Travis and Coverity Scan - Everything builds but coverity does not seem to run

1
votes

This is my pretty simple C++/CMake .travis.yml


env:
  global:
   # The next declaration is the encrypted COVERITY_SCAN_TOKEN, created
   #   via the "travis encrypt" command using the project repo's public key
   - secure: "<very long encrypted token>"

addons:
  coverity_scan:
    project:
      name: "tinverse/tsm"
    build_command_prepend: cmake .
    build_command: make
    branch_pattern: coverity_scan
  script:
    - echo -n | openssl s_client -CApath /etc/ssl/certs -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-

  apt:
    sources:
    - ubuntu-toolchain-r-test
    packages:
    - gcc-5
    - g++-5
    - clang

compiler:
  - gcc
  - clang

install:
# Use g++5.4 and not 4.6 (C++11 missing)
  - if [ "$CXX" = "g++" ]; then export CXX="g++-5" CC="gcc-5"; fi

Everything just builds fine. I do not see coverity run or upload anything. I added a 'COVERITY_SCAN_TOKEN' environment variable in travis with my unencrypted token. The build log is here: https://travis-ci.org/tinverse/tsm/jobs/509506031. I get a final "The command "./configure && make && make test" exited with 0." message from the travis-ci build log and that's it! Not sure what I'm doing wrong.

Update: From the build log:

depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign CloudSSL CA - SHA256 - G3
verify error:num=20:unable to get local issuer certificate
verify return:0
DONE

However, after adding the CApath option to the openssl command in .travil.yml in the before_install section of the script, I'm seeing

echo -n | openssl s_client -CApath /etc/ssl/certs/ -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-certificates.crt
depth=2 C = BE, O = GlobalSign nv-sa, OU = Root CA, CN = GlobalSign Root CA
verify return:1
depth=1 C = BE, O = GlobalSign nv-sa, CN = GlobalSign CloudSSL CA - SHA256 - G3
verify return:1
depth=0 C = US, ST = Delaware, L = Dover, O = Incapsula Inc, CN = incapsula.com
verify return:1
DONE

So does a non-zero return here mean success? Still, looking at the travis-ci build log, I don't think coverity scan ran.

1
c++cmaketravis-cicoverity

1 Answers

0
votes

My branch was called feature/coverity_scan and I thought branch_pattern: coverity_scan would work. It did not. After renaming my branch to coverity_scan, it worked.

Also, adding dist: xenial to the .travis.yml file make the certificate errors go away.