Introduce new job to make a coverity build and upload coverity data to
scan.coverity.com where the analysis is then executed.
Signed-off-by: Pavel Hrdina <phrdina@xxxxxxxxxx>
---
.gitlab-ci.yml | 20 ++++++++++++++++++++
ci/containers/README.rst | 22 ++++++++++++++++++++++
2 files changed, 42 insertions(+)
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 725c76e9ee..6792accf8f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -585,3 +585,23 @@ check-dco:
- $CI_PROJECT_NAMESPACE == 'libvirt'
variables:
GIT_DEPTH: 1000
+
+
+# Coverity job that is run only by schedules
+coverity:
+ image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
+ needs:
+ - x64-centos-8-container
+ stage: builds
+ script:
+ - curl https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN -o /tmp/cov-analysis-linux64.tgz
+ - tar xfz /tmp/cov-analysis-linux64.tgz
+ - meson build
+ - cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja -C build
+ - tar cfz cov-int.tar.gz cov-int
+ - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL --form file=@cov-int.tar.gz --form version="$(git describe --tags)" --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
+ only:
+ refs:
+ - schedules
+ variables:
+ - $COVERITY_SCAN_PROJECT_NAME && $COVERITY_SCAN_TOKEN
diff --git a/ci/containers/README.rst b/ci/containers/README.rst
index 530897e311..f2ee132613 100644
--- a/ci/containers/README.rst
+++ b/ci/containers/README.rst
@@ -12,3 +12,25 @@ https://gitlab.com/libvirt/libvirt-ci
The containers are built during the CI process and cached in the GitLab
container registry of the project doing the build. The cached containers
can be deleted at any time and will be correctly rebuilt.
+
+
+Coverity scan integration
+=========================
+
+This will be used only by the main repository for master branch by running
+scheduled pipeline in GitLab.
+
+The service is proved by `Coverity Scan`_ and requires that the project is
+registered there to get free coverity analysis which we already have for
+`libvirt project`_.
+
+To run the coverity job it requires two new variables:
+
+ * ``COVERITY_SCAN_PROJECT_NAME``, containing the `libvirt project`_
+ name.
+
+ * ``COVERITY_SCAN_TOKEN``, token visible to admins of `libvirt project`_
+
+
+.. _Coverity Scan: https://scan.coverity.com/
+.. _libvirt project: https://scan.coverity.com/projects/libvirt
--
2.26.2
