mirror of
https://github.com/brl/mutter.git
synced 2024-11-21 15:40:41 -05:00
ci: Add job for pushing coverity reports
This job does: 1. Download the coverity bundle and untar it 2. Build mutter using clang and the coverity tool 3. Compress the coverity report 4. Upload for analysis Things to note: - Analysis are throttled, as per https://scan.coverity.com/faq#frequency we qualify for 21 weekly builds, 3 daily. Mutter is sometimes a busy project, so it seems we'd get often those consumed early in the day. This is something we can resign to, but the times we'll try to upload a report to have it rejected make the operation kinda pointless and probably better throttled by ourselves. - The task is manual, given the restrictions above. - The task only applies on master, as the envvar holding the coverity token is protected in gitlab. - I had to use clang as the coverity tool doesn't seem to work ATM with gcc as per recent Fedora. - The coverity tarball is 1.2GB in size, which is a bit too big to have it downloaded each time. As per their upload instructions, the tarball gets updated twice yearly, so this is cached to minimize downloads. - The coverity token for mutter is kept private/hidden in gitlab CI settings. Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1100>
This commit is contained in:
parent
23b79f33fa
commit
5e8c808cfb
@ -7,14 +7,14 @@ stages:
|
|||||||
- prepare
|
- prepare
|
||||||
- build
|
- build
|
||||||
- test
|
- test
|
||||||
- coverage
|
- analyze
|
||||||
|
|
||||||
.mutter.fedora:34@common:
|
.mutter.fedora:34@common:
|
||||||
variables:
|
variables:
|
||||||
FDO_DISTRIBUTION_VERSION: 34
|
FDO_DISTRIBUTION_VERSION: 34
|
||||||
BASE_TAG: '2021-07-07.1'
|
BASE_TAG: '2021-07-09.1'
|
||||||
FDO_UPSTREAM_REPO: GNOME/mutter
|
FDO_UPSTREAM_REPO: GNOME/mutter
|
||||||
FDO_DISTRIBUTION_PACKAGES: 'gdm gnome-shell xorg-x11-server-Xvfb sassc gcovr'
|
FDO_DISTRIBUTION_PACKAGES: 'gdm gnome-shell xorg-x11-server-Xvfb sassc gcovr clang'
|
||||||
|
|
||||||
FDO_DISTRIBUTION_EXEC: |
|
FDO_DISTRIBUTION_EXEC: |
|
||||||
dnf install -y 'dnf-command(builddep)' &&
|
dnf install -y 'dnf-command(builddep)' &&
|
||||||
@ -226,7 +226,7 @@ test-mutter@aarch64:
|
|||||||
.test-mutter-coverage:
|
.test-mutter-coverage:
|
||||||
extends:
|
extends:
|
||||||
- .fdo.distribution-image@fedora
|
- .fdo.distribution-image@fedora
|
||||||
stage: coverage
|
stage: analyze
|
||||||
script:
|
script:
|
||||||
- ninja -C build coverage
|
- ninja -C build coverage
|
||||||
- cat build/meson-logs/coverage.txt
|
- cat build/meson-logs/coverage.txt
|
||||||
@ -262,3 +262,29 @@ can-build-gnome-shell@x86_64:
|
|||||||
- .gitlab-ci/checkout-gnome-shell.sh
|
- .gitlab-ci/checkout-gnome-shell.sh
|
||||||
- meson gnome-shell gnome-shell/build --prefix /usr -Dman=false
|
- meson gnome-shell gnome-shell/build --prefix /usr -Dman=false
|
||||||
- ninja -C gnome-shell/build install
|
- ninja -C gnome-shell/build install
|
||||||
|
|
||||||
|
test-mutter-coverity:
|
||||||
|
rules:
|
||||||
|
- if: '$CI_PIPELINE_SOURCE == "schedule" && $MUTTER_SCHEDULED_JOB == "coverity"'
|
||||||
|
when: always
|
||||||
|
- when: manual
|
||||||
|
extends:
|
||||||
|
- .fdo.distribution-image@fedora
|
||||||
|
- .mutter.fedora:34@x86_64
|
||||||
|
needs:
|
||||||
|
- build-fedora-container@x86_64
|
||||||
|
stage: analyze
|
||||||
|
allow_failure: true
|
||||||
|
script:
|
||||||
|
- .gitlab-ci/download-coverity-tarball.sh
|
||||||
|
- CC=clang meson coverity-build -Dprofiler=false
|
||||||
|
- ./coverity/cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja -C coverity-build
|
||||||
|
- tar czf cov-int.tar.gz cov-int
|
||||||
|
- curl https://scan.coverity.com/builds?project=mutter
|
||||||
|
--form token=$COVERITY_TOKEN --form email=carlosg@gnome.org
|
||||||
|
--form file=@cov-int.tar.gz --form version="`git describe --tags`"
|
||||||
|
--form description="GitLab CI build"
|
||||||
|
cache:
|
||||||
|
key: coverity-tarball
|
||||||
|
paths:
|
||||||
|
- coverity
|
||||||
|
38
.gitlab-ci/download-coverity-tarball.sh
Executable file
38
.gitlab-ci/download-coverity-tarball.sh
Executable file
@ -0,0 +1,38 @@
|
|||||||
|
#!/usr/bin/bash
|
||||||
|
|
||||||
|
# We need a coverity token to fetch the tarball
|
||||||
|
if [ -x $COVERITY_TOKEN ]
|
||||||
|
then
|
||||||
|
echo "No coverity token. Run this job from a protected branch."
|
||||||
|
exit -1
|
||||||
|
fi
|
||||||
|
|
||||||
|
mkdir -p coverity
|
||||||
|
|
||||||
|
# Download and check MD5 first
|
||||||
|
curl https://scan.coverity.com/download/linux64 \
|
||||||
|
--data "token=$COVERITY_TOKEN&project=mutter&md5=1" \
|
||||||
|
--output /tmp/coverity_tool.md5
|
||||||
|
|
||||||
|
diff /tmp/coverity_tool.md5 coverity/coverity_tool.md5 >/dev/null 2>&1
|
||||||
|
|
||||||
|
if [ $? -eq 0 -a -d coverity/cov-analysis* ]
|
||||||
|
then
|
||||||
|
echo "Coverity tarball is up-to-date"
|
||||||
|
exit 0
|
||||||
|
fi
|
||||||
|
|
||||||
|
# Download and extract coverity tarball
|
||||||
|
curl https://scan.coverity.com/download/linux64 \
|
||||||
|
--data "token=$COVERITY_TOKEN&project=mutter" \
|
||||||
|
--output /tmp/coverity_tool.tgz
|
||||||
|
|
||||||
|
rm -rf ./coverity/cov-analysis*
|
||||||
|
|
||||||
|
tar zxf /tmp/coverity_tool.tgz -C coverity/
|
||||||
|
if [ $? -eq 0 ]
|
||||||
|
then
|
||||||
|
mv /tmp/coverity_tool.md5 coverity/
|
||||||
|
fi
|
||||||
|
|
||||||
|
rm /tmp/coverity_tool.tgz
|
Loading…
Reference in New Issue
Block a user