Gitiles
Code Review Sign In
gerrit.nordix.org / onap / ci-management / 59016a40819cdff7d3cf0a1c52f1ce64689e9234 / . / shell / maven-coverity.sh
blob: 51bd2733f9b9a460e9079bc535b83ae9906ef427 [file] [log] [blame]
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]1#!/bin/bash
2
3# Copyright 2019 Samsung Electronics Co., Ltd.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17set -Eeuxo pipefail
18PS4='+['$(readlink -f "$0")' ${FUNCNAME[0]%main}#$LINENO] '
19
20echo '---> maven-coverity.sh'
21
Artem Naluzhnyyec81f732019-08-01 14:38:18 +0200[diff] [blame]22SUBMISSION_ATTEMPTS=5
23SUBMISSION_INITIAL_REST_INTERVAL=30 # seconds, will be doubled after each attempt
24
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]25#-----------------------------------------------------------------------------
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200[diff] [blame^]26# Process parameters for JS/TS/Python/Ruby/PHP files analysis
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +0200[diff] [blame]27
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +0200[diff] [blame]28if [ -n "${SEARCH_PATHS:=}" ]; then
29 for SEARCH_PATH in ${SEARCH_PATHS}; do
30 if [ -d "${SEARCH_PATH}" ]; then
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200[diff] [blame^]31 FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS:=} --fs-capture-search '${SEARCH_PATH}'"
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +0200[diff] [blame]32 else
33 echo "'${SEARCH_PATH}' from \$SEARCH_PATHS is not an existing directory." >&2
34 exit 1
35 fi
36 done
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +0200[diff] [blame]37
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200[diff] [blame^]38 for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do
39 EXCLUDE_REGEX=${EXCLUDE_REGEX//\'/\'\\\'\'} # escape single quote "'"
40 FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'"
41
42 # FIXME: a hack to deal with temporary(?) non-functional filter to ignore
43 # specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex"
44 # CLI parameter for "cov-build" tool). The hack can be removed when this CLI
45 # parameter is fixed on Coverity side.
46 FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS="${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=} --tu-pattern 'file('\\''${EXCLUDE_REGEX}'\\'')'"
47 done
48fi
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +0200[diff] [blame]49
50#-----------------------------------------------------------------------------
Artem Naluzhnyy373fc1c2019-06-11 17:14:07 +0200[diff] [blame]51# Check if we are allowed to submit results to Coverity Scan service
52# and have not exceeded our upload quota limits
53# See also: https://scan.coverity.com/faq#frequency
54
55CURL_OUTPUT=$(
56 curl \
57 --verbose \
58 --silent \
59 --show-error \
60 --fail \
61 --form "project=${COVERITY_PROJECT_NAME}" \
62 --form "token=${COVERITY_TOKEN}" \
63 'https://scan.coverity.com/api/upload_permitted'
64)
65
66IS_COVERITY_UPLOAD_PERMITTED=$(
67 echo "${CURL_OUTPUT}" \
68 | jq '.upload_permitted'
69)
70if [ x"${IS_COVERITY_UPLOAD_PERMITTED}" != x'true' ]; then
71 echo "Upload quota reached. Next upload permitted at "$(echo "${CURL_OUTPUT}" | jq '.next_upload_permitted_at') >&2
72 exit 1
73fi
74
75#-----------------------------------------------------------------------------
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]76# Get Coverity Scan build tool
77
78curl \
79 --verbose \
80 --silent \
81 --show-error \
82 --fail \
83 --form "project=${COVERITY_PROJECT_NAME}" \
84 --form "token=${COVERITY_TOKEN}" \
85 --output 'coverity_tool.tgz' \
86 'https://scan.coverity.com/download/linux64'
87
Artem Naluzhnyy450f6c62019-06-11 17:19:40 +0200[diff] [blame]88curl \
89 --verbose \
90 --silent \
91 --show-error \
92 --fail \
93 --form "project=${COVERITY_PROJECT_NAME}" \
94 --form "token=${COVERITY_TOKEN}" \
95 --form 'md5=1' \
96 --output 'coverity_tool.md5' \
97 'https://scan.coverity.com/download/linux64'
98
