scripts/common/coverity.sh

   1 #!/bin/bash
   2 #
   3 # Copyright (C) 2020 Michael Jeanson <mjeanson@efficios.com>
   4 # Copyright (C) 2015 Jonathan Rajotte-Julien <jonathan.rajotte-julien@efficios.com>
   5 #
   6 # This program is free software: you can redistribute it and/or modify
   7 # it under the terms of the GNU General Public License as published by
   8 # the Free Software Foundation, either version 3 of the License, or
   9 # (at your option) any later version.
  10 #
  11 # This program is distributed in the hope that it will be useful,
  12 # but WITHOUT ANY WARRANTY; without even the implied warranty of
  13 # MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
  14 # GNU General Public License for more details.
  15 #
  16 # You should have received a copy of the GNU General Public License
  17 # along with this program.  If not, see <http://www.gnu.org/licenses/>.
  18
  19 set -exu
  20
  21 # Required variables
  22 WORKSPACE=${WORKSPACE:-}
  23
  24 # Coverity settings
  25 # The project name and token have to be provided trough env variables
  26 #COVERITY_SCAN_PROJECT_NAME=""
  27 #COVERITY_SCAN_TOKEN=""
  28 COVERITY_SCAN_DESCRIPTION="Automated CI build"
  29 COVERITY_SCAN_NOTIFICATION_EMAIL="ci-notification@lists.lttng.org"
  30 COVERITY_SCAN_BUILD_OPTIONS=""
  31 #COVERITY_SCAN_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"
  32
  33 DEPS_INC="$WORKSPACE/deps/build/include"
  34 DEPS_LIB="$WORKSPACE/deps/build/lib"
  35 DEPS_PKGCONFIG="$DEPS_LIB/pkgconfig"
  36 DEPS_BIN="$WORKSPACE/deps/build/bin"
  37
  38 export PATH="$DEPS_BIN:$PATH"
  39 export LD_LIBRARY_PATH="$DEPS_LIB:${LD_LIBRARY_PATH:-}"
  40 export PKG_CONFIG_PATH="$DEPS_PKGCONFIG"
  41 export CPPFLAGS="-I$DEPS_INC"
  42 export LDFLAGS="-L$DEPS_LIB"
  43
  44 SRCDIR="$WORKSPACE/src/${COVERITY_SCAN_PROJECT_NAME}"
  45 TMPDIR="$WORKSPACE/tmp"
  46
  47 NPROC=$(nproc)
  48 PLATFORM=$(uname)
  49 export CFLAGS="-O0 -g -DDEBUG"
  50
  51 TOOL_ARCHIVE="$TMPDIR/cov-analysis-${PLATFORM}.tgz"
  52 TOOL_URL=https://scan.coverity.com/download/${PLATFORM}
  53 TOOL_BASE="$TMPDIR/coverity-scan-analysis"
  54
  55 UPLOAD_URL="https://scan.coverity.com/builds"
  56 SCAN_URL="https://scan.coverity.com"
  57
  58 RESULTS_DIR_NAME="cov-int"
  59 RESULTS_DIR="$WORKSPACE/$RESULTS_DIR_NAME"
  60 RESULTS_ARCHIVE=analysis-results.tgz
  61
  62 # Create tmp directory
  63 rm -rf "$TMPDIR"
  64 mkdir -p "$TMPDIR"
  65
  66 export TMPDIR
  67
  68 case "$COVERITY_SCAN_PROJECT_NAME" in
  69 babeltrace)
  70     CONF_OPTS="--enable-python-bindings --enable-python-bindings-doc --enable-python-plugins"
  71     BUILD_TYPE="autotools"
  72     ;;
  73 liburcu)
  74     CONF_OPTS=""
  75     BUILD_TYPE="autotools"
  76     ;;
  77 lttng-modules)
  78     CONF_OPTS=""
  79     BUILD_TYPE="autotools"
  80     ;;
  81 lttng-tools)
  82     CONF_OPTS=""
  83     BUILD_TYPE="autotools"
  84     ;;
  85 lttng-ust)
  86     CONF_OPTS="--enable-java-agent-all --enable-python-agent"
  87     BUILD_TYPE="autotools"
  88     export CLASSPATH="/usr/share/java/log4j-api.jar:/usr/share/java/log4j-core.jar:/usr/share/java/log4j-1.2.jar"
  89     ;;
  90 lttng-scope|ctf-java|libdelorean-java|jabberwocky)
  91     CONF_OPTS=""
  92     BUILD_TYPE="maven"
  93     MVN_BIN="$HOME/tools/hudson.tasks.Maven_MavenInstallation/default/bin/mvn"
  94     ;;
  95 *)
  96     echo "Generic project, no configure options."
