[lttng-ci.git] / scripts / common / coverity.sh

#!/bin/bash
#
# Copyright (C) 2020 Michael Jeanson <mjeanson@efficios.com>
# Copyright (C) 2015 Jonathan Rajotte-Julien <jonathan.rajotte-julien@efficios.com>
#
# This program is free software: you can redistribute it and/or modify
# it under the terms of the GNU General Public License as published by
# the Free Software Foundation, either version 3 of the License, or
# (at your option) any later version.
#
# This program is distributed in the hope that it will be useful,
# but WITHOUT ANY WARRANTY; without even the implied warranty of
# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
# GNU General Public License for more details.
#
# You should have received a copy of the GNU General Public License
# along with this program.  If not, see <http://www.gnu.org/licenses/>.

set -exu

# Required variables
WORKSPACE=${WORKSPACE:-}

# Coverity settings
# The project name and token have to be provided trough env variables
#COVERITY_SCAN_PROJECT_NAME=""
#COVERITY_SCAN_TOKEN=""
COVERITY_SCAN_DESCRIPTION="Automated CI build"
COVERITY_SCAN_NOTIFICATION_EMAIL="ci-notification@lists.lttng.org"
COVERITY_SCAN_BUILD_OPTIONS=""
#COVERITY_SCAN_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"

DEPS_INC="$WORKSPACE/deps/build/include"
DEPS_LIB="$WORKSPACE/deps/build/lib"
DEPS_PKGCONFIG="$DEPS_LIB/pkgconfig"
DEPS_BIN="$WORKSPACE/deps/build/bin"

export PATH="$DEPS_BIN:$PATH"
export LD_LIBRARY_PATH="$DEPS_LIB:${LD_LIBRARY_PATH:-}"
export PKG_CONFIG_PATH="$DEPS_PKGCONFIG"
export CPPFLAGS="-I$DEPS_INC"
export LDFLAGS="-L$DEPS_LIB"

SRCDIR="$WORKSPACE/src/${COVERITY_SCAN_PROJECT_NAME}"
TMPDIR="$WORKSPACE/tmp"

NPROC=$(nproc)
PLATFORM=$(uname)
export CFLAGS="-O0 -g -DDEBUG"

TOOL_ARCHIVE="$TMPDIR/cov-analysis-${PLATFORM}.tgz"
TOOL_URL=https://scan.coverity.com/download/${PLATFORM}
TOOL_BASE="$TMPDIR/coverity-scan-analysis"

UPLOAD_URL="https://scan.coverity.com/builds"
SCAN_URL="https://scan.coverity.com"

RESULTS_DIR_NAME="cov-int"
RESULTS_DIR="$WORKSPACE/$RESULTS_DIR_NAME"
RESULTS_ARCHIVE=analysis-results.tgz

# Create tmp directory
rm -rf "$TMPDIR"
mkdir -p "$TMPDIR"

export TMPDIR

case "$COVERITY_SCAN_PROJECT_NAME" in
babeltrace)
    CONF_OPTS="--enable-python-bindings --enable-python-bindings-doc --enable-python-plugins"
    BUILD_TYPE="autotools"
    ;;
liburcu)
    CONF_OPTS=""
    BUILD_TYPE="autotools"
    ;;
lttng-modules)
    CONF_OPTS=""
    BUILD_TYPE="autotools"
    ;;
lttng-tools)
    CONF_OPTS=""
    BUILD_TYPE="autotools"
    ;;
lttng-ust)
    CONF_OPTS="--enable-java-agent-all --enable-python-agent"
    BUILD_TYPE="autotools"
    export CLASSPATH="/usr/share/java/log4j-1.2.jar"
    ;;
lttng-scope|ctf-java|libdelorean-java|jabberwocky)
    CONF_OPTS=""
    BUILD_TYPE="maven"
    MVN_BIN="$HOME/tools/hudson.tasks.Maven_MavenInstallation/default/bin/mvn"
    ;;
linux-rseq)
    CONF_OPTS=""
    BUILD_TYPE="linux-rseq"
    ;;
*)
    echo "Generic project, no configure options."
    CONF_OPTS=""
    BUILD_TYPE="autotools"
    ;;
esac

if [ -d "$WORKSPACE/src/linux" ]; then
	export KERNELDIR="$WORKSPACE/src/linux"
fi

