mirror of
https://github.com/systemd/systemd-stable.git
synced 2025-01-08 21:17:47 +03:00
Integration of Travis CI and Coverity Scan Analysis (#7691)
- Coverity scan analysis tasks run as scheduled cron jobs - Stage separation for Build, Test and Coverity scan phase - Travis CI now uses Fedora container to build and run tests - Containers are accessible from Docker Hub and failed builds can be reproduced and examined - coverity.sh: separate build and upload
This commit is contained in:
parent
d8dab75789
commit
99127d20ce
182
.travis.yml
182
.travis.yml
@ -1,12 +1,178 @@
|
||||
language: c
|
||||
compiler:
|
||||
- gcc
|
||||
before_install:
|
||||
- sudo apt-get update -qq
|
||||
- sudo apt-get install autotools-dev automake autoconf libtool libdbus-1-dev libcap-dev libblkid-dev libmount-dev libpam-dev libcryptsetup-dev libaudit-dev libacl1-dev libattr1-dev libselinux-dev liblzma-dev libgcrypt-dev libqrencode-dev libmicrohttpd-dev gperf python2.7-dev
|
||||
script: ./autogen.sh && ./configure && make V=1 && sudo ./systemd-machine-id-setup && make check && make distcheck
|
||||
after_failure: cat test-suite.log
|
||||
sudo: required
|
||||
|
||||
services:
|
||||
- docker
|
||||
|
||||
jobs:
|
||||
include:
|
||||
- stage: build docker image
|
||||
env:
|
||||
# The machine id will be passed to Dockerfile for later checks
|
||||
- MACHINE_ID=$(cat /var/lib/dbus/machine-id)
|
||||
before_script: &update
|
||||
# Ensure the latest version of docker is installed
|
||||
- sudo apt-get update
|
||||
- sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce
|
||||
- docker --version
|
||||
- env > .env
|
||||
script:
|
||||
# Copy content of CI_DIR into WORKDIR
|
||||
- find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} +
|
||||
- echo "ENV GIT_SHA ${TRAVIS_COMMIT}" >> Dockerfile
|
||||
- echo "ENV MACHINE_ID ${MACHINE_ID}" >> Dockerfile
|
||||
- echo "$(git log -1 ${TRAVIS_COMMIT})" >> COMMITINFO
|
||||
# Build docker container
|
||||
- $CI_SCRIPT_DIR/build-docker-image.sh
|
||||
|
||||
- docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}"
|
||||
- docker push ${DOCKER_REPOSITORY}
|
||||
|
||||
- stage: build
|
||||
language: c
|
||||
compiler: gcc
|
||||
env:
|
||||
# The machine id will be passed to container
|
||||
- MACHINE_ID=$(cat /var/lib/dbus/machine-id)
|
||||
before_script: *update
|
||||
script:
|
||||
- docker run -dit --name travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash
|
||||
- docker exec -u 0 -ti travis_build bash -c "echo ${MACHINE_ID} > /etc/machine-id"
|
||||
- docker exec -ti travis_build meson build
|
||||
- docker exec -ti travis_build ninja -C build
|
||||
# Commit it to the new image that will be used for testing
|
||||
- docker commit -m "systemd build state" -a "${AUTHOR_NAME}" travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT}
|
||||
- docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}"
|
||||
- docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT}
|
||||
|
||||
- stage: test
|
||||
language: c
|
||||
compiler: gcc
|
||||
before_script: *update
|
||||
script:
|
||||
- docker run --privileged --net=host -dit --name travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash
|
||||
