| --- |
| # Coverity Scan static analysis |
| |
| - job-template: |
| name: '{project-name}-coverity' |
| id: onap-gerrit-maven-coverity |
| description: > |
| <hr/> |
| <h2>How to access Coverity Scan static analysis results</h2> |
| <ol> |
| <li>Visit <a href="https://scan.coverity.com/projects/{coverity-project-name}">Coverity Scan |
| project page</a>.</li> |
| <li>If you have not been added to the project on Coverity Scan service yet: |
| <ol> |
| <li>Click on <a href="https://scan.coverity.com/memberships/new?project_id={coverity-project-name}"> |
| Add me to project</a>.</li> |
| <li>Wait till the project administrators grant you appropriate permissions.</li> |
| </ol> |
| <li>Click on <a href="https://scan.coverity.com/projects/{coverity-project-name}/view_defects"> |
| View Defects</a>.</li> |
| </ol> |
| <p>Please note that processing data takes some time. You will get an email when it's done.</p> |
| <hr/> |
| |
| project-type: freestyle |
| node: '{build-node}' |
| branch: master |
| build-days-to-keep: 7 |
| build-timeout: 240 |
| cron: '@daily' |
| disabled: false |
| dry-run: false |
| git-url: '$GIT_URL/$PROJECT' |
| java-version: openjdk8 |
| mvn-global-settings: global-settings |
| mvn-opts: '' |
| mvn-params: '' |
| mvn-version: mvn35 |
| coverity-project-name: '' |
| coverity-token: '' |
| coverity-user-email: '' |
| coverity-search-paths: '' |
| coverity-search-exclude-regexs: '' |
| max-git-repo-age-hours: 0 |
| stream: master |
| submodule-recursive: true |
| submodule-timeout: 10 |
| submodule-disable: false |
| archive-artifacts: > |
| cov-int/BUILD.metrics.xml |
| cov-int/build-log.txt |
| cov-int/build-timings.txt |
| cov-int/cov-import-scm-timings.txt |
| cov-int/coverity-scan-analysed-files.txt |
| cov-int/scm-untracked-files.txt |
| cov-int/failed_jsp/* |
| cov-int/java-security-da-input.dat |
| cov-int/java-security-da-whitelist.dat |
| cov-int/jsp-compilation-log.txt |
| cov-int/jsp-debug-log.txt |
| cov-int/security.log |
| |
| properties: |
| - lf-infra-properties: |
| build-days-to-keep: '{build-days-to-keep}' |
| |
| parameters: |
| - lf-infra-parameters: |
| project: '{project}' |
| branch: '{branch}' |
| stream: '{stream}' |
| - lf-infra-maven-parameters: |
| mvn-opts: '{mvn-opts}' |
| mvn-params: '{mvn-params}' |
| mvn-version: '{mvn-version}' |
| - string: |
| name: ARCHIVE_ARTIFACTS |
| default: '{archive-artifacts}' |
| description: Artifacts to archive to the logs server. |
| - string: |
| name: SEARCH_PATHS |
| default: '{coverity-search-paths}' |
| description: > |
| Additional directories to search for files to analyse by Coverity |
| Scan service (space separated). |
| - string: |
| name: SEARCH_EXCLUDE_REGEXS |
| default: '{coverity-search-exclude-regexs}' |
| description: > |
| File path patterns to exclude from analysis by Coverity Scan |
| service (e.g. 3rd-party or auto-generated sources, space |
| separated). |
| - string: |
| name: COVERITY_USER_EMAIL |
| default: '{coverity-user-email}' |
| description: > |
| E-mail address to receive analysis status report after submittion. |
| It must be a registered user on Coverity Scan service added as a |
| member to appropriate Coverity Scan project with "Maintainer/Owner" |
| role. |
| - bool: |
| name: DRY_RUN |
| default: '{dry-run}' |
| description: Do not submit results to Coverity Scan server at the end of the build. |
| - string: |
| name: 'MAX_GIT_REPO_AGE_HOURS' |
| default: '{max-git-repo-age-hours}' |
| description: > |
| If set to non-zero run the code scan only if there were no git |
| repository commits last MAX_GIT_REPO_AGE_HOURS hours. |
| It makes sense to set the value twice the 'cron' interval for the |
| job (e.g. if 'cron: @daily', then MAX_GIT_REPO_AGE_HOURS=48) |
| |
| triggers: |
| - timed: '{obj:cron}' |
| |
| wrappers: |
| - lf-infra-wrappers: |
| build-timeout: '{build-timeout}' |
| jenkins-ssh-credential: '{jenkins-ssh-credential}' |
| |
| builders: |
| - lf-infra-pre-build |
| - lf-maven-install: |
| mvn-version: '{mvn-version}' |
| - lf-update-java-alternatives: |
| java-version: '{java-version}' |
| - lf-provide-maven-settings: |
| global-settings-file: global-settings |
| settings-file: '{mvn-settings}' |
| - inject: |
| properties-content: | |
| COVERITY_PROJECT_NAME={coverity-project-name} |
| COVERITY_TOKEN={coverity-token} |
| - shell: !include-raw-escape: |
| - ../../global-jjb/shell/common-variables.sh |
| - ../../shell/maven-coverity.sh |
| - lf-provide-maven-settings-cleanup |
| |
| publishers: |
| - lf-infra-publish |
| |
| scm: |
| - lf-infra-gerrit-scm: |
| jenkins-ssh-credential: '{jenkins-ssh-credential}' |
| git-url: '{git-url}' |
| refspec: $GERRIT_REFSPEC |
| branch: $GERRIT_BRANCH |
| submodule-recursive: '{submodule-recursive}' |
| submodule-timeout: '{submodule-timeout}' |
| submodule-disable: '{submodule-disable}' |
| choosing-strategy: default |