| Elliott Hughes | 820eced | 2021-08-20 18:00:50 -0700 | [diff] [blame] | 1 | #!/bin/sh |
| 2 | |
| 3 | set -e |
| 4 | |
| 5 | # Environment check |
| 6 | printf "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m\n" |
| 7 | [ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1 |
| 8 | #[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1 |
| 9 | [ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1 |
| 10 | [ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1 |
| 11 | [ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1 |
| 12 | |
| 13 | PLATFORM=$(uname) |
| 14 | TOOL_ARCHIVE=/tmp/cov-analysis-${PLATFORM}.tgz |
| 15 | TOOL_URL=https://scan.coverity.com/download/cxx/${PLATFORM} |
| 16 | TOOL_BASE=/tmp/coverity-scan-analysis |
| 17 | UPLOAD_URL="https://scan.coverity.com/builds" |
| 18 | SCAN_URL="https://scan.coverity.com" |
| 19 | |
| 20 | # Verify Coverity Scan run condition |
| 21 | COVERITY_SCAN_RUN_CONDITION=${coverity_scan_run_condition:-true} |
| 22 | printf "\033[33;1mTesting '%s' condition... " "$COVERITY_SCAN_RUN_CONDITION" |
| 23 | if eval [ "$COVERITY_SCAN_RUN_CONDITION" ]; then |
| 24 | printf "True.\033[0m\n" |
| 25 | else |
| 26 | printf "False. Exit.\033[0m\n" |
| 27 | exit 0 |
| 28 | fi |
| 29 | |
| 30 | # Do not run on pull requests |
| 31 | if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then |
| 32 | printf "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m\n" |
| 33 | exit 0 |
| 34 | fi |
| 35 | |
| 36 | # Verify this branch should run |
| 37 | IS_COVERITY_SCAN_BRANCH=$(ruby -e "puts '${TRAVIS_BRANCH}' =~ /\\A$COVERITY_SCAN_BRANCH_PATTERN\\z/ ? 1 : 0") |
| 38 | if [ "$IS_COVERITY_SCAN_BRANCH" = "1" ]; then |
| 39 | printf "\033[33;1mCoverity Scan configured to run on branch %s\033[0m\n" "$TRAVIS_BRANCH" |
| 40 | else |
| 41 | printf "\033[33;1mCoverity Scan NOT configured to run on branch %s\033[0m\n" "$TRAVIS_BRANCH" |
| 42 | exit 1 |
| 43 | fi |
| 44 | |
| 45 | # Verify upload is permitted |
| 46 | AUTH_RES=$(curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted) |
| 47 | if [ "$AUTH_RES" = "Access denied" ]; then |
| 48 | printf "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m\n" |
| 49 | exit 1 |
| 50 | else |
| 51 | AUTH=$(echo "$AUTH_RES" | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']") |
| 52 | if [ "$AUTH" = "true" ]; then |
| 53 | printf "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m\n" |
| 54 | else |
| 55 | WHEN=$(echo "$AUTH_RES" | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']") |
| 56 | printf "\033[33;1mCoverity Scan analysis NOT authorized until %s.\033[0m\n" "$WHEN" |
| 57 | exit 0 |
| 58 | fi |
| 59 | fi |
| 60 | |
| 61 | if [ ! -d $TOOL_BASE ]; then |
| 62 | # Download Coverity Scan Analysis Tool |
| 63 | if [ ! -e "$TOOL_ARCHIVE" ]; then |
| 64 | printf "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m\n" |
| 65 | wget -nv -O "$TOOL_ARCHIVE" "$TOOL_URL" --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" |
| 66 | fi |
| 67 | |
| 68 | # Extract Coverity Scan Analysis Tool |
| 69 | printf "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m\n" |
| 70 | mkdir -p $TOOL_BASE |
| 71 | tar xzf "$TOOL_ARCHIVE" -C "$TOOL_BASE" |
| 72 | fi |
| 73 | |
| 74 | TOOL_DIR=$(find $TOOL_BASE -type d -name 'cov-analysis*') |
| 75 | export PATH=$TOOL_DIR/bin:$PATH |
| 76 | |
| 77 | # Build |
| 78 | printf "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m\n" |
| 79 | COV_BUILD_OPTIONS="" |
| 80 | #COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85" |
| 81 | RESULTS_DIR="cov-int" |
| 82 | eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}" |
| 83 | # Do not quote COV_BUILD_OPTIONS so it collapses when it is empty and expands |
| 84 | # when it is not. |
| 85 | COVERITY_UNSUPPORTED=1 cov-build --dir "$RESULTS_DIR" $COV_BUILD_OPTIONS "$COVERITY_SCAN_BUILD_COMMAND" |
| 86 | cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt 2>&1 |
| 87 | |
| 88 | # Upload results |
| 89 | printf "\033[33;1mTarring Coverity Scan Analysis results...\033[0m\n" |
| 90 | RESULTS_ARCHIVE=analysis-results.tgz |
| 91 | tar czf $RESULTS_ARCHIVE $RESULTS_DIR |
| 92 | SHA=$(git rev-parse --short HEAD) |
| 93 | VERSION_SHA=$(cat VERSION)#$SHA |
| 94 | |
| 95 | # Verify Coverity Scan script test mode |
| 96 | if [ "${coverity_scan_script_test_mode:-false}" = true ]; then |
| 97 | printf "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m\n" |
| 98 | exit 0 |
| 99 | fi |
| 100 | |
| 101 | printf "\033[33;1mUploading Coverity Scan Analysis results...\033[0m\n" |
| 102 | response=$(curl \ |
| 103 | --silent --write-out "\n%{http_code}\n" \ |
| 104 | --form project="$COVERITY_SCAN_PROJECT_NAME" \ |
| 105 | --form token="$COVERITY_SCAN_TOKEN" \ |
| 106 | --form email=blackhole@blackhole.io \ |
| 107 | --form file=@$RESULTS_ARCHIVE \ |
| 108 | --form version="$SHA" \ |
| 109 | --form description="$VERSION_SHA" \ |
| 110 | $UPLOAD_URL) |
| 111 | status_code=$(echo "$response" | sed -n '$p') |
| 112 | if [ "$status_code" != "200" ] && [ "$status_code" != "201" ]; then |
| 113 | TEXT=$(echo "$response" | sed '$d') |
| 114 | printf "\033[33;1mCoverity Scan upload failed with HTTP status code '%s': %s.\033[0m\n" "$status_code" "$TEXT" |
| 115 | exit 1 |
| 116 | fi |