Just build the container when run-coverity-scan is invoked with
--update-tools-only --docker. This requires moving the "docker build"
logic into the update_coverity_tools function.
The only snag is that --update-tools-only --docker requires access to
the dockerfile. For now just report an error for --src-tarball, and
"docker build" will fail if not in a source tree. Another possibility
could be to host our container images on a public registry, and use
"FROM qemu:fedora" to make the Dockerfile small enough that it can be
included directly in the run-coverity-scan script.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This lets us look at coverity_tool.md5 across executions of run-coverity-scan
and skip the download.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Tools are already updated via the docker build.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Provide a quick way to skip building the container while we figure out how
to get caching right.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Our trusted docker wrapper allows run-coverity-scan to run with both
docker and podman.
For the "run" phase this is transparent; for the "build" phase however
scripts are replaced with a bind mount (-v). This is not an issue
because the secret option is meant for secrets stored globally in the
system and bind mounts are a valid substitute for secrets that are known
to whoever builds the container.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
Support a [coverity] section in .git/config. It can be used to retrieve the
token and also, if it is different from user.email, the username of the
submitter.
Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
QEMU does not use flex/bison packages.
Signed-off-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Reviewed-by: Claudio Fontana <cfontana@suse.de>
Signed-off-by: Alex Bennée <alex.bennee@linaro.org>
Message-Id: <20200515163029.12917-6-philmd@redhat.com>
Add support for running the Coverity Scan tools inside a Docker
container rather than directly on the host system.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200319193323.2038-7-peter.maydell@linaro.org
Add a new script to automate the process of running the Coverity
Scan build tools and uploading the resulting tarball to the
website.
This is intended eventually to be driven from Travis,
but it can be run locally, if you are a maintainer of the
QEMU project on the Coverity Scan website and have the secret
upload token.
The script must be run on a Fedora 30 system. Support for using a
Docker container is added in a following commit.
Reviewed-by: Philippe Mathieu-Daudé <philmd@redhat.com>
Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
Message-id: 20200319193323.2038-6-peter.maydell@linaro.org