From patchwork Fri Jun 16 16:13:32 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 8bit X-Patchwork-Submitter: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= X-Patchwork-Id: 105753 Delivered-To: patch@linaro.org Received: by 10.140.91.77 with SMTP id y71csp1384091qgd; Fri, 16 Jun 2017 09:19:33 -0700 (PDT) X-Received: by 10.55.101.202 with SMTP id z193mr13052833qkb.28.1497629973279; Fri, 16 Jun 2017 09:19:33 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1497629973; cv=none; d=google.com; s=arc-20160816; b=0hA1WOjeAqzidegUecEHaCpJ6rHMhgtehPgjehb4Xa/JzcNjkdGEmO0Y/6Oe02GCsx TAYMGFG8k4MKz5RJZN/ppqxW9uGPwbXi66P8vOwU0YDfP9aNPiAfSMETlGp/YadB5iYc gS5U7hubNQV/dzyik3MZdbwlGeOcqAh2fmm+LrC04njB9cgjgm7lb9RTUqZA8v5qAQnV LAMwsIdhjlRBYyjjbngpN5Nq3V8oRwBUXNOh0I1nK8UxTnlwcm/lInB5KsGhZENe/42m H+0qypbsKy7Bie8scoPB1+tOsRyYQLwF8pZx+QBls3upqfmGPrC7c1ZCUdx01Zeq3wPN od1Q== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:cc:list-subscribe:list-help:list-post:list-archive :list-unsubscribe:list-id:precedence:subject :content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:to:from:dkim-signature:arc-authentication-results; bh=3n6GZ2eWcBU3woEgXfm/D1mpOZKpiFhq1O6Pe8E9P/w=; b=URIGHN4CrLbsx/rAwKLEWJ7Schjc1+6ljiW489Qhoc93YA85JJzMclWWOEsOWEkqKp 7BtXg1hIGBpC/JurxS55WGTdXJuInYtC6J4DyF4UyElKNMOI9Rs5oEwb3hyWrnnnV4CC ALYUpnyHzre/sRJ5yQ1E+Xejklyz7ahpKI3PV/1ernT849kfc1FdUrHGzl1Sw13YMftR DVTToAISUHkwXxC2WvaTBapqHUH26OLTv2mkP3qjgAGhS8wjf3InhwLDtR+uqovR3kq4 XZ4JhjPP3R35aHzLsJp9O5bnkHdHnp6YLMJnEeAFs2Xt6c77pRv4vn4E4FokCzSvLrxu Is/Q== ARC-Authentication-Results: i=1; mx.google.com; dkim=fail header.i=@gmail.com header.b=FwQWrWsx; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org Return-Path: Received: from lists.gnu.org (lists.gnu.org. [2001:4830:134:3::11]) by mx.google.com with ESMTPS id d27si2360365qtd.341.2017.06.16.09.19.32 for (version=TLS1 cipher=AES128-SHA bits=128/128); Fri, 16 Jun 2017 09:19:33 -0700 (PDT) Received-SPF: pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) client-ip=2001:4830:134:3::11; Authentication-Results: mx.google.com; dkim=fail header.i=@gmail.com header.b=FwQWrWsx; spf=pass (google.com: domain of qemu-devel-bounces+patch=linaro.org@nongnu.org designates 2001:4830:134:3::11 as permitted sender) smtp.mailfrom=qemu-devel-bounces+patch=linaro.org@nongnu.org Received: from localhost ([::1]:59785 helo=lists.gnu.org) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLty6-0000TN-L7 for patch@linaro.org; Fri, 16 Jun 2017 12:19:30 -0400 Received: from eggs.gnu.org ([2001:4830:134:3::10]:55582) by lists.gnu.org with esmtp (Exim 4.71) (envelope-from ) id 1dLtt2-0004RI-Ct for qemu-devel@nongnu.org; Fri, 16 Jun 2017 12:14:17 -0400 Received: from Debian-exim by eggs.gnu.org with spam-scanned (Exim 4.71) (envelope-from ) id 1dLtt0-0002lw-SS for qemu-devel@nongnu.org; Fri, 16 Jun 2017 12:14:16 -0400 Received: from mail-qt0-x234.google.com ([2607:f8b0:400d:c0d::234]:36394) by eggs.gnu.org with esmtps (TLS1.0:RSA_AES_128_CBC_SHA1:16) (Exim 4.71) (envelope-from ) id 1dLtt0-0002ll-NH for qemu-devel@nongnu.org; Fri, 16 Jun 2017 12:14:14 -0400 Received: by mail-qt0-x234.google.com with SMTP id u19so69237100qta.3 for ; Fri, 16 Jun 2017 09:14:14 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=gmail.com; s=20161025; h=sender:from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding; bh=3n6GZ2eWcBU3woEgXfm/D1mpOZKpiFhq1O6Pe8E9P/w=; b=FwQWrWsxZv2ngipCZq6AXWTPlbVUOUHawCTtSBk9MYRohjX5KSCZUkaLV5SrPbxoWv 8/CctE6Oa4ufHMxiuV8Te0NKk2jCKNkNpToDoVIyvmY7UB68dXOW7LlFRd3aFs2fRyKU 72kw0WmKGmRctKp1z85FIHo53rfYWClAOSw42uYo5VZ8IDz/eLFsu+14q/g3Teyi8SNb iRIIj137zyADXA3MBilf2VlPlGtBWvjIevkupHkD/cYCk6WG4y29v2YevTcbb/VP43Qk yBvSCHyWjqRXJ2mwJVrI2viGPw34GhLjPWclPgMwM9EhA4nm7KQIl/+Yv2UVDWs+m14G OeIw== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:sender:from:to:cc:subject:date:message-id :in-reply-to:references:mime-version:content-transfer-encoding; bh=3n6GZ2eWcBU3woEgXfm/D1mpOZKpiFhq1O6Pe8E9P/w=; b=euxOir0StwOoeEQfw3Tn0YFwK6JfNRFcjuQDgMpvUG0zlOBYahWv6WCztaRZp54QOV hCN07HBCP5CPnTG09RI2+Zn9mVbF+vv8qNRBu7g5cIdrYxR6VCzNiNjYt8OFoN9vI3Jb 1vNYepUO5AzQ142l9Yw9lJhz90Tq7cabzSNwjgBtatowCA1GF7tI7WEWWRaRJi5SoRh4 arhJ36cgQAfLjRQfhMo4RC0nEn538GZVLlIkDqyaeYmL/HGHMPDyxzOqcg3uD4k9G7ww Ra3QCgIqmH/Ug+Ak9jBbb6Qexg7GuYO21o3vvSgWR44JWooUNtRjeLI4HMxUJ6iC6aJn CL3w== X-Gm-Message-State: AKS2vOxOVukksoIEl/g6hoxhE5FKtu4Ve13NY5WSdAz6sZvztk6vQy8H So2rPbhh27U3ecBuL+0= X-Received: by 10.55.191.197 with SMTP id p188mr13877699qkf.69.1497629653712; Fri, 16 Jun 2017 09:14:13 -0700 (PDT) Received: from localhost.localdomain ([138.117.48.226]) by smtp.gmail.com with ESMTPSA id a62sm1691420qkd.14.2017.06.16.09.14.11 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Fri, 16 Jun 2017 09:14:13 -0700 (PDT) From: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= To: qemu-devel@nongnu.org, =?utf-8?q?Alex_Benn=C3=A9e?= , Fam Zheng , Peter Maydell Date: Fri, 16 Jun 2017 13:13:32 -0300 Message-Id: <20170616161334.7492-10-f4bug@amsat.org> X-Mailer: git-send-email 2.11.0 In-Reply-To: <20170616161334.7492-1-f4bug@amsat.org> References: <20170616161334.7492-1-f4bug@amsat.org> MIME-Version: 1.0 X-detected-operating-system: by eggs.gnu.org: Genre and OS details not recognized. X-Received-From: 2607:f8b0:400d:c0d::234 Subject: [Qemu-devel] [PATCH 09/11] scripts/run-coverity-scan: Script to run Coverity Scan build X-BeenThere: qemu-devel@nongnu.org X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: =?utf-8?q?Philippe_Mathieu-Daud=C3=A9?= Errors-To: qemu-devel-bounces+patch=linaro.org@nongnu.org Sender: "Qemu-devel" From: Peter Maydell Add a new script to automate the process of running the Coverity Scan build tools and uploading the resulting tarball to the website. This is primarily intended to be driven from Travis, but it can be run locally (if you are a maintainer of the QEMU project on the Coverity Scan website and have the secret upload token). Signed-off-by: Peter Maydell Reviewed-by: Alex Bennée Signed-off-by: Philippe Mathieu-Daudé --- scripts/run-coverity-scan | 170 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 170 insertions(+) create mode 100755 scripts/run-coverity-scan -- 2.11.0 diff --git a/scripts/run-coverity-scan b/scripts/run-coverity-scan new file mode 100755 index 0000000000..e6d5fc58d8 --- /dev/null +++ b/scripts/run-coverity-scan @@ -0,0 +1,170 @@ +#!/bin/sh -e + +# Upload a created tarball to Coverity Scan, as per +# https://scan.coverity.com/projects/qemu/builds/new + +# This work is licensed under the terms of the GNU GPL version 2, +# or (at your option) any later version. +# See the COPYING file in the top-level directory. +# +# Copyright (c) 2017 Linaro Limited +# Written by Peter Maydell + +# Note that this script will automatically download and +# run the (closed-source) coverity build tools, so don't +# use it if you don't trust them! + +# This script assumes that you're running it from a QEMU source +# tree, and that tree is a fresh clean one, because we do an in-tree +# build. (This is necessary so that the filenames that the Coverity +# Scan server sees are relative paths that match up with the component +# regular expressions it uses; an out-of-tree build won't work for this.) +# The host machine should have as many of QEMU's dependencies +# installed as possible, for maximum coverity coverage. + +# You need to pass the following environment variables to the script: +# COVERITY_TOKEN -- this is the secret 8 digit hex string which lets +# you upload to Coverity Scan. If you're a maintainer +# in Coverity then the web UI will tell you this. +# COVERITY_EMAIL -- the email address to use for uploads + +# and optionally +# COVERITY_DRYRUN -- set to not actually do the upload +# COVERITY_BUILD_CMD -- make command (defaults