- docker exec -ti travis_test ninja -C build test
|
||||
- docker commit -m "systemd test state" -a "${AUTHOR_NAME}" travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT}
|
||||
- docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}"
|
||||
- docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT}
|
||||
|
||||
- stage: coverity scan
|
||||
language: c
|
||||
compiler: gcc
|
||||
before_script: *update
|
||||
env:
|
||||
- COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG"
|
||||
- COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}"
|
||||
- COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH"
|
||||
# Disable CCACHE for cov-build to compilation units correctly
|
||||
- CCACHE_DISABLE=1
|
||||
# Token for systemd/systemd Coverity Scan Analysis
|
||||
# The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
|
||||
# via the "travis encrypt" command using the project repo's public key
|
||||
- secure: "UNQLspT89GYWuVKFqW5W5RyqqnYg5RvX20IrNraOddhpdV9nhKBtozrfmhGXDGZwfHGWHt6g7YROlD/NIMvDvThVJIEYvSQiXCoo2zRrwkl2siET5MjPfRG8numiLq0KX47KGmyBJISJZCgDUdNGqqGwgf7AhDN78I3XtgqjFT1z0mGl8n0wiFpKPi7i3nECvF4Mk7xCCHqwByaq0z5G9NkVlOvP1EyCxwv3B6I5Umfch7ibp7iH44YnVXILK+yEry5dMuctYwYkDouR80ChEPQQ5fhhpO4++HJmFuSpfMTeCHpucAd2xwSUijejYeN/GNQ177GxSSk/8hRBGcuSK8T/WJ+KiuJPhZObV8mw+a6+qdQssWY4F9jya5ZKbZ/yTbxjtQ0m4AgtL28P9bEze8pLh16zFMX+hIEuoFSNmJqmtNttfbD5TKyYVZml59s9wvhlvMnlNpRSQva88OAOjXtiA41g+XtTxxpfW9mgd7HYhzSBs1efNiK7PfkANgve7KIYMAmCAqasgb1IIAyX7stOlJH06QOFXNH55PmJLkkKyL3SMQzgryMDWegU+XbS8t43r0x14WLuE7sc9JtnOr/G8hthFaMRp8xLy9aCBwyEIkEsyWa50VMoZDa3Spdb4r1CKBwcGdCbyE4rCehwEIznbfrsSovhwiUds7bbhBU="
|
||||
script:
|
||||
# Copy content of CI_DIR into WORKDIR
|
||||
- find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} +
|
||||
# Build container for current user
|
||||
- $CI_SCRIPT_DIR/build-docker-image.sh
|
||||
|
||||
# For kernel version 4.8+
|
||||
- sudo sysctl vsyscall=emulate || true
|
||||
# Prepare environment for Coverity tool
|
||||
- |
|
||||
PLATFORM=`uname`
|
||||
export TOOL_BASE="/tmp/coverity-scan-analysis"
|
||||
export SCAN_URL="https://scan.coverity.com"
|
||||
export UPLOAD_URL="https://scan.coverity.com/builds"
|
||||
export TOOL_ARCHIVE="/tmp/cov-analysis-${PLATFORM}.tgz"
|
||||
|
||||
# Get Coverity tool
|
||||
- $CI_TOOL_DIR/get-coverity.sh
|
||||
- TOOL_DIR="$(find $TOOL_BASE -type d -name 'cov-analysis*')"
|
||||
|
||||
# Export env variables for Coverity scan
|
||||
- env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env
|
||||
- |
|
||||
docker run -dit --env-file .cov-env \
|
||||
-v ${TOOL_BASE}:${TOOL_BASE}:ro \
|
||||
--name travis_coverity_scan ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash
|
||||
# Make sure Coverity script is executable
|
||||
- docker cp scripts/coverity.sh travis_coverity_scan:/usr/local/bin
|
||||
# Preconfigure with meson to prevent Coverity from capturing meson metadata
|
||||
# Set compiler flag to prevent emit failure
|
||||
- docker exec -it travis_coverity_scan sh -c "CFLAGS='-D_Float128=long\ double' meson cov-build -Dman=false"
|
||||
# Run Coverity Analysis
|
||||
- docker exec -it travis_coverity_scan coverity.sh build
|
||||
- docker exec -it travis_coverity_scan coverity.sh upload
|
||||
|
||||
