diff options
| author | Marek Čermák <prace.mcermak@gmail.com> | 2018-01-11 11:41:35 +0100 |
|---|---|---|
| committer | Zbigniew Jędrzejewski-Szmek <zbyszek@in.waw.pl> | 2018-01-11 11:41:35 +0100 |
| commit | 99127d20ce69f566be6366afa28cafe9c471725b (patch) | |
| tree | a962b3beebfe68510c15b0f9f574e5a3fb6e1b87 /.travis.yml | |
| parent | d8dab75789ec1ffd53fc06f5f370220ae7b31d9d (diff) | |
| download | systemd-99127d20ce69f566be6366afa28cafe9c471725b.tar.gz | |
Integration of Travis CI and Coverity Scan Analysis (#7691)
- Coverity scan analysis tasks run as scheduled cron jobs
- Stage separation for Build, Test and Coverity scan phase
- Travis CI now uses Fedora container to build and run tests
- Containers are accessible from Docker Hub and failed builds
can be reproduced and examined
- coverity.sh: separate build and upload
Diffstat (limited to '.travis.yml')
| -rw-r--r-- | .travis.yml | 182 |
1 files changed, 174 insertions, 8 deletions
diff --git a/.travis.yml b/.travis.yml index 5d63474c1d..1f09a78fa6 100644 --- a/.travis.yml +++ b/.travis.yml @@ -1,12 +1,178 @@ -language: c -compiler: - - gcc -before_install: - - sudo apt-get update -qq - - sudo apt-get install autotools-dev automake autoconf libtool libdbus-1-dev libcap-dev libblkid-dev libmount-dev libpam-dev libcryptsetup-dev libaudit-dev libacl1-dev libattr1-dev libselinux-dev liblzma-dev libgcrypt-dev libqrencode-dev libmicrohttpd-dev gperf python2.7-dev -script: ./autogen.sh && ./configure && make V=1 && sudo ./systemd-machine-id-setup && make check && make distcheck -after_failure: cat test-suite.log +sudo: required + +services: + - docker + +jobs: + include: + - stage: build docker image + env: + # The machine id will be passed to Dockerfile for later checks + - MACHINE_ID=$(cat /var/lib/dbus/machine-id) + before_script: &update + # Ensure the latest version of docker is installed + - sudo apt-get update + - sudo apt-get -y -o Dpkg::Options::="--force-confnew" install docker-ce + - docker --version + - env > .env + script: + # Copy content of CI_DIR into WORKDIR + - find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} + + - echo "ENV GIT_SHA ${TRAVIS_COMMIT}" >> Dockerfile + - echo "ENV MACHINE_ID ${MACHINE_ID}" >> Dockerfile + - echo "$(git log -1 ${TRAVIS_COMMIT})" >> COMMITINFO + # Build docker container + - $CI_SCRIPT_DIR/build-docker-image.sh + + - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" + - docker push ${DOCKER_REPOSITORY} + + - stage: build + language: c + compiler: gcc + env: + # The machine id will be passed to container + - MACHINE_ID=$(cat /var/lib/dbus/machine-id) + before_script: *update + script: + - docker run -dit --name travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash + - docker exec -u 0 -ti travis_build bash -c "echo ${MACHINE_ID} > /etc/machine-id" + - docker exec -ti travis_build meson build + - docker exec -ti travis_build ninja -C build + # Commit it to the new image that will be used for testing + - docker commit -m "systemd build state" -a "${AUTHOR_NAME}" travis_build ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" + - docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + + - stage: test + language: c + compiler: gcc + before_script: *update + script: + - docker run --privileged --net=host -dit --name travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash + - docker exec -ti travis_test ninja -C build test + - docker commit -m "systemd test state" -a "${AUTHOR_NAME}" travis_test ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + - docker login -u="${DOCKER_USERNAME}" -p="${DOCKER_PASSWORD}" + - docker push ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} + + - stage: coverity scan + language: c + compiler: gcc + before_script: *update + env: + - COVERITY_SCAN_PROJECT_NAME="$TRAVIS_REPO_SLUG" + - COVERITY_SCAN_NOTIFICATION_EMAIL="${AUTHOR_EMAIL}" + - COVERITY_SCAN_BRANCH_PATTERN="$TRAVIS_BRANCH" + # Disable CCACHE for cov-build to compilation units correctly + - CCACHE_DISABLE=1 + # Token for systemd/systemd Coverity Scan Analysis + # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created + # via the "travis encrypt" command using the project repo's public key + - secure: "UNQLspT89GYWuVKFqW5W5RyqqnYg5RvX20IrNraOddhpdV9nhKBtozrfmhGXDGZwfHGWHt6g7YROlD/NIMvDvThVJIEYvSQiXCoo2zRrwkl2siET5MjPfRG8numiLq0KX47KGmyBJISJZCgDUdNGqqGwgf7AhDN78I3XtgqjFT1z0mGl8n0wiFpKPi7i3nECvF4Mk7xCCHqwByaq0z5G9NkVlOvP1EyCxwv3B6I5Umfch7ibp7iH44YnVXILK+yEry5dMuctYwYkDouR80ChEPQQ5fhhpO4++HJmFuSpfMTeCHpucAd2xwSUijejYeN/GNQ177GxSSk/8hRBGcuSK8T/WJ+KiuJPhZObV8mw+a6+qdQssWY4F9jya5ZKbZ/yTbxjtQ0m4AgtL28P9bEze8pLh16zFMX+hIEuoFSNmJqmtNttfbD5TKyYVZml59s9wvhlvMnlNpRSQva88OAOjXtiA41g+XtTxxpfW9mgd7HYhzSBs1efNiK7PfkANgve7KIYMAmCAqasgb1IIAyX7stOlJH06QOFXNH55PmJLkkKyL3SMQzgryMDWegU+XbS8t43r0x14WLuE7sc9JtnOr/G8hthFaMRp8xLy9aCBwyEIkEsyWa50VMoZDa3Spdb4r1CKBwcGdCbyE4rCehwEIznbfrsSovhwiUds7bbhBU=" + script: + # Copy content of CI_DIR into WORKDIR + - find $CI_DIR -maxdepth 1 -type f -exec cp -t . {} + + # Build container for current user + - $CI_SCRIPT_DIR/build-docker-image.sh + + # For kernel version 4.8+ + - sudo sysctl vsyscall=emulate || true + # Prepare environment for Coverity tool + - | + PLATFORM=`uname` + export TOOL_BASE="/tmp/coverity-scan-analysis" + export SCAN_URL="https://scan.coverity.com" + export UPLOAD_URL="https://scan.coverity.com/builds" + export TOOL_ARCHIVE="/tmp/cov-analysis-${PLATFORM}.tgz" + + # Get Coverity tool + - $CI_TOOL_DIR/get-coverity.sh + - TOOL_DIR="$(find $TOOL_BASE -type d -name 'cov-analysis*')" + + # Export env variables for Coverity scan + - env | grep -E "TRAVIS|COV|TOOL|URL" > .cov-env + - | + docker run -dit --env-file .cov-env \ + -v ${TOOL_BASE}:${TOOL_BASE}:ro \ + --name travis_coverity_scan ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} bash + # Make sure Coverity script is executable + - docker cp scripts/coverity.sh travis_coverity_scan:/usr/local/bin + # Preconfigure with meson to prevent Coverity from capturing meson metadata + # Set compiler flag to prevent emit failure + - docker exec -it travis_coverity_scan sh -c "CFLAGS='-D_Float128=long\ double' meson cov-build -Dman=false" + # Run Coverity Analysis + - docker exec -it travis_coverity_scan coverity.sh build + - docker exec -it travis_coverity_scan coverity.sh upload + + - stage: clean docker + language: python + # python: + # - "3.6" Probably broken ATM + env: + - SIZE_LIMIT="3000" # Limit in MBs + - TAG_LIMIT="3" # Number of tags to be