CircleCI: run scan-build and publish its results automatically

CircleCI is a continuous integration system like Travis CI, which provides different features. Contrary to Travis CI, it is quite harder to build the project with several build configurations (so it is not a replacement), but it provides short-term storage for files produced by a build job in what is called "artifacts". Use this feature in order to store the results of clang's static analyzer (scan-build) after every pushed commit. This way makes it possible to quickly compare the result of the analyzer after applying some patches that were sent for review to the mailing list, as it no longer requires running the analyzer several times on the development machine. An output example is available at https://352-118970575-gh.circle-artifacts.com/0/output-scan-build/2019-09-21-164945-6152-1/index.html These web pages were created by the job described at https://circleci.com/gh/fishilico/selinux/352 Signed-off-by: Nicolas Iooss <nicolas.iooss@m4x.org>
sailfishos-mirror · Sep 26, 2019 · eca4ee4 · eca4ee4
1 parent 54cb5c6
commit eca4ee4
Showing 1 changed file with 40 additions and 0 deletions.
diff --git a/.circleci/config.yml b/.circleci/config.yml
@@ -0,0 +1,40 @@
+# Configuration file for https://circleci.com/
+
+version: 2
+
+jobs:
+  build:
+    docker:
+      # Use a Python image from https://hub.docker.com/r/circleci/python/tags/
+      - image: circleci/python:3.6
+
+    steps:
+    - checkout
+
+    # Install dependencies
+    - run: sudo apt-get update -qq
+    - run: sudo apt-get install -qq bison clang clang-tools flex gawk gettext libaudit-dev libcap-dev libcap-ng-dev libcunit1-dev libdbus-glib-1-dev libpcre3-dev python3-dev python-dev ruby-dev swig xmlto
+
+    - run:
+        name: Setup environment variables
+        command: |
+          echo 'export DESTDIR=$HOME/destdir' >> "$BASH_ENV"
+
+    # Download and install refpolicy headers for sepolgen tests
+    - run:
+        name: Download refpolicy Makefile
+        command: |
+          curl --location --retry 10 -o refpolicy.tar.bz2 https://github.com/SELinuxProject/refpolicy/releases/download/RELEASE_2_20180701/refpolicy-2.20180701.tar.bz2
+          tar -xvjf refpolicy.tar.bz2
+          sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel
+          sudo make -C refpolicy install-headers
+          sudo mkdir -p /etc/selinux
+          echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
+          echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
+          sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/module.py
+
+    # Run clang's scan-build and store the result as artifacts
+    - run: ./scripts/run-scan-build
+    - store_artifacts:
+        path: scripts/output-scan-build
+        destination: output-scan-build