From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id A07A8A056B; Wed, 11 Mar 2020 19:02:25 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id B470B1BF94; Wed, 11 Mar 2020 19:02:24 +0100 (CET) Received: from out1-smtp.messagingengine.com (out1-smtp.messagingengine.com [66.111.4.25]) by dpdk.org (Postfix) with ESMTP id 035792BE6 for ; Wed, 11 Mar 2020 19:02:22 +0100 (CET) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.nyi.internal (Postfix) with ESMTP id 84C5522299; Wed, 11 Mar 2020 14:02:20 -0400 (EDT) Received: from mailfrontend2 ([10.202.2.163]) by compute7.internal (MEProxy); Wed, 11 Mar 2020 14:02:20 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= from:to:cc:subject:date:message-id:in-reply-to:references :mime-version:content-transfer-encoding:content-type; s=mesmtp; bh=HB9VqB4nZO948xPuatnpHyUeA5pU8DrkJ7zQf+8oIzQ=; b=JJhLpAwqu5Gj ZaRoPcRD2Ad/2PTi1CpRAHvj/naKKUkVDSLg+WzwRTWs9QqWEieeR7bQ/JlRZA1l WS2hlzZs+1vHBF+H6RggzSFMSpmKcHhgMLj6jPg53eaqLHxTBhmnj4yEAoABcs7e w29dxSoigQ2SFjnlU64SSC+2+CqQQ84= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:in-reply-to:message-id:mime-version:references :subject:to:x-me-proxy:x-me-proxy:x-me-sender:x-me-sender :x-sasl-enc; s=fm2; bh=HB9VqB4nZO948xPuatnpHyUeA5pU8DrkJ7zQf+8oI zQ=; b=4XxhvXmWDImlD7NuojL07tHFCOHfh8Q0MxaSM+yNMwJSKHyvsEijWATpY FNFe4R7HPlv2tKBvgssMpgvf06+M9mRM4B6aloOeKTtxIIglGkBA31iSc0JnST4E Zax6JCoZhe6RI8N+AC41Ro3ga0jSLqe4dND5NYw85Wm2fgmtWEOpRuaYPcKXtIMv dzUohDJdNMYwjTkgeWuxECFvI1Qs8hmoVvLwACHHU6HSHIAV+x54cpY3bs6heWMd QOcgGamUyVypm8oc2Sm9lhmzTAzyzCesfLd4keaTrP7or0KuUi3ESeJveabgse+E bxcl2I001uC9EQaim74D0iW6pV9jw== X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedruddvvddguddtjecutefuodetggdotefrod ftvfcurfhrohhfihhlvgemucfhrghsthforghilhdpqfgfvfdpuffrtefokffrpgfnqfgh necuuegrihhlohhuthemuceftddtnecusecvtfgvtghiphhivghnthhsucdlqddutddtmd enucfjughrpefhvffufffkjghfggfgtgesthfuredttddtvdenucfhrhhomhepvfhhohhm rghsucfoohhnjhgrlhhonhcuoehthhhomhgrshesmhhonhhjrghlohhnrdhnvghtqeenuc ffohhmrghinheptghovhgvrhhithihrdgtohhmpdhthhihrhhsuhhsrdgtohhmnecukfhp peejjedrudefgedrvddtfedrudekgeenucevlhhushhtvghrufhiiigvpedtnecurfgrrh grmhepmhgrihhlfhhrohhmpehthhhomhgrshesmhhonhhjrghlohhnrdhnvght X-ME-Proxy: Received: from xps.localnet (184.203.134.77.rev.sfr.net [77.134.203.184]) by mail.messagingengine.com (Postfix) with ESMTPA id 7801C30612AF; Wed, 11 Mar 2020 14:02:19 -0400 (EDT) From: Thomas Monjalon To: Aaron Conole Cc: dev@dpdk.org, john.mcnamara@intel.com, david.marchand@redhat.com Date: Wed, 11 Mar 2020 19:02:18 +0100 Message-ID: <1774839.IobQ9Gjlxr@xps> In-Reply-To: References: <8562014.CDJkKcVGEf@xps> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: Re: [dpdk-dev] Coverity scan X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" 11/03/2020 18:34, Aaron Conole: > Thomas Monjalon writes: > > > We have a public Coverity scan triggered by John for the community: > > https://scan.coverity.com/projects/dpdk-data-plane-development-kit > > Note there is a tool to help with this task: > > http://thyrsus.com/gitweb/?p=coverity-submit.git;a=shortlog;h=refs/tags/1.13 > > > > I see two issues with this scan: > > - it is run manually > > - not all code is scanned currently > > > > Note that we should be able to run one scan per day for free: > > https://scan.coverity.com/faq#frequency > > > > With David, we looked at automating the Coverity scan, > > with the help of Travis automation: > > https://scan.coverity.com/travis_ci > > Such automation cannot be configured on