commit: c88a1c6b3dd1a5bcbd8f82a7a73751100e128a00 Author: Mike Frysinger <vapier <AT> gentoo <DOT> org> AuthorDate: Sun Jun 19 13:30:07 2016 +0000 Commit: Mike Frysinger <vapier <AT> gentoo <DOT> org> CommitDate: Sun Jun 19 13:30:07 2016 +0000 URL: https://gitweb.gentoo.org/proj/pax-utils.git/commit/?id=c88a1c6b
travis: add coverity scan integration .travis.yml | 12 ++++++++---- README.md | 2 +- travis/main.sh | 25 +++++++++++++++++++++++++ 3 files changed, 34 insertions(+), 5 deletions(-) diff --git a/.travis.yml b/.travis.yml index 4f5f843..37b90c3 100644 --- a/.travis.yml +++ b/.travis.yml @@ -2,22 +2,26 @@ # https://docs.travis-ci.com/ language: c +# Order here matters for implicit matrix generation and coverity scan. +# See travis/main.sh for details. compiler: - - clang - gcc + - clang sudo: false +# Order here matters; see compiler comment above. os: - linux -# Travis currently runs on OS X 10.9 which does not include *at funcs. -# Disable until they update or we include autotools support. - osx # Travis currently uses Ubuntu 12.04 (Precise) which is too old: it does # not include pyelftools. Disable until they update. env: - - USE_PYTHON=no + global: + - USE_PYTHON=no + - secure: "ePjz/xsdTlf0lhdZtANITiAk2lBAA9wwzB5PK/9aR5i1eBfjgXQgIJLY1y7Lqa4WU8TnSF2mwzd0pYgb320lQMC5rP7aEMAqxVZeG9WmFjet2G5vQ48tDhEJzzDhOpfvQyPehiWqLL6RUhNjE8+kpdK74P7oUFJVIuoQkUn2EuW9eUD9hV6z6tS60C0F4COdE/6DPnBySmqvjm9r9Sdfz1flCI2FXoV7MrrqrwLIx3OMtHmqmM9vGF1d2rGXRADVEGL+ldx9KvdfTLddXhWkCuHZil9YMvQLu0+gTK/g3V02Gh1/xrKmTa6v2RDqimCYDGKdHn0An+tQShYqk2JqJfzvPeysGS8lWfQePaEnHnf6niQN6h4078Ru5jH3D6AFjInrdPEOS3UZsbrJ//7hhUdiHONeQZcVcCVk7bvaJoanjjI9hJaPQXc72u81uyjlXaTOEj/znOAV92WyTaR62cT5r0GR+R7Jp214YR1IyAIB63zQVw2QCNi6W2HpyUEo3d2fOdJdaPwPQL52GxD/i3h4uGh1orYdRL4s/tdqwvYHklE2AGrEAboq2pIkmVirWH9+3+vRTnZ+fyoXD6dqDa0QvkN0pxEwmFy0IvbvTUA+0k6iplDVY21hqoid2OUpus+LjdXT2QALsY9OfMvMPdUaoFSTzWFm1jwZBPqlZN0=" + # Note: OS X deps are maintained in .travis.sh until Travis supports it here. addons: apt: diff --git a/README.md b/README.md index 4913455..fa0f0f8 100644 --- a/README.md +++ b/README.md @@ -5,7 +5,7 @@ | HOMEPAGE | https://wiki.gentoo.org/wiki/Hardened/PaX_Utilities | | GIT | git clone git://anongit.gentoo.org/proj/pax-utils.git | | VIEWVCS | https://gitweb.gentoo.org/proj/pax-utils.git/ | -| STATUS | [![Build Status](https://travis-ci.org/gentoo/pax-utils.svg?branch=master)](https://travis-ci.org/gentoo/pax-utils) | +| STATUS | [![Build Status](https://travis-ci.org/gentoo/pax-utils.svg?branch=master)](https://travis-ci.org/gentoo/pax-utils) [![Coverity Status](https://scan.coverity.com/projects/9213/badge.svg)](https://scan.coverity.com/projects/gentoo-pax-utils) | pax-utils is a small set of utilities for peforming Q/A (mostly security) checks on systems (most notably, `scanelf`). It is focused on the ELF diff --git a/travis/main.sh b/travis/main.sh index 58b4ddf..9c8c9c9 100755 --- a/travis/main.sh +++ b/travis/main.sh @@ -2,6 +2,27 @@ . "${0%/*}"/lib.sh +# We have to do this by hand rather than use the coverity addon because of +# matrix explosion: https://github.com/travis-ci/travis-ci/issues/1975 +coverity_scan() { + local reason + [[ ${TRAVIS_JOB_NUMBER} != *.1 ]] && reason="not first build job" + [[ -n ${TRAVIS_TAG} ]] && reason="git tag" + [[ ${TRAVIS_PULL_REQUEST} == "true" ]] && reason="pull request" + if [[ -n ${reason} ]] ; then + echo "Skipping coverity scan due to: ${reason}" + return + fi + + export COVERITY_SCAN_PROJECT_NAME="${TRAVIS_REPO_SLUG}" + export COVERITY_SCAN_NOTIFICATION_EMAIL="vap...@gentoo.org" + export COVERITY_SCAN_BUILD_COMMAND="make -j${ncpus}" + export COVERITY_SCAN_BUILD_COMMAND_PREPEND="git clean -q -x -d -f; git checkout -f" + export COVERITY_SCAN_BRANCH_PATTERN="master" + + curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || : +} + main() { if [[ ${TRAVIS_OS_NAME} == "osx" ]] ; then # Note: Linux deps are maintained in .travis.yml. @@ -44,5 +65,9 @@ main() { v ./configure m V=1 fi + + # Do scans last as they like to dirty the tree and some tests + # expect a clean tree (like code style checks). + v --fold="coverity_scan" coverity_scan } main "$@"