summaryrefslogtreecommitdiffstats
path: root/tools/coverity.sh
blob: f140b7817406b798b371f1b19774466dbeecf3e5 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
168
169
170
171
172
173
174
175
176
177
178
179
180
181
182
183
184
185
186
187
188
189
190
191
192
193
194
195
196
197
198
199
200
201
202
203
204
205
206
207
208
209
210
211
212
213
214
215
216
217
218
219
220
221
222
223
224
225
226
227
228
#!/usr/bin/env bash
# SPDX-License-Identifier: LGPL-2.1-or-later

# The official unmodified version of the script can be found at
# https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh

set -e

# Declare build command
COVERITY_SCAN_BUILD_COMMAND="ninja -C cov-build"

# Environment check
# Use default values if not set
SCAN_URL=${SCAN_URL:="https://scan.coverity.com"}
TOOL_BASE=${TOOL_BASE:="/tmp/coverity-scan-analysis"}
UPLOAD_URL=${UPLOAD_URL:="https://scan.coverity.com/builds"}

# These must be set by environment
echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m"
[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
[ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1
[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1

# Verify this branch should run
if [[ "${CURRENT_REF^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then
    echo -e "\033[33;1mCoverity Scan configured to run on branch ${CURRENT_REF}\033[0m"
else
    echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${CURRENT_REF}\033[0m"
    exit 1
fi

# Verify upload is permitted
AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted`
if [ "$AUTH_RES" = "Access denied" ]; then
    echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
    exit 1
else
    AUTH=`echo $AUTH_RES | jq .upload_permitted`
    if [ "$AUTH" = "true" ]; then
        echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
    else
        WHEN=`echo $AUTH_RES | jq .next_upload_permitted_at`
        echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
        exit 1
    fi
fi

TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
export PATH="$TOOL_DIR/bin:$PATH"

# Disable CCACHE for cov-build to compilation units correctly
export CCACHE_DISABLE=1

# FUNCTION DEFINITIONS
# --------------------
_help()
{
    # displays help and exits
    cat <<-EOF
		USAGE: $0 [CMD] [OPTIONS]

		CMD
		  build   Issue Coverity build
		  upload  Upload coverity archive for analysis
              Note: By default, archive is created from default results directory.
                    To provide custom archive or results directory, see --result-dir
                    and --tar options below.

		OPTIONS
		  -h,--help     Display this menu and exits

		  Applicable to build command
		  ---------------------------
		  -o,--out-dir  Specify Coverity intermediate directory (defaults to 'cov-int')
		  -t,--tar      bool, archive the output to .tgz file (defaults to false)

		  Applicable to upload command
		  ----------------------------
		  -d, --result-dir   Specify result directory if different from default ('cov-int')
		  -t, --tar ARCHIVE  Use custom .tgz archive instead of intermediate directory or pre-archived .tgz
                         (by default 'analysis-result.tgz'
	EOF
    return;
}

_pack()
{
    RESULTS_ARCHIVE=${RESULTS_ARCHIVE:-'analysis-results.tgz'}

    echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
    tar czf $RESULTS_ARCHIVE $RESULTS_DIR
    SHA=`git rev-parse --short HEAD`

    PACKED=true
}


_build()
{
    echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
    local _cov_build_options=""
    #local _cov_build_options="--return-emit-failures 8 --parse-error-threshold 85"
    eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
    COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $_cov_build_options sh -c "$COVERITY_SCAN_BUILD_COMMAND"
    cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt

    if [ $? != 0 ]; then
	echo -e "\033[33;1mCoverity Scan Build failed: $TEXT.\033[0m"
	return 1
    fi

    [ -z $TAR ] || [ $TAR = false ] && return 0

    if [ "$TAR" = true ]; then
	_pack
    fi
}


_upload()
{
    # pack results
    [ -z $PACKED ] || [ $PACKED = false ] && _pack

    # Upload results
    echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
    response=$(curl \
	           --silent --write-out "\n%{http_code}\n" \
	           --form project=$COVERITY_SCAN_PROJECT_NAME \
	           --form token=$COVERITY_SCAN_TOKEN \
	           --form email=$COVERITY_SCAN_NOTIFICATION_EMAIL \
	           --form file=@$RESULTS_ARCHIVE \
	           --form version=$SHA \
	           --form description="Travis CI build" \
	           $UPLOAD_URL)
    printf "\033[33;1mThe response is\033[0m\n%s\n" "$response"
    status_code=$(echo "$response" | sed -n '$p')
    # Coverity Scan used to respond with 201 on successfully receiving analysis results.
    # Now for some reason it sends 200 and may change back in the foreseeable future.
    # See https://github.com/pmem/pmdk/commit/7b103fd2dd54b2e5974f71fb65c81ab3713c12c5
    if [ "$status_code" != "200" ]; then
	TEXT=$(echo "$response" | sed '$d')
	echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
	exit 1
    fi

    echo -e "\n\033[33;1mCoverity Scan Analysis completed successfully.\033[0m"
    exit 0
}

# PARSE COMMAND LINE OPTIONS
# --------------------------

case $1 in
    -h|--help)
	_help
	exit 0
	;;
    build)
	CMD='build'
	TEMP=`getopt -o ho:t --long help,out-dir:,tar -n '$0' -- "$@"`
	_ec=$?
	[[ $_ec -gt 0 ]] && _help && exit $_ec
	shift
	;;
    upload)
	CMD='upload'
	TEMP=`getopt -o hd:t: --long help,result-dir:tar: -n '$0' -- "$@"`
	_ec=$?
	[[ $_ec -gt 0 ]] && _help && exit $_ec
	shift
	;;
    *)
	_help && exit 1 ;;
esac

RESULTS_DIR='cov-int'

eval set -- "$TEMP"
if [ $? != 0 ] ; then exit 1 ; fi

# extract options and their arguments into variables.
if [[ $CMD == 'build' ]]; then
    TAR=false
    while true ; do
	case $1 in
	    -h|--help)
		_help
		exit 0
		;;
	    -o|--out-dir)
		RESULTS_DIR="$2"
		shift 2
		;;
	    -t|--tar)
		TAR=true
		shift
		;;
	    --) _build; shift ; break ;;
	    *) echo "Internal error" ; _help && exit 6 ;;
	esac
    done

elif [[ $CMD == 'upload' ]]; then
    while true ; do
	case $1 in
	    -h|--help)
		_help
		exit 0
		;;
	    -d|--result-dir)
		CHANGE_DEFAULT_DIR=true
		RESULTS_DIR="$2"
		shift 2
		;;
	    -t|--tar)
		RESULTS_ARCHIVE="$2"
		[ -z $CHANGE_DEFAULT_DIR ] || [ $CHANGE_DEFAULT_DIR = false ] && PACKED=true
		shift 2
		;;
	    --) _upload; shift ; break ;;
	    *) echo "Internal error" ; _help && exit 6 ;;
	esac
    done

fi