to 'make -j8') +# COVERITY_TOOL_BASE -- set to directory to put coverity tools +# (defaults to /tmp/coverity-tools) + +# The primary purpose of this script is to be run as part of +# a Travis build, but it is possible to run it manually locally. + +if [ -z "$COVERITY_TOKEN" ]; then + echo "COVERITY_TOKEN environment variable not set" + exit 1 +fi + +if [ -z "$COVERITY_EMAIL" ]; then + echo "COVERITY_EMAIL environment variable not set" + exit 1 +fi + +if [ -z "$COVERITY_BUILD_CMD" ]; then + echo "COVERITY_BUILD_CMD: using default 'make -j8'" + COVERITY_BUILD_CMD="make -j8" +fi + +if [ -z "$COVERITY_TOOL_BASE" ]; then + echo "COVERITY_TOOL_BASE: using default /tmp/coverity-tools" + COVERITY_TOOL_BASE=/tmp/coverity-tools +fi + +PROJTOKEN="$COVERITY_TOKEN" +PROJNAME=QEMU +TARBALL=cov-int.tar.xz +SRCDIR="$(pwd)" + +echo "Checking this is a QEMU source tree..." +if ! [ -e VERSION ]; then + echo "Not in a QEMU source tree?" + exit 1 +fi + +echo "Checking upload permissions..." + +if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$PROJTOKEN&project=$PROJNAME" -q -O -)"; then + echo "Coverity Scan API access denied: bad token?" + exit 1 +fi + +# Really up_perm is a JSON response with either +# {upload_permitted:true} or {next_upload_permitted_at:} +# We do some hacky string parsing instead of properly parsing it. +case "$up_perm" in + *upload_permitted*true*) + echo "Coverity Scan: upload permitted" + ;; + *next_upload_permitted_at*) + if [ -z "$COVERITY_DRYRUN" ]; then + echo "Coverity Scan: upload quota reached; stopping here" + # Exit success as this isn't a build error. + exit 0 + else + echo "Coverity Scan: upload quota reached, continuing dry run" + fi + ;; + *) + echo "Coverity Scan upload check: unexpected result $up_perm" + exit 1 + ;; +esac + +mkdir -p "$COVERITY_TOOL_BASE" +cd "$COVERITY_TOOL_BASE" + +echo "Checking for new version of coverity build tools..." +wget https://scan.coverity.com/download/linux64 --post-data "token=$PROJTOKEN&project=$PROJNAME&md5=1" -O coverity_tool.md5.new + +if ! cmp -s coverity_tool.md5 coverity_tool.md5.new; then + # out of date md5 or no md5: download new build tool + # blow away the old build tool + echo "Downloading coverity build tools..." + rm -rf coverity_tool coverity_tool.tgz + wget https://scan.coverity.com/download/linux64 --post-data "token=$PROJTOKEN&project=$PROJNAME" -O coverity_tool.tgz + if ! (cat coverity_tool.md5.new; echo " coverity_tool.tgz") | md5sum -c --status; then + echo "Downloaded tarball didn't match md5sum!" + exit 1 + fi + # extract the new one, keeping it corralled in a 'coverity_tool' directory + echo "Unpacking coverity build tools..." + mkdir -p coverity_tool + cd coverity_tool + tar xf ../coverity_tool.tgz + cd .. + mv coverity_tool.md5.new coverity_tool.md5 +fi + +rm -f coverity_tool.md5.new + +TOOLBIN="$(echo $(pwd)/coverity_tool/cov-analysis-*/bin)" + +if ! test -x "$TOOLBIN/cov-build"; then + echo "Couldn't find cov-build in the coverity build-tool directory??" + exit 1 +fi + +export PATH="$TOOLBIN:$PATH" + +cd "$SRCDIR" + +echo "Doing make distclean..." +make distclean + +echo "Configuring..." +./configure --audio-drv-list=oss,alsa,sdl,pa --disable-werror + +echo "Making libqemustub.a..." +make libqemustub.a + +echo "Running cov-build..." +rm -rf cov-int +mkdir cov-int +cov-build --dir cov-int $COVERITY_BUILD_CMD + +echo "Creating results tarball..." +tar cvf - cov-int | xz > "$TARBALL" + +echo "Uploading results tarball..." + +VERSION="$(git describe --always HEAD)" +DESCRIPTION="$(git rev-parse HEAD)" + +if ! [ -z "$COVERITY_DRYRUN" ]; then + echo "Dry run only, not uploading $TARBALL" + exit 0 +fi + +curl --form token="$PROJTOKEN" --form email="$COVERITY_EMAIL" \ + --form file=@"$TARBALL" --form version="$VERSION" \ + --form description="$DESCRIPTION" \ + https://scan.coverity.com/builds?project="$PROJNAME" + +echo "Done."