]>
The Tcpdump Group git mirrors - tcpdump/blob - .ci-coverity-scan-build.sh
6 printf "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m\n"
7 [ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
8 #[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
9 [ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
10 [ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
13 TOOL_ARCHIVE
=/tmp
/cov-analysis-
${PLATFORM}.tgz
14 TOOL_URL
=https
://scan.coverity.com
/download
/cxx
/${PLATFORM}
15 TOOL_BASE
=/tmp
/coverity-scan-analysis
16 UPLOAD_URL
="https://scan.coverity.com/builds"
17 SCAN_URL
="https://scan.coverity.com"
19 # Verify upload is permitted
20 AUTH_RES
=$
(curl
-s --form project
="$COVERITY_SCAN_PROJECT_NAME" --form token
="$COVERITY_SCAN_TOKEN" $SCAN_URL/api
/upload_permitted
)
21 if [ "$AUTH_RES" = "Access denied" ]; then
22 printf "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m\n"
25 AUTH
=$
(echo "$AUTH_RES" | ruby
-e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']")
26 if [ "$AUTH" = "true" ]; then
27 printf "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m\n"
29 WHEN
=$
(echo "$AUTH_RES" | ruby
-e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']")
30 printf "\033[33;1mCoverity Scan analysis NOT authorized until %s.\033[0m\n" "$WHEN"
35 if [ ! -d $TOOL_BASE ]; then
36 # Download Coverity Scan Analysis Tool
37 if [ ! -e "$TOOL_ARCHIVE" ]; then
38 printf "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m\n"
39 wget
-nv -O "$TOOL_ARCHIVE" "$TOOL_URL" --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
42 # Extract Coverity Scan Analysis Tool
43 printf "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m\n"
45 tar xzf
"$TOOL_ARCHIVE" -C "$TOOL_BASE"
48 TOOL_DIR
=$
(find $TOOL_BASE -type d
-name 'cov-analysis*')
49 export PATH
=$TOOL_DIR/bin
:$PATH
52 printf "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m\n"
54 #COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"
56 eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
57 # Do not quote COV_BUILD_OPTIONS so it collapses when it is empty and expands
59 # shellcheck disable=SC2086
60 COVERITY_UNSUPPORTED
=1 cov-build
--dir "$RESULTS_DIR" $COV_BUILD_OPTIONS "$COVERITY_SCAN_BUILD_COMMAND"
61 cov-import-scm
--dir $RESULTS_DIR --scm git
--log $RESULTS_DIR/scm_log.txt
2>&1
64 printf "\033[33;1mTarring Coverity Scan Analysis results...\033[0m\n"
65 RESULTS_ARCHIVE
=analysis-results.tgz
66 tar czf
$RESULTS_ARCHIVE $RESULTS_DIR
67 SHA
=$
(git rev-parse
--short HEAD
)
68 VERSION_SHA
=$
(cat VERSION
)#$SHA
70 # Verify Coverity Scan script test mode
71 if [ "${coverity_scan_script_test_mode:-false}" = true
]; then
72 printf "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m\n"
76 printf "\033[33;1mUploading Coverity Scan Analysis results...\033[0m\n"
78 --silent --write-out "\n%{http_code}\n" \
79 --form project
="$COVERITY_SCAN_PROJECT_NAME" \
80 --form token
="$COVERITY_SCAN_TOKEN" \
81 --form email
=blackhole@blackhole.io \
82 --form file=@
$RESULTS_ARCHIVE \
83 --form version
="$SHA" \
84 --form description
="$VERSION_SHA" \
86 status_code
=$
(echo "$response" |
sed -n '$p')
87 if [ "$status_code" != "200" ] && [ "$status_code" != "201" ]; then
88 TEXT
=$
(echo "$response" |
sed '$d')
89 printf "\033[33;1mCoverity Scan upload failed with HTTP status code '%s': %s.\033[0m\n" "$status_code" "$TEXT"
projects / tcpdump / blob