[PATCH v2 0/2] Integration of cppcheck and coverity to travis

[claudius....@siemens.com]

From: Claudius Heine <c...@denx.de>

Hi,

this patch adds cppcheck and coverity support for the travis build.

Changes from last patch set:
- removed first patch, because it was merged
- cppcheck:
- Only print out cppcheck build log if an error occured
- Only suppress obvious false positives
- some small improvements to the script
- coverity:
- Addressed issues raised with last review:
- Fixed coverity certification installation
- Removed 'secure' variable. It now needs to be set in the travis UI
- Disabled i586 and cppcheck build when building for coverity

Claudius

Claudius Heine (2):
travis: added cppcheck target for statically testing the code
travis: added coverity scan results submissions

.travis-build.sh | 98 ++++++++++++++++++++++++++++++++++++++++++++++++++++++--
.travis.yml | 14 ++++++++
2 files changed, 109 insertions(+), 3 deletions(-)

--
2.14.1

[claudius....@siemens.com]

From: Claudius Heine <c...@denx.de>

This commit adds cppcheck as a travis target. Raised issues are
suppressed and should be fixed in further commits.

Signed-off-by: Claudius Heine <c...@denx.de>
---
.travis-build.sh | 66 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-
.travis.yml | 1 +
2 files changed, 66 insertions(+), 1 deletion(-)

diff --git a/.travis-build.sh b/.travis-build.sh
index 56786ab..cb2e250 100755
--- a/.travis-build.sh
+++ b/.travis-build.sh
@@ -7,23 +7,87 @@ TARGET="${TARGET-"$1"}"
prepare_build()
{
autoreconf -fi
- mkdir build
+}
+
+
+enter_build()
+{
+ mkdir -p build
cd build
}
+
+install_cppcheck()
+{
+ git clone https://github.com/danmar/cppcheck.git
+ git -C cppcheck checkout 1.80
+ make -C cppcheck SRCDIR=build \
+ CFGDIR=/usr/share/cppcheck \
+ HAVE_RULES=no -j2 || \
+ return -1
+ sudo make -C cppcheck install >/dev/null \
+ || return -1
+ # On travis cppcheck ignores CFGDIR. Instead, it looks in $PWD. Compare
+ # strace output.
+ sudo install -m644 ./cppcheck/cfg/* ./ || return -1
+ rm -rf cppcheck
+}
+
case "$TARGET" in
native)
prepare_build
+ enter_build
../configure
exec make check
;;
+
i586)
sudo apt-get install --no-install-recommends \
--target-release xenial libcmocka-dev:i386
prepare_build
+ enter_build
../configure --with-gnuefi-lib-dir=/usr/lib32 CFLAGS=-m32 \
host_alias=i586-linux
exec make check
;;
+
+ cppcheck)
+ echo "Building and installing cppcheck..."
+ if ! install_cppcheck >cppcheck_build.log 2>&1
+ then
+ cat cppcheck_build.log
+ exit -1
+ fi
+ prepare_build
+ ./configure
+
+ suppress=""
+ # Justified suppressions:
+ # Not part of the project:
+ suppress+=" --suppress=variableScope:/usr/include/bits/stdlib-bsearch.h"
+ # Function 'efi_main' is called by efi:
+ suppress+=" --suppress=unusedFunction:main.c"
+
+ enable="--enable=warning \
+ --enable=style \
+ --enable=performance \
+ --enable=portability \
+ --enable=unusedFunction"
+
+ includes="-I . \
+ -I include \
+ -I /usr/include \
+ -I /usr/include/linux \
+ -I /usr/include/efi \
+ -I /usr/include/efi/x86_64 \
+ -I /usr/include/x86_64-linux-gnu \
+ -I /usr/lib/gcc/x86_64-linux-gnu/4.8/include"
+
+ cpp_conf="-U__WINT_TYPE__"
+ # Exit code '1' is returned if arguments are not valid or if no input
+ # files are provided. Compare 'cppcheck --help'.
+ exec cppcheck -f -q --error-exitcode=2 --std=posix \
+ $enable $suppress $cpp_conf $includes .
+ ;;
*)
exit -1
;;
diff --git a/.travis.yml b/.travis.yml
index dae0337..4fa4045 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -14,6 +14,7 @@ env:
matrix:
- TARGET=native
- TARGET=i586
+ - TARGET=cppcheck
language: c

compiler:
--
2.14.1

[claudius....@siemens.com]

From: Claudius Heine <c...@denx.de>

Signed-off-by: Claudius Heine <c...@denx.de>
---

.travis-build.sh | 32 ++++++++++++++++++++++++++++++--
.travis.yml | 13 +++++++++++++
2 files changed, 43 insertions(+), 2 deletions(-)

diff --git a/.travis-build.sh b/.travis-build.sh
index cb2e250..fb26660 100755
--- a/.travis-build.sh
+++ b/.travis-build.sh
@@ -2,7 +2,21 @@

set -euo pipefail

-TARGET="${TARGET-"$1"}"
+PARAM="${PARAM-"${1-""}"}"
+TARGET="${TARGET-""}"
+
+COVERITY_SCAN_BRANCH="${COVERITY_SCAN_BRANCH:-"0"}"
+if [ "$COVERITY_SCAN_BRANCH" == "1" ]
+then
+ if [ "$TARGET" == "native" ]
+ then
+ TARGET_EFFECTIVE="${PARAM:-"success"}"
+ else
+ TARGET_EFFECTIVE="success"
+ fi
+else
+ TARGET_EFFECTIVE="${PARAM:-"${TARGET}"}"
+fi

prepare_build()
{
@@ -32,7 +46,7 @@ install_cppcheck()
rm -rf cppcheck
}

-case "$TARGET" in
+case "$TARGET_EFFECTIVE" in
native)
prepare_build
enter_build
@@ -88,6 +102,20 @@ case "$TARGET" in

exec cppcheck -f -q --error-exitcode=2 --std=posix \

$enable $suppress $cpp_conf $includes .
;;

+ coverity_prepare)
+ prepare_build
+ enter_build
+ ../configure
+ exit 0
+ ;;
+ coverity_build)
+ enter_build
+ exec make
+ ;;
+ success)
+ echo "Skipping $TARGET" >&2
+ exit 0

+ ;;
*)
exit -1
;;
diff --git a/.travis.yml b/.travis.yml

index 4fa4045..af6e354 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -22,11 +22,24 @@ compiler:

sudo: required

+before_install:
+ - echo -n | openssl s_client -connect scan.coverity.com:444 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-certificates.crt
+
install:
- sudo apt-get install gcc-multilib gnu-efi libpci-dev libz-dev:i386
- sudo apt-add-repository 'deb http://archive.ubuntu.com/ubuntu xenial universe'
- sudo apt-get update -qq
- sudo apt-get install --no-install-recommends --target-release xenial libcmocka-dev

+addons:
+ coverity_scan:
+ project:
+ name: "siemens/efibootguard"
+ description: "Build submitted via Travis CI"
+ notification_email: efibootg...@googlegroups.com
+ build_command_prepend: "./.travis-build.sh coverity_prepare"
+ build_command: "./.travis-build.sh coverity_build"
+ branch_pattern: coverity_scan
+
script:
- ./.travis-build.sh
--
2.14.1

[Jan Kiszka]

Thanks, applied to next.

Jan