Integration of Travis CI and Coverity Scan Analysis (#7691)

- Coverity scan analysis tasks run as scheduled cron jobs

- Stage separation for Build, Test and Coverity scan phase
- Travis CI now uses Fedora container to build and run tests

- Containers are accessible from Docker Hub and failed builds
  can be reproduced and examined

- coverity.sh: separate build and upload

6 files changed, 140 insertions, 0 deletions

diff --git a/travis-ci/.dockerignore b/travis-ci/.dockerignore
new file mode 100644
index 000000000..039215886
--- /dev/null
+++ b/travis-ci/.dockerignore
@@ -0,0 +1,30 @@
+*.a
+*.cache
+*.gch
+*.log
+*.o
+*.plist
+*.py[co]
+*.stamp
+*.swp
+*.trs
+*~
+.config.args
+.deps/
+/*.gcda
+/*.gcno
+/GPATH
+/GRTAGS
+/GSYMS
+/GTAGS
+/TAGS
+/ID
+/build*
+/coverage/
+/install-tree
+/mkosi.builddir/
+/tags
+image.raw
+image.raw.cache-pre-dev
+image.raw.cache-pre-inst
+__pycache__/
diff --git a/travis-ci/Dockerfile b/travis-ci/Dockerfile
new file mode 100644
index 000000000..9554fcfc2
--- /dev/null
+++ b/travis-ci/Dockerfile
@@ -0,0 +1,38 @@
+## Create Dockerfile that builds container suitable for systemd build
+## This container runs as non-root user by deafult
+
+# Use the latest stable version of fedora
+FROM fedora:latest
+
+# Demand the specification of non-root username
+ARG DOCKER_USER
+ARG DOCKER_USER_UID
+ARG DOCKER_USER_GID
+
+# Copy the requirements into the container at /tmp
+COPY requirements.txt /tmp/
+
+# Install the requirements
+# RUN dnf -y update FIXME
+RUN dnf -y install $(cat '/tmp/requirements.txt')
+# clean step to prevent cache and metadata corruption
+RUN dnf clean all
+RUN dnf -y builddep systemd
+
+# Add non-root user and chown the project dir
+RUN groupadd -g $DOCKER_USER_GID $DOCKER_USER
+RUN useradd --create-home --shell /bin/bash -u $DOCKER_USER_UID -g $DOCKER_USER_GID -G wheel $DOCKER_USER
+ENV HOME /home/$DOCKER_USER
+ENV PROJECTDIR $HOME/systemd
+
+# Copy content to the project directory
+COPY . $PROJECTDIR
+
+# Greant user all permissions to the project dir
+RUN chown -R $DOCKER_USER $PROJECTDIR
+
+# Switch to noroot user by default
+USER $DOCKER_USER
+
+# Update workdir to user home dir
+WORKDIR $PROJECTDIR
diff --git a/travis-ci/requirements.txt b/travis-ci/requirements.txt
new file mode 100644
index 000000000..f2dbae4b3
--- /dev/null
+++ b/travis-ci/requirements.txt
@@ -0,0 +1,3 @@
+dnf-plugins-core
+meson
+ninja-build
diff --git a/travis-ci/scripts/build-docker-image.sh b/travis-ci/scripts/build-docker-image.sh
new file mode 100755
index 000000000..5d4333a95
--- /dev/null
+++ b/travis-ci/scripts/build-docker-image.sh
@@ -0,0 +1,14 @@
+#!/bin/bash
+
+# Check environment
+[ -z "$DOCKER_REPOSITORY" ] && echo "ERROR: DOCKER_REPOSITORY must be set" && exit 1
+[ -z "$TRAVIS_COMMIT" ] && echo "ERROR: TRAVIS_COMMIT must be set" && exit 1
+
+# Build docker image
+echo -e "\n\033[33;1mBuilding docker image: $DOCKER_REPOSITORY:$TRAVIS_COMMIT.\033[0m"
+
+docker build \
+--build-arg DOCKER_USER=$USER \
+--build-arg DOCKER_USER_UID=`id -u` \
+--build-arg DOCKER_USER_GID=`id -g` \
+--force-rm -t ${DOCKER_REPOSITORY}:${TRAVIS_COMMIT} --pull=true .
diff --git a/travis-ci/tools/get-coverity.sh b/travis-ci/tools/get-coverity.sh
new file mode 100755
index 000000000..d364b541e
--- /dev/null
+++ b/travis-ci/tools/get-coverity.sh
@@ -0,0 +1,35 @@
+#!/bin/bash
+
+# Download and extract coverity tool
+
+# Environment check
+[ -z "$COVERITY_SCAN_TOKEN" ] && echo 'ERROR: COVERITY_SCAN_TOKEN must be set' && exit 1
+
+# Use default values if not set
+PLATFORM=$(uname)
+
+TOOL_BASE=${TOOL_BASE:="/tmp/coverity-scan-analysis"}
+TOOL_ARCHIVE=${TOOL_ARCHIVE:="/tmp/cov-analysis-${PLATFORM}.tgz"}
+
+TOOL_URL="https://scan.coverity.com/download/${PLATFORM}"
+
+# Make sure wget is installed
+sudo apt-get update && sudo apt-get -y install wget
+
+# Get coverity tool
+if [ ! -d $TOOL_BASE ]; then
+  # Download Coverity Scan Analysis Tool
+  if [ ! -e $TOOL_ARCHIVE ]; then
+	  echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
+	  wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
+  fi
+
+  # Extract Coverity Scan Analysis Tool
+  echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
+  mkdir -p $TOOL_BASE
+  pushd $TOOL_BASE
+  tar xzf $TOOL_ARCHIVE
+  popd
+fi
+
+echo -e "\033[33;1mCoverity Scan Analysis Tool can be found at $TOOL_BASE ...\033[0m"
diff --git a/travis-ci/tools/get-docker-remote.sh b/travis-ci/tools/get-docker-remote.sh
new file mode 100755
index 000000000..55bc29e7b
--- /dev/null
+++ b/travis-ci/tools/get-docker-remote.sh
@@ -0,0 +1,20 @@
+#!/bin/bash
+
+# Download and install docker-remote
+# Sets up venv folder
+# Notes: run with sudo command
+
+# Make sure python3 is installed and install git and virtual environment
+sudo apt-get update && sudo apt-get -y install python3 python3-pip git
+sudo apt-get install -y $(apt-cache search venv | cut -d' ' -f 1)
+
+# Get the tool from github and install it
+git clone https://github.com/CermakM/docker-remote.git
+
+# We need to setup virtual environment here to solve disable_warning issue
+python3 -m venv venv
+source venv/bin/activate
+
+pushd docker-remote
+pip install .
+popd