]> The Tcpdump Group git mirrors - tcpdump/blob - .travis-coverity-scan-build.sh
projects / tcpdump / blob
summary | shortlog | log | commit | commitdiff | tree
history | raw | HEAD
Add CAP_FCNTL and use cap_fcntls_limit().
[tcpdump] / .travis-coverity-scan-build.sh
1 #!/bin/sh
2
3 set -e
4
5 # Environment check
6 echo -e "\033[33;1mNote: PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m"
7 [ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
8 #[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
9 [ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1
10 [ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
11 [ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
12
13 PLATFORM=`uname`
14 TOOL_ARCHIVE=/tmp/cov-analysis-${PLATFORM}.tgz
15 TOOL_URL=https://scan.coverity.com/download/${PLATFORM}
16 TOOL_BASE=/tmp/coverity-scan-analysis
17 UPLOAD_URL="http://scan5.coverity.com/cgi-bin/travis_upload.py"
18 SCAN_URL="https://scan.coverity.com"
19
20 # Verify Coverity Scan run condition
21 COVERITY_SCAN_RUN_CONDITION=${coverity_scan_run_condition:-true}
22 echo -ne "\033[33;1mTesting '${COVERITY_SCAN_RUN_CONDITION}' condition... "
23 if eval [ $COVERITY_SCAN_RUN_CONDITION ]; then
24 echo -e "True.\033[0m"
25 else
26 echo -e "False. Exit.\033[0m"
27 exit 1
28 fi
29
30 # Do not run on pull requests
31 if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
32 echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m"
33 exit 0
34 fi
35
36 # Verify this branch should run
37 IS_COVERITY_SCAN_BRANCH=`ruby -e "puts '${TRAVIS_BRANCH}' =~ /\\A$COVERITY_SCAN_BRANCH_PATTERN\\z/ ? 1 : 0"`
38 if [ "$IS_COVERITY_SCAN_BRANCH" = "1" ]; then
39 echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m"
40 else
41 echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m"
42 exit 1
43 fi
44
45 # Verify upload is permitted
46 AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted`
47 if [ "$AUTH_RES" = "Access denied" ]; then
48 echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
49 exit 1
50 else
51 AUTH=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']"`
52 if [ "$AUTH" = "true" ]; then
53 echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
54 else
55 WHEN=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']"`
56 echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
57 exit 1
58 fi
59 fi
60
61 if [ ! -d $TOOL_BASE ]; then
62 # Download Coverity Scan Analysis Tool
63 if [ ! -e $TOOL_ARCHIVE ]; then
64 echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
65 wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
66 fi
67
68 # Extract Coverity Scan Analysis Tool
69 echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
70 mkdir -p $TOOL_BASE
71 pushd $TOOL_BASE
72 tar xzf $TOOL_ARCHIVE
73 popd
74 fi
75
76 TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
77 export PATH=$TOOL_DIR/bin:$PATH
78
79 # Build
80 echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
81 COV_BUILD_OPTIONS=""
82 #COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"
83 RESULTS_DIR="cov-int"
84 eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
85 COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $COV_BUILD_OPTIONS $COVERITY_SCAN_BUILD_COMMAND
86
87 # Upload results
88 echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
89 RESULTS_ARCHIVE=analysis-results.tgz
90 tar czf $RESULTS_ARCHIVE $RESULTS_DIR
91 SHA=`git rev-parse --short HEAD`
92 VERSION_SHA=$(cat VERSION)#$SHA
93
94 # Verify Coverity Scan script test mode
95 if [ "$coverity_scan_script_test_mode" = true ]; then
96 echo -e "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m"
97 exit 1
98 fi
99
100 echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
101 curl \
102 --progress-bar \
103 --form project=$COVERITY_SCAN_PROJECT_NAME \
104 --form token=$COVERITY_SCAN_TOKEN \
105 --form email=$COVERITY_SCAN_NOTIFICATION_EMAIL \
106 --form file=@$RESULTS_ARCHIVE \
107 --form version=$SHA \
108 --form description="$VERSION_SHA" \
109 $UPLOAD_URL
[mirror] the TCPdump network dissector