# Enter the source directory
cd "$SRCDIR"

# Verify upload is permitted
#  Added "--insecure" because Coverity can't be bothered to properly install SSL certificate chains
set +x
AUTH_RES=$(curl -s --insecure --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted)
set -x
if [ "$AUTH_RES" = "Access denied" ]; then
  echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
  exit 1
else
  AUTH=$(echo "$AUTH_RES" | jq .upload_permitted)
  if [ "$AUTH" = "true" ]; then
    echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
  else
    WHEN=$(echo "$AUTH_RES" | jq .next_upload_permitted_at)
    echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
    exit 1
  fi
fi


# Download Coverity Scan Analysis Tool
if [ ! -d "$TOOL_BASE" ]; then
  if [ ! -e "$TOOL_ARCHIVE" ]; then
    echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
    set +x
    curl -s --insecure --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" -o "$TOOL_ARCHIVE" "$TOOL_URL"
    set -x
  fi

  # Extract Coverity Scan Analysis Tool
  echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
  mkdir -p "$TOOL_BASE"
  cd "$TOOL_BASE" || exit 1
  tar xzf "$TOOL_ARCHIVE"
  cd -
fi

TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
export PATH=$TOOL_DIR/bin:$PATH

COVERITY_SCAN_VERSION=$(git describe --always | sed 's|-|.|g')

# Build
echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
case "$BUILD_TYPE" in
maven)
    cov-configure --java
    cov-build --dir "$RESULTS_DIR" $COVERITY_SCAN_BUILD_OPTIONS "$MVN_BIN" \
      -s "$MVN_SETTINGS" \
      -Dmaven.repo.local="$WORKSPACE/.repository" \
      -Dmaven.compiler.fork=true \
      -Dmaven.compiler.forceJavaCompilerUse=true \
      -Dmaven.test.skip=true \
      -DskipTests \
      clean verify
    ;;
autotools)
    # Prepare build dir for autotools based projects
    if [ -f "./bootstrap" ]; then
      ./bootstrap
      ./configure $CONF_OPTS
    fi

    cov-build --dir "$RESULTS_DIR" $COVERITY_SCAN_BUILD_OPTIONS make -j"$NPROC" V=1
    ;;
linux-rseq)
    make defconfig
    make -j"$NPROC" prepare
    cov-build --dir "$RESULTS_DIR" $COVERITY_SCAN_BUILD_OPTIONS make -j"$NPROC" kernel/rseq.o kernel/do_on_cpu/core.o kernel/do_on_cpu/interpreter.o kernel/do_on_cpu/validate.o V=1
    ;;
*)
    echo "Unsupported build type: $BUILD_TYPE"
    exit 1
    ;;
esac


cov-import-scm --dir "$RESULTS_DIR" --scm git --log "$RESULTS_DIR/scm_log.txt"

cd "${WORKSPACE}"

# Tar results
echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
tar czf $RESULTS_ARCHIVE $RESULTS_DIR_NAME

# Upload results
echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
set +x
response=$(curl --insecure \
  --silent --write-out "\n%{http_code}\n" \
  --form project="$COVERITY_SCAN_PROJECT_NAME" \
  --form token="$COVERITY_SCAN_TOKEN" \
  --form email="$COVERITY_SCAN_NOTIFICATION_EMAIL" \
  --form file=@"$RESULTS_ARCHIVE" \
  --form version="$COVERITY_SCAN_VERSION" \
  --form description="$COVERITY_SCAN_DESCRIPTION" \
  "$UPLOAD_URL")
set -x
status_code=$(echo "$response" | sed -n '$p')
if [ "${status_code:0:1}" == "2" ]; then
  echo -e "\033[33;1mCoverity Scan upload successful.\033[0m"
else
  TEXT=$(echo "$response" | sed '$d')
  echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
  exit 1
fi

