117 lines
4.5 KiB
Bash
117 lines
4.5 KiB
Bash
|
#!/bin/sh
|
||
|
|
||
|
set -e
|
||
|
|
||
|
# Environment check
|
||
|
echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m"
|
||
|
[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
|
||
|
#[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
|
||
|
[ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1
|
||
|
[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
|
||
|
[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
|
||
|
|
||
|
PLATFORM=`uname`
|
||
|
TOOL_ARCHIVE=/tmp/cov-analysis-${PLATFORM}.tgz
|
||
|
TOOL_URL=https://scan.coverity.com/download/cxx/${PLATFORM}
|
||
|
TOOL_BASE=/tmp/coverity-scan-analysis
|
||
|
UPLOAD_URL="https://scan.coverity.com/builds"
|
||
|
SCAN_URL="https://scan.coverity.com"
|
||
|
|
||
|
# Verify Coverity Scan run condition
|
||
|
COVERITY_SCAN_RUN_CONDITION=${coverity_scan_run_condition:-true}
|
||
|
echo -ne "\033[33;1mTesting '${COVERITY_SCAN_RUN_CONDITION}' condition... "
|
||
|
if eval [ $COVERITY_SCAN_RUN_CONDITION ]; then
|
||
|
echo -e "True.\033[0m"
|
||
|
else
|
||
|
echo -e "False. Exit.\033[0m"
|
||
|
exit 0
|
||
|
fi
|
||
|
|
||
|
# Do not run on pull requests
|
||
|
if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
|
||
|
echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m"
|
||
|
exit 0
|
||
|
fi
|
||
|
|
||
|
# Verify this branch should run
|
||
|
IS_COVERITY_SCAN_BRANCH=`ruby -e "puts '${TRAVIS_BRANCH}' =~ /\\A$COVERITY_SCAN_BRANCH_PATTERN\\z/ ? 1 : 0"`
|
||
|
if [ "$IS_COVERITY_SCAN_BRANCH" = "1" ]; then
|
||
|
echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m"
|
||
|
else
|
||
|
echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m"
|
||
|
exit 1
|
||
|
fi
|
||
|
|
||
|
# Verify upload is permitted
|
||
|
AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted`
|
||
|
if [ "$AUTH_RES" = "Access denied" ]; then
|
||
|
echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
|
||
|
exit 1
|
||
|
else
|
||
|
AUTH=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']"`
|
||
|
if [ "$AUTH" = "true" ]; then
|
||
|
echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
|
||
|
else
|
||
|
WHEN=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']"`
|
||
|
echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
|
||
|
exit 0
|
||
|
fi
|
||
|
fi
|
||
|
|
||
|
if [ ! -d $TOOL_BASE ]; then
|
||
|
# Download Coverity Scan Analysis Tool
|
||
|
if [ ! -e $TOOL_ARCHIVE ]; then
|
||
|
echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
|
||
|
wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
|
||
|
fi
|
||
|
|
||
|
# Extract Coverity Scan Analysis Tool
|
||
|
echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
|
||
|
mkdir -p $TOOL_BASE
|
||
|
pushd $TOOL_BASE
|
||
|
tar xzf $TOOL_ARCHIVE
|
||
|
popd
|
||
|
fi
|
||
|
|
||
|
TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
|
||
|
export PATH=$TOOL_DIR/bin:$PATH
|
||
|
|
||
|
# Build
|
||
|
echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
|
||
|
COV_BUILD_OPTIONS=""
|
||
|
#COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"
|
||
|
RESULTS_DIR="cov-int"
|
||
|
eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
|
||
|
COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $COV_BUILD_OPTIONS $COVERITY_SCAN_BUILD_COMMAND
|
||
|
cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt 2>&1
|
||
|
|
||
|
# Upload results
|
||
|
echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
|
||
|
RESULTS_ARCHIVE=analysis-results.tgz
|
||
|
tar czf $RESULTS_ARCHIVE $RESULTS_DIR
|
||
|
SHA=`git rev-parse --short HEAD`
|
||
|
VERSION_SHA=$(cat VERSION)#$SHA
|
||
|
|
||
|
# Verify Coverity Scan script test mode
|
||
|
if [ "$coverity_scan_script_test_mode" = true ]; then
|
||
|
echo -e "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m"
|
||
|
exit 0
|
||
|
fi
|
||
|
|
||
|
echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
|
||
|
response=$(curl \
|
||
|
--silent --write-out "\n%{http_code}\n" \
|
||
|
--form project=$COVERITY_SCAN_PROJECT_NAME \
|
||
|
--form token=$COVERITY_SCAN_TOKEN \
|
||
|
--form email=blackhole@blackhole.io \
|
||
|
--form file=@$RESULTS_ARCHIVE \
|
||
|
--form version=$SHA \
|
||
|
--form description="$VERSION_SHA" \
|
||
|
$UPLOAD_URL)
|
||
|
status_code=$(echo "$response" | sed -n '$p')
|
||
|
if [ "$status_code" != "201" ]; then
|
||
|
TEXT=$(echo "$response" | sed '$d')
|
||
|
echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
|
||
|
exit 1
|
||
|
fi
|