# syntax=docker/dockerfile:1.0.0-experimental # # Docker setup for running the "Coverity Scan" tools over the source # tree and uploading them to the website, as per # https://scan.coverity.com/projects/qemu/builds/new # We do this on a fixed config (currently Fedora 30 with a known # set of dependencies and a configure command that enables a specific # set of options) so that random changes don't result in our accidentally # dropping some files from the scan. # # We don't build on top of the fedora.docker file because we don't # want to accidentally change or break the scan config when that # is updated. # The work of actually doing the build is handled by the # run-coverity-scan script. FROM fedora:30 ENV PACKAGES \ alsa-lib-devel \ bc \ brlapi-devel \ bzip2 \ bzip2-devel \ ccache \ clang \ curl \ cyrus-sasl-devel \ dbus-daemon \ device-mapper-multipath-devel \ findutils \ gcc \ gcc-c++ \ gettext \ git \ glib2-devel \ glusterfs-api-devel \ gnutls-devel \ gtk3-devel \ hostname \ libaio-devel \ libasan \ libattr-devel \ libblockdev-mpath-devel \ libcap-devel \ libcap-ng-devel \ libcurl-devel \ libepoxy-devel \ libfdt-devel \ libgbm-devel \ libiscsi-devel \ libjpeg-devel \ libpmem-devel \ libnfs-devel \ libpng-devel \ librbd-devel \ libseccomp-devel \ libssh-devel \ libubsan \ libudev-devel \ libusbx-devel \ libxml2-devel \ libzstd-devel \ llvm \ lzo-devel \ make \ mingw32-bzip2 \ mingw32-curl \ mingw32-glib2 \ mingw32-gmp \ mingw32-gnutls \ mingw32-gtk3 \ mingw32-libjpeg-turbo \ mingw32-libpng \ mingw32-libtasn1 \ mingw32-nettle \ mingw32-nsis \ mingw32-pixman \ mingw32-pkg-config \ mingw32-SDL2 \ mingw64-bzip2 \ mingw64-curl \ mingw64-glib2 \ mingw64-gmp \ mingw64-gnutls \ mingw64-gtk3 \ mingw64-libjpeg-turbo \ mingw64-libpng \ mingw64-libtasn1 \ mingw64-nettle \ mingw64-pixman \ mingw64-pkg-config \ mingw64-SDL2 \ ncurses-devel \ nettle-devel \ nss-devel \ numactl-devel \ perl \ perl-Test-Harness \ pixman-devel \ pulseaudio-libs-devel \ python3 \ python3-sphinx \ PyYAML \ rdma-core-devel \ SDL2-devel \ snappy-devel \ sparse \ spice-server-devel \ systemd-devel \ systemtap-sdt-devel \ tar \ texinfo \ usbredir-devel \ virglrenderer-devel \ vte291-devel \ wget \ which \ xen-devel \ xfsprogs-devel \ zlib-devel ENV QEMU_CONFIGURE_OPTS --python=/usr/bin/python3 RUN dnf install -y $PACKAGES RUN rpm -q $PACKAGES | sort > /packages.txt ENV PATH $PATH:/usr/libexec/python3-sphinx/ ENV COVERITY_TOOL_BASE=/coverity-tools COPY run-coverity-scan run-coverity-scan RUN --mount=type=secret,id=coverity.token,required ./run-coverity-scan --update-tools-only --tokenfile /run/secrets/coverity.token