@@ -93,6 +93,18 @@ check_upload_permissions() {
}
+build_docker_image() {
+ # build docker container including the coverity-scan tools
+ echo "Building docker container..."
+ # TODO: This re-unpacks the tools every time, rather than caching
+ # and reusing the image produced by the COPY of the .tgz file.
+ # Not sure why.
+ tests/docker/docker.py --engine ${DOCKER_ENGINE} build \
+ -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \
+ --extra-files scripts/coverity-scan/run-coverity-scan \
+ "$COVERITY_TOOL_BASE"/coverity_tool.tgz
+}
+
update_coverity_tools () {
# Check for whether we need to download the Coverity tools
# (either because we don't have a copy, or because it's out of date)
@@ -126,6 +138,11 @@ update_coverity_tools () {
fi
fi
rm -f coverity_tool.md5.new
+ cd "$SRCDIR"
+
+ if [ "$DOCKER" = yes ]; then
+ build_docker_image
+ fi
}
@@ -245,15 +262,16 @@ fi
PROJNAME=QEMU
TARBALL=cov-int.tar.xz
-if [ "$UPDATE" = only ] && [ "$DOCKER" = yes ]; then
- echo "Combining --docker and --update-only is not supported"
- exit 1
-fi
-
if [ "$UPDATE" = only ]; then
# Just do the tools update; we don't need to check whether
# we are in a source tree or have upload rights for this,
# so do it before some of the command line and source tree checks.
+
+ if [ "$DOCKER" = yes ] && [ ! -z "$SRCTARBALL" ]; then
+ echo --update-tools-only --docker is incompatible with --src-tarball.
+ exit 1
+ fi
+
update_coverity_tools
exit 0
fi
@@ -315,17 +333,6 @@ if [ "$DOCKER" = yes ]; then
echo "Created temporary directory $SECRETDIR"
SECRET="$SECRETDIR/token"
echo "$COVERITY_TOKEN" > "$SECRET"
- if [ "$UPDATE" != no ]; then
- # build docker container including the coverity-scan tools
- echo "Building docker container..."
- # TODO: This re-unpacks the tools every time, rather than caching
- # and reusing the image produced by the COPY of the .tgz file.
- # Not sure why.
- tests/docker/docker.py --engine ${DOCKER_ENGINE} build \
- -t coverity-scanner -f scripts/coverity-scan/coverity-scan.docker \
- --extra-files scripts/coverity-scan/run-coverity-scan \
- "$COVERITY_TOOL_BASE"/coverity_tool.tgz
- fi
echo "Archiving sources to be analyzed..."
./scripts/archive-source.sh "$SECRETDIR/qemu-sources.tgz"
ARGS="--no-update-tools"
Just build the container when run-coverity-scan is invoked with --update-tools-only --docker. This requires moving the "docker build" logic into the update_coverity_tools function. The only snag is that --update-tools-only --docker requires access to the dockerfile. For now just report an error for --src-tarball, and "docker build" will fail if not in a source tree. Another possibility could be to host our container images on a public registry, and use "FROM qemu:fedora" to make the Dockerfile small enough that it can be included directly in the run-coverity-scan script. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- scripts/coverity-scan/run-coverity-scan | 39 +++++++++++++++---------- 1 file changed, 23 insertions(+), 16 deletions(-)