xref: /aosp_15_r20/external/libbpf/scripts/coverity.sh (revision f7c14bbac8cf49633f2740db462ea43457973ec4) 
1#!/bin/bash
2# Taken from: https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh
3# Local changes are annotated with "#[local]"
4
5set -e
6
7# Environment check
8echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m"
9[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
10[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
11[ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1
12[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
13[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
14
15PLATFORM=`uname`
16#[local] Use /var/tmp for TOOL_ARCHIVE and TOOL_BASE, as on certain systems
17# /tmp is tmpfs and is sometimes too small to handle all necessary tooling
18TOOL_ARCHIVE=/var//tmp/cov-analysis-${PLATFORM}.tgz
19TOOL_URL=https://scan.coverity.com/download/${PLATFORM}
20TOOL_BASE=/var/tmp/coverity-scan-analysis
21UPLOAD_URL="https://scan.coverity.com/builds"
22SCAN_URL="https://scan.coverity.com"
23
24# Do not run on pull requests
25if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then
26  echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m"
27  exit 0
28fi
29
30# Verify this branch should run
31IS_COVERITY_SCAN_BRANCH=`ruby -e "puts '${TRAVIS_BRANCH}' =~ /\\A$COVERITY_SCAN_BRANCH_PATTERN\\z/ ? 1 : 0"`
32if [ "$IS_COVERITY_SCAN_BRANCH" = "1" ]; then
33  echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m"
34else
35  echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m"
36  exit 1
37fi
38
39# Verify upload is permitted
40AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted`
41if [ "$AUTH_RES" = "Access denied" ]; then
42  echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
43  exit 1
44else
45  AUTH=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']"`
46  if [ "$AUTH" = "true" ]; then
47    echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
48  else
49    WHEN=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']"`
50    echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
51    exit 0
52  fi
53fi
54
55if [ ! -d $TOOL_BASE ]; then
56  # Download Coverity Scan Analysis Tool
57  if [ ! -e $TOOL_ARCHIVE ]; then
58    echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
59    wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
60  fi
61
62  # Extract Coverity Scan Analysis Tool
63  echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
64  mkdir -p $TOOL_BASE
65  pushd $TOOL_BASE
66  tar xzf $TOOL_ARCHIVE
67  popd
68fi
69
70TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
71export PATH=$TOOL_DIR/bin:$PATH
72
73# Build
74echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
75COV_BUILD_OPTIONS=""
76#COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"
77RESULTS_DIR="cov-int"
78eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
79COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $COV_BUILD_OPTIONS $COVERITY_SCAN_BUILD_COMMAND
80cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt 2>&1
81
82# Upload results
83echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
84RESULTS_ARCHIVE=analysis-results.tgz
85tar czf $RESULTS_ARCHIVE $RESULTS_DIR
86SHA=`git rev-parse --short HEAD`
87
88echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
89response=$(curl \
90  --silent --write-out "\n%{http_code}\n" \
91  --form project=$COVERITY_SCAN_PROJECT_NAME \
92  --form token=$COVERITY_SCAN_TOKEN \
93  --form email=$COVERITY_SCAN_NOTIFICATION_EMAIL \
94  --form file=@$RESULTS_ARCHIVE \
95  --form version=$SHA \
96  --form description="Travis CI build" \
97  $UPLOAD_URL)
98status_code=$(echo "$response" | sed -n '$p')
99#[local] Coverity used to return 201 on success, but it's 200 now
100# See https://github.com/systemd/systemd/blob/master/tools/coverity.sh#L145
101if [ "$status_code" != "200" ]; then
102  TEXT=$(echo "$response" | sed '$d')
103  echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
104  exit 1
105fi
106