forked from tpm2-software/tpm2-tss
-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathcoverity.run
executable file
·110 lines (85 loc) · 3.07 KB
/
coverity.run
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
#!/usr/bin/env bash
# SPDX-License-Identifier: BSD-3-Clause
set -eo pipefail
# Override project to the old project name becuase coverity didn't understand the rename from
# 01org/TPM2.0-TSS to tpm2-software/tpm2-tss
export PROJECT='01org/TPM2.0-TSS'
echo "PROJECT=$PROJECT"
if [ -z "$COVERITY_SCAN_TOKEN" ]; then
echo "coverity.run invoked without COVERITY_SCAN_TOKEN set...exiting!"
exit 1
fi
if [ -z "$COVERITY_SUBMISSION_EMAIL" ]; then
echo "coverity.run invoked without COVERITY_SUBMISSION_EMAIL set...exiting!"
exit 1
fi
# Sanity check, this should only be executing on the coverity_scan branch
if [[ "$REPO_BRANCH" != *coverity_scan ]]; then
echo "coverity.run invoked for non-coverity branch $REPO_BRANCH...exiting!"
exit 1
fi
if [[ "$CC" == clang* ]]; then
echo "Coverity scan branch detected, not running with clang...exiting!"
exit 1
fi
# branch is coverity_scan
echo "Running coverity build"
# ensure coverity_scan tool is available to the container
# We cannot package these in the docker image, as we would be distributing their software
# for folks not coupled to our COVERITY_SCAN_TOKEN.
if [ ! -f "$(pwd)/cov-analysis/bin/cov-build" ]; then
curl --data-urlencode "project=$PROJECT" \
--data-urlencode "token=$COVERITY_SCAN_TOKEN" \
"https://scan.coverity.com/download/linux64" -o coverity_tool.tgz
stat coverity_tool.tgz
curl --data-urlencode "project=$PROJECT" \
--data-urlencode "token=$COVERITY_SCAN_TOKEN" \
--data-urlencode "md5=1" \
"https://scan.coverity.com/download/linux64" -o coverity_tool.md5
stat coverity_tool.md5
cat coverity_tool.md5
md5sum coverity_tool.tgz
echo "$(cat coverity_tool.md5)" coverity_tool.tgz | md5sum -c
echo "unpacking cov-analysis"
tar -xf coverity_tool.tgz
mv cov-analysis-* cov-analysis
fi
export PATH=$PATH:$(pwd)/cov-analysis/bin
echo "Which cov-build: $(which cov-build)"
pushd "$DOCKER_BUILD_DIR"
source ".ci/docker-prelude.sh"
echo "Performing build with Coverity Scan"
rm -rf cov-int
./bootstrap && ./configure --enable-debug && make clean
cov-build --dir $DOCKER_BUILD_DIR/cov-int make -j $(nproc)
echo "Collecting Coverity data for submission"
rm -fr README
AUTHOR="$(git log -1 $HEAD --pretty="%aN")"
AUTHOR_EMAIL="$(git log -1 $HEAD --pretty="%aE")"
VERSION="$(git rev-parse HEAD)"
echo "Name: $AUTHOR" >> README
echo "Email: $AUTHOR_EMAIL" >> README
echo "Project: $PROJECT" >> README
echo "Build-Version: $VERSION" >> README
echo "Description: $REPO_NAME $REPO_BRANCH" >> README
echo "Submitted-by: $PROJECT CI" >> README
echo "---README---"
cat README
echo "---EOF---"
rm -f scan.tgz
tar -czf scan.tgz README cov-int
rm -rf README cov-int
# upload the results
echo "Testing for scan results..."
scan_file=$(stat --printf='%n' scan.tgz)
echo "Submitting data to Coverity"
curl --form token="$COVERITY_SCAN_TOKEN" \
--form email="$COVERITY_SUBMISSION_EMAIL" \
--form project="$PROJECT" \
--form file=@"$scan_file" \
--form version="$VERSION" \
--form description="$REPO_NAME $REPO_BRANCH" \
"https://scan.coverity.com/builds?project=$PROJECT"
rm -rf scan.tgz
popd
exit 0