Commit eca4ee45 authored by Nicolas Iooss's avatar Nicolas Iooss Committed by Stephen Smalley

CircleCI: run scan-build and publish its results automatically

CircleCI is a continuous integration system like Travis CI, which
provides different features. Contrary to Travis CI, it is quite harder
to build the project with several build configurations (so it is not a
replacement), but it provides short-term storage for files produced by a
build job in what is called "artifacts".

Use this feature in order to store the results of clang's static
analyzer (scan-build) after every pushed commit. This way makes it
possible to quickly compare the result of the analyzer after applying
some patches that were sent for review to the mailing list, as it no
longer requires running the analyzer several times on the development

An output example is available at
These web pages were created by the job described at default avatarNicolas Iooss <>
parent 54cb5c67
# Configuration file for
version: 2
# Use a Python image from
- image: circleci/python:3.6
- checkout
# Install dependencies
- run: sudo apt-get update -qq
- run: sudo apt-get install -qq bison clang clang-tools flex gawk gettext libaudit-dev libcap-dev libcap-ng-dev libcunit1-dev libdbus-glib-1-dev libpcre3-dev python3-dev python-dev ruby-dev swig xmlto
- run:
name: Setup environment variables
command: |
echo 'export DESTDIR=$HOME/destdir' >> "$BASH_ENV"
# Download and install refpolicy headers for sepolgen tests
- run:
name: Download refpolicy Makefile
command: |
curl --location --retry 10 -o refpolicy.tar.bz2
tar -xvjf refpolicy.tar.bz2
sed -e "s,^PREFIX :=.*,PREFIX := $DESTDIR/usr," -i refpolicy/support/Makefile.devel
sudo make -C refpolicy install-headers
sudo mkdir -p /etc/selinux
echo 'SELINUXTYPE=refpolicy' | sudo tee /etc/selinux/config
echo 'SELINUX_DEVEL_PATH = /usr/share/selinux/refpolicy' | sudo tee /etc/selinux/sepolgen.conf
sed -e "s,\"\(/usr/bin/[cs]\),\"$DESTDIR\1," -i python/sepolgen/src/sepolgen/
# Run clang's scan-build and store the result as artifacts
- run: ./scripts/run-scan-build
- store_artifacts:
path: scripts/output-scan-build
destination: output-scan-build
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment