diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 8b93687ec..13b95620a 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -11,6 +11,7 @@ cache: variables: FEDORA_IMAGE: "registry.gitlab.gnome.org/gnome/glib/fedora:v9" + COVERITY_IMAGE: "registry.gitlab.gnome.org/gnome/glib/coverity:v1" DEBIAN_IMAGE: "registry.gitlab.gnome.org/gnome/glib/debian-stable:v6" ANDROID_IMAGE: "registry.gitlab.gnome.org/gnome/glib/android-ndk:v3" MINGW_IMAGE: "registry.gitlab.gnome.org/gnome/glib/mingw:v2" diff --git a/.gitlab-ci/README.md b/.gitlab-ci/README.md index f56cbbd49..15df442a8 100644 --- a/.gitlab-ci/README.md +++ b/.gitlab-ci/README.md @@ -8,7 +8,10 @@ GitLab CI jobs run in a Docker image, defined here. To update that image 1. Edit `.gitlab-ci/Dockerfile` with the changes you want 1. Run `.gitlab-ci/run-docker.sh build --base=debian-stable --base-version=1` to build the new image (bump the version from the latest listed for that `base` - on https://gitlab.gnome.org/GNOME/glib/container_registry) + on https://gitlab.gnome.org/GNOME/glib/container_registry). If rebuilding the + `coverity.Dockerfile` image, you’ll need to have access to [Coverity Scan][cs] + and will need to specify your project name and access token as the environment + variables `COVERITY_SCAN_PROJECT_NAME` and `COVERITY_SCAN_TOKEN`. 1. Run `.gitlab-ci/run-docker.sh push --base=debian-stable --base-version=1` to upload the new image to the GNOME GitLab Docker registry * If this is the first time you're doing this, you'll need to log into the @@ -21,3 +24,4 @@ GitLab CI jobs run in a Docker image, defined here. To update that image image [pat]: https://gitlab.gnome.org/profile/personal_access_tokens +[cs]: https://scan.coverity.com/ diff --git a/.gitlab-ci/coverity.Dockerfile b/.gitlab-ci/coverity.Dockerfile new file mode 100644 index 000000000..7c13d2d3c --- /dev/null +++ b/.gitlab-ci/coverity.Dockerfile @@ -0,0 +1,11 @@ +FROM registry.gitlab.gnome.org/gnome/glib/fedora:v9 + +ARG COVERITY_SCAN_PROJECT_NAME +ARG COVERITY_SCAN_TOKEN + +RUN curl https://scan.coverity.com/download/linux64 \ + -o /tmp/cov-analysis-linux64.tgz \ + --form project="${COVERITY_SCAN_PROJECT_NAME}" \ + --form token="${COVERITY_SCAN_TOKEN}" \ + && tar xfz /tmp/cov-analysis-linux64.tgz \ + && rm /tmp/cov-analysis-linux64.tgz diff --git a/.gitlab-ci/run-docker.sh b/.gitlab-ci/run-docker.sh index 9b6fce4bc..6299c5595 100755 --- a/.gitlab-ci/run-docker.sh +++ b/.gitlab-ci/run-docker.sh @@ -103,6 +103,8 @@ if [ $build == 1 ]; then echo -e "\e[1;32mBUILDING\e[0m: ${base} as ${TAG}" $SUDO_CMD docker build \ --build-arg HOST_USER_ID="$UID" \ + --build-arg COVERITY_SCAN_PROJECT_NAME="${COVERITY_SCAN_PROJECT_NAME}" \ + --build-arg COVERITY_SCAN_TOKEN="${COVERITY_SCAN_TOKEN}" \ --tag "${TAG}" \ --file "${base}.Dockerfile" . exit $?