- stage: clean docker
|
||||
language: python
|
||||
# python:
|
||||
# - "3.6" Probably broken ATM
|
||||
env:
|
||||
- SIZE_LIMIT="3000" # Limit in MBs
|
||||
- TAG_LIMIT="3" # Number of tags to be kept at the time
|
||||
before-script:
|
||||
- sudo apt-get -y install python3
|
||||
script:
|
||||
# Get docker-remote tool and setup venv
|
||||
- sudo $CI_TOOL_DIR/get-docker-remote.sh
|
||||
# Activate virtual environment to be able to use docker-remote safely
|
||||
- source venv/bin/activate
|
||||
# Check the size and tag limit of the repo
|
||||
- REPO_SIZE=$(docker-remote repository --size $DOCKER_REPOSITORY)
|
||||
- TAG_COUNT=$(docker-remote tags --count $DOCKER_REPOSITORY)
|
||||
- 'echo -e "\033[33;1mCurrent repository size: $REPO_SIZE in $TAG_COUNT tags \033[0m"'
|
||||
- |
|
||||
if [[ ${REPO_SIZE%.*} -gt $SIZE_LIMIT ]] || [[ $TAG_COUNT -gt $TAG_LIMIT ]]
|
||||
then
|
||||
docker-remote --login $DOCKER_USERNAME:$DOCKER_PASSWORD \
|
||||
tags --assumeyes --pop-back --keep $TAG_LIMIT $DOCKER_REPOSITORY
|
||||
fi
|
||||
|
||||
|
||||
|
||||
# Specify the order of stages and conditions
|
||||
stages:
|
||||
# Helper stage to determine whether coverity stage should be allowed
|
||||
- name: initialization
|
||||
|
||||
- name: build docker image
|
||||
if: type != cron
|
||||
- name: build
|
||||
if: type != cron
|
||||
- name: test
|
||||
if: type != cron
|
||||
|
||||
# These stages run separately, the resulting container will not be pushed to Docker Hub
|
||||
# This stage will only run on special conditions
|
||||
- name: coverity scan
|
||||
if: type = cron
|
||||
|
||||
# Check for repository size and clean Docker repo if necessary
|
||||
- name: clean Docker
|
||||
if: type = cron
|
||||
|
||||
env:
|
||||
global:
|
||||
# Secure Docker Hub credentials
|
||||
- secure: "TY61ufmEJyxCer8vuAlQ3mYwGRynFZXPCFTxKgIzobAHHyE1Zwx0bZDDwDd88Gdgz7EGnOJtMABfa0axfPOK9il5u7lYmmZ8Usa0HAvKavkpSRnw2b16zz88N98x3DyaIquvg2J8iQpHHoM32+BGiAS7P8BiYTO6r+E0CMPYC0Ylh7eHVSBGfWbR9m+yCo/mDIEAWyop6Jv4rTMN4qP9U7e6Kou7m/AJeiCWMaR7rlanpLFNQi3+qF/Mt5dbE7LVLNSOkmpg/FPw34g4RC5mfLAh+c8YBadqo6kFA6qV1b931or0aZUYVtobI6UwC9U1GGqzfCTjXuVMNgPBBQ6n3JMt91mFFkP0lXdGMxpBNbwFL/btBrt2a359L/wNtqv6PuSJwJ3oTe/FP++X6xjbM7LcAHZMWZiK+0BFefNOUcRzBpaEJ2nGNzcLKHn4Bl0pl4LwZ0uVocN8RBwHnDX+hyUwwQPoQTLJQB9tpwDweIzftt9KmrIHmL9v7KZXR4s/8CKpNfVQ/XSysdtsK+7EKK5AsnbMNrZLjpH7D0Lo/Xp92/eJ2UGyqI7awJbJGPV2FNwyGcojDEXIBUsVssUjb5+B4LpHP1x4UQe/m9SuPJdtRB0R7PKe/tyPD3GTyfVO9K7imQATDdnMY32nkWXmXej8YWo76yA732rTZRZtFAc="
|
||||
- secure: "NAEzWn5Ru6IqDA1RSyTVhpIp2iQluumg0EOI111EN7qWWGUDNgAZi+QgvRI+OBNyuMpBpN/GX1Ys4YxUDos1F/fhm2vytoB4A/LG463FQsSVP3wnyMFJTSOI8H0jgK41xj79qiww7edbfq93MZ/XS95Ws4tUTi/0etUGvAgIHGgofFCPPdMNkOvSHLgzSnYfydzLuD9FVpCgvpbJnQ+47XHyN+sKoA+OlZ+EfIOVZt+Mk/dqYrsM7MRKEfplk1MvUiJpHvrw+xWTslCIiO03V6ws091fBMgedIFRpsySrsd1KwH8JIeOK6KFn5W7Q53auzZkKYk7ymknlJt4WVBy7Qg33njMQ53t3qMQYTRUIV4dcR60cdII7tatzgpKBcycxHQMAshOYPT6pYhSsO6JEKgiO+ZhOxvqWGwtEeH9Zq7P4ft8Q7GJhRkdi0X0WY7/6RjwinO/1LLj1LODim3mDFfAK7xS7e+nQW/JEOdWohT2+qm97j9IOZeQtPtdqZP9F8HJXgw6WjiGJIXMF3Ov9GkQh4uJyMYJ6hN7T3iRoenV86Dzgg6u5Ku131Ziwvlm+n94qlXF8Jl47wCcAS7VmyYxMft1gH+Zs+4Wq7KO0vysmnEk6rCqb87ZQSDOdTzBfK9HTyyAqmBCgS4Dp5x7/xOBMVXfq/SOb9c3Sh/JItA="
|
||||