kept at the time + before-script: + - sudo apt-get -y install python3 + script: + # Get docker-remote tool and setup venv + - sudo $CI_TOOL_DIR/get-docker-remote.sh + # Activate virtual environment to be able to use docker-remote safely + - source venv/bin/activate + # Check the size and tag limit of the repo + - REPO_SIZE=$(docker-remote repository --size $DOCKER_REPOSITORY) + - TAG_COUNT=$(docker-remote tags --count $DOCKER_REPOSITORY) + - 'echo -e "\033[33;1mCurrent repository size: $REPO_SIZE in $TAG_COUNT tags \033[0m"' + - | + if [[ ${REPO_SIZE%.*} -gt $SIZE_LIMIT ]] || [[ $TAG_COUNT -gt $TAG_LIMIT ]] + then + docker-remote --login $DOCKER_USERNAME:$DOCKER_PASSWORD \ + tags --assumeyes --pop-back --keep $TAG_LIMIT $DOCKER_REPOSITORY + fi + + + +# Specify the order of stages and conditions +stages: + # Helper stage to determine whether coverity stage should be allowed + - name: initialization + + - name: build docker image + if: type != cron + - name: build + if: type != cron + - name: test + if: type != cron + + # These stages run separately, the resulting container will not be pushed to Docker Hub + # This stage will only run on special conditions + - name: coverity scan + if: type = cron + + # Check for repository size and clean Docker repo if necessary + - name: clean Docker + if: type = cron + +env: + global: + # Secure Docker Hub credentials + - secure: "TY61ufmEJyxCer8vuAlQ3mYwGRynFZXPCFTxKgIzobAHHyE1Zwx0bZDDwDd88Gdgz7EGnOJtMABfa0axfPOK9il5u7lYmmZ8Usa0HAvKavkpSRnw2b16zz88N98x3DyaIquvg2J8iQpHHoM32+BGiAS7P8BiYTO6r+E0CMPYC0Ylh7eHVSBGfWbR9m+yCo/mDIEAWyop6Jv4rTMN4qP9U7e6Kou7m/AJeiCWMaR7rlanpLFNQi3+qF/Mt5dbE7LVLNSOkmpg/FPw34g4RC5mfLAh+c8YBadqo6kFA6qV1b931or0aZUYVtobI6UwC9U1GGqzfCTjXuVMNgPBBQ6n3JMt91mFFkP0lXdGMxpBNbwFL/btBrt2a359L/wNtqv6PuSJwJ3oTe/FP++X6xjbM7LcAHZMWZiK+0BFefNOUcRzBpaEJ2nGNzcLKHn4Bl0pl4LwZ0uVocN8RBwHnDX+hyUwwQPoQTLJQB9tpwDweIzftt9KmrIHmL9v7KZXR4s/8CKpNfVQ/XSysdtsK+7EKK5AsnbMNrZLjpH7D0Lo/Xp92/eJ2UGyqI7awJbJGPV2FNwyGcojDEXIBUsVssUjb5+B4LpHP1x4UQe/m9SuPJdtRB0R7PKe/tyPD3GTyfVO9K7imQATDdnMY32nkWXmXej8YWo76yA732rTZRZtFAc=" + - secure: "NAEzWn5Ru6IqDA1RSyTVhpIp2iQluumg0EOI111EN7qWWGUDNgAZi+QgvRI+OBNyuMpBpN/GX1Ys4YxUDos1F/fhm2vytoB4A/LG463FQsSVP3wnyMFJTSOI8H0jgK41xj79qiww7edbfq93MZ/XS95Ws4tUTi/0etUGvAgIHGgofFCPPdMNkOvSHLgzSnYfydzLuD9FVpCgvpbJnQ+47XHyN+sKoA+OlZ+EfIOVZt+Mk/dqYrsM7MRKEfplk1MvUiJpHvrw+xWTslCIiO03V6ws091fBMgedIFRpsySrsd1KwH8JIeOK6KFn5W7Q53auzZkKYk7ymknlJt4WVBy7Qg33njMQ53t3qMQYTRUIV4dcR60cdII7tatzgpKBcycxHQMAshOYPT6pYhSsO6JEKgiO+ZhOxvqWGwtEeH9Zq7P4ft8Q7GJhRkdi0X0WY7/6RjwinO/1LLj1LODim3mDFfAK7xS7e+nQW/JEOdWohT2+qm97j9IOZeQtPtdqZP9F8HJXgw6WjiGJIXMF3Ov9GkQh4uJyMYJ6hN7T3iRoenV86Dzgg6u5Ku131Ziwvlm+n94qlXF8Jl47wCcAS7VmyYxMft1gH+Zs+4Wq7KO0vysmnEk6rCqb87ZQSDOdTzBfK9HTyyAqmBCgS4Dp5x7/xOBMVXfq/SOb9c3Sh/JItA=" + - DOCKER_REPOSITORY=$DOCKER_USERNAME/systemd + + - ADMIN_EMAIL=macermak@redhat.com + + - AUTHOR_NAME="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aN\")" + - AUTHOR_EMAIL="$(git log -1 $TRAVIS_COMMIT --pretty=\"%aE\")" + + - CI_DIR="$TRAVIS_BUILD_DIR/travis-ci" + - CI_TOOL_DIR="$CI_DIR/tools" + - CI_SCRIPT_DIR="$CI_DIR/scripts" + notifications: + email: + recipients: + - ${ADMIN_EMAIL} + - ${AUTHOR_EMAIL} irc: channels: - "irc.freenode.org#systemd" |