run-coverity-scan: use docker.py

Our trusted docker wrapper allows run-coverity-scan to run with both docker and podman. For the "run" phase this is transparent; for the "build" phase however scripts are replaced with a bind mount (-v). This is not an issue because the secret option is meant for secrets stored globally in the system and bind mounts are a valid substitute for secrets that are known to whoever builds the container. Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
author: Paolo Bonzini <pbonzini@redhat.com> 2020-04-22 10:38:57 -0400
committer: Paolo Bonzini <pbonzini@redhat.com> 2020-06-10 12:09:32 -0400
commit: 726590594071a458643a00160aa659dd5f663b72 (patch)
tree: d413cf804ef51fb1437b9ec5bacea4232b019615 /scripts/coverity-scan/coverity-scan.docker
parent: 6ed4075c3c06b35cbd8316f2121073c600fcc089 (diff)
download: qemu-726590594071a458643a00160aa659dd5f663b72.zip
1 files changed, 1 insertions, 1 deletions
diff --git a/scripts/coverity-scan/coverity-scan.docker b/scripts/coverity-scan/coverity-scan.docker
index a4f64d1283..6f0460b66c 100644
--- a/scripts/coverity-scan/coverity-scan.docker
+++ b/scripts/coverity-scan/coverity-scan.docker
@@ -128,4 +128,4 @@ RUN rpm -q $PACKAGES | sort > /packages.txt
 ENV PATH $PATH:/usr/libexec/python3-sphinx/
 ENV COVERITY_TOOL_BASE=/coverity-tools
 COPY run-coverity-scan run-coverity-scan
-RUN --mount=type=secret,id=coverity.token,required ./run-coverity-scan --update-tools-only --tokenfile /run/secrets/coverity.token
+RUN ./run-coverity-scan --update-tools-only --tokenfile /work/token
author	Paolo Bonzini <pbonzini@redhat.com>	2020-04-22 10:38:57 -0400
committer	Paolo Bonzini <pbonzini@redhat.com>	2020-06-10 12:09:32 -0400
commit	726590594071a458643a00160aa659dd5f663b72 (patch)
tree	d413cf804ef51fb1437b9ec5bacea4232b019615 /scripts/coverity-scan/coverity-scan.docker
parent	6ed4075c3c06b35cbd8316f2121073c600fcc089 (diff)
download	qemu-726590594071a458643a00160aa659dd5f663b72.zip