# EOF
Commit	Line	Data
	1	#!/bin/bash
	2	#
	3	# Copyright (C) 2020 Michael Jeanson <mjeanson@efficios.com>
	4	# Copyright (C) 2015 Jonathan Rajotte-Julien <jonathan.rajotte-julien@efficios.com>
	5	#
	6	# This program is free software: you can redistribute it and/or modify
	7	# it under the terms of the GNU General Public License as published by
	8	# the Free Software Foundation, either version 3 of the License, or
	9	# (at your option) any later version.
	10	#
	11	# This program is distributed in the hope that it will be useful,
	12	# but WITHOUT ANY WARRANTY; without even the implied warranty of
	13	# MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
	14	# GNU General Public License for more details.
	15	#
	16	# You should have received a copy of the GNU General Public License
	17	# along with this program. If not, see <http://www.gnu.org/licenses/>.
	18
	19	set -exu
	20
	21	# Required variables
	22	WORKSPACE=${WORKSPACE:-}
	23
	24	# Coverity settings
	25	# The project name and token have to be provided trough env variables
	26	#COVERITY_SCAN_PROJECT_NAME=""
	27	#COVERITY_SCAN_TOKEN=""
	28	COVERITY_SCAN_DESCRIPTION="Automated CI build"
	29	COVERITY_SCAN_NOTIFICATION_EMAIL="ci-notification@lists.lttng.org"
	30	COVERITY_SCAN_BUILD_OPTIONS=""
	31	#COVERITY_SCAN_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"
	32
	33	DEPS_INC="$WORKSPACE/deps/build/include"
	34	DEPS_LIB="$WORKSPACE/deps/build/lib"
	35	DEPS_PKGCONFIG="$DEPS_LIB/pkgconfig"
	36	DEPS_BIN="$WORKSPACE/deps/build/bin"
	37
	38	export PATH="$DEPS_BIN:$PATH"
	39	export LD_LIBRARY_PATH="$DEPS_LIB:${LD_LIBRARY_PATH:-}"
	40	export PKG_CONFIG_PATH="$DEPS_PKGCONFIG"
	41	export CPPFLAGS="-I$DEPS_INC"
	42	export LDFLAGS="-L$DEPS_LIB"
	43
	44	SRCDIR="$WORKSPACE/src/${COVERITY_SCAN_PROJECT_NAME}"
	45	TMPDIR="$WORKSPACE/tmp"
	46
	47	NPROC=$(nproc)
	48	PLATFORM=$(uname)
	49	export CFLAGS="-O0 -g -DDEBUG"
	50
	51	TOOL_ARCHIVE="$TMPDIR/cov-analysis-${PLATFORM}.tgz"
	52	TOOL_URL=https://scan.coverity.com/download/${PLATFORM}
	53	TOOL_BASE="$TMPDIR/coverity-scan-analysis"
	54
	55	UPLOAD_URL="https://scan.coverity.com/builds"
	56	SCAN_URL="https://scan.coverity.com"
	57
	58	RESULTS_DIR_NAME="cov-int"
	59	RESULTS_DIR="$WORKSPACE/$RESULTS_DIR_NAME"
	60	RESULTS_ARCHIVE=analysis-results.tgz
	61
	62	# Create tmp directory
	63	rm -rf "$TMPDIR"
	64	mkdir -p "$TMPDIR"
	65
	66	export TMPDIR
	67
	68	case "$COVERITY_SCAN_PROJECT_NAME" in
	69	babeltrace)
	70	CONF_OPTS="--enable-python-bindings --enable-python-bindings-doc --enable-python-plugins"
	71	BUILD_TYPE="autotools"
	72	;;
	73	liburcu)
	74	CONF_OPTS=""
	75	BUILD_TYPE="autotools"
	76	;;
	77	lttng-modules)
	78	CONF_OPTS=""
	79	BUILD_TYPE="autotools"
	80	;;
	81	lttng-tools)
	82	CONF_OPTS=""
	83	BUILD_TYPE="autotools"
	84	;;
	85	lttng-ust)
	86	CONF_OPTS="--enable-java-agent-all --enable-python-agent"
	87	BUILD_TYPE="autotools"
	88	export CLASSPATH="/usr/share/java/log4j-1.2.jar"
	89	;;
	90	lttng-scope\|ctf-java\|libdelorean-java\|jabberwocky)
	91	CONF_OPTS=""
	92	BUILD_TYPE="maven"
	93	MVN_BIN="$HOME/tools/hudson.tasks.Maven_MavenInstallation/default/bin/mvn"
	94	;;
	95	linux-rseq)
	96	CONF_OPTS=""
	97	BUILD_TYPE="linux-rseq"
	98	;;
	99	*)
	100	echo "Generic project, no configure options."
	101	CONF_OPTS=""
	102	BUILD_TYPE="autotools"
	103	;;
	104	esac
	105
	106	if [ -d "$WORKSPACE/src/linux" ]; then
	107	export KERNELDIR="$WORKSPACE/src/linux"
	108	fi
	109
	110	# Enter the source directory
	111	cd "$SRCDIR"
	112
	113	# Verify upload is permitted
