scripts/common/coverity.sh

   1 #!/bin/bash
   2 #
   3 # Copyright (C) 2023 Michael Jeanson <mjeanson@efficios.com>
   4 # Copyright (C) 2015 Jonathan Rajotte-Julien <jonathan.rajotte-julien@efficios.com>
   5 #
   6 # This program is free software: you can redistribute it and/or modify
   7 # it under the terms of the GNU General Public License as published by
   8 # the Free Software Foundation, either version 3 of the License, or
   9 # (at your option) any later version.
  10 #
  11 # This program is distributed in the hope that it will be useful,
  12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 # GNU General Public License for more details.
  15 #
  16 # You should have received a copy of the GNU General Public License
  17 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18
  19 set -exu
  20
  21 # Required variables
  22 WORKSPACE=${WORKSPACE:-}
  23
  24 # Coverity settings
  25 # The project name and token have to be provided trough env variables
  26 #COVERITY_SCAN_PROJECT_NAME=""
  27 #COVERITY_SCAN_TOKEN=""
  28 COVERITY_SCAN_DESCRIPTION="Automated CI build"
  29 COVERITY_SCAN_NOTIFICATION_EMAIL="ci-notification@lists.lttng.org"
  30 COVERITY_SCAN_BUILD_OPTIONS=""
  31 #COVERITY_SCAN_BUILD_OPTIONS=("--return-emit-failures 8" "--parse-error-threshold 85")
  32
  33 DEPS_INC="$WORKSPACE/deps/build/include"
  34 DEPS_LIB="$WORKSPACE/deps/build/lib"
  35 DEPS_PKGCONFIG="$DEPS_LIB/pkgconfig"
  36 DEPS_BIN="$WORKSPACE/deps/build/bin"
  37
  38 export PATH="$DEPS_BIN:$PATH"
  39 export LD_LIBRARY_PATH="$DEPS_LIB:${LD_LIBRARY_PATH:-}"
  40 export PKG_CONFIG_PATH="$DEPS_PKGCONFIG"
  41 export CPPFLAGS="-I$DEPS_INC"
  42 export LDFLAGS="-L$DEPS_LIB"
  43
  44 SRCDIR="$WORKSPACE/src/${COVERITY_SCAN_PROJECT_NAME}"
  45 TMPDIR="$WORKSPACE/tmp"
  46
  47 NPROC=$(nproc)
  48 PLATFORM=$(uname)
  49 export CFLAGS="-O0 -g -DDEBUG"
  50
  51 # Cache the tool installer in the home directory since we delete the workspace
  52 # on each build
  53 TOOL_ARCHIVE="$HOME/cov-analysis-${PLATFORM}.tgz"
  54 TOOL_URL=https://scan.coverity.com/download/${PLATFORM}
  55 TOOL_BASE="$TMPDIR/coverity-scan-analysis"
  56
  57 UPLOAD_URL="https://scan.coverity.com/builds"
  58 SCAN_URL="https://scan.coverity.com"
  59
  60 RESULTS_DIR_NAME="cov-int"
  61 RESULTS_DIR="$WORKSPACE/$RESULTS_DIR_NAME"
  62 RESULTS_ARCHIVE=analysis-results.tgz
  63
  64 # Create tmp directory
  65 rm -rf "$TMPDIR"
  66 mkdir -p "$TMPDIR"
  67
  68 export TMPDIR
  69
  70 case "$COVERITY_SCAN_PROJECT_NAME" in
  71 babeltrace)
  72     CONF_OPTS=("--enable-python-bindings" "--enable-python-bindings-doc" "--enable-python-plugins")
  73     BUILD_TYPE="autotools"
  74     ;;
  75 liburcu)
  76     CONF_OPTS=()
  77     BUILD_TYPE="autotools"
  78     ;;
  79 lttng-modules)
  80     CONF_OPTS=()
  81     BUILD_TYPE="autotools"
  82     ;;
  83 lttng-tools)
  84     CONF_OPTS=()
  85     BUILD_TYPE="autotools"
  86     ;;
  87 lttng-ust)
  88     CONF_OPTS=("--enable-java-agent-all" "--enable-python-agent")
  89     BUILD_TYPE="autotools"
  90     export CLASSPATH="/usr/share/java/log4j-api.jar:/usr/share/java/log4j-core.jar:/usr/share/java/log4j-1.2.jar"
  91     ;;
  92 lttng-scope|ctf-java|libdelorean-java|jabberwocky)
  93     CONF_OPTS=()
  94     BUILD_TYPE="maven"
  95     MVN_BIN="$HOME/tools/hudson.tasks.Maven_MavenInstallation/default/bin/mvn"
  96     ;;
  97 *)
  98     echo "Generic project, no configure options."
