From 9bf17d2cf59127573c0be812883170785f0dc340 Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Mon, 13 Jan 2014 14:11:14 -0800 Subject: [PATCH 1/5] Add coverity-scan script --- .travis.yml | 6 ++++++ script/cibuild.sh | 6 ++++++ script/coverity.sh | 49 ++++++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 61 insertions(+) create mode 100755 script/coverity.sh diff --git a/.travis.yml b/.travis.yml index 151060fb4..648c432db 100644 --- a/.travis.yml +++ b/.travis.yml @@ -13,9 +13,15 @@ env: - OPTIONS="-DBUILD_CLAR=ON -DBUILD_EXAMPLES=ON" matrix: + fast_finish: true include: - compiler: i586-mingw32msvc-gcc env: OPTIONS="-DBUILD_CLAR=OFF -DWIN32=ON -DMINGW=ON" + - compiler: gcc + env: COVERITY=1 + secure: "YnhS+8n6B+uoyaYfaJ3Lei7cSJqHDPiKJCKFIF2c87YDfmCvAJke8QtE7IzjYDs7UFkTCM4ox+ph2bERUrxZbSCyEkHdjIZpKuMJfYWja/jgMqTMxdyOH9y8JLFbZsSXDIXDwqBlC6vVyl1fP90M35wuWcNTs6tctfVWVofEFbs=" + allow_failures: + - env: COVERITY=1 install: - sudo apt-get -qq update diff --git a/script/cibuild.sh b/script/cibuild.sh index aa4fa47aa..5c0584a80 100755 --- a/script/cibuild.sh +++ b/script/cibuild.sh @@ -1,5 +1,11 @@ #!/bin/sh +if [ "$COVERITY" -eq 1 ]; +then + ./script/coverity.sh; + exit $?; +fi + # Create a test repo which we can use for the online::push tests mkdir $HOME/_temp git init --bare $HOME/_temp/test.git diff --git a/script/coverity.sh b/script/coverity.sh new file mode 100755 index 000000000..e75395948 --- /dev/null +++ b/script/coverity.sh @@ -0,0 +1,49 @@ +#!/bin/bash +set -e + +# Environment check +[ -z "$COVERITY_TOKEN" ] && echo "Need to set a coverity token" && exit 1 + +COV_VERSION=6.6.1 +case `uname -m` in + i?86) BITS=32 ;; + amd64|x86_64) BITS=64 ;; +esac +SCAN_TOOL=https://scan.coverity.com/download/linux-${BITS} +TOOL_BASE=`pwd`/_coverity-scan + +# Install coverity tools +if [ ! -d $TOOL_BASE ]; then + echo "Downloading coverity..." + mkdir -p $TOOL_BASE + cd $TOOL_BASE + wget -O coverity_tool.tgz $SCAN_TOOL \ + --post-data "project=libgit2&token=$COVERITY_TOKEN" + tar xzf coverity_tool.tgz + cd .. + TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'` + ln -s $TOOL_DIR $TOOL_BASE/cov-analysis +fi + +COV_BUILD="$TOOL_BASE/cov-analysis/bin/cov-build" + +# Configure and build +rm -rf _build +mkdir _build +cd _build +cmake .. -DTHREADSAFE=ON +COVERITY_UNSUPPORTED=1 \ + $COV_BUILD --dir cov-int \ + cmake --build . + +# Upload results +tar czf libgit2.tgz cov-int +SHA=`git rev-parse --short HEAD` +curl \ + --form project=libgit2 \ + --form token=$COVERITY_TOKEN \ + --form email=bs@github.com \ + --form file=@libgit2.tgz \ + --form version=$SHA \ + --form description="Travis build" \ + http://scan5.coverity.com/cgi-bin/upload.py From f1c16d0eb3caa18d98cae095aa536e6b6a8b8ea7 Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Mon, 13 Jan 2014 15:18:13 -0800 Subject: [PATCH 2/5] Tweak travis secure config --- .travis.yml | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/.travis.yml b/.travis.yml index 648c432db..f25ff7681 100644 --- a/.travis.yml +++ b/.travis.yml @@ -9,6 +9,9 @@ compiler: # Settings to try