blob: 5db7f33e4722ce2cc06dbe8bfb88d9aca5393a07 [file] [log] [blame]
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +02001#!/bin/bash
2
3# Copyright 2019 Samsung Electronics Co., Ltd.
4#
5# Licensed under the Apache License, Version 2.0 (the "License");
6# you may not use this file except in compliance with the License.
7# You may obtain a copy of the License at
8#
9# http://www.apache.org/licenses/LICENSE-2.0
10#
11# Unless required by applicable law or agreed to in writing, software
12# distributed under the License is distributed on an "AS IS" BASIS,
13# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14# See the License for the specific language governing permissions and
15# limitations under the License.
16
17set -Eeuxo pipefail
18PS4='+['$(readlink -f "$0")' ${FUNCNAME[0]%main}#$LINENO] '
19
20echo '---> maven-coverity.sh'
21
Artem Naluzhnyyec81f732019-08-01 14:38:18 +020022SUBMISSION_ATTEMPTS=5
23SUBMISSION_INITIAL_REST_INTERVAL=30 # seconds, will be doubled after each attempt
24
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +020025#-----------------------------------------------------------------------------
Artem Naluzhnyy59016a42019-08-11 20:48:23 +020026# Process parameters for JS/TS/Python/Ruby/PHP files analysis
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +020027
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +020028if [ -n "${SEARCH_PATHS:=}" ]; then
29 for SEARCH_PATH in ${SEARCH_PATHS}; do
30 if [ -d "${SEARCH_PATH}" ]; then
Artem Naluzhnyy59016a42019-08-11 20:48:23 +020031 FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS:=} --fs-capture-search '${SEARCH_PATH}'"
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +020032 else
33 echo "'${SEARCH_PATH}' from \$SEARCH_PATHS is not an existing directory." >&2
34 exit 1
35 fi
36 done
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +020037
Artem Naluzhnyy59016a42019-08-11 20:48:23 +020038 for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do
39 EXCLUDE_REGEX=${EXCLUDE_REGEX//\'/\'\\\'\'} # escape single quote "'"
40 FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'"
41
42 # FIXME: a hack to deal with temporary(?) non-functional filter to ignore
43 # specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex"
44 # CLI parameter for "cov-build" tool). The hack can be removed when this CLI
45 # parameter is fixed on Coverity side.
46 FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS="${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=} --tu-pattern 'file('\\''${EXCLUDE_REGEX}'\\'')'"
47 done
48fi
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +020049
50#-----------------------------------------------------------------------------
Artem Naluzhnyy373fc1c2019-06-11 17:14:07 +020051# Check if we are allowed to submit results to Coverity Scan service
52# and have not exceeded our upload quota limits
53# See also: https://scan.coverity.com/faq#frequency
54
Artem Naluzhnyy5ec3b772019-08-17 16:21:27 +020055if [ "${DRY_RUN}" != 'true' ]; then
56 CURL_OUTPUT=$(
57 curl \
58 --verbose \
59 --silent \
60 --show-error \
61 --fail \
62 --form "project=${COVERITY_PROJECT_NAME}" \
63 --form "token=${COVERITY_TOKEN}" \
64 'https://scan.coverity.com/api/upload_permitted'
65 )
Artem Naluzhnyy373fc1c2019-06-11 17:14:07 +020066
Artem Naluzhnyy5ec3b772019-08-17 16:21:27 +020067 IS_COVERITY_UPLOAD_PERMITTED=$(
68 echo "${CURL_OUTPUT}" \
69 | jq '.upload_permitted'
70 )
71 if [ x"${IS_COVERITY_UPLOAD_PERMITTED}" != x'true' ]; then
72 echo "Upload quota reached. Next upload permitted at "$(echo "${CURL_OUTPUT}" | jq '.next_upload_permitted_at') >&2
73 exit 1
74 fi
Artem Naluzhnyy373fc1c2019-06-11 17:14:07 +020075fi
76
77#-----------------------------------------------------------------------------
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +020078# Get Coverity Scan build tool
79
80curl \
81 --verbose \
82 --silent \
83 --show-error \
84 --fail \
85 --form "project=${COVERITY_PROJECT_NAME}" \
86 --form "token=${COVERITY_TOKEN}" \
87 --output 'coverity_tool.tgz' \
88 'https://scan.coverity.com/download/linux64'
89
Artem Naluzhnyy450f6c62019-06-11 17:19:40 +020090curl \
91 --verbose \
92 --silent \
93 --show-error \
94 --fail \
95 --form "project=${COVERITY_PROJECT_NAME}" \
96 --form "token=${COVERITY_TOKEN}" \
97 --form 'md5=1' \
98 --output 'coverity_tool.md5' \
99 'https://scan.coverity.com/download/linux64'
100
101echo -n ' coverity_tool.tgz' >> 'coverity_tool.md5'
102md5sum --check 'coverity_tool.md5'
103
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200104tar \
105 --extract \
106 --gunzip \
107 --file='coverity_tool.tgz'
108
109COVERITY_BUILD_TOOL_DIRECTORY=$(
110 head -1 <( \
111 tar \
112 --list \
113 --gunzip \
114 --file='coverity_tool.tgz'
115 )
116)
117COVERITY_BINARY_DIRECTORY="${COVERITY_BUILD_TOOL_DIRECTORY}bin"
118test -d "${COVERITY_BINARY_DIRECTORY}" \
119 || exit 1
120export PATH="${PATH}:${COVERITY_BINARY_DIRECTORY}"
121
122rm 'coverity_tool.tgz'
123
124#-----------------------------------------------------------------------------
125# Build
126
127export MAVEN_OPTS
128
Artem Naluzhnyy59bc0372019-07-01 10:52:48 +0200129eval cov-build \
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200130 --dir 'cov-int' \
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200131 --append-log \
132 ${FS_CAPTURE_SEARCH_PARAMS:=} \
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200133 "${MVN}" clean install \
134 --errors \
135 --global-settings "${GLOBAL_SETTINGS_FILE}" \
136 --settings "${SETTINGS_FILE}" \
137 ${MAVEN_OPTIONS:=} \
138 ${MAVEN_PARAMS:=}
139
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200140# FIXME: a hack to deal with temporary(?) non-functional filter to ignore
141# specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex"
142# CLI parameter for "cov-build" tool). The hack can be removed when this CLI
143# parameter is fixed on Coverity side.
