From: Jan Kiszka <[email protected]> Travis is no longer free and insufficiently predictable for OSS, so migrate our CI to Github Actions. The same, just different: The workflow language takes time to familiarize, but Coverity integration is actually even simpler when open-coding (though that might have been true for Travis already).
What is dropped at this chance is support for coverity_scan-<arch>. This wasn't used for many years, the combined scan gives enough accuracy. Signed-off-by: Jan Kiszka <[email protected]> --- .github/workflows/main.yaml | 81 +++++++++++++++++++++++++++++++++++++ .travis.yml | 60 --------------------------- CONTRIBUTING.md | 4 +- README.md | 6 +-- ci/README.md | 10 ++--- ci/build-all-configs.sh | 5 --- ci/coverity-scan-build.sh | 36 ----------------- 7 files changed, 90 insertions(+), 112 deletions(-) create mode 100644 .github/workflows/main.yaml delete mode 100644 .travis.yml delete mode 100644 ci/coverity-scan-build.sh diff --git a/.github/workflows/main.yaml b/.github/workflows/main.yaml new file mode 100644 index 00000000..fbf38841 --- /dev/null +++ b/.github/workflows/main.yaml @@ -0,0 +1,81 @@ +# +# Jailhouse, a Linux-based partitioning hypervisor +# +# Copyright (c) Siemens AG, 2014-2021 +# +# Authors: +# Jan Kiszka <[email protected]> +# +# This work is licensed under the terms of the GNU GPL, version 2. See +# the COPYING file in the top-level directory. +# + +name: CI + +on: + push: + workflow_dispatch: + inputs: + clear-cache: + description: Clear cache + required: false + default: false + +jobs: + build: + runs-on: ubuntu-20.04 + steps: + - name: Checkout + uses: actions/checkout@v2 + - name: Install dependencies + run: | + sudo apt-get install --no-install-recommends \ + python3-mako gcc-arm-linux-gnueabihf libc6-dev-armhf-cross \ + gcc-aarch64-linux-gnu libc6-dev-arm64-cross + - name: Install Coverity + if: ${{ github.ref == 'refs/heads/coverity_scan' }} + run: | + wget https://scan.coverity.com/download/cxx/linux64 \ + --post-data "token=$COVERITY_TOKEN&project=siemens%2Fjailhouse" \ + -O coverity_tool.tar.gz + tar -xf coverity_tool.tar.gz + ln -s cov-analysis-linux64-* cov-analysis-linux64 + - name: Cache kernel build environment + uses: actions/cache@v2 + id: cache-kernel + with: + key: kernel-build + path: | + ci/linux + ci/linux-4.13 + - name: Install kernel build environment + if: ${{ github.event.inputs.clear-cache == 'true' || steps.cache-kernel.outputs.cache-hit != 'true' }} + run: | + cd ci + rm -rf linux linux-4.13 + wget http://www.kiszka.org/downloads/jailhouse-ci/kernel-build.tar.xz + tar xJf kernel-build.tar.xz + - name: Build + if: ${{ github.ref != 'refs/heads/coverity_scan' }} + run: | + ci/build-all-configs.sh + - name: Build for Coverity + if: ${{ github.ref == 'refs/heads/coverity_scan' }} + run: | + export PATH=$PWD/cov-analysis-linux64/bin:$PATH + cov-configure --comptype gcc --compiler arm-linux-gnueabihf-gcc --template + cov-configure --comptype gcc --compiler aarch64-linux-gnu-gcc --template + ci/build-all-configs.sh --cov cov-int + - name: Submit Coverity results + if: ${{ github.ref == 'refs/heads/coverity_scan' }} + run: | + tar caf jailhouse-scan.tar.bz2 cov-int + curl --form token=$COVERITY_TOKEN \ + --form email=$COVERITY_EMAIL \ + --form [email protected] \ + --form version="${{ github.sha }}" \ + --form description="Jailhouse Coverity Scan" \ + https://scan.coverity.com/builds?project=siemens%2Fjailhouse + env: + COVERITY_TOKEN: ${{ secrets.COVERITY_TOKEN }} + COVERITY_EMAIL: ${{ secrets.COVERITY_EMAIL }} diff --git a/.travis.yml b/.travis.yml deleted file mode 100644 index 2d120561..00000000 --- a/.travis.yml +++ /dev/null @@ -1,60 +0,0 @@ -# -# Jailhouse, a Linux-based partitioning hypervisor -# -# Copyright (c) Siemens AG, 2014-2019 -# -# Authors: -# Jan Kiszka <[email protected]> -# -# This work is licensed under the terms of the GNU GPL, version 2. See -# the COPYING file in the top-level directory. -# - -language: c -dist: bionic - -compiler: - - gcc - -addons: - apt: - packages: - - python-mako - - gcc-8 - - gcc-8-arm-linux-gnueabihf - - libc6-dev-armhf-cross - - gcc-8-aarch64-linux-gnu - - libc6-dev-arm64-cross - coverity_scan: - project: - name: "siemens/jailhouse" - notification_email: [email protected] - build_script_url: https://raw.githubusercontent.com/$TRAVIS_REPO_SLUG/$TRAVIS_BRANCH/ci/coverity-scan-build.sh - build_command_prepend: "cov-configure --comptype gcc --compiler arm-linux-gnueabihf-gcc --template; cov-configure --comptype gcc --compiler aarch64-linux-gnu-gcc --template" - build_command: "unused" - branch_pattern: coverity_scan.* - -install: - - sudo update-alternatives --install /usr/bin/gcc gcc /usr/bin/gcc-8 800 - - sudo update-alternatives --install /usr/bin/aarch64-linux-gnu-gcc aarch64-linux-gnu-gcc /usr/bin/aarch64-linux-gnu-gcc-8 800 - - sudo update-alternatives --install /usr/bin/arm-linux-gnueabihf-gcc arm-linux-gnueabihf-gcc /usr/bin/arm-linux-gnueabihf-gcc-8 800 - # Work around broken certificate of scan.coverity.com - - sudo curl -s -L https://entrust.com/root-certificates/entrust_l1k.cer -o /usr/local/share/ca-certificates/entrust_l1k.crt - - sudo update-ca-certificates - # Install kernel build environment if it's not in the cache - - if [ ! -L ci/linux ]; then - pushd ci; - wget http://www.kiszka.org/downloads/travis-ci/kernel-build.tar.xz; - tar xJf kernel-build.tar.xz; - popd; - fi - -cache: - directories: - - ci/linux - - ci/linux-4.13 - -script: - - if [ ${COVERITY_SCAN_BRANCH} != 1 ]; - then ci/build-all-configs.sh; - fi diff --git a/CONTRIBUTING.md b/CONTRIBUTING.md index dc4d9785..eb644c81 100644 --- a/CONTRIBUTING.md +++ b/CONTRIBUTING.md @@ -31,9 +31,9 @@ Contribution Checklist - test patches sufficiently (obvious, but...) [**required**] - no regressions are caused in affected code - - seemingly unaffected architectures still build (use Travis CI e.g.) + - seemingly unaffected architectures still build (use github actions e.g.) - static code analyzer finds no new defects (register a github fork with - Travis CI and Coverity for free scanning) [*recommended*] + Coverity for free scanning) [*recommended*] - python code shall be tested with python 3 [**required**] - the world is still spinning diff --git a/README.md b/README.md index 3029f6a3..f1b0cbe3 100644 --- a/README.md +++ b/README.md @@ -61,11 +61,11 @@ Mailing list: Continuous integration: - - https://travis-ci.com/siemens/jailhouse + - https://github.com/siemens/jailhouse/actions - Status: - -  on master - -  on next + -  on master + -  on next Static code analysis: diff --git a/ci/README.md b/ci/README.md index 9fdf8fcf..639ec80e 100644 --- a/ci/README.md +++ b/ci/README.md @@ -2,15 +2,13 @@ Jailhouse Continuous Integration Build Environment ================================================== This collects tools and generates the Linux kernel binaries required to build -Jailhouse in continuous integration environments. Currently, travis-ci.com is +Jailhouse in continuous integration environments. Currently, GitHub Actions is the target environment. How to use ---------- -- Prepare an Ubuntu system according to the - [travis-ci specifications](http://docs.travis-ci.com/user/ci-environment) - or via the [Chef recipes](https://github.com/travis-ci/travis-cookbooks). +- Prepare an Ubuntu system according to .github/workflows/main.yaml. - Run gen-kernel-build.sh on that system. -- Upload ci/out/kernel-build.tar.xz to the location where Jailhouse's - .travis.yml expects it. +- Upload ci/out/kernel-build.tar.xz to the location where Jailhouse's CI + expects it. diff --git a/ci/build-all-configs.sh b/ci/build-all-configs.sh index 81898fc1..ef7ae2b7 100755 --- a/ci/build-all-configs.sh +++ b/ci/build-all-configs.sh @@ -15,11 +15,6 @@ set -e CONFIGS="x86 banana-pi amd-seattle" -# only build a specific config if the branch selects it -if [ ${TRAVIS_BRANCH#coverity_scan-} != ${TRAVIS_BRANCH} ]; then - CONFIGS=${TRAVIS_BRANCH#coverity_scan-} -fi - PREFIX= if [ "$1" == "--cov" ]; then export COVERITY_UNSUPPORTED=1 diff --git a/ci/coverity-scan-build.sh b/ci/coverity-scan-build.sh deleted file mode 100644 index 72e0486d..00000000 --- a/ci/coverity-scan-build.sh +++ /dev/null @@ -1,36 +0,0 @@ -#!/bin/bash -# -# Jailhouse, a Linux-based partitioning hypervisor -# -# Copyright (c) Siemens AG, 2015 -# -# Authors: -# Jan Kiszka <[email protected]> -# -# This work is licensed under the terms of the GNU GPL, version 2. See -# the COPYING file in the top-level directory. -# - -curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh \ - -o ci/travisci_build_coverity_scan.sh.orig - -# Patch the line that starts the build. -# We need to control this step via our build script. -sed 's/^COVERITY_UNSUPPORTED=1 cov-build --dir.*/ci\/build-all-configs.sh --cov \$RESULTS_DIR \$COV_BUILD_OPTIONS/' \ - ci/travisci_build_coverity_scan.sh.orig > ci/travisci_build_coverity_scan.sh.step1 - -# Path the branch name into the description. -sed 's/^ --form description=.*/ --form description="Travis CI build (branch: \$TRAVIS_BRANCH)" \\/' \ - ci/travisci_build_coverity_scan.sh.step1 > ci/travisci_build_coverity_scan.sh - -# Check if the patch applied, bail out if not. -if diff -q ci/travisci_build_coverity_scan.sh.orig \ - ci/travisci_build_coverity_scan.sh.step1 > /dev/null || \ - diff -q ci/travisci_build_coverity_scan.sh.step1 \ - ci/travisci_build_coverity_scan.sh > /dev/null; then - echo "Unable to patch Coverity script!" - exit 1 -fi - -# Run the patched scanner script. -. ci/travisci_build_coverity_scan.sh -- 2.31.1 -- You received this message because you are subscribed to the Google Groups "Jailhouse" group. To unsubscribe from this group and stop receiving emails from it, send an email to [email protected]. To view this discussion on the web visit https://groups.google.com/d/msgid/jailhouse-dev/722bb780c5cfcd589bd11041b5cecb91ff94d7b4.1629819671.git.jan.kiszka%40siemens.com.