  99     CONF_OPTS=()
 100     BUILD_TYPE="autotools"
 101     ;;
 102 esac
 103
 104 if [ -d "$WORKSPACE/src/linux" ]; then
 105         export KERNELDIR="$WORKSPACE/src/linux"
 106 fi
 107
 108 # Enter the source directory
 109 cd "$SRCDIR"
 110
 111 # Verify upload is permitted
 112 set +x
 113 AUTH_RES=$(curl --silent --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted)
 114 set -x
 115 if [ "$AUTH_RES" = "Access denied" ]; then
 116   echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
 117   exit 1
 118 else
 119   AUTH=$(echo "$AUTH_RES" | jq .upload_permitted)
 120   if [ "$AUTH" = "true" ]; then
 121     echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
 122   else
 123     WHEN=$(echo "$AUTH_RES" | jq .next_upload_permitted_at)
 124     echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
 125     exit 1
 126   fi
 127 fi
 128
 129
 130 # Download Coverity Scan Analysis Tool
 131 if [ ! -d "$TOOL_BASE" ]; then
 132   echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
 133   set +x
 134   curl --fail --remote-time --continue-at - --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" --output "$TOOL_ARCHIVE" --time-cond "$TOOL_ARCHIVE" "$TOOL_URL"
 135   set -x
 136
 137   # Extract Coverity Scan Analysis Tool
 138   echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
 139   mkdir -p "$TOOL_BASE"
 140   cd "$TOOL_BASE" || exit 1
 141   tar xzf "$TOOL_ARCHIVE"
 142   cd -
 143 fi
 144
 145 TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
 146 export PATH=$TOOL_DIR/bin:$PATH
 147
 148 COVERITY_SCAN_VERSION=$(git describe --always | sed 's|-|.|g')
 149
 150 # Build
 151 echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
 152 case "$BUILD_TYPE" in
 153 maven)
 154     cov-configure --java
 155     cov-build --dir "$RESULTS_DIR" "${COVERITY_SCAN_BUILD_OPTIONS[@]}" "$MVN_BIN" \
 156       -s "$MVN_SETTINGS" \
 157       -Dmaven.repo.local="$WORKSPACE/.repository" \
 158       -Dmaven.compiler.fork=true \
 159       -Dmaven.compiler.forceJavaCompilerUse=true \
 160       -Dmaven.test.skip=true \
 161       -DskipTests \
 162       clean verify
 163     ;;
 164 autotools)
 165     # Prepare build dir for autotools based projects
 166     if [ -f "./bootstrap" ]; then
 167       ./bootstrap
 168       ./configure "${CONF_OPTS[@]}"
 169     fi
 170
 171     cov-build --dir "$RESULTS_DIR" ${COVERITY_SCAN_BUILD_OPTIONS[@]} make -j"$NPROC" V=1
 172     ;;
 173 *)
 174     echo "Unsupported build type: $BUILD_TYPE"
 175     exit 1
 176     ;;
 177 esac
 178
 179
 180
 181 cov-import-scm --dir "$RESULTS_DIR" --scm git --log "$RESULTS_DIR/scm_log.txt"
 182
 183 cd "${WORKSPACE}"
 184
 185 # Tar results
 186 echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
 187 tar czf $RESULTS_ARCHIVE $RESULTS_DIR_NAME
 188
 189 # Upload results
 190 echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
 191 set +x
 192 response=$(curl \
 193   --silent --write-out "\n%{http_code}\n" \
 194   --form project="$COVERITY_SCAN_PROJECT_NAME" \
 195   --form token="$COVERITY_SCAN_TOKEN" \
 196   --form email="$COVERITY_SCAN_NOTIFICATION_EMAIL" \
 197   --form file=@"$RESULTS_ARCHIVE" \
 198   --form version="$COVERITY_SCAN_VERSION" \
 199   --form description="$COVERITY_SCAN_DESCRIPTION" \
 200   "$UPLOAD_URL")
 201 set -x
 202 status_code=$(echo "$response" | sed -n '$p')
 203 if [ "${status_code:0:1}" == "2" ]; then
 204   echo -e "\033[33;1mCoverity Scan upload successful.\033[0m"
 205 else
 206   TEXT=$(echo "$response" | sed '$d')
 207   echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
 208   exit 1
 209 fi
 210
 211 # EOF