144if [ -n "${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=}" ]; then
145 eval cov-manage-emit \
146 --dir 'cov-int' \
147 ${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS} \
148 delete
149fi
150
151# Extract git data for analysed files
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200152cov-import-scm \
153 --dir 'cov-int' \
154 --scm 'git'
155
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200156# List all analysed files from the project
Artem Naluzhnyy097f7342019-06-27 14:14:14 +0200157cov-manage-emit \
158 --dir cov-int \
159 list \
160| grep \
161 --invert-match \
162 '^Translation unit:$' \
163| sed \
Artem Naluzhnyy64ff9982019-08-16 14:12:51 +0200164 --regexp-extended \
165 's!^[[:digit:]]+ -> !!' \
Artem Naluzhnyy59016a42019-08-11 20:48:23 +0200166| sort \
Artem Naluzhnyy64ff9982019-08-16 14:12:51 +0200167> 'cov-int/coverity-scan-analysed-files.txt'
168
169# List all analyzed files that are not tracked by SCM repository
170cov-manage-emit \
171 --dir cov-int \
172 list-scm-unknown \
173| sed \
174 --regexp-extended \
175 's!^[^ ]+ !!' \
176| sort \
177> 'cov-int/scm-untracked-files.txt'
Artem Naluzhnyy097f7342019-06-27 14:14:14 +0200178
Artem Naluzhnyyf8fd3e42019-08-17 17:18:28 +0200179if [ -s 'cov-int/scm-untracked-files.txt' ]; then
180 echo '[WARNING] There are some files analysed but not tracked by SCM repository.' \
181 'There might be 3rd-party or auto-generated sources. See details in' \
182 '"cov-int/scm-untracked-files.txt" file.' \
183 >&2
184fi
185
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200186#-----------------------------------------------------------------------------
187# Submit results to Coverity service
188
Artem Naluzhnyy5ec3b772019-08-17 16:21:27 +0200189if [ "${DRY_RUN}" != 'true' ]; then
190 tar \
191 --create \
192 --gzip \
193 --file='results.tgz' \
194 'cov-int'
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200195
Artem Naluzhnyy5ec3b772019-08-17 16:21:27 +0200196 for (( ATTEMPT=1; ATTEMPT<=SUBMISSION_ATTEMPTS; ATTEMPT++ )); do
197 CURL_OUTPUT=$(
198 curl \
199 --verbose \
200 --silent \
201 --show-error \
202 --fail \
203 --write-out '\n%{http_code}' \
204 --form "project=${COVERITY_PROJECT_NAME}" \
205 --form "email=${COVERITY_USER_EMAIL}" \
206 --form "token=${COVERITY_TOKEN}" \
207 --form 'file=@results.tgz' \
208 --form "version=${GIT_COMMIT:0:7}" \
209 --form "description=${GIT_BRANCH}" \
210 'https://scan.coverity.com/builds'
211 )
212 HTTP_RESPONSE_CODE=$(echo -n "${CURL_OUTPUT}" | tail -1)
213 test x"${HTTP_RESPONSE_CODE}" = x"200" \
214 && break
Artem Naluzhnyyec81f732019-08-01 14:38:18 +0200215
Artem Naluzhnyy5ec3b772019-08-17 16:21:27 +0200216 sleep "${SUBMISSION_REST_INTERVAL:-$SUBMISSION_INITIAL_REST_INTERVAL}"
Artem Naluzhnyyec81f732019-08-01 14:38:18 +0200217
Artem Naluzhnyy5ec3b772019-08-17 16:21:27 +0200218 SUBMISSION_REST_INTERVAL=$(( ${SUBMISSION_REST_INTERVAL:-$SUBMISSION_INITIAL_REST_INTERVAL} * 2 ))
219 done
Artem Naluzhnyyec81f732019-08-01 14:38:18 +0200220
Artem Naluzhnyy5ec3b772019-08-17 16:21:27 +0200221 HTTP_RESPONSE=$(echo -n "${CURL_OUTPUT}" | head -n -1 | tr -d '\n')
222 if [ x"${HTTP_RESPONSE}" != x"Build successfully submitted." ]; then
223 echo "Coverity Scan service responded with '${HTTP_RESPONSE}' while 'Build successfully submitted.' expected." >&2
224 exit 1
225 fi
Artem Naluzhnyyec81f732019-08-01 14:38:18 +0200226fi
Artem Naluzhnyy6ba95782019-06-10 16:39:54 +0200227
228#-----------------------------------------------------------------------------
229
230exit 0