the existing Coverity project. > > Why not? Because Coverity does not allow it. Travis integration is possible only if the project was created with GitHub credentials. > > I tried to open a new Coverity project connected to our GitHub. > > I don't know that it will work. Either you'll need a separate GitHub, > or you'll need to use a special branch. > > > I have a very poor confidence in Coverity/Travis/GitHub integration. > > I will explain below why. > > Hrrm.. lots of projects use it. And they do just what you prescribe > below (skipping jobs/builds when on the coverity branch). Which project is using Travis integration of Coverity? How do they automatically update the specific branch without conflict? > > 1/ The instructions were wrong. In this command, there are two mistakes: > > openssl s_client -connect https://scan.coverity.com:443 | > > sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | > > sudo tee -a /etc/ssl/certs/ca- > > For the record, a proper a simpler command is: > > true | openssl s_client -connect scan.coverity.com:443 | > > openssl x509 | > > sudo tee -a /etc/ssl/certs/ca-certificates.crt > > Okay, that's fixable. > > > 2/ The coverity scan is triggered as a job addon. > > The rest of the job must be cancelled with this tricky patch: > > > > -script: ./.ci/${TRAVIS_OS_NAME}-build.sh > > +script: if [ "${COVERITY_SCAN_BRANCH}" != 1 ] ; then ./.ci/${TRAVIS_OS_NAME}-build.sh ; fi > > More than that, because we probably also want: > > if ([[ "${TRAVIS_JOB_NUMBER##*.}" == "1" ]] && [[ "${TRAVIS_BRANCH}" == "coverity_scan" ]]); then ./.ci/${TRAVIS_OS_NAME}-build.sh ; fi > > That will only do one job (which solves 3/ below) OK good > > 3/ We need only to prepare the source code once per day. > > But our .travis.yml has many jobs which must be dropped or ignored. > > > > 4/ A big encrypted token must be added in the configuration: > > # encrypted COVERITY_SCAN_TOKEN > > - secure: "VgRYG9N5adKkM9/QpPgswn1c+VXS1mFVN0vgdjuC/bDv2x4u...etc..." > > Why it's a problem? It's not a problem. I explained all steps in this email, that's why it's here. > > 5/ The addon is triggered when pushing to a specific branch > > (adding config for the record): > > coverity_scan: > > project: > > name: "DPDK/dpdk" > > notification_email: test-report@dpdk.org > > build_command_prepend: "meson build -Dexamples=all" > > build_command: "ninja -C build" > > branch_pattern: coverity_scan > > > > 6/ This attempt failed with this log (no more information): > > $ export PROJECT_NAME=DPDK/dpdk > > Coverity Scan analysis selected for branch coverity_scan. > > Coverity Scan API access denied. Check $PROJECT_NAME and $COVERITY_SCAN_TOKEN. > > Probably there is an issue with the token + PROJECT_NAME. Probably. How can I debug it? > > So I am giving up with Travis+Coverity. > > The only benefit of Travis is to have a central build configuration. > > So when a driver is enabled in Travis, it would be scanned in Coverity. > > Note: Coverity does a build step to prepare the sources. > > I can try to assist with this if you've not completely abandoned the idea. OK, feel free to ping me for troubleshooting. > > Now the question: how can we better configure the community Coverity scan? > > I propose to set it up in our community lab. > > Comments? Suggestions? > > Since we do have something working, but it's manual, is there a way to > at least make it happen automatically? Maybe some cron job? Yes a cron job, but where? I proposed a server of the community lab.