi diff --git a/travis-ci/.dockerignore b/travis-ci/.dockerignore new file mode 100644 index 0000000000..039215886d --- /dev/null +++ b/travis-ci/.dockerignore @@ -0,0 +1,30 @@ +*.a +*.cache +*.gch +*.log +*.o +*.plist +*.py[co] +*.stamp +*.swp +*.trs +*~ +.config.args +.deps/ +/*.gcda +/*.gcno +/GPATH +/GRTAGS +/GSYMS +/GTAGS +/TAGS +/ID +/build* +/coverage/ +/install-tree +/mkosi.builddir/ +/tags +image.raw +image.raw.cache-pre-dev +image.raw.cache-pre-inst +__pycache__/ diff --git a/travis-ci/Dockerfile b/travis-ci/Dockerfile new file mode 100644 index 0000000000..9554fcfc21 --- /dev/null +++ b/travis-ci/Dockerfile @@ -0,0 +1,38 @@ +## Create Dockerfile that builds container suitable for systemd build +## This container runs as non-root user by deafult + +# Use the latest stable version of fedora +FROM fedora:latest + +# Demand the specification of non-root username +ARG DOCKER_USER +ARG DOCKER_USER_UID +ARG DOCKER_USER_GID + +# Copy the requirements into the container at /tmp +COPY requirements.txt /tmp/ + +# Install the requirements +# RUN dnf -y update FIXME +RUN dnf -y install $(cat '/tmp/requirements.txt') +# clean step to prevent cache and metadata corruption +RUN dnf clean all +RUN dnf -y builddep systemd + +# Add non-root user and chown the project dir +RUN groupadd -g $DOCKER_USER_GID $DOCKER_USER +RUN useradd --create-home --shell /bin/bash -u $DOCKER_USER_UID -g $DOCKER_USER_GID -G wheel $DOCKER_USER +ENV HOME /home/$DOCKER_USER +ENV PROJECTDIR $HOME/systemd + +# Copy content to the project directory +COPY . $PROJECTDIR + +# Greant user all permissions to the project dir +RUN chown -R $DOCKER_USER $PROJECTDIR + +# Switch to noroot user by default +USER $DOCKER_USER + +# Update workdir to user home dir +WORKDIR $PROJECTDIR diff --git a/travis-ci/requirements.txt b/travis-ci/requirements.txt new file mode 100644 index 0000000000..f2dbae4b38 --- /dev/null +++ b/travis-ci/requirements.txt @@ -0,0 +1,3 @@ +dnf-plugins-core +meson +ninja-build diff --git a/travis-ci/scripts/build-docker-image.sh b/travis-ci/scripts/build-docker-image.sh new file mode 100755 index 0000000000..5d4333a95b --- /dev/null +++ b/travis-ci/scripts/build-docker-image.sh @@ -0,0 +1,14 @@ +#!/bin/bash + +# Check environment +[ -z "$DOCKER_REPOSITORY" ] && echo "ERROR: DOCKER_REPOSITORY must be set" && exit 1 +[ -z "$TRAVIS_COMMIT" ] && echo "ERROR: TRAVIS_COMMIT must be set" && exit 1 + +# Build docker image +echo -e "\n\033[33;1mBuilding docker image: $DOCKER_REPOSITORY:$TRAVIS_COMMIT.\033[0m" + +docker build \ +--build-arg DOCKER_USER=$USER \ +--build-arg DOCKER_USER_UID=`id -u` \ +--build-arg DOCKER_USER_GID=`id -g` \ +--force-rm -t ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} --pull=true . diff --git a/travis-ci/tools/get-coverity.sh b/travis-ci/tools/get-coverity.sh new file mode 100755 index 0000000000..d364b541e2 --- /dev/null +++ b/travis-ci/tools/get-coverity.sh @@ -0,0 +1,35 @@ +#!/bin/bash + +# Download and extract coverity tool + +# Environment check +[ -z "$COVERITY_SCAN_TOKEN" ] && echo 'ERROR: COVERITY_SCAN_TOKEN must be set' && exit 1 + +# Use default values if not set +PLATFORM=$(uname) + +TOOL_BASE=${TOOL_BASE:="/tmp/coverity-scan-analysis"} +TOOL_ARCHIVE=${TOOL_ARCHIVE:="/tmp/cov-analysis-${PLATFORM}.tgz"} + +TOOL_URL="https://scan.coverity.com/download/${PLATFORM}" + +# Make sure wget is installed +sudo apt-get update && sudo apt-get -y install wget + +# Get coverity tool +if [ ! -d $TOOL_BASE ]; then + # Download Coverity Scan Analysis Tool + if [ ! -e $TOOL_ARCHIVE ]; then + echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m" + wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" + fi + + # Extract Coverity Scan Analysis Tool + echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m" + mkdir -p $TOOL_BASE + pushd $TOOL_BASE + tar xzf $TOOL_ARCHIVE + popd +fi + +echo -e "\033[33;1mCoverity Scan Analysis Tool can be found at $TOOL_BASE ...\033[0m" diff --git a/travis-ci/tools/get-docker-remote.sh b/travis-ci/tools/get-docker-remote.sh new file mode 100755 index 0000000000..55bc29e7b1 --- /dev/null +++ b/travis-ci/tools/get-docker-remote.sh @@ -0,0 +1,20 @@ +#!/bin/bash + +# Download and install docker-remote +# Sets up venv folder +# Notes: run with sudo command + +# Make sure python3 is installed and install git and virtual environment +sudo apt-get update && sudo apt-get -y install python3 python3-pip git +sudo apt-get install -y $(apt-cache search venv | cut -d' ' -f 1) + +# Get the tool from github and install it +git clone https://github.com/CermakM/docker-remote.git + +# We need to setup virtual environment here to solve disable_warning issue +python3 -m venv venv +source venv/bin/activate + +pushd docker-remote +pip install . +popd