3 # Copyright 2019 Samsung Electronics Co., Ltd.
5 # Licensed under the Apache License, Version 2.0 (the "License");
6 # you may not use this file except in compliance with the License.
7 # You may obtain a copy of the License at
9 # http://www.apache.org/licenses/LICENSE-2.0
11 # Unless required by applicable law or agreed to in writing, software
12 # distributed under the License is distributed on an "AS IS" BASIS,
13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
14 # See the License for the specific language governing permissions and
15 # limitations under the License.
18 PS4='+['$(readlink -f "$0")' ${FUNCNAME[0]%main}#$LINENO] '
20 echo '---> maven-coverity.sh'
23 SUBMISSION_INITIAL_REST_INTERVAL=30 # seconds, will be doubled after each attempt
25 #-----------------------------------------------------------------------------
26 # Process parameters for JS/TS/Python/Ruby/PHP files analysis
28 if [ -n "${SEARCH_PATHS:=}" ]; then
29 for SEARCH_PATH in ${SEARCH_PATHS}; do
30 if [ -d "${SEARCH_PATH}" ]; then
31 FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS:=} --fs-capture-search '${SEARCH_PATH}'"
33 echo "'${SEARCH_PATH}' from \$SEARCH_PATHS is not an existing directory." >&2
38 for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do
39 EXCLUDE_REGEX=${EXCLUDE_REGEX//\'/\'\\\'\'} # escape single quote "'"
40 FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'"
42 # FIXME: a hack to deal with temporary(?) non-functional filter to ignore
43 # specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex"
44 # CLI parameter for "cov-build" tool). The hack can be removed when this CLI
45 # parameter is fixed on Coverity side.
46 FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS="${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=} --tu-pattern 'file('\\''${EXCLUDE_REGEX}'\\'')'"
50 #-----------------------------------------------------------------------------
51 # Check if we are allowed to submit results to Coverity Scan service
52 # and have not exceeded our upload quota limits
53 # See also: https://scan.coverity.com/faq#frequency
61 --form "project=${COVERITY_PROJECT_NAME}" \
62 --form "token=${COVERITY_TOKEN}" \
63 'https://scan.coverity.com/api/upload_permitted'
66 IS_COVERITY_UPLOAD_PERMITTED=$(
67 echo "${CURL_OUTPUT}" \
68 | jq '.upload_permitted'
70 if [ x"${IS_COVERITY_UPLOAD_PERMITTED}" != x'true' ]; then
71 echo "Upload quota reached. Next upload permitted at "$(echo "${CURL_OUTPUT}" | jq '.next_upload_permitted_at') >&2
75 #-----------------------------------------------------------------------------
76 # Get Coverity Scan build tool
83 --form "project=${COVERITY_PROJECT_NAME}" \
84 --form "token=${COVERITY_TOKEN}" \
85 --output 'coverity_tool.tgz' \
86 'https://scan.coverity.com/download/linux64'
93 --form "project=${COVERITY_PROJECT_NAME}" \
94 --form "token=${COVERITY_TOKEN}" \
96 --output 'coverity_tool.md5' \
97 'https://scan.coverity.com/download/linux64'
99 echo -n ' coverity_tool.tgz' >> 'coverity_tool.md5'
100 md5sum --check 'coverity_tool.md5'
105 --file='coverity_tool.tgz'
107 COVERITY_BUILD_TOOL_DIRECTORY=$(
112 --file='coverity_tool.tgz'
115 COVERITY_BINARY_DIRECTORY="${COVERITY_BUILD_TOOL_DIRECTORY}bin"
116 test -d "${COVERITY_BINARY_DIRECTORY}" \
118 export PATH="${PATH}:${COVERITY_BINARY_DIRECTORY}"
120 rm 'coverity_tool.tgz'
122 #-----------------------------------------------------------------------------
130 ${FS_CAPTURE_SEARCH_PARAMS:=} \
131 "${MVN}" clean install \
133 --global-settings "${GLOBAL_SETTINGS_FILE}" \
134 --settings "${SETTINGS_FILE}" \
138 # FIXME: a hack to deal with temporary(?) non-functional filter to ignore
139 # specific source code parts by Coverity Scan ("--fs-capture-search-exclude-regex"
140 # CLI parameter for "cov-build" tool). The hack can be removed when this CLI
141 # parameter is fixed on Coverity side.
142 if [ -n "${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS:=}" ]; then
143 eval cov-manage-emit \
145 ${FS_CAPTURE_SEARCH_EXCLUDE_HACK_PARAMS} \
149 # Extract git data for analysed files
154 # List all analysed files from the project
160 '^Translation unit:$' \
162 's!^[[:digit:]]\+ -> !!' \
164 > 'coverity-scan-analysed-files.log'
166 #-----------------------------------------------------------------------------
167 # Submit results to Coverity service
172 --file='results.tgz' \
175 for (( ATTEMPT=1; ATTEMPT<=SUBMISSION_ATTEMPTS; ATTEMPT++ )); do
182 --write-out '\n%{http_code}' \
183 --form "project=${COVERITY_PROJECT_NAME}" \
184 --form "email=${COVERITY_USER_EMAIL}" \
185 --form "token=${COVERITY_TOKEN}" \
186 --form 'file=@results.tgz' \
187 --form "version=${GIT_COMMIT:0:7}" \
188 --form "description=${GIT_BRANCH}" \
189 'https://scan.coverity.com/builds'
191 HTTP_RESPONSE_CODE=$(echo -n "${CURL_OUTPUT}" | tail -1)
192 test x"${HTTP_RESPONSE_CODE}" = x"200" \
195 sleep "${SUBMISSION_REST_INTERVAL:-$SUBMISSION_INITIAL_REST_INTERVAL}"
197 SUBMISSION_REST_INTERVAL=$(( ${SUBMISSION_REST_INTERVAL:-$SUBMISSION_INITIAL_REST_INTERVAL} * 2 ))
200 HTTP_RESPONSE=$(echo -n "${CURL_OUTPUT}" | head -n -1 | tr -d '\n')
201 if [ x"${HTTP_RESPONSE}" != x"Build successfully submitted." ]; then
202 echo "Coverity Scan service responded with '${HTTP_RESPONSE}' while 'Build successfully submitted.' expected." >&2
206 #-----------------------------------------------------------------------------