From: "Philippe Mathieu-Daudé" <philmd@redhat.com>
To: "Alex Bennée" <alex.bennee@linaro.org>
Cc: "Peter Maydell" <peter.maydell@linaro.org>,
qemu-devel@nongnu.org, "Fam Zheng" <famz@redhat.com>,
patches@linaro.org, "Philippe Mathieu-Daudé" <f4bug@amsat.org>,
"Markus Armbruster" <armbru@redhat.com>,
"Paolo Bonzini" <pbonzini@redhat.com>
Subject: Re: [Qemu-devel] [PATCH 2/2] scripts/coverity-scan: Add Docker support
Date: Wed, 14 Nov 2018 12:46:28 +0100 [thread overview]
Message-ID: <b222454b-b888-2b46-0ca0-db720a9c3f0e@redhat.com> (raw)
In-Reply-To: <878t1vewa3.fsf@linaro.org>
On 14/11/18 12:25, Alex Bennée wrote:
> Philippe Mathieu-Daudé <philmd@redhat.com> writes:
>> On 13/11/18 19:46, Peter Maydell wrote:
>>> Add support for running the Coverity Scan tools inside a Docker
>>> container rather than directly on the host system.
>>>
>>> Signed-off-by: Peter Maydell <peter.maydell@linaro.org>
>>> ---
>>> scripts/coverity-scan/coverity-scan.docker | 120 +++++++++++++++++++++
>>> scripts/coverity-scan/run-coverity-scan | 58 ++++++++++
>>> 2 files changed, 178 insertions(+)
>>> create mode 100644 scripts/coverity-scan/coverity-scan.docker
>>>
>>> diff --git a/scripts/coverity-scan/coverity-scan.docker b/scripts/coverity-scan/coverity-scan.docker
>>> new file mode 100644
>>> index 00000000000..81f69459954
>>> --- /dev/null
>>> +++ b/scripts/coverity-scan/coverity-scan.docker
>>> @@ -0,0 +1,120 @@
>>> +# syntax=docker/dockerfile:1.0.0-experimental
>>> +#
>>> +# Docker setup for running the "Coverity Scan" tools over the source
>>> +# tree and uploading them to the website, as per
>>> +# https://scan.coverity.com/projects/qemu/builds/new
>>> +# We do this on a fixed config (currently Fedora 28 with a known
>>> +# set of dependencies and a configure command that enables a specific
>>> +# set of options) so that random changes don't result in our accidentally
>>> +# dropping some files from the scan.
>>> +# The work of actually doing the build is handled by the
>>> +# run-coverity-scan script.
>>> +
>>> +
>>> +FROM fedora:28
>>> +ENV PACKAGES \
>>> + alsa-lib-devel \
>>> + bc \
>>> + bison \
>>> + bluez-libs-devel \
>>> + brlapi-devel \
>>> + bzip2 \
>>> + bzip2-devel \
>>> + ccache \
>>> + clang \
>>> + curl \
>>> + cyrus-sasl-devel \
>>> + device-mapper-multipath-devel \
>>> + findutils \
>>> + flex \
>>> + gcc \
>>> + gcc-c++ \
>>> + gettext \
>>> + git \
>>> + glib2-devel \
>>> + glusterfs-api-devel \
>>> + gnutls-devel \
>>> + gtk3-devel \
>>> + hostname \
>>> + libaio-devel \
>>> + libasan \
>>> + libattr-devel \
>>> + libcap-devel \
>>> + libcap-ng-devel \
>>> + libcurl-devel \
>>> + libepoxy-devel \
>>> + libfdt-devel \
>>> + libgbm-devel \
>>> + libiscsi-devel \
>>> + libjpeg-devel \
>>> + libnfs-devel \
>>> + libpng-devel \
>>> + librbd-devel \
>>> + libseccomp-devel \
>>> + libssh2-devel \
>>> + libubsan \
>>> + libudev-devel \
>>> + libusbx-devel \
>>> + libxml2-devel \
>>> + llvm \
>>> + lzo-devel \
>>> + make \
>>> + mingw32-bzip2 \
>>> + mingw32-curl \
>>> + mingw32-glib2 \
>>> + mingw32-gmp \
>>> + mingw32-gnutls \
>>> + mingw32-gtk3 \
>>> + mingw32-libjpeg-turbo \
>>> + mingw32-libpng \
>>> + mingw32-libssh2 \
>>> + mingw32-libtasn1 \
>>> + mingw32-nettle \
>>> + mingw32-pixman \
>>> + mingw32-pkg-config \
>>> + mingw32-SDL2 \
>>> + mingw64-bzip2 \
>>> + mingw64-curl \
>>> + mingw64-glib2 \
>>> + mingw64-gmp \
>>> + mingw64-gnutls \
>>> + mingw64-gtk3 \
>>> + mingw64-libjpeg-turbo \
>>> + mingw64-libpng \
>>> + mingw64-libssh2 \
>>> + mingw64-libtasn1 \
>>> + mingw64-nettle \
>>> + mingw64-pixman \
>>> + mingw64-pkg-config \
>>> + mingw64-SDL2 \
>>> + ncurses-devel \
>>> + nettle-devel \
>>> + nss-devel \
>>> + numactl-devel \
>>> + perl \
>>> + pixman-devel \
>>> + pulseaudio-libs-devel \
>>> + python3 \
>>> + PyYAML \
>>> + rdma-core-devel \
>>> + SDL2-devel \
>>> + snappy-devel \
>>> + sparse \
>>> + spice-server-devel \
>>> + systemtap-sdt-devel \
>>> + tar \
>>> + usbredir-devel \
>>> + virglrenderer-devel \
>>> + vte3-devel \
>>> + wget \
>>> + which \
>>> + xen-devel \
>>> + xfsprogs-devel \
>>> + zlib-devel
>>> +ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3
>>> +
>>> +RUN dnf install -y $PACKAGES
>>> +RUN rpm -q $PACKAGES | sort > /packages.txt
>>> +ENV COVERITY_TOOL_BASE=/coverity-tools
>>> +COPY run-coverity-scan run-coverity-scan
>>> +RUN --mount=type=secret,id=coverity.token,required ./run-coverity-scan --update-tools-only --tokenfile /run/secrets/coverity.token
>>
>> Calling "make docket-image-fedora" you can reduce this script to:
>
> Remember for this to work we need to enforce the dependencies in the
> tests/docker/Makefile.include and integrate into our make machinery.
> Currently this dockerfile lives outside of the rest of our make
> machinery.
Yes, but since this image is ran via a script which calls "docker build
..." it could previously call "make docket-image-fedora".
Currenty the qemu:fedora layer takes a bit more than 2GB, space worth on
laptop SSD ;)
>
> We've talked about having Docker environments for building test pieces
> before so I wonder if this is a good fit for expanding the make system
> support for these sort of jobs?
I am not sure which of the various Docker talk you are thinking of...
For this particular case this is probably not worth integrating it into
the make system.
However it makes sense to me to have the qemu:fedora and this image
pushed. Probably worth another thread although.
>
>>
>> -- >8 --
>> FROM qemu:fedora
>> ENV PACKAGES \
>> $PACKAGES \
>> alsa-lib-devel \
>> curl \
>> cyrus-sasl-devel \
>> libepoxy-devel \
>> libgbm-devel \
>> libiscsi-devel \
>> libnfs-devel \
>> libseccomp-devel \
>> libudev-devel \
>> pulseaudio-libs-devel \
>> rdma-core-devel \
>> wget \
>> xfsprogs-devel
>>
>> RUN dnf install -y $PACKAGES
>> RUN rpm -q $PACKAGES | sort > /packages.txt
>> ENV COVERITY_TOOL_BASE=/coverity-tools
>> COPY run-coverity-scan run-coverity-scan
>> RUN --mount=type=secret,id=coverity.token,required ./run-coverity-scan
>> --update-tools-only --tokenfile /run/secrets/coverity.token
>> ---
>>
>> sharing a big docker layer.
>
>
> --
> Alex Bennée
>
next prev parent reply other threads:[~2018-11-14 11:46 UTC|newest]
Thread overview: 11+ messages / expand[flat|nested] mbox.gz Atom feed top
2018-11-13 18:46 [Qemu-devel] [PATCH 0/2] Automation for running Coverity Scan builds Peter Maydell
2018-11-13 18:46 ` [Qemu-devel] [PATCH 1/2] scripts/run-coverity-scan: Script to run Coverity Scan build Peter Maydell
2018-11-13 19:06 ` Eric Blake
2018-11-13 19:21 ` Peter Maydell
2018-11-13 19:51 ` Eric Blake
2018-11-13 18:46 ` [Qemu-devel] [PATCH 2/2] scripts/coverity-scan: Add Docker support Peter Maydell
2018-11-13 19:37 ` Philippe Mathieu-Daudé
2018-11-14 11:25 ` Alex Bennée
2018-11-14 11:46 ` Philippe Mathieu-Daudé [this message]
2018-11-14 12:02 ` Paolo Bonzini
2018-11-14 14:31 ` Peter Maydell
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=b222454b-b888-2b46-0ca0-db720a9c3f0e@redhat.com \
--to=philmd@redhat.com \
--cc=alex.bennee@linaro.org \
--cc=armbru@redhat.com \
--cc=f4bug@amsat.org \
--cc=famz@redhat.com \
--cc=patches@linaro.org \
--cc=pbonzini@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).