From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: from dpdk.org (dpdk.org [92.243.14.124]) by inbox.dpdk.org (Postfix) with ESMTP id 13CF0A052E; Mon, 9 Mar 2020 16:53:22 +0100 (CET) Received: from [92.243.14.124] (localhost [127.0.0.1]) by dpdk.org (Postfix) with ESMTP id DAC541C0DC; Mon, 9 Mar 2020 16:53:21 +0100 (CET) Received: from wout2-smtp.messagingengine.com (wout2-smtp.messagingengine.com [64.147.123.25]) by dpdk.org (Postfix) with ESMTP id 5EE211C0AC for ; Mon, 9 Mar 2020 16:53:20 +0100 (CET) Received: from compute7.internal (compute7.nyi.internal [10.202.2.47]) by mailout.west.internal (Postfix) with ESMTP id 20F0D639; Mon, 9 Mar 2020 11:53:19 -0400 (EDT) Received: from mailfrontend1 ([10.202.2.162]) by compute7.internal (MEProxy); Mon, 09 Mar 2020 11:53:19 -0400 DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=monjalon.net; h= from:to:cc:subject:date:message-id:mime-version :content-transfer-encoding:content-type; s=mesmtp; bh=ifIjvlH4KZ oiykFLBwRC8rx3NnSoDRhJey9M0bEYvG4=; b=I1mnnaCnV94OeiZ2DNBc5SgFvD yFIlaYidyOlqb5aW5zwGeLFVKF8rzvYUvlSMYLNrrpowz3Zvqbtr8ZL/ztXPwZPt VEy5E2tYVPuoTKNN4DcXU+mJRpv7HC28g7F3YL59ek3J14OQc4WL6pYUWnrbZvHE mbwNLgW/i74tLw0Ng= DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d= messagingengine.com; h=cc:content-transfer-encoding:content-type :date:from:message-id:mime-version:subject:to:x-me-proxy :x-me-proxy:x-me-sender:x-me-sender:x-sasl-enc; s=fm2; bh=ifIjvl H4KZoiykFLBwRC8rx3NnSoDRhJey9M0bEYvG4=; b=vfyz6TRWgpzZGjsdmagy4g jgZBlFHz5PjUXho/YyWQBaPE/DTCcgxia4Iz5gtA6KzKffiSFH61qSLZQTqAJgBw 7vrYeZVRU0QuEd4OnlSBv0o0AktLsH+A3JeOQObOcjaXp5uDcULHJhH1KNGHfbow f6/gGuf2f5JXy8tLw8jJMD+ovu61OPghSw74S5VCl425u1k3Wf3fampC0+V3uDQB wlop0OX7IUWS9MVy3W348YWnhBIszYIVUBVfYimjyRwv8sFzKzoQpN3oPAaO6qP5 05hIxFkqy10VzzlkQ98UzqqtBI4fkzwLvK36L4yZPzi1Nn74wLIvUW1VRjxQEioA == X-ME-Sender: X-ME-Proxy-Cause: gggruggvucftvghtrhhoucdtuddrgedugedruddukedgkeefucetufdoteggodetrfdotf fvucfrrhhofhhilhgvmecuhfgrshhtofgrihhlpdfqfgfvpdfurfetoffkrfgpnffqhgen uceurghilhhouhhtmecufedttdenucenucfjughrpefhvffufffkggfgtgesthfuredttd dtvdenucfhrhhomhepvfhhohhmrghsucfoohhnjhgrlhhonhcuoehthhhomhgrshesmhho nhhjrghlohhnrdhnvghtqeenucffohhmrghinheptghovhgvrhhithihrdgtohhmpdhthh ihrhhsuhhsrdgtohhmnecukfhppeejjedrudefgedrvddtfedrudekgeenucevlhhushht vghrufhiiigvpedtnecurfgrrhgrmhepmhgrihhlfhhrohhmpehthhhomhgrshesmhhonh hjrghlohhnrdhnvght X-ME-Proxy: Received: from xps.localnet (184.203.134.77.rev.sfr.net [77.134.203.184]) by mail.messagingengine.com (Postfix) with ESMTPA id BA2BF3280065; Mon, 9 Mar 2020 11:53:17 -0400 (EDT) From: Thomas Monjalon To: dev@dpdk.org Cc: john.mcnamara@intel.com, david.marchand@redhat.com Date: Mon, 09 Mar 2020 16:53:16 +0100 Message-ID: <8562014.CDJkKcVGEf@xps> MIME-Version: 1.0 Content-Transfer-Encoding: 7Bit Content-Type: text/plain; charset="us-ascii" Subject: [dpdk-dev] Coverity scan X-BeenThere: dev@dpdk.org X-Mailman-Version: 2.1.15 Precedence: list List-Id: DPDK patches and discussions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: dev-bounces@dpdk.org Sender: "dev" We have a public Coverity scan triggered by John for the community: https://scan.coverity.com/projects/dpdk-data-plane-development-kit Note there is a tool to help with this task: http://thyrsus.com/gitweb/?p=coverity-submit.git;a=shortlog;h=refs/tags/1.13 I see two issues with this scan: - it is run manually - not all code is scanned currently Note that we should be able to run one scan per day for free: https://scan.coverity.com/faq#frequency With David, we looked at automating the Coverity scan, with the help of Travis automation: https://scan.coverity.com/travis_ci Such automation cannot be configured on the existing Coverity project. I tried to open a new Coverity project connected to our GitHub. I have a very poor confidence in Coverity/Travis/GitHub integration. I will explain below why. 1/ The instructions were wrong. In this command, there are two mistakes: openssl s_client -connect https://scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca- For the record, a proper a simpler command is: true | openssl s_client -connect scan.coverity.com:443 | openssl x509 | sudo tee -a /etc/ssl/certs/ca-certificates.crt 2/ The coverity scan is triggered as a job addon. The rest of the job must be cancelled with this tricky patch: -script: ./.ci/${TRAVIS_OS_NAME}-build.sh +script: if [ "${COVERITY_SCAN_BRANCH}" != 1 ] ; then ./.ci/${TRAVIS_OS_NAME}-build.sh ; fi 3/ We need only to prepare the source code once per day. But our .travis.yml has many jobs which must be dropped or ignored. 4/ A big encrypted token must be added in the configuration: # encrypted COVERITY_SCAN_TOKEN - secure: "VgRYG9N5adKkM9/QpPgswn1c+VXS1mFVN0vgdjuC/bDv2x4u...etc..." 5/ The addon is triggered when pushing to a specific branch (adding config for the record): coverity_scan: project: name: "DPDK/dpdk" notification_email: test-report@dpdk.org build_command_prepend: "meson build -Dexamples=all" build_command: "ninja -C build" branch_pattern: coverity_scan 6/ This attempt failed with this log (no more information): $ export PROJECT_NAME=DPDK/dpdk Coverity Scan analysis selected for branch coverity_scan. Coverity Scan API access denied. Check $PROJECT_NAME and $COVERITY_SCAN_TOKEN. So I am giving up with Travis+Coverity. The only benefit of Travis is to have a central build configuration. So when a driver is enabled in Travis, it would be scanned in Coverity. Note: Coverity does a build step to prepare the sources. Now the question: how can we better configure the community Coverity scan? I propose to set it up in our community lab. Comments? Suggestions?