forked from osmocom/wireshark
GitLab CI: Add a GCC Coverity Scan Build job.
Add a "coverity-gcc" job which runs Coverity Scan Build on Ubuntu using GCC and submits the build output to Coverity. Based on https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci and https://gitlab.gnome.org/GNOME/glib/-/blob/8f57a5b9/.gitlab-ci.yml#L481
This commit is contained in:
parent
faf2e62db8
commit
0630332565
|
@ -10,6 +10,11 @@
|
||||||
# https://hub.docker.com/r/wireshark/wireshark-opensuse-15.2-dev
|
# https://hub.docker.com/r/wireshark/wireshark-opensuse-15.2-dev
|
||||||
# https://hub.docker.com/r/wireshark/wireshark-ubuntu-dev
|
# https://hub.docker.com/r/wireshark/wireshark-ubuntu-dev
|
||||||
|
|
||||||
|
stages:
|
||||||
|
- build
|
||||||
|
- analysis
|
||||||
|
- test
|
||||||
|
|
||||||
variables:
|
variables:
|
||||||
# Ensure that checkouts are a) fast and b) have a reachable tag. In a
|
# Ensure that checkouts are a) fast and b) have a reachable tag. In a
|
||||||
# brighter, more glorious future we might be able to use --shallow-since:
|
# brighter, more glorious future we might be able to use --shallow-since:
|
||||||
|
@ -398,3 +403,40 @@ merge-req:windows:
|
||||||
- msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
|
- msbuild /verbosity:minimal "/consoleloggerparameters:PerformanceSummary;NoSummary" /maxcpucount Wireshark.sln
|
||||||
- msbuild /verbosity:minimal test-programs.vcxproj
|
- msbuild /verbosity:minimal test-programs.vcxproj
|
||||||
- ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose
|
- ctest -C RelWithDebInfo --parallel 3 --force-new-ctest-process --verbose
|
||||||
|
|
||||||
|
# Adapted from https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/
|
||||||
|
# and https://gitlab.gnome.org/GNOME/glib/-/blob/8f57a5b9/.gitlab-ci.yml#L481
|
||||||
|
coverity-gcc:
|
||||||
|
only:
|
||||||
|
- schedules
|
||||||
|
- $RUN_COVERITY_GCC == "True"
|
||||||
|
image: wireshark/wireshark-ubuntu-dev
|
||||||
|
stage: analysis
|
||||||
|
needs: []
|
||||||
|
variables:
|
||||||
|
CC: gcc
|
||||||
|
CXX: g++
|
||||||
|
# cov-build doesn’t handle GLIB_DEPRECATED_ENUMERATOR
|
||||||
|
CFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS'
|
||||||
|
CXXFLAGS: '-DGLIB_DISABLE_DEPRECATION_WARNINGS'
|
||||||
|
script:
|
||||||
|
- >
|
||||||
|
curl
|
||||||
|
--output /tmp/cov-analysis-linux64.tar.gz
|
||||||
|
--form project=$COVERITY_SCAN_PROJECT_NAME
|
||||||
|
--form token=$COVERITY_SCAN_TOKEN
|
||||||
|
https://scan.coverity.com/download/linux64
|
||||||
|
- tar --directory=/tmp --extract --gzip --file /tmp/cov-analysis-linux64.tar.gz
|
||||||
|
- mkdir build
|
||||||
|
- cd build
|
||||||
|
- cmake -G Ninja ..
|
||||||
|
- /tmp/cov-analysis-linux64-*/bin/cov-build --return-emit-failures --dir cov-int ninja
|
||||||
|
- tar --create --gzip --file cov-int.tar.gz cov-int
|
||||||
|
- >
|
||||||
|
curl
|
||||||
|
--form file=@cov-int.tar.gz
|
||||||
|
--form token=$COVERITY_SCAN_TOKEN
|
||||||
|
--form email=$GITLAB_USER_EMAIL
|
||||||
|
--form description="Ubuntu $( git describe --tags ) $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
|
||||||
|
--form version=$( git describe --tags )
|
||||||
|
https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
|
||||||
|
|
Loading…
Reference in New Issue