ci: Include all configurations in Coverity scan

Coverity only provides us as OSS project a single "stream", thus a
single configuration for our project. But we already have 3. However,
we can accumulate results to a certain degree with some tricks: We have
to ensure that the intermediate "make clean" runs are not tracked by
cov-build, the build tracker of Coverity.

That's why we overload the default scan-build script of Travis CI and
Coverity, obtain the original one from our script, patch that version
to run our build script in a way that we have control over what gets
tracked and what not. Nasty, but seems to work sufficiently for now.

In addition, we need to register the ARM cross-compiler via
cov-configure.

At this chance: "description" is no longer used by Coverity - drop it.

Signed-off-by: Jan Kiszka <jan.kiszka@siemens.com>

diff --git a/.travis.yml b/.travis.yml
index a5b454e7a1058622d99c933a96da1a310ae01d43..d7110df2de5874066bbef64960180c92e426a001 100644 (file)
--- a/.travis.yml
+++ b/.travis.yml
@@ -39,8 +39,8 @@ addons:
   coverity_scan:
     project:
       name: "siemens/jailhouse"
-      description: "Build submitted via Travis CI"
     notification_email: jan.kiszka@siemens.com
-    build_command_prepend: "cp ci/jailhouse-config-x86.h hypervisor/include/jailhouse/config.h"
-    build_command:   "make KDIR=ci/linux/build-x86"
+    build_script_url: https://raw.githubusercontent.com/$TRAVIS_REPO_SLUG/$TRAVIS_BRANCH/ci/coverity-scan-build.sh
+    build_command_prepend: "cov-configure --comptype gcc --compiler arm-linux-gnueabihf-gcc --template"
+    build_command: "unused"
     branch_pattern: coverity_scan

diff --git a/ci/build-all-configs.sh b/ci/build-all-configs.sh
index fb73beab97d33abad6b66c218501be92065c0f7a..8c5ca6e5bbd35b969a279caf5543d2ffb0233949 100755 (executable)
--- a/ci/build-all-configs.sh
+++ b/ci/build-all-configs.sh
@@ -13,6 +13,12 @@
 
 CONFIGS="x86 banana-pi vexpress"
 
+PREFIX=
+if [ "$1" == "--cov" ]; then
+       export COVERITY_UNSUPPORTED=1
+       PREFIX="cov-build --append-log --dir $2 $3"
+fi
+
 for CONFIG in $CONFIGS; do
        echo
        echo "*** Building configuration $CONFIG ***"
@@ -30,6 +36,12 @@ for CONFIG in $CONFIGS; do
                ;;
        esac
 
+       $PREFIX make KDIR=ci/linux/build-$CONFIG ARCH=$ARCH \
+            CROSS_COMPILE=$CROSS_COMPILE
+
+       # Keep the clean run out of sight for cov-build so that results are
+       # accumulated as far as possible. Multiple compilations of the same
+       # file will still leave only the last run in the results.
        make KDIR=ci/linux/build-$CONFIG ARCH=$ARCH \
-            CROSS_COMPILE=$CROSS_COMPILE clean all
+            CROSS_COMPILE=$CROSS_COMPILE clean
 done

diff --git a/ci/coverity-scan-build.sh b/ci/coverity-scan-build.sh
new file mode 100644 (file)
index 0000000..b4f0d62
--- /dev/null
+++ b/ci/coverity-scan-build.sh
@@ -0,0 +1,30 @@
+#!/bin/bash
+#
+# Jailhouse, a Linux-based partitioning hypervisor
+#
+# Copyright (c) Siemens AG, 2015
+#
+# Authors:
+#  Jan Kiszka <jan.kiszka@siemens.com>
+#
+# This work is licensed under the terms of the GNU GPL, version 2.  See
+# the COPYING file in the top-level directory.
+#
+
+curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh \
+       -o ci/travisci_build_coverity_scan.sh.orig
+
+# Patch the line that starts the build.
+# We need to control this step via our build script.
+sed 's/^COVERITY_UNSUPPORTED=1 cov-build --dir.*/ci\/build-all-configs.sh --cov \$RESULTS_DIR \$COV_BUILD_OPTIONS/' \
+       ci/travisci_build_coverity_scan.sh.orig > ci/travisci_build_coverity_scan.sh
+
+# Check if the patch applied, bail out if not.
+if diff -q ci/travisci_build_coverity_scan.sh.orig \
+          ci/travisci_build_coverity_scan.sh > /dev/null; then
+       echo "Unable to patch Coverity script!"
+       exit 1
+fi
+
+# Run the patched scanner script.
+. ci/travisci_build_coverity_scan.sh