Add coverity static analysis to Travis CI config
Enable coverity analysis for the release/2.4 branch.
We can only do a limited number of coverity scans per week with our FOSS
account, but since we only occasionally push commits, that should work out
fine. But this limit is the reason we don't use the standard travis addon,
because that would cause the coverity script to run on all of our matrix
builds. That would cause us to reach our limit faster, and waste travis'
resources.
Since our FOSS coverity account doesn't handle multiple branches very well,
we have to pick one branch to run coverity on. I think it's best to use
the most recent stable branch for that (i.e. for now, release/2.4).
Though for ease of maintenance, it's probably best to apply the patch to
both master and release/2.4.
Signed-off-by: Steffan Karger <steffan.karger@fox-it.com>
Acked-by: Antonio Quartulli <a@unstable.cc>
Message-Id: <1502207741-31750-1-git-send-email-steffan.karger@fox-it.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg15176.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
(cherry picked from commit 4a05f15c9aafe314ae4d3642813ebf234c09276e)
Steffan Karger authored on 2017/08/09 00:55:41Showing 2 changed files
| ... | ... |
@@ -21,10 +21,13 @@ env: |
| 21 | 21 |
- OPENSSL_VERSION="1.0.2l" |
| 22 | 22 |
- OPENSSL_CFLAGS="-I${PREFIX}/include"
|
| 23 | 23 |
- OPENSSL_LIBS="-L${PREFIX}/lib -lssl -lcrypto"
|
| 24 |
+ # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created |
|
| 25 |
+ # via the "travis encrypt" command using the project repo's public key |
|
| 26 |
+ - secure: "l9mSnEW4LJqjxftH5i1NdDaYfGmQB1mPXnSB3DXnsjzkCWZ+yJLfBemfQ0tx/wS7chBYxqUaUIMT0hw4zJVp/LANFJo2vfh//ymTS6h0uApRY1ofg9Pp1BFcV1laG6/u8pwSZ2EBy/GhCd3DS436oE8sYBRaFM9FU62L/oeQBfJ7r4ID/0eB1b8bqlbD4paty9MHui2P8EZJwR+KAD84prtfpZOcrSMxPh9OUhJxzxUvvVoP4s4+lZ5Kgg1bBQ3yzKGDqe8VOgK2BWCEuezqhMMc8oeKmAe7CUkoz5gsGYH++k3I9XzP9Z4xeJKoQnC/82qi4xkJmlaOxdionej9bHIcjfRt7D8j1J0U+wOj4p8VrDy7yHaxuN2fi0K5MGa/CaXQSrkna8dePniCng+xQ2MY/zxuRX2gA6xPNLUyQLU9LqIug7wj4z84Hk9iWib4L20MoPjeEo+vAUNq8FtjOPxMuHNpv4iGGx6kgJm7RXl5vC5hxfK6MprrnYe2U5Mcd8jpzagKBaKHL3zV2FxX9k0jRO9Mccz7M2WnaV0MQ6zcngzTN4+s0kCjhfGKd2F2ANT2Gkhj3Me36eNHfuE0dBbvYCMh4b3Mgd7b/OuXwQWdJ8PjJ1WHXjSOw5sHw1suaV6cEO2Meyz5j1tOkyOi0M9QF+LFenQ9vLH4sBCww8U=" |
|
| 24 | 27 |
|
| 25 | 28 |
matrix: |
| 26 | 29 |
include: |
| 27 |
- - env: SSLLIB="openssl" |
|
| 30 |
+ - env: SSLLIB="openssl" RUN_COVERITY="1" |
|
| 28 | 31 |
os: linux |
| 29 | 32 |
compiler: gcc |
| 30 | 33 |
- env: SSLLIB="openssl" OPENSSL_VERSION="1.1.0f" |
| ... | ... |
@@ -91,5 +94,8 @@ install: |
| 91 | 91 |
- if [ ! -z "${CHOST}" ]; then unset CC; fi
|
| 92 | 92 |
- .travis/build-deps.sh > build-deps.log 2>&1 || (cat build-deps.log && exit 1) |
| 93 | 93 |
|
| 94 |
+before_script: |
|
| 95 |
+ - .travis/coverity.sh |
|
| 96 |
+ |
|
| 94 | 97 |
script: |
| 95 | 98 |
- .travis/build-check.sh |
| 96 | 99 |
new file mode 100755 |
| ... | ... |
@@ -0,0 +1,17 @@ |
| 0 |
+#!/bin/sh |
|
| 1 |
+set -eu |
|
| 2 |
+ |
|
| 3 |
+RUN_COVERITY="${RUN_COVERITY:-0}"
|
|
| 4 |
+ |
|
| 5 |
+export COVERITY_SCAN_PROJECT_NAME="OpenVPN/openvpn" |
|
| 6 |
+export COVERITY_SCAN_BRANCH_PATTERN="release\/2.4" |
|
| 7 |
+export COVERITY_SCAN_NOTIFICATION_EMAIL="scan-reports@openvpn.net" |
|
| 8 |
+export COVERITY_SCAN_BUILD_COMMAND_PREPEND="autoreconf -vi && ./configure --enable-iproute2 && make clean" |
|
| 9 |
+export COVERITY_SCAN_BUILD_COMMAND="make" |
|
| 10 |
+ |
|
| 11 |
+if [ "${RUN_COVERITY}" = "1" ]; then
|
|
| 12 |
+ # Ignore exit code, script exits with 1 if we're not on the right branch |
|
| 13 |
+ curl -s "https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh" | bash || true |
|
| 14 |
+else |
|
| 15 |
+ echo "Skipping coverity scan because \$RUN_COVERITY != \"1\"" |
|
| 16 |
+fi |