- DOCKER_REPOSITORY=$DOCKER_USERNAME/systemd
|
||||
|
||||
- ADMIN_EMAIL=macermak@redhat.com
|
||||
|
||||
- AUTHOR_NAME="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aN\")"
|
||||
- AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")"
|
||||
|
||||
- CI_DIR="$TRAVIS_BUILD_DIR/travis-ci"
|
||||
- CI_TOOL_DIR="$CI_DIR/tools"
|
||||
- CI_SCRIPT_DIR="$CI_DIR/scripts"
|
||||
|
||||
notifications:
|
||||
email:
|
||||
recipients:
|
||||
- ${ADMIN_EMAIL}
|
||||
- ${AUTHOR_EMAIL}
|
||||
irc:
|
||||
channels:
|
||||
- "irc.freenode.org#systemd"
|
||||
|
224
scripts/coverity.sh
Executable file
224
scripts/coverity.sh
Executable file
@ -0,0 +1,224 @@
|
||||
#!/bin/env bash
|
||||
|
||||
# Declare build command
|
||||
COVERITY_SCAN_BUILD_COMMAND="ninja -C cov-build"
|
||||
|
||||
# Environment check
|
||||
# Use default values if not set
|
||||
SCAN_URL=${SCAN_URL:="https://scan.coverity.com"}
|
||||
TOOL_BASE=${TOOL_BASE:="/tmp/coverity-scan-analysis"}
|
||||
UPLOAD_URL=${UPLOAD_URL:="https://scan.coverity.com/builds"}
|
||||
|
||||
# These must be set by environment
|
||||
echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m"
|
||||
[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
|
||||
[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
|
||||
[ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1
|
||||
[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
|
||||
[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
|
||||
|
||||
# Do not run on pull requests
|
||||
if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
|
||||
echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
|
||||
# Verify this branch should run
|
||||
if [[ "${TRAVIS_BRANCH^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then
|
||||
echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m"
|
||||
else
|
||||
echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
# Verify upload is permitted
|
||||
AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted`
|
||||
if [ "$AUTH_RES" = "Access denied" ]; then
|
||||
echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
|
||||
exit 1
|
||||
else
|
||||
AUTH=`echo $AUTH_RES | python -c "import sys, json; print json.load(sys.stdin)['upload_permitted']"`
|
||||
if [ "$AUTH" = "True" ]; then
|
||||
echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
|
||||
else
|
||||
WHEN=`echo $AUTH_RES | python -c "import sys; json; print json.load(sys.stdin)['next_upload_permitted_at']"`
|
||||
echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
|
||||
exit 0
|
||||
fi
|
||||
fi
|
||||
|
||||
TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
|
||||
export PATH="$TOOL_DIR/bin:$PATH"
|
||||
|
||||
# Disable CCACHE for cov-build to compilation units correctly
|
||||
export CCACHE_DISABLE=1
|
||||
|
||||
# FUNCTION DEFINITIONS
|
||||
# --------------------
|
||||
_help()
|
||||
{
|
||||
# displays help and exits
|
||||
cat <<-EOF
|
||||
USAGE: $0 [CMD] [OPTIONS]
|
||||
|
||||
CMD
|
||||
build Issue Coverity build
|
||||
upload Upload coverity archive for analysis
|
||||
Note: By default, archive is created from default results directory.
|
||||
To provide custom archive or results directory, see --result-dir
|
||||
and --tar options below.