  97     CONF_OPTS=""
  98     BUILD_TYPE="autotools"
  99     ;;
 100 esac
 101
 102 if [ -d "$WORKSPACE/src/linux" ]; then
 103         export KERNELDIR="$WORKSPACE/src/linux"
 104 fi
 105
 106 # Enter the source directory
 107 cd "$SRCDIR"
 108
 109 # Verify upload is permitted
 110 #  Added "--insecure" because Coverity can't be bothered to properly install SSL certificate chains
 111 set +x
 112 AUTH_RES=$(curl -s --insecure --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted)
 113 set -x
 114 if [ "$AUTH_RES" = "Access denied" ]; then
 115   echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
 116   exit 1
 117 else
 118   AUTH=$(echo "$AUTH_RES" | jq .upload_permitted)
 119   if [ "$AUTH" = "true" ]; then
 120     echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
 121   else
 122     WHEN=$(echo "$AUTH_RES" | jq .next_upload_permitted_at)
 123     echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
 124     exit 1
 125   fi
 126 fi
 127
 128
 129 # Download Coverity Scan Analysis Tool
 130 if [ ! -d "$TOOL_BASE" ]; then
 131   if [ ! -e "$TOOL_ARCHIVE" ]; then
 132     echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
 133     set +x
 134     curl -s --insecure --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" -o "$TOOL_ARCHIVE" "$TOOL_URL"
 135     set -x
 136   fi
 137
 138   # Extract Coverity Scan Analysis Tool
 139   echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
 140   mkdir -p "$TOOL_BASE"
 141   cd "$TOOL_BASE" || exit 1
 142   tar xzf "$TOOL_ARCHIVE"
 143   cd -
 144 fi
 145
 146 TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
 147 export PATH=$TOOL_DIR/bin:$PATH
 148
 149 COVERITY_SCAN_VERSION=$(git describe --always | sed 's|-|.|g')
 150
 151 # Build
 152 echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
 153 case "$BUILD_TYPE" in
 154 maven)
 155     cov-configure --java
 156     cov-build --dir "$RESULTS_DIR" $COVERITY_SCAN_BUILD_OPTIONS "$MVN_BIN" \
 157       -s "$MVN_SETTINGS" \
 158       -Dmaven.repo.local="$WORKSPACE/.repository" \
 159       -Dmaven.compiler.fork=true \
 160       -Dmaven.compiler.forceJavaCompilerUse=true \
 161       -Dmaven.test.skip=true \
 162       -DskipTests \
 163       clean verify
 164     ;;
 165 autotools)
 166     # Prepare build dir for autotools based projects
 167     if [ -f "./bootstrap" ]; then
 168       ./bootstrap
 169       ./configure $CONF_OPTS
 170     fi
 171
 172     cov-build --dir "$RESULTS_DIR" $COVERITY_SCAN_BUILD_OPTIONS make -j"$NPROC" V=1
 173     ;;
 174 *)
 175     echo "Unsupported build type: $BUILD_TYPE"
 176     exit 1
 177     ;;
 178 esac
 179
 180
 181
 182 cov-import-scm --dir "$RESULTS_DIR" --scm git --log "$RESULTS_DIR/scm_log.txt"
 183
 184 cd "${WORKSPACE}"
 185
 186 # Tar results
 187 echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
 188 tar czf $RESULTS_ARCHIVE $RESULTS_DIR_NAME
 189
 190 # Upload results
 191 echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
 192 set +x
 193 response=$(curl --insecure \
 194   --silent --write-out "\n%{http_code}\n" \
 195   --form project="$COVERITY_SCAN_PROJECT_NAME" \
 196   --form token="$COVERITY_SCAN_TOKEN" \
 197   --form email="$COVERITY_SCAN_NOTIFICATION_EMAIL" \
 198   --form file=@"$RESULTS_ARCHIVE" \
 199   --form version="$COVERITY_SCAN_VERSION" \
 200   --form description="$COVERITY_SCAN_DESCRIPTION" \
 201   "$UPLOAD_URL")
 202 set -x
 203 status_code=$(echo "$response" | sed -n '$p')
 204 if [ "${status_code:0:1}" == "2" ]; then
 205   echo -e "\033[33;1mCoverity Scan upload successful.\033[0m"
 206 else
 207   TEXT=$(echo "$response" | sed '$d')
 208   echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
 209   exit 1
 210 fi
 211
 212 # EOF