shell/maven-coverity.sh

   1 #!/bin/bash
   2
   3 # Copyright 2019 Samsung Electronics Co., Ltd.
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 # http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16
  17 set -Eeuxo pipefail
  18 PS4='+['$(readlink -f "$0")' ${FUNCNAME[0]%main}#$LINENO] '
  19
  20 echo '---> maven-coverity.sh'
  21
  22 SUBMISSION_ATTEMPTS=5
  23 SUBMISSION_INITIAL_REST_INTERVAL=30 # seconds, will be doubled after each attempt
  24
  25 #-----------------------------------------------------------------------------
  26 # Process parameters for JS/PHP/Ruby files analysis
  27
  28 FS_CAPTURE_SEARCH_PARAMS=''
  29 if [ -n "${SEARCH_PATHS:=}" ]; then
  30   for SEARCH_PATH in ${SEARCH_PATHS}; do
  31     if [ -d "${SEARCH_PATH}" ]; then
  32       FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search '${SEARCH_PATH}'"
  33     else
  34       echo "'${SEARCH_PATH}' from \$SEARCH_PATHS is not an existing directory." >&2
  35       exit 1
  36     fi
  37   done
  38 fi
  39
  40 for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do
  41   FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'"
  42 done
  43
  44 #-----------------------------------------------------------------------------
  45 # Check if we are allowed to submit results to Coverity Scan service
  46 # and have not exceeded our upload quota limits
  47 # See also: https://scan.coverity.com/faq#frequency
  48
  49 CURL_OUTPUT=$(
  50   curl \
  51     --verbose \
  52     --silent \
  53     --show-error \
  54     --fail \
  55     --form "project=${COVERITY_PROJECT_NAME}" \
  56     --form "token=${COVERITY_TOKEN}" \
  57     'https://scan.coverity.com/api/upload_permitted'
  58 )
  59
  60 IS_COVERITY_UPLOAD_PERMITTED=$(
  61   echo "${CURL_OUTPUT}" \
  62   | jq '.upload_permitted'
  63 )
  64 if [ x"${IS_COVERITY_UPLOAD_PERMITTED}" != x'true' ]; then
  65   echo "Upload quota reached. Next upload permitted at "$(echo "${CURL_OUTPUT}" | jq '.next_upload_permitted_at') >&2
  66   exit 1
  67 fi
  68
  69 #-----------------------------------------------------------------------------
  70 # Get Coverity Scan build tool
  71
  72 curl \
  73   --verbose \
  74   --silent \
  75   --show-error \
  76   --fail \
  77   --form "project=${COVERITY_PROJECT_NAME}" \
  78   --form "token=${COVERITY_TOKEN}" \
  79   --output 'coverity_tool.tgz' \
  80   'https://scan.coverity.com/download/linux64'
  81
  82 curl \
  83   --verbose \
  84   --silent \
  85   --show-error \
  86   --fail \
  87   --form "project=${COVERITY_PROJECT_NAME}" \
  88   --form "token=${COVERITY_TOKEN}" \
  89   --form 'md5=1' \
  90   --output 'coverity_tool.md5' \
  91   'https://scan.coverity.com/download/linux64'
  92
  93 echo -n ' coverity_tool.tgz' >> 'coverity_tool.md5'
  94 md5sum --check 'coverity_tool.md5'
  95
  96 tar \
  97   --extract \
  98   --gunzip \
  99   --file='coverity_tool.tgz'
 100
 101 COVERITY_BUILD_TOOL_DIRECTORY=$(
 102   head -1 <( \
 103     tar \
 104       --list \
 105       --gunzip \
 106       --file='coverity_tool.tgz'
 107   )
 108 )
 109 COVERITY_BINARY_DIRECTORY="${COVERITY_BUILD_TOOL_DIRECTORY}bin"
 110 test -d "${COVERITY_BINARY_DIRECTORY}" \
 111   || exit 1
 112 export PATH="${PATH}:${COVERITY_BINARY_DIRECTORY}"
 113
 114 rm 'coverity_tool.tgz'
 115
 116 #-----------------------------------------------------------------------------
 117 # Build
 118
 119 export MAVEN_OPTS
 120
 121 eval cov-build \
 122   --dir 'cov-int' \
 123   ${FS_CAPTURE_SEARCH_PARAMS} \
 124   "${MVN}" clean install \
 125     --errors \
 126     --global-settings "${GLOBAL_SETTINGS_FILE}" \
 127     --settings "${SETTINGS_FILE}" \
 128     ${MAVEN_OPTIONS:=} \
 129     ${MAVEN_PARAMS:=}
 130
 131 cov-import-scm \
 132   --dir 'cov-int' \
 133   --scm 'git'
 134
 135 cov-manage-emit \
 136   --dir cov-int \
 137   list \
 138 | grep \
 139   --invert-match \
 140   '^Translation unit:$' \
 141 | sed \
 142   's!^[[:digit:]]\+ -> !!' \
 143 > 'coverity-scan-analysed-files.log'
 144
 145 #-----------------------------------------------------------------------------
 146 # Submit results to Coverity service
 147
 148 tar \
 149   --create \
 150   --gzip \
 151   --file='results.tgz' \
 152   'cov-int'
 153
 154 for (( ATTEMPT=1; ATTEMPT<=SUBMISSION_ATTEMPTS; ATTEMPT++ )); do
 155   CURL_OUTPUT=$(
 156     curl \
 157       --verbose \
 158       --silent \
 159       --show-error \
 160       --fail \
 161       --write-out '\n%{http_code}' \
 162       --form "project=${COVERITY_PROJECT_NAME}" \
 163       --form "email=${COVERITY_USER_EMAIL}" \
 164       --form "token=${COVERITY_TOKEN}" \
 165       --form 'file=@results.tgz' \
 166       --form "version=${GIT_COMMIT:0:7}" \
 167       --form "description=${GIT_BRANCH}" \
 168       'https://scan.coverity.com/builds'
 169   )
 170   HTTP_RESPONSE_CODE=$(echo -n "${CURL_OUTPUT}" | tail -1)
 171   test x"${HTTP_RESPONSE_CODE}" = x"200" \
 172     && break
 173
 174   sleep "${SUBMISSION_REST_INTERVAL:-$SUBMISSION_INITIAL_REST_INTERVAL}"
 175
 176   SUBMISSION_REST_INTERVAL=$(( ${SUBMISSION_REST_INTERVAL:-$SUBMISSION_INITIAL_REST_INTERVAL} * 2 ))
 177 done
 178
 179 HTTP_RESPONSE=$(echo -n "${CURL_OUTPUT}" | head -n -1 | tr -d '\n')
 180 if [ x"${HTTP_RESPONSE}" != x"Build successfully submitted." ]; then
 181   echo "Coverity Scan service responded with '${HTTP_RESPONSE}' while 'Build successfully submitted.' expected." >&2
 182   exit 1
 183 fi
 184
 185 #-----------------------------------------------------------------------------
 186
 187 exit 0