|
||||
|
||||
OPTIONS
|
||||
-h,--help Display this menu and exits
|
||||
|
||||
Applicable to build command
|
||||
---------------------------
|
||||
-o,--out-dir Specify Coverity intermediate directory (defaults to 'cov-int')
|
||||
-t,--tar bool, archive the output to .tgz file (defaults to false)
|
||||
|
||||
Applicable to upload command
|
||||
----------------------------
|
||||
-d, --result-dir Specify result directory if different from default ('cov-int')
|
||||
-t, --tar ARCHIVE Use custom .tgz archive instead of intermediate directory or pre-archived .tgz
|
||||
(by default 'analysis-result.tgz'
|
||||
EOF
|
||||
return;
|
||||
}
|
||||
|
||||
_pack()
|
||||
{
|
||||
RESULTS_ARCHIVE=${RESULTS_ARCHIVE:-'analysis-results.tgz'}
|
||||
|
||||
echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
|
||||
tar czf $RESULTS_ARCHIVE $RESULTS_DIR
|
||||
SHA=`git rev-parse --short HEAD`
|
||||
|
||||
PACKED=true
|
||||
}
|
||||
|
||||
|
||||
_build()
|
||||
{
|
||||
echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
|
||||
local _cov_build_options=""
|
||||
#local _cov_build_options="--return-emit-failures 8 --parse-error-threshold 85"
|
||||
eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
|
||||
COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $_cov_build_options sh -c "$COVERITY_SCAN_BUILD_COMMAND"
|
||||
cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt
|
||||
|
||||
if [ $? != 0 ]; then
|
||||
echo -e "\033[33;1mCoverity Scan Build failed: $TEXT.\033[0m"
|
||||
return 1
|
||||
fi
|
||||
|
||||
[ -z $TAR ] || [ $TAR = false ] && return 0
|
||||
|
||||
if [ "$TAR" = true ]; then
|
||||
_pack
|
||||
fi
|
||||
}
|
||||
|
||||
|
||||
_upload()
|
||||
{
|
||||
# pack results
|
||||
[ -z $PACKED ] || [ $PACKED = false ] && _pack
|
||||
|
||||
# Upload results
|
||||
echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
|
||||
response=$(curl \
|
||||
--silent --write-out "\n%{http_code}\n" \
|
||||
--form project=$COVERITY_SCAN_PROJECT_NAME \
|
||||
--form token=$COVERITY_SCAN_TOKEN \
|
||||
--form email=$COVERITY_SCAN_NOTIFICATION_EMAIL \
|
||||
--form file=@$RESULTS_ARCHIVE \
|
||||
--form version=$SHA \
|
||||
--form description="Travis CI build" \
|
||||
$UPLOAD_URL)
|
||||
status_code=$(echo "$response" | sed -n '$p')
|
||||
if [ "$status_code" != "201" ]; then
|
||||
TEXT=$(echo "$response" | sed '$d')
|
||||
echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
|
||||
exit 1
|
||||
fi
|
||||
|
||||
echo -e "\n\033[33;1mCoverity Scan Analysis completed succesfully.\033[0m"
|
||||
exit 0
|
||||
}
|
||||
|
||||
# PARSE COMMAND LINE OPTIONS
|
||||
# --------------------------
|
||||
|
||||
case $1 in
|
||||
-h|--help)
|
||||
_help
|
||||
exit 0
|
||||
;;
|
||||
build)
|
||||
CMD='build'
|
||||
TEMP=`getopt -o ho:t --long help,out-dir:,tar -n '$0' -- "$@"`
|
||||
_ec=$?
|
||||
[[ $_ec -gt 0 ]] && _help && exit $_ec
|
||||
shift
|
||||
;;
|
||||
upload)
|
||||
CMD='upload'
|
||||
TEMP=`getopt -o hd:t: --long help,result-dir:tar: -n '$0' -- "$@"`
|
||||
_ec=$?
|
||||
[[ $_ec -gt 0 ]] && _help && exit $_ec
|
||||
shift
|
||||
;;
|
||||
*)
|
||||
_help && exit 1 ;;
|
||||
esac
|
||||
|
||||
RESULTS_DIR='cov-int'
|
||||
|
||||
eval set -- "$TEMP"
|
||||
if [ $? != 0 ] ; then exit 1 ; fi
|
||||
|
||||
# extract options and their arguments into variables.
|
||||
if [[ $CMD == 'build' ]]; then
|
||||
TAR=false
|
||||
while true ; do
|
||||
case $1 in
|
||||
-h|--help)
|
||||
_help
|
||||
exit 0
|
||||
;;
|
||||
-o|--out-dir)
|
||||
RESULTS_DIR="$2"
|
||||
shift 2
|
||||
;;
|
||||
-t|--tar)
|
||||
TAR=true
|
||||
shift
|
||||
;;
|
||||
--) _build; shift ; break ;;
|
||||
*) echo "Internal error" ; _help && exit 6 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
elif [[ $CMD == 'upload' ]]; then
|
||||
while true ; do
|
||||
case $1 in
|
||||
-h|--help)
|
||||
_help
|
||||
exit 0
|
||||
;;
|
||||
-d|--result-dir)
|
||||
CHANGE_DEFAULT_DIR=true
|
||||
RESULTS_DIR="$2"
|
||||
shift 2
|
||||
;;
|
||||
-t|--tar)
|
||||
RESULTS_ARCHIVE="$2"
|
||||
[ -z $CHANGE_DEFAULT_DIR ] || [ $CHANGE_DEFAULT_DIR = false ] && PACKED=true
|
||||
shift 2
|
||||
;;
|
||||
--) _upload; shift ; break ;;
|
||||
*) echo "Internal error" ; _help && exit 6 ;;
|
||||
esac
|
||||
done
|
||||
|
||||
fi
|
30
travis-ci/.dockerignore
Normal file
30
travis-ci/.dockerignore
Normal file
@ -0,0 +1,30 @@
|
||||
*.a
|
||||
*.cache
|
||||
*.gch
|
||||
*.log
|
||||
*.o
|
||||
*.plist
|
||||
*.py[co]
|
||||
*.stamp
|
||||
*.swp
|
||||
*.trs
|
||||
*~
|
||||
.config.args
|
||||
.deps/
|
||||
/*.gcda
|
||||
/*.gcno
|
||||
/GPATH
|
||||
/GRTAGS
|
||||
/GSYMS
|
||||
/GTAGS
|
||||
/TAGS
|
||||
/ID
|
||||
/build*
|
||||
/coverage/
|
||||
/install-tree
|
||||
/mkosi.builddir/
|
||||
/tags
|
||||
image.raw
|
||||
image.raw.cache-pre-dev
|
||||
image.raw.cache-pre-inst
|
||||
__pycache__/
|
38
travis-ci/Dockerfile
Normal file
38
travis-ci/Dockerfile
Normal file
@ -0,0 +1,38 @@
|
||||
## Create Dockerfile that builds container suitable for systemd build
|
||||
## This container runs as non-root user by deafult
|
||||
|
||||
# Use the latest stable version of fedora
|
||||
FROM fedora:latest
|
||||
|
||||
# Demand the specification of non-root username
|
||||
ARG DOCKER_USER
|
||||
ARG DOCKER_USER_UID
|
||||
ARG DOCKER_USER_GID
|
||||
|
||||
# Copy the requirements into the container at /tmp
|
||||
COPY requirements.txt /tmp/
|
||||
|
||||
# Install the requirements
|
||||
# RUN dnf -y update FIXME
|
||||
RUN dnf -y install $(cat '/tmp/requirements.txt')
|
||||
# clean step to prevent cache and metadata corruption
|
||||
RUN dnf clean all
|
||||
RUN dnf -y builddep systemd
|
||||
|
||||
# Add non-root user and chown the project dir
|
||||
RUN groupadd -g $DOCKER_USER_GID $DOCKER_USER
|
||||
RUN useradd --create-home --shell /bin/bash -u $DOCKER_USER_UID -g $DOCKER_USER_GID -G wheel $DOCKER_USER
|
||||
ENV HOME /home/$DOCKER_USER
|
||||
ENV PROJECTDIR $HOME/systemd
|
||||
|
||||
# Copy content to the project directory
|
||||
COPY . $PROJECTDIR
|
||||
|
||||
# Greant user all permissions to the project dir
|
||||
RUN chown -R $DOCKER_USER $PROJECTDIR
|
||||
|
||||
# Switch to noroot user by default
|
||||
USER $DOCKER_USER
|
||||
|
||||
# Update workdir to user home dir
|
||||
WORKDIR $PROJECTDIR
|
3
travis-ci/requirements.txt
Normal file
3
travis-ci/requirements.txt
Normal file
@ -0,0 +1,3 @@
|
||||
dnf-plugins-core
|
||||
meson
|
||||
ninja-build
|
14
travis-ci/scripts/build-docker-image.sh
Executable file
14
travis-ci/scripts/build-docker-image.sh
Executable file
@ -0,0 +1,14 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Check environment
|
||||
[ -z "$DOCKER_REPOSITORY" ] && echo "ERROR: DOCKER_REPOSITORY must be set" && exit 1
|
||||
[ -z "$TRAVIS_COMMIT" ] && echo "ERROR: TRAVIS_COMMIT must be set" && exit 1
|
||||
|
||||
# Build docker image
|
||||
echo -e "\n\033[33;1mBuilding docker image: $DOCKER_REPOSITORY:$TRAVIS_COMMIT.\033[0m"
|
||||
|
||||
docker build \
|
||||
--build-arg DOCKER_USER=$USER \
|
||||
--build-arg DOCKER_USER_UID=`id -u` \
|
||||
--build-arg DOCKER_USER_GID=`id -g` \
|
||||
--force-rm -t ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} --pull=true .
|
35
travis-ci/tools/get-coverity.sh
Executable file
35
travis-ci/tools/get-coverity.sh
Executable file
@ -0,0 +1,35 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Download and extract coverity tool
|
||||
|
||||
# Environment check
|
||||
[ -z "$COVERITY_SCAN_TOKEN" ] && echo 'ERROR: COVERITY_SCAN_TOKEN must be set' && exit 1
|
||||
|
||||
# Use default values if not set
|
||||
PLATFORM=$(uname)
|
||||
|
||||
TOOL_BASE=${TOOL_BASE:="/tmp/coverity-scan-analysis"}
|
||||
TOOL_ARCHIVE=${TOOL_ARCHIVE:="/tmp/cov-analysis-${PLATFORM}.tgz"}
|
||||
|
||||
TOOL_URL="https://scan.coverity.com/download/${PLATFORM}"
|
||||
|
||||
# Make sure wget is installed
|
||||
sudo apt-get update && sudo apt-get -y install wget
|
||||
|
||||
# Get coverity tool
|
||||
if [ ! -d $TOOL_BASE ]; then
|
||||
# Download Coverity Scan Analysis Tool
|
||||
if [ ! -e $TOOL_ARCHIVE ]; then
|
||||
echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
|
||||
wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
|
||||
fi
|
||||
|
||||
# Extract Coverity Scan Analysis Tool
|
||||
echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
|
||||
mkdir -p $TOOL_BASE
|
||||
pushd $TOOL_BASE
|
||||
tar xzf $TOOL_ARCHIVE
|
||||
popd
|
||||
fi
|
||||
|
||||
echo -e "\033[33;1mCoverity Scan Analysis Tool can be found at $TOOL_BASE ...\033[0m"
|
20
travis-ci/tools/get-docker-remote.sh
Executable file
20
travis-ci/tools/get-docker-remote.sh
Executable file
@ -0,0 +1,20 @@
|
||||
#!/bin/bash
|
||||
|
||||
# Download and install docker-remote
|
||||
# Sets up venv folder
|
||||
# Notes: run with sudo command
|
||||
|
||||
# Make sure python3 is installed and install git and virtual environment
|
||||
sudo apt-get update && sudo apt-get -y install python3 python3-pip git
|
||||
sudo apt-get install -y $(apt-cache search venv | cut -d' ' -f 1)
|
||||
|
||||
# Get the tool from github and install it
|
||||
git clone https://github.com/CermakM/docker-remote.git
|
||||
|
||||
# We need to setup virtual environment here to solve disable_warning issue
|
||||
python3 -m venv venv
|
||||
source venv/bin/activate
|
||||
|
||||
pushd docker-remote
|
||||
pip install .
|
||||
popd
|
Loading…
Reference in New Issue
Block a user