	114	# Added "--insecure" because Coverity can't be bothered to properly install SSL certificate chains
	115	set +x
	116	AUTH_RES=$(curl -s --insecure --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted)
	117	set -x
	118	if [ "$AUTH_RES" = "Access denied" ]; then
	119	echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
	120	exit 1
	121	else
	122	AUTH=$(echo "$AUTH_RES" \| jq .upload_permitted)
	123	if [ "$AUTH" = "true" ]; then
	124	echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
	125	else
	126	WHEN=$(echo "$AUTH_RES" \| jq .next_upload_permitted_at)
	127	echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
	128	exit 1
	129	fi
	130	fi
	131
	132
	133	# Download Coverity Scan Analysis Tool
	134	if [ ! -d "$TOOL_BASE" ]; then
	135	if [ ! -e "$TOOL_ARCHIVE" ]; then
	136	echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
	137	set +x
	138	curl -s --insecure --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" -o "$TOOL_ARCHIVE" "$TOOL_URL"
	139	set -x
	140	fi
	141
	142	# Extract Coverity Scan Analysis Tool
	143	echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
	144	mkdir -p "$TOOL_BASE"
	145	cd "$TOOL_BASE" \|\| exit 1
	146	tar xzf "$TOOL_ARCHIVE"
	147	cd -
	148	fi
	149
	150	TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
	151	export PATH=$TOOL_DIR/bin:$PATH
	152
	153	COVERITY_SCAN_VERSION=$(git describe --always \| sed 's\|-\|.\|g')
	154
	155	# Build
	156	echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
	157	case "$BUILD_TYPE" in
	158	maven)
	159	cov-configure --java
	160	cov-build --dir "$RESULTS_DIR" $COVERITY_SCAN_BUILD_OPTIONS "$MVN_BIN" \
	161	-s "$MVN_SETTINGS" \
	162	-Dmaven.repo.local="$WORKSPACE/.repository" \
	163	-Dmaven.compiler.fork=true \
	164	-Dmaven.compiler.forceJavaCompilerUse=true \
	165	-Dmaven.test.skip=true \
	166	-DskipTests \
	167	clean verify
	168	;;
	169	autotools)
	170	# Prepare build dir for autotools based projects
	171	if [ -f "./bootstrap" ]; then
	172	./bootstrap
	173	./configure $CONF_OPTS
	174	fi
	175
	176	cov-build --dir "$RESULTS_DIR" $COVERITY_SCAN_BUILD_OPTIONS make -j"$NPROC" V=1
	177	;;
	178	linux-rseq)
	179	make defconfig
	180	make -j"$NPROC" prepare
	181	cov-build --dir "$RESULTS_DIR" $COVERITY_SCAN_BUILD_OPTIONS make -j"$NPROC" kernel/rseq.o kernel/do_on_cpu/core.o kernel/do_on_cpu/interpreter.o kernel/do_on_cpu/validate.o V=1
	182	;;
	183	*)
	184	echo "Unsupported build type: $BUILD_TYPE"
	185	exit 1
	186	;;
	187	esac
	188
	189
	190
	191	cov-import-scm --dir "$RESULTS_DIR" --scm git --log "$RESULTS_DIR/scm_log.txt"
	192
	193	cd "${WORKSPACE}"
	194
	195	# Tar results
	196	echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
	197	tar czf $RESULTS_ARCHIVE $RESULTS_DIR_NAME
	198
	199	# Upload results
	200	echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
	201	set +x
	202	response=$(curl --insecure \
	203	--silent --write-out "\n%{http_code}\n" \
	204	--form project="$COVERITY_SCAN_PROJECT_NAME" \
	205	--form token="$COVERITY_SCAN_TOKEN" \
	206	--form email="$COVERITY_SCAN_NOTIFICATION_EMAIL" \
	207	--form file=@"$RESULTS_ARCHIVE" \
	208	--form version="$COVERITY_SCAN_VERSION" \
	209	--form description="$COVERITY_SCAN_DESCRIPTION" \
	210	"$UPLOAD_URL")
	211	set -x
	212	status_code=$(echo "$response" \| sed -n '$p')
	213	if [ "${status_code:0:1}" == "2" ]; then
	214	echo -e "\033[33;1mCoverity Scan upload successful.\033[0m"
	215	else
	216	TEXT=$(echo "$response" \| sed '$d')
	217	echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
	218	exit 1
	219	fi
	220
	221	# EOF