From: "Daniel P. Berrangé" <berrange@redhat.com>
To: Paolo Bonzini <pbonzini@redhat.com>
Cc: qemu-devel@nongnu.org, peter.maydell@linaro.org
Subject: Re: [RFC PATCH 2/2] gitlab-ci: add manual job to run Coverity
Date: Tue, 5 Mar 2024 08:52:51 +0000 [thread overview]
Message-ID: <ZebdY6NqEue0Rl3q@redhat.com> (raw)
In-Reply-To: <20240304220631.943130-3-pbonzini@redhat.com>
On Mon, Mar 04, 2024 at 05:06:31PM -0500, Paolo Bonzini wrote:
> Add a job that can be run, either manually or on a schedule, to upload
> a build to Coverity Scan. The job uses the run-coverity-scan script
> in multiple phases of check, download tools and upload, in order to
> avoid both wasting time (skip everything if you are above the upload
> quota) and avoid filling the log with the progress of downloading
> the tools.
>
> The job is intended to run on a scheduled pipeline run, and scheduled
> runs will not get any other job. It requires two variables to be in
> GitLab CI, COVERITY_TOKEN and COVERITY_EMAIL. Those are already set up
> in qemu-project's configuration as protected and masked variables.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
> .gitlab-ci.d/base.yml | 4 ++++
> .gitlab-ci.d/buildtest.yml | 36 ++++++++++++++++++++++++++++++++++++
> 2 files changed, 40 insertions(+)
>
> diff --git a/.gitlab-ci.d/base.yml b/.gitlab-ci.d/base.yml
> index ef173a34e6..2dd8a9b57c 100644
> --- a/.gitlab-ci.d/base.yml
> +++ b/.gitlab-ci.d/base.yml
> @@ -41,6 +41,10 @@ variables:
> - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM && $CI_COMMIT_TAG'
> when: never
>
> + # Scheduled runs on mainline don't get pipelines except for the special Coverity job
> + - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM && $CI_PIPELINE_SOURCE == "schedule"'
> + when: never
> +
> # Cirrus jobs can't run unless the creds / target repo are set
> - if: '$QEMU_JOB_CIRRUS && ($CIRRUS_GITHUB_REPO == null || $CIRRUS_API_TOKEN == null)'
> when: never
> diff --git a/.gitlab-ci.d/buildtest.yml b/.gitlab-ci.d/buildtest.yml
> index a1c030337b..378dee055b 100644
> --- a/.gitlab-ci.d/buildtest.yml
> +++ b/.gitlab-ci.d/buildtest.yml
> @@ -729,3 +729,38 @@ pages:
> - public
> variables:
> QEMU_JOB_PUBLISH: 1
> +
> +coverity:
> + image: $CI_REGISTRY_IMAGE/qemu/fedora:$QEMU_CI_CONTAINER_TAG
> + stage: build
> + allow_failure: true
> + timeout: 3h
> + needs:
> + - job: amd64-fedora-container
> + optional: true
> + before_script:
> + - dnf install -y curl wget
> + script:
> + # would be nice to cancel the job if over quota (https://gitlab.com/gitlab-org/gitlab/-/issues/256089)
> + - 'scripts/coverity-scan/run-coverity-scan --check-upload-only || (exitcode=$?; if test $exitcode = 1; then
> + exit 0;
> + else
> + exit $exitcode;
> + fi)'
> + - 'scripts/coverity-scan/run-coverity-scan --update-tools-only > update-tools.log 2>&1 || cat update-tools.log'
Slightly shorter as:
..... 2>&1 | tee update-tools.log
> + - 'scripts/coverity-scan/run-coverity-scan --no-update-tools'
> + rules:
> + - if: '$COVERITY_TOKEN == null'
> + when: never
> + - if: '$COVERITY_EMAIL == null'
> + when: never
> + # Never included on upstream pipelines, except for schedules
> + - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM && $CI_PIPELINE_SOURCE == "schedule" && $CI_COMMIT_REF_NAME == $CI_DEFAULT_BRANCH'
> + when: on_success
> + - if: '$CI_PROJECT_NAMESPACE == $QEMU_CI_UPSTREAM'
> + when: never
> + # Forks don't get any pipeline unless QEMU_CI=1 or QEMU_CI=2 is set
> + - if: '$QEMU_CI != "1" && $QEMU_CI != "2"'
> + when: never
> + # Always manual on forks even if $QEMU_CI == "2"
> + - when: manual
> --
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
With regards,
Daniel
--
|: https://berrange.com -o- https://www.flickr.com/photos/dberrange :|
|: https://libvirt.org -o- https://fstop138.berrange.com :|
|: https://entangle-photo.org -o- https://www.instagram.com/dberrange :|
next prev parent reply other threads:[~2024-03-05 8:53 UTC|newest]
Thread overview: 5+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-04 22:06 [RFC PATCH 0/2] ci: allow running Coverity Scan uploads via GitLab Paolo Bonzini
2024-03-04 22:06 ` [RFC PATCH 1/2] run-coverity-scan: add --check-upload-only option Paolo Bonzini
2024-03-04 22:06 ` [RFC PATCH 2/2] gitlab-ci: add manual job to run Coverity Paolo Bonzini
2024-03-05 8:52 ` Daniel P. Berrangé [this message]
2024-03-05 11:50 ` Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=ZebdY6NqEue0Rl3q@redhat.com \
--to=berrange@redhat.com \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).