env: + global: + - secure: "YnhS+8n6B+uoyaYfaJ3Lei7cSJqHDPiKJCKFIF2c87YDfmCvAJke8QtE7IzjYDs7UFkTCM4ox+ph2bERUrxZbSCyEkHdjIZpKuMJfYWja/jgMqTMxdyOH9y8JLFbZsSXDIXDwqBlC6vVyl1fP90M35wuWcNTs6tctfVWVofEFbs=" + matrix: - OPTIONS="-DTHREADSAFE=ON -DCMAKE_BUILD_TYPE=Release" - OPTIONS="-DBUILD_CLAR=ON -DBUILD_EXAMPLES=ON" @@ -19,7 +22,6 @@ matrix: env: OPTIONS="-DBUILD_CLAR=OFF -DWIN32=ON -DMINGW=ON" - compiler: gcc env: COVERITY=1 - secure: "YnhS+8n6B+uoyaYfaJ3Lei7cSJqHDPiKJCKFIF2c87YDfmCvAJke8QtE7IzjYDs7UFkTCM4ox+ph2bERUrxZbSCyEkHdjIZpKuMJfYWja/jgMqTMxdyOH9y8JLFbZsSXDIXDwqBlC6vVyl1fP90M35wuWcNTs6tctfVWVofEFbs=" allow_failures: - env: COVERITY=1 From 4caf0df018a918b38446895ea870e8db65e8dcae Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Mon, 13 Jan 2014 15:43:29 -0800 Subject: [PATCH 3/5] Add coverity scan badge to readme --- README.md | 1 + 1 file changed, 1 insertion(+) diff --git a/README.md b/README.md index 434cc1937..debf16eb6 100644 --- a/README.md +++ b/README.md @@ -2,6 +2,7 @@ libgit2 - the Git linkable library ================================== [![Build Status](https://secure.travis-ci.org/libgit2/libgit2.png?branch=development)](http://travis-ci.org/libgit2/libgit2) +[![Coverity Scan Build Status](https://scan.coverity.com/projects/639/badge.svg)](https://scan.coverity.com/projects/639) `libgit2` is a portable, pure C implementation of the Git core methods provided as a re-entrant linkable library with a solid API, allowing you to write native From 53e6f4804b67b757fab065da51901be452b1c765 Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Wed, 15 Jan 2014 12:12:17 -0800 Subject: [PATCH 4/5] Only run coverity on development --- script/coverity.sh | 3 +++ 1 file changed, 3 insertions(+) diff --git a/script/coverity.sh b/script/coverity.sh index e75395948..945a450f1 100755 --- a/script/coverity.sh +++ b/script/coverity.sh @@ -4,6 +4,9 @@ set -e # Environment check [ -z "$COVERITY_TOKEN" ] && echo "Need to set a coverity token" && exit 1 +# Only run this on development +[ "$TRAVIS_BRANCH" != "development" ] && echo "Not development; bailing." && exit 0 + COV_VERSION=6.6.1 case `uname -m` in i?86) BITS=32 ;; From 998f0016ff2788ee78d47ac2be6d6b9cc6890e11 Mon Sep 17 00:00:00 2001 From: Ben Straub Date: Wed, 15 Jan 2014 12:32:12 -0800 Subject: [PATCH 5/5] Refine build limitation --- script/coverity.sh | 9 +++++++-- 1 file changed, 7 insertions(+), 2 deletions(-) diff --git a/script/coverity.sh b/script/coverity.sh index 945a450f1..e72008883 100755 --- a/script/coverity.sh +++ b/script/coverity.sh @@ -4,8 +4,13 @@ set -e # Environment check [ -z "$COVERITY_TOKEN" ] && echo "Need to set a coverity token" && exit 1 -# Only run this on development -[ "$TRAVIS_BRANCH" != "development" ] && echo "Not development; bailing." && exit 0 +# Only run this on our branches +echo "Pull request: $TRAVIS_PULL_REQUEST | Slug: $TRAVIS_REPO_SLUG" +if [ "$TRAVIS_PULL_REQUEST" != "false" -o "$TRAVIS_REPO_SLUG" != "libgit2/libgit2" ]; +then + echo "Only analyzing 'development' on the main repo." + exit 0 +fi COV_VERSION=6.6.1 case `uname -m` in