On Wed, 22 Apr 2020 at 18:24, Paolo Bonzini <pbonz...@redhat.com> wrote:
>
> Our trusted docker wrapper allows run-coverity-scan to run with both
> docker and podman.
>
> For the "run" phase this is transparent; for the "build" phase however
> scripts are replaced with a bind mount (-v). This is not an issue
> because the secret option is meant for secrets stored globally in the
> system and bind mounts are a valid substitute for secrets that are known
> to whoever builds the container.
>
> This also removes the need for DOCKER_BUILDKIT=1.
>
> Signed-off-by: Paolo Bonzini <pbonz...@redhat.com>
> --- a/scripts/coverity-scan/run-coverity-scan
> +++ b/scripts/coverity-scan/run-coverity-scan
> @@ -197,6 +197,12 @@ while [ "$#" -ge 1 ]; do
> ;;
> --docker)
> DOCKER=yes
> + DOCKER_ENGINE=auto
> + shift
> + ;;
> + --docker=*)
> + DOCKER=yes
> + DOCKER_ENGINE=${1#--docker=}
> shift
The comment at the top of the file documenting the command line
options needs updating.
We don't accept --foo=bar for anything else: options either take
no argument, or take an argument as a following (ie space separated)
parameter. It would be more consistent with that to have
"--docker-engine foo" as a separate option from "--docker".
Otherwise looks OK.
thanks
-- PMM
