run-coverity-scan: download tools outside the container

qemu with hax to log dma reads & writes jcs.org/2018/11/12/vfio

This lets us look at coverity_tool.md5 across executions of run-coverity-scan
and skip the download.

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>

Paolo Bonzini 5 years ago 2e90470e 3077453c

+24 -21

2 changed files

expand all

scripts

coverity-scan

coverity-scan.docker

run-coverity-scan

+2 -1

scripts/coverity-scan/coverity-scan.docker

··· 127 127 RUN rpm -q $PACKAGES | sort > /packages.txt 128 128 ENV PATH $PATH:/usr/libexec/python3-sphinx/ 129 129 ENV COVERITY_TOOL_BASE=/coverity-tools 130 + COPY coverity_tool.tgz coverity_tool.tgz 131 + RUN mkdir -p /coverity-tools/coverity_tool && cd /coverity-tools/coverity_tool && tar xf /coverity_tool.tgz 130 132 COPY run-coverity-scan run-coverity-scan 131 - RUN ./run-coverity-scan --update-tools-only --tokenfile /work/token

+22 -20

scripts/coverity-scan/run-coverity-scan

··· 116 116 echo "Downloaded tarball didn't match md5sum!" 117 117 exit 1 118 118 fi 119 - # extract the new one, keeping it corralled in a 'coverity_tool' directory 120 - echo "Unpacking coverity build tools..." 121 - mkdir -p coverity_tool 122 - cd coverity_tool 123 - tar xf ../coverity_tool.tgz 124 - cd .. 125 - mv coverity_tool.md5.new coverity_tool.md5 126 - fi 127 119 120 + if [ "$DOCKER" != yes ]; then 121 + # extract the new one, keeping it corralled in a 'coverity_tool' directory 122 + echo "Unpacking coverity build tools..." 123 + mkdir -p coverity_tool 124 + cd coverity_tool 125 + tar xf ../coverity_tool.tgz 126 + cd .. 127 + mv coverity_tool.md5.new coverity_tool.md5 128 + fi 129 + fi 128 130 rm -f coverity_tool.md5.new 129 131 } 130 132 ··· 296 298 COVERITY_EMAIL="$(git config user.email)" 297 299 fi 298 300 301 + # Otherwise, continue with the full build and upload process. 302 + 303 + check_upload_permissions 304 + 305 + if [ "$UPDATE" != no ]; then 306 + update_coverity_tools 307 + fi 308 + 299 309 # Run ourselves inside docker if that's what the user wants 300 310 if [ "$DOCKER" = yes ]; then 301 311 # Put the Coverity token into a temporary file that only ··· 315 325 if [ "$UPDATE" != no ]; then 316 326 # build docker container including the coverity-scan tools 317 327 echo "Building docker container..." 318 - # TODO: This re-downloads the tools every time, rather than 319 - # caching and reusing the image produced with the downloaded tools. 328 + # TODO: This re-unpacks the tools every time, rather than caching 329 + # and reusing the image produced by the COPY of the .tgz file. 320 330 # Not sure why. 321 331 tests/docker/docker.py --engine ${DOCKER_ENGINE} build \ 322 332 -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \ 323 - -v "$SECRETDIR:/work" \ 324 - --extra-files scripts/coverity-scan/run-coverity-scan 333 + --extra-files scripts/coverity-scan/run-coverity-scan \ 334 + "$COVERITY_TOOL_BASE"/coverity_tool.tgz 325 335 fi 326 336 echo "Archiving sources to be analyzed..." 327 337 ./scripts/archive-source.sh "$SECRETDIR/qemu-sources.tgz" ··· 350 360 fi 351 361 echo "Docker work complete." 352 362 exit 0 353 - fi 354 - 355 - # Otherwise, continue with the full build and upload process. 356 - 357 - check_upload_permissions 358 - 359 - if [ "$UPDATE" != no ]; then 360 - update_coverity_tools 361 363 fi 362 364 363 365 TOOLBIN="$(cd "$COVERITY_TOOL_BASE" && echo $PWD/coverity_tool/cov-analysis-*/bin)"