shell/maven-coverity.sh

   1 #!/bin/bash
   2
   3 # Copyright 2019 Samsung Electronics Co., Ltd.
   4 #
   5 # Licensed under the Apache License, Version 2.0 (the "License");
   6 # you may not use this file except in compliance with the License.
   7 # You may obtain a copy of the License at
   8 #
   9 # http://www.apache.org/licenses/LICENSE-2.0
  10 #
  11 # Unless required by applicable law or agreed to in writing, software
  12 # distributed under the License is distributed on an "AS IS" BASIS,
  13 # WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
  14 # See the License for the specific language governing permissions and
  15 # limitations under the License.
  16
  17 set -Eeuxo pipefail
  18 PS4='+['$(readlink -f "$0")' ${FUNCNAME[0]%main}#$LINENO] '
  19
  20 echo '---> maven-coverity.sh'
  21
  22 #-----------------------------------------------------------------------------
  23 # Process parameters for JS/PHP/Ruby files analysis
  24
  25 FS_CAPTURE_SEARCH_PARAMS=''
  26 if [ -n "${SEARCH_PATHS:=}" ]; then
  27   for SEARCH_PATH in ${SEARCH_PATHS}; do
  28     if [ -d "${SEARCH_PATH}" ]; then
  29       FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search '${SEARCH_PATH}'"
  30     else
  31       echo "'${SEARCH_PATH}' from \$SEARCH_PATHS is not an existing directory." >&2
  32       exit 1
  33     fi
  34   done
  35 fi
  36
  37 for EXCLUDE_REGEX in ${SEARCH_EXCLUDE_REGEXS:=}; do
  38   FS_CAPTURE_SEARCH_PARAMS="${FS_CAPTURE_SEARCH_PARAMS} --fs-capture-search-exclude-regex '${EXCLUDE_REGEX}'"
  39 done
  40
  41 #-----------------------------------------------------------------------------
  42 # Check if we are allowed to submit results to Coverity Scan service
  43 # and have not exceeded our upload quota limits
  44 # See also: https://scan.coverity.com/faq#frequency
  45
  46 CURL_OUTPUT=$(
  47   curl \
  48     --verbose \
  49     --silent \
  50     --show-error \
  51     --fail \
  52     --form "project=${COVERITY_PROJECT_NAME}" \
  53     --form "token=${COVERITY_TOKEN}" \
  54     'https://scan.coverity.com/api/upload_permitted'
  55 )
  56
  57 IS_COVERITY_UPLOAD_PERMITTED=$(
  58   echo "${CURL_OUTPUT}" \
  59   | jq '.upload_permitted'
  60 )
  61 if [ x"${IS_COVERITY_UPLOAD_PERMITTED}" != x'true' ]; then
  62   echo "Upload quota reached. Next upload permitted at "$(echo "${CURL_OUTPUT}" | jq '.next_upload_permitted_at') >&2
  63   exit 1
  64 fi
  65
  66 #-----------------------------------------------------------------------------
  67 # Get Coverity Scan build tool
  68
  69 curl \
  70   --verbose \
  71   --silent \
  72   --show-error \
  73   --fail \
  74   --form "project=${COVERITY_PROJECT_NAME}" \
  75   --form "token=${COVERITY_TOKEN}" \
  76   --output 'coverity_tool.tgz' \
  77   'https://scan.coverity.com/download/linux64'
  78
  79 curl \
  80   --verbose \
  81   --silent \
  82   --show-error \
  83   --fail \
  84   --form "project=${COVERITY_PROJECT_NAME}" \
  85   --form "token=${COVERITY_TