jjb/ci-management/ci-management-coverity.yaml

   1 ---
   2 # Coverity Scan static analysis
   3
   4 - job-template:
   5       name: "{project-name}-coverity"
   6       id: onap-gerrit-maven-coverity
   7       description: >
   8           <hr/>
   9           <h2>How to access Coverity Scan static analysis results</h2>
  10           <ol>
  11             <li>Visit <a href="https://scan.coverity.com/projects/{coverity-project-name}">Coverity Scan
  12               project page</a>.</li>
  13             <li>If you have not been added to the project on Coverity Scan service yet:
  14               <ol>
  15                 <li>Click on <a href="https://scan.coverity.com/memberships/new?project_id={coverity-project-name}">
  16                   Add me to project</a>.</li>
  17                 <li>Wait till the project administrators grant you appropriate permissions.</li>
  18               </ol>
  19             <li>Click on <a href="https://scan.coverity.com/projects/{coverity-project-name}/view_defects">
  20               View Defects</a>.</li>
  21           </ol>
  22           <p>Please note that processing data takes some time. You will get an email when it's done.</p>
  23           <p>See more <a href="https://wiki.onap.org/x/Y6vQAw">Coverity Scan HOWTOs</a> on ONAP Developer Wiki.</p>
  24           <hr/>
  25
  26       project-type: freestyle
  27       node: "{build-node}"
  28       branch: master
  29       build-days-to-keep: 7
  30       build-timeout: 240
  31       cron: "@daily"
  32       disabled: false
  33       dry-run: false
  34       git-url: "$GIT_URL/$PROJECT"
  35       java-version: openjdk8
  36       mvn-global-settings: global-settings
  37       mvn-opts: ""
  38       mvn-params: ""
  39       mvn-version: mvn35
  40       coverity-project-name: ""
  41       coverity-token: ""
  42       coverity-user-email: ""
  43       coverity-search-paths: ""
  44       coverity-search-exclude-regexs: ""
  45       max-git-repo-age-hours: 0
  46       stream: master
  47       submodule-recursive: true
  48       submodule-timeout: 10
  49       submodule-disable: false
  50       archive-artifacts: >
  51           cov-int/BUILD.metrics.xml
  52           cov-int/build-log.txt
  53           cov-int/build-timings.txt
  54           cov-int/cov-import-scm-timings.txt
  55           cov-int/coverity-scan-analysed-files.txt
  56           cov-int/scm-untracked-files.txt
  57           cov-int/failed_jsp/*
  58           cov-int/java-security-da-input.dat
  59           cov-int/java-security-da-whitelist.dat
  60           cov-int/jsp-compilation-log.txt
  61           cov-int/jsp-debug-log.txt
  62           cov-int/security.log
  63
  64       properties:
  65           - lf-infra-properties:
  66                 build-days-to-keep: "{build-days-to-keep}"
  67
  68       parameters:
  69           - lf-infra-parameters:
  70                 project: "{project}"
  71                 branch: "{branch}"
  72                 stream: "{stream}"
  73           - lf-infra-maven-parameters:
  74                 mvn-opts: "{mvn-opts}"
  75                 mvn-params: "{mvn-params}"
  76                 mvn-version: "{mvn-version}"
  77           - string:
  78                 name: ARCHIVE_ARTIFACTS
  79                 default: "{archive-artifacts}"
  80                 description: Artifacts to archive to the logs server.
  81           - string:
  82                 name: SEARCH_PATHS
  83                 default: "{coverity-search-paths}"
  84                 description: >
  85                     Additional directories to search for files to analyse by Coverity
  86                     Scan service (space separated).
  87           - string:
  88                 name: SEARCH_EXCLUDE_REGEXS
  89                 default: "{coverity-search-exclude-regexs}"
  90                 description: >
  91                     File path patterns to exclude from analysis by Coverity Scan
  92                     service (e.g. 3rd-party or auto-generated sources, space
  93                     separated).
  94           - string:
  95                 name: COVERITY_USER_EMAIL
  96                 default: "{coverity-user-email}"
  97                 description: >
  98                     E-mail address to receive analysis status report after submittion.
  99                     It must be a registered user on Coverity Scan service added as a
 100                     member to appropriate Coverity Scan project with "Maintainer/Owner"
 101                     role.
 102           - bool:
 103                 name: DRY_RUN
 104                 default: "{dry-run}"
 105                 description: Do not submit results to Coverity Scan server at the end of the build.
 106           - string:
 107                 name: "MAX_GIT_REPO_AGE_HOURS"
 108                 default: "{max-git-repo-age-hours}"
 109                 description: >
 110                     If set to non-zero run the code scan only if there were no git
 111                     repository commits last MAX_GIT_REPO_AGE_HOURS hours.
 112                     It makes sense to set the value twice the 'cron' interval for the
 113                     job (e.g. if 'cron: @daily', then MAX_GIT_REPO_AGE_HOURS=48)
 114
 115       triggers:
 116           - timed: "{obj:cron}"
 117
 118       wrappers:
 119           - lf-infra-wrappers:
 120                 build-timeout: "{build-timeout}"
 121                 jenkins-ssh-credential: "{jenkins-ssh-credential}"
 122
 123       builders:
 124           - lf-infra-pre-build
 125           - lf-maven-install:
 126                 mvn-version: "{mvn-version}"
 127           - lf-update-java-alternatives:
 128                 java-version: "{java-version}"
 129           - lf-provide-maven-settings:
 130                 global-settings-file: global-settings
 131                 settings-file: "{mvn-settings}"
 132           - inject:
 133                 properties-content: |
 134                     COVERITY_PROJECT_NAME={coverity-project-name}
 135                     COVERITY_TOKEN={coverity-token}
 136           - shell: !include-raw-escape:
 137                 - ../../global-jjb/shell/common-variables.sh
 138                 - ../../shell/maven-coverity.sh
 139           - lf-provide-maven-settings-cleanup
 140
 141       publishers:
 142           - lf-infra-publish
 143
 144       scm:
 145           - lf-infra-gerrit-scm:
 146                 jenkins-ssh-credential: "{jenkins-ssh-credential}"
 147                 git-url: "{git-url}"
 148                 refspec: $GERRIT_REFSPEC
 149                 branch: $GERRIT_BRANCH
 150                 submodule-recursive: "{submodule-recursive}"
 151                 submodule-timeout: "{submodule-timeout}"
 152                 submodule-disable: "{submodule-disable}"
 153                 choosing-strategy: default