Gitiles
Code Review Sign In
gerrit.openfyde.cn / chromium.googlesource.com / chromiumos / third_party / systemd / 99127d20ce69f566be6366afa28cafe9c471725b / . / scripts / coverity.sh
blob: 3e8d874728fea517438be850cf4ef6cde5f72429 [file] [log] [blame]
Marek Čermák99127d22018-01-11 11:41:35 +0100[diff] [blame^]1#!/bin/env bash
2
3# Declare build command
4COVERITY_SCAN_BUILD_COMMAND="ninja -C cov-build"
5
6# Environment check
7# Use default values if not set
8SCAN_URL=${SCAN_URL:="https://scan.coverity.com"}
9TOOL_BASE=${TOOL_BASE:="/tmp/coverity-scan-analysis"}
10UPLOAD_URL=${UPLOAD_URL:="https://scan.coverity.com/builds"}
11
12# These must be set by environment
13echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m"
14[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
15[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
16[ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1
17[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
18[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
19
20# Do not run on pull requests
21if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
22 echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m"
23 exit 0
24fi
25
26# Verify this branch should run
27if [[ "${TRAVIS_BRANCH^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then
28 echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m"
29else
30 echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m"
31 exit 1
32fi
33
34# Verify upload is permitted
35AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted`
36if [ "$AUTH_RES" = "Access denied" ]; then
37 echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
38 exit 1
39else
40 AUTH=`echo $AUTH_RES | python -c "import sys, json; print json.load(sys.stdin)['upload_permitted']"`
41 if [ "$AUTH" = "True" ]; then
42 echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
43 else
44 WHEN=`echo $AUTH_RES | python -c "import sys; json; print json.load(sys.stdin)['next_upload_permitted_at']"`
45 echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
46 exit 0
47 fi
48fi
49
50TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
51export PATH="$TOOL_DIR/bin:$PATH"
52
53# Disable CCACHE for cov-build to compilation units correctly
54export CCACHE_DISABLE=1
55
56# FUNCTION DEFINITIONS
57# --------------------
58_help()
59{
60 # displays help and exits
61 cat <<-EOF
62 USAGE: $0 [CMD] [OPTIONS]
63
64 CMD
65 build Issue Coverity build
66 upload Upload coverity archive for analysis
67 Note: By default, archive is created from default results directory.
68 To provide custom archive or results directory, see --result-dir
69 and --tar options below.
70
71 OPTIONS
72 -h,--help Display this menu and exits
73
74 Applicable to build command
75 ---------------------------
76 -o,--out-dir Specify Coverity intermediate directory (defaults to 'cov-int')
77 -t,--tar bool, archive the output to .tgz file (defaults to false)
78
79 Applicable to upload command
80 ----------------------------
81 -d, --result-dir Specify result directory if different from default ('cov-int')
82 -t, --tar ARCHIVE Use custom .tgz archive instead of intermediate directory or pre-archived .tgz
83 (by default 'analysis-result.tgz'
84 EOF
85 return;
86}
87
88_pack()
89{
90 RESULTS_ARCHIVE=${RESULTS_ARCHIVE:-'analysis-results.tgz'}
91
92 echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
93 tar czf $RESULTS_ARCHIVE $RESULTS_DIR
94 SHA=`git rev-parse --short HEAD`
95
96 PACKED=true
97}
98
99
100_build()
101{
102 echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
103 local _cov_build_options=""
104 #local _cov_build_options="--return-emit-failures 8 --parse-error-threshold 85"
105 eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
106 COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $_cov_build_options sh -c "$COVERITY_SCAN_BUILD_COMMAND"
107 cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt
108
109 if [ $? != 0 ]; then
110 echo -e "\033[33;1mCoverity Scan Build failed: $TEXT.\033[0m"
111 return 1
112 fi
113
114 [ -z $TAR ] || [ $TAR = false ] && return 0
115
116 if [ "$TAR" = true ]; then
117 _pack
118 fi
119}
120
121
122_upload()
123{
124 # pack results
125 [ -z $PACKED ] || [ $PACKED = false ] && _pack
126
127 # Upload results
128 echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
129 response=$(curl \
130 --silent --write-out "\n%{http_code}\n" \
131 --form project=$COVERITY_SCAN_PROJECT_NAME \
132 --form token=$COVERITY_SCAN_TOKEN \
133 --form email=$COVERITY_SCAN_NOTIFICATION_EMAIL \
134 --form file=@$RESULTS_ARCHIVE \
135 --form version=$SHA \
136 --form description="Travis CI build" \
137 $UPLOAD_URL)
138 status_code=$(echo "$response" | sed -n '$p')
139 if [ "$status_code" != "201" ]; then
140 TEXT=$(echo "$response" | sed '$d')
141 echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
142 exit 1
143 fi
144
145 echo -e "\n\033[33;1mCoverity Scan Analysis completed succesfully.\033[0m"
146 exit 0
147}
148
149# PARSE COMMAND LINE OPTIONS
150# --------------------------
151
152case $1 in
153 -h|--help)
154 _help
155 exit 0
156 ;;
157 build)
158 CMD='build'
159 TEMP=`getopt -o ho:t --long help,out-dir:,tar -n '$0' -- "$@"`
160 _ec=$?
161 [[ $_ec -gt 0 ]] && _help && exit $_ec
162 shift
163 ;;
164 upload)
165 CMD='upload'
166 TEMP=`getopt -o hd:t: --long help,result-dir:tar: -n '$0' -- "$@"`
167 _ec=$?
168 [[ $_ec -gt 0 ]] && _help && exit $_ec
169 shift
170 ;;
171 *)
172 _help && exit 1 ;;
173esac
174
175RESULTS_DIR='cov-int'
176
177eval set -- "$TEMP"
178if [ $? != 0 ] ; then exit 1 ; fi
179
180# extract options and their arguments into variables.
181if [[ $CMD == 'build' ]]; then
182 TAR=false
183 while true ; do
184 case $1 in
185 -h|--help)
186 _help
187 exit 0
188 ;;
189 -o|--out-dir)
190 RESULTS_DIR="$2"
191 shift 2
192 ;;
193 -t|--tar)
194 TAR=true
195 shift
196 ;;
197 --) _build; shift ; break ;;
198 *) echo "Internal error" ; _help && exit 6 ;;
199 esac
200 done
201
202elif [[ $CMD == 'upload' ]]; then
203 while true ; do
204 case $1 in
205 -h|--help)
206 _help
207 exit 0
208 ;;
209 -d|--result-dir)
210 CHANGE_DEFAULT_DIR=true
211 RESULTS_DIR="$2"
212 shift 2
213 ;;
214 -t|--tar)
215 RESULTS_ARCHIVE="$2"
216 [ -z $CHANGE_DEFAULT_DIR ] || [ $CHANGE_DEFAULT_DIR = false ] && PACKED=true
217 shift 2
218 ;;
219 --) _upload; shift ; break ;;
220 *) echo "Internal error" ; _help && exit 6 ;;
221 esac
222 done
223
224fi