99echo -n ' coverity_tool.tgz' >> 'coverity_tool.md5'
100md5sum --check 'coverity_tool.md5'
101
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]102tar \
103 --extract \
104 --gunzip \
105 --file='coverity_tool.tgz'
106
107COVERITY_BUILD_TOOL_DIRECTORY=$(
108 head -1 <( \
109 tar \
110 --list \
111 --gunzip \
112 --file='coverity_tool.tgz'
113 )
114)
115COVERITY_BINARY_DIRECTORY="${COVERITY_BUILD_TOOL_DIRECTORY}bin"
116test -d "${COVERITY_BINARY_DIRECTORY}" \
117 || exit 1
118export PATH="${PATH}:${COVERITY_BINARY_DIRECTORY}"
119
120rm 'coverity_tool.tgz'
121
122#-----------------------------------------------------------------------------
123# Build
124
125export MAVEN_OPTS
126
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +0200[diff] [blame]127eval cov-build \
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]128 --dir 'cov-int' \
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200[diff] [blame^]129 --append-log \
130 ${FS_CAPTURE_SEARCH_PARAMS:=} \
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]131 "${MVN}" clean install \
132 --errors \
133 --global-settings "${GLOBAL_SETTINGS_FILE}" \
134 --settings "${SETTINGS_FILE}" \
135 ${MAVEN_OPTIONS:=} \
136 ${MAVEN_PARAMS:=}
137
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200[diff] [blame^]138# FIXME: a hack to deal with temporary(?) non-functional filter to ignore
139# specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex"
140# CLI parameter for "cov-build" tool). The hack can be removed when this CLI
141# parameter is fixed on Coverity side.
142if [ -n "${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=}" ]; then
143 eval cov-manage-emit \
144 --dir 'cov-int' \
145 ${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS} \
146 delete
147fi
148
149# Extract git data for analysed files
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]150cov-import-scm \
151 --dir 'cov-int' \
152 --scm 'git'
153
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200[diff] [blame^]154# List all analysed files from the project
Artem Naluzhnyy097f7342019-06-27 14:14:14 +0200[diff] [blame]155cov-manage-emit \
156 --dir cov-int \
157 list \
158| grep \
159 --invert-match \
160 '^Translation unit:$' \
161| sed \
162 's!^[[:digit:]]\+ -> !!' \
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200[diff] [blame^]163| sort \
Artem Naluzhnyy097f7342019-06-27 14:14:14 +0200[diff] [blame]164> 'coverity-scan-analysed-files.log'
165
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]166#-----------------------------------------------------------------------------
167# Submit results to Coverity service
168
169tar \
170 --create \
171 --gzip \
172 --file='results.tgz' \
173 'cov-int'
174
Artem Naluzhnyyec81f732019-08-01 14:38:18 +0200[diff] [blame]175for (( ATTEMPT=1; ATTEMPT<=SUBMISSION_ATTEMPTS; ATTEMPT++ )); do
176 CURL_OUTPUT=$(
177 curl \
178 --verbose \
179 --silent \
180 --show-error \
181 --fail \
182 --write-out '\n%{http_code}' \
183 --form "project=${COVERITY_PROJECT_NAME}" \
184 --form "email=${COVERITY_USER_EMAIL}" \
185 --form "token=${COVERITY_TOKEN}" \
186 --form 'file=@results.tgz' \
187 --form "version=${GIT_COMMIT:0:7}" \
188 --form "description=${GIT_BRANCH}" \
189 'https://scan.coverity.com/builds'
190 )
191 HTTP_RESPONSE_CODE=$(echo -n "${CURL_OUTPUT}" | tail -1)
192 test x"${HTTP_RESPONSE_CODE}" = x"200" \
193 && break
194
195 sleep "${SUBMISSION_REST_INTERVAL:-$SUBMISSION_INITIAL_REST_INTERVAL}"
196
197 SUBMISSION_REST_INTERVAL=$(( ${SUBMISSION_REST_INTERVAL:-$SUBMISSION_INITIAL_REST_INTERVAL} * 2 ))
198done
199
200HTTP_RESPONSE=$(echo -n "${CURL_OUTPUT}" | head -n -1 | tr -d '\n')
201if [ x"${HTTP_RESPONSE}" != x"Build successfully submitted." ]; then
202 echo "Coverity Scan service responded with '${HTTP_RESPONSE}' while 'Build successfully submitted.' expected." >&2
203 exit 1
204fi
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200[diff] [blame]205
206#-----------------------------------------------------------------------------
207
208exit 0