From 819aa7b25dfbc50b96757ce34b3dd7a5ecc534c6 Mon Sep 17 00:00:00 2001 From: "Steven R. Loomis" Date: Wed, 13 Mar 2019 15:48:06 -0700 Subject: [PATCH 1/5] setup for building under coverity - also ignore tmp directories in VSCode --- .gitignore | 2 ++ .vscode/settings.json | 7 ++++++ README.md | 21 ++++++++++++++++++ src/bin/cov-icu4c.sh | 50 +++++++++++++++++++++++++++++++++++++++++++ 4 files changed, 80 insertions(+) create mode 100644 .vscode/settings.json create mode 100755 src/bin/cov-icu4c.sh diff --git a/.gitignore b/.gitignore index 5efc4cd..20d22a9 100644 --- a/.gitignore +++ b/.gitignore @@ -11,3 +11,5 @@ src/tmp /Makefile.local /local-* +/src/bin/cov-analysis-linux64* +/src/bin/local-coverity.sh diff --git a/.vscode/settings.json b/.vscode/settings.json new file mode 100644 index 0000000..0b643ba --- /dev/null +++ b/.vscode/settings.json @@ -0,0 +1,7 @@ +{ + "files.exclude": { + "src/icu": true, + "tmp": true, + "dist": true + } +} \ No newline at end of file diff --git a/README.md b/README.md index 3d1d04f..76d8fe8 100644 --- a/README.md +++ b/README.md @@ -51,6 +51,27 @@ this will make error messages work checking for ICU version numbers... ``` +## Coverity Scan + +https://scan.coverity.com/ + +- download the scanning tools and install them as `src/bin/cov-analysis-linux64/` +(you can unpack the .tgz in src/bin and create a symlink) + +- create an executable script file named `src/bin/local-coverity.sh` with +the following contents: (see the coverity page for the project for more details) + +```shell +export PROJ=icu4c +export COVERITY_TOKEN=yourtoken +export COVERITY_EMAIL=email@example.com +``` + +- Kick it off: `docker-compose run ubuntu /src/bin/cov-icu4c.sh` + +Note: you may want to do `docker-compose run ubuntu` and then run the script from the command line +if there are problems. + ## Author Steven R. Loomis diff --git a/src/bin/cov-icu4c.sh b/src/bin/cov-icu4c.sh new file mode 100755 index 0000000..f5e1d58 --- /dev/null +++ b/src/bin/cov-icu4c.sh @@ -0,0 +1,50 @@ +#!/bin/sh + +PROJ=icu4c +COVDIR=/src/bin/cov-analysis-linux64/ +# much of the rest is common to C and J - except build and auth +if [ ! -x /src/bin/local-coverity.sh ]; +then + echo missing /src/bin/local-coverity.sh + exit 1 +fi +. /src/bin/local-coverity.sh +if [ ! -d ${COVDIR} ]; +then + echo missing coverity dir ${COVDIR} + exit 1 +fi + +export PATH=${COVDIR}/bin:${PATH} +export WORKSPACE=$(pwd) +export SRCDIR=/src/icu/${PROJ} +BLDDIR=${WORKSPACE}/build/${PROJ}.build.cov +echo building ${SRCDIR} in ${BLDDIR} +rm -rf ${BLDDIR} ; mkdir -p ${BLDDIR} +VERFILE=${SRCDIR}/source/common/unicode/uvernum.h +# Get the ICU version from uversion.h or other headers +geticuversion() { + sed -n 's/^[ ]*#[ ]*define[ ]*U_ICU_VERSION[ ]*"\([^"]*\)".*/\1/p' "$@" +} +ICUVER=`geticuversion ${VERFILE}` +SVN_REVISION=$(cd ${SRCDIR} >/dev/null && (git describe --tags --exact-match 2>/dev/null || git rev-parse --short HEAD) || echo 'unknown') +echo $ICUVER $SVN_REVISION +cd ${BLDDIR} +# C specific build +${SRCDIR}/source/configure --disable-renaming --disable-extras --with-data-packaging=archive +env COVERITY_UNSUPPORTED=1 ${COVDIR}/bin/cov-build --dir cov-int make || exit 1 +fgrep '[WARNING] No files were emitted' cov-int/build-log.txt && exit 1 +tar cfpz ${PROJ}.tgz cov-int && +ls -lh ${PROJ}.tgz && +curl --form token=${COVERITY_TOKEN} \ + --form email=${COVERITY_EMAIL} \ + --form file=@${PROJ}.tgz \ + --form version="${ICUVER}" \ + --form description="Manual submit from ${COVERITY_EMAIL} ${SVN_REVISION}" \ + https://scan.coverity.com/builds?project=${PROJ} -o form-submit.$$ +cat form-submit.$$ || exit 1 +echo uploaded r${SVN_REVISION} ${PROJ} ${ICUVER} as ${PROJ}.tgz +echo done +exit 0 + + From 1d8b466876d538cc6878719ee08064424163926e Mon Sep 17 00:00:00 2001 From: "Steven R. Loomis" Date: Fri, 13 Mar 2020 14:34:14 -0700 Subject: [PATCH 2/5] add icu4j --- README.md | 10 +++++++++- docker-compose.yml | 6 ++++++ dockerfiles/fedora-j/Dockerfile | 27 ++++++++++++++++++++++++++ dockerfiles/fedora-j/adoptopenjdk.repo | 6 ++++++ 4 files changed, 48 insertions(+), 1 deletion(-) create mode 100644 dockerfiles/fedora-j/Dockerfile create mode 100644 dockerfiles/fedora-j/adoptopenjdk.repo diff --git a/README.md b/README.md index 76d8fe8..074412c 100644 --- a/README.md +++ b/README.md @@ -45,7 +45,7 @@ this will make error messages work - do some command line builds -``` +```shell $ docker-compose run ubuntu bash build@59b67f6c5058:~$ /src/icu/icu4c/source/configure checking for ICU version numbers... @@ -72,6 +72,14 @@ export COVERITY_EMAIL=email@example.com Note: you may want to do `docker-compose run ubuntu` and then run the script from the command line if there are problems. +## ICU4J + +- the following will build (in-source!) using adoptopenjdk9 + +```shell +docker-compose run fedora-j ant jar check +``` + ## Author Steven R. Loomis diff --git a/docker-compose.yml b/docker-compose.yml index bc3eaf6..5564fb2 100644 --- a/docker-compose.yml +++ b/docker-compose.yml @@ -1,6 +1,12 @@ # © 2016 and later: Unicode, Inc. and others. # License & terms of use: http://www.unicode.org/copyright.html +fedora-j: + build: ./dockerfiles/fedora-j + volumes: + - ./src:/src + - ./dist:/dist + ubuntu: build: ./dockerfiles/ubuntu volumes: diff --git a/dockerfiles/fedora-j/Dockerfile b/dockerfiles/fedora-j/Dockerfile new file mode 100644 index 0000000..56cc848 --- /dev/null +++ b/dockerfiles/fedora-j/Dockerfile @@ -0,0 +1,27 @@ +# © 2016 and later: Unicode, Inc. and others. +# License & terms of use: http://www.unicode.org/copyright.html + +FROM registry.fedoraproject.org/fedora:latest +MAINTAINER Steven R. Loomis + +USER root +ENV HOME /home/build +RUN useradd -c "Build user" -d $HOME -m build +#ENV RPMOPTZ --setopt=deltarpm=false +# sanity and safety +RUN dnf -q -y upgrade $RPMOPTZ +ADD adoptopenjdk.repo /etc/yum.repos.d +RUN dnf -q -y install adoptopenjdk-8-openj9 $RPMOPTZ +RUN dnf -q -y install ant $RPMOPTZ +#extra +# editing +#RUN apt-get -q -y install emacs24-nox +RUN mkdir /src /dist +VOLUME /src +VOLUME /dist +VOLUME /home/build +WORKDIR /home/build +USER build +ENV JAVA_HOME /usr/lib/jvm/adoptopenjdk-8-openj9/ +WORKDIR /src/icu/icu4j + diff --git a/dockerfiles/fedora-j/adoptopenjdk.repo b/dockerfiles/fedora-j/adoptopenjdk.repo new file mode 100644 index 0000000..4727256 --- /dev/null +++ b/dockerfiles/fedora-j/adoptopenjdk.repo @@ -0,0 +1,6 @@ +[AdoptOpenJDK] +name=AdoptOpenJDK +baseurl=http://adoptopenjdk.jfrog.io/adoptopenjdk/rpm/fedora/$releasever/$basearch +enabled=1 +gpgcheck=1 +gpgkey=https://adoptopenjdk.jfrog.io/adoptopenjdk/api/gpg/key/public From 51902919e22c9f4feaceda69dc376cc84ac1e031 Mon Sep 17 00:00:00 2001 From: "Steven R. Loomis" Date: Fri, 13 Mar 2020 14:47:43 -0700 Subject: [PATCH 3/5] icu4j + coverity! --- .gitignore | 2 +- README.md | 22 +++++++++----- dockerfiles/fedora-j/Dockerfile | 1 + src/bin/cov-icu4j.sh | 52 +++++++++++++++++++++++++++++++++ 4 files changed, 69 insertions(+), 8 deletions(-) create mode 100755 src/bin/cov-icu4j.sh diff --git a/.gitignore b/.gitignore index 20d22a9..4324c84 100644 --- a/.gitignore +++ b/.gitignore @@ -12,4 +12,4 @@ src/tmp /Makefile.local /local-* /src/bin/cov-analysis-linux64* -/src/bin/local-coverity.sh +/src/bin/local-* \ No newline at end of file diff --git a/README.md b/README.md index 074412c..a9f6246 100644 --- a/README.md +++ b/README.md @@ -51,8 +51,18 @@ this will make error messages work checking for ICU version numbers... ``` +## ICU4J + +- the following will build (in-source!) using adoptopenjdk9 + +```shell +docker-compose run fedora-j ant jar check +``` + ## Coverity Scan +### ICU4C + https://scan.coverity.com/ - download the scanning tools and install them as `src/bin/cov-analysis-linux64/` @@ -62,23 +72,21 @@ https://scan.coverity.com/ the following contents: (see the coverity page for the project for more details) ```shell -export PROJ=icu4c export COVERITY_TOKEN=yourtoken export COVERITY_EMAIL=email@example.com ``` + - Kick it off: `docker-compose run ubuntu /src/bin/cov-icu4c.sh` Note: you may want to do `docker-compose run ubuntu` and then run the script from the command line if there are problems. -## ICU4J - -- the following will build (in-source!) using adoptopenjdk9 +### ICU4J -```shell -docker-compose run fedora-j ant jar check -``` +- For J, create a similar `src/bin/local-coverity-j.sh` +- Then run: +`docker-compose -f local-docker-compose.yml run fedora-j /src/bin/cov-icu4j.sh` ## Author diff --git a/dockerfiles/fedora-j/Dockerfile b/dockerfiles/fedora-j/Dockerfile index 56cc848..513b60d 100644 --- a/dockerfiles/fedora-j/Dockerfile +++ b/dockerfiles/fedora-j/Dockerfile @@ -13,6 +13,7 @@ RUN dnf -q -y upgrade $RPMOPTZ ADD adoptopenjdk.repo /etc/yum.repos.d RUN dnf -q -y install adoptopenjdk-8-openj9 $RPMOPTZ RUN dnf -q -y install ant $RPMOPTZ +RUN dnf -q -y install git curl $RPMOPTZ #extra # editing #RUN apt-get -q -y install emacs24-nox diff --git a/src/bin/cov-icu4j.sh b/src/bin/cov-icu4j.sh new file mode 100755 index 0000000..a41e929 --- /dev/null +++ b/src/bin/cov-icu4j.sh @@ -0,0 +1,52 @@ +#!/bin/sh + +PROJ=icu4j +COVDIR=/src/bin/cov-analysis-linux64/ +# much of the rest is common to C and J - except build and auth +if [ ! -x /src/bin/local-coverity.sh ]; +then + echo missing /src/bin/local-coverity-j.sh + exit 1 +fi +. /src/bin/local-coverity.sh +if [ ! -d ${COVDIR} ]; +then + echo missing coverity dir ${COVDIR} + exit 1 +fi + +export PATH=${COVDIR}/bin:${PATH} +# export WORKSPACE=$(pwd) +export SRCDIR=/src/icu/icu4j +# BLDDIR=${HOME}/${PROJ}.build.cov +# echo building ${SRCDIR} in ${BLDDIR} +# rm -rf ${BLDDIR} ; mkdir -p ${BLDDIR} +# assume we can use C's ver! +VERFILE=${SRCDIR}/../icu4c/source/common/unicode/uvernum.h +# Get the ICU version from uversion.h or other headers +geticuversion() { + sed -n 's/^[ ]*#[ ]*define[ ]*U_ICU_VERSION[ ]*"\([^"]*\)".*/\1/p' "$@" +} +ICUVER=`geticuversion ${VERFILE}` +SVN_REVISION=$(cd ${SRCDIR} >/dev/null && (git describe --tags --exact-match 2>/dev/null || git rev-parse --short HEAD) || echo 'unknown') +echo $ICUVER $SVN_REVISION +cd ${SRCDIR} +# C specific build +# ${SRCDIR}/source/configure --disable-renaming --disable-extras --with-data-packaging=archive +ant clean +env COVERITY_UNSUPPORTED=1 ${COVDIR}/bin/cov-build --dir ${HOME}/cov-int ant || exit 1 +fgrep '[WARNING] No files were emitted' ${HOME}/cov-int/build-log.txt && exit 1 +cd ${HOME} && tar cfpz ${PROJ}.tgz ./cov-int && +ls -lh ${PROJ}.tgz && +curl --form token=${COVERITY_TOKEN} \ + --form email=${COVERITY_EMAIL} \ + --form file=@${PROJ}.tgz \ + --form version="${ICUVER}" \ + --form description="Manual submit from ${COVERITY_EMAIL} ${SVN_REVISION}" \ + https://scan.coverity.com/builds?project=${PROJ} -o form-submit.$$ +cat form-submit.$$ || exit 1 +echo uploaded r${SVN_REVISION} ${PROJ} ${ICUVER} as ${PROJ}.tgz +echo done +exit 0 + + From 9a562f8de59b6c988cc23c0fb48f48dce160369d Mon Sep 17 00:00:00 2001 From: "Steven R. Loomis" Date: Fri, 13 Mar 2020 15:48:49 -0700 Subject: [PATCH 4/5] fixup! icu4j + coverity! --- src/bin/cov-icu4j.sh | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/bin/cov-icu4j.sh b/src/bin/cov-icu4j.sh index a41e929..eac4ff5 100755 --- a/src/bin/cov-icu4j.sh +++ b/src/bin/cov-icu4j.sh @@ -8,7 +8,7 @@ then echo missing /src/bin/local-coverity-j.sh exit 1 fi -. /src/bin/local-coverity.sh +. /src/bin/local-coverity-j.sh if [ ! -d ${COVDIR} ]; then echo missing coverity dir ${COVDIR} From 743bc13c2368d946e4d8750ceedf646418bbe846 Mon Sep 17 00:00:00 2001 From: "Steven R. Loomis" Date: Fri, 25 Sep 2020 22:29:16 -0500 Subject: [PATCH 5/5] add maven and gpg --- dockerfiles/fedora-j/Dockerfile | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/dockerfiles/fedora-j/Dockerfile b/dockerfiles/fedora-j/Dockerfile index 513b60d..7c4f2ef 100644 --- a/dockerfiles/fedora-j/Dockerfile +++ b/dockerfiles/fedora-j/Dockerfile @@ -13,7 +13,7 @@ RUN dnf -q -y upgrade $RPMOPTZ ADD adoptopenjdk.repo /etc/yum.repos.d RUN dnf -q -y install adoptopenjdk-8-openj9 $RPMOPTZ RUN dnf -q -y install ant $RPMOPTZ -RUN dnf -q -y install git curl $RPMOPTZ +RUN dnf -q -y install git curl maven gpg $RPMOPTZ #extra # editing #RUN apt-get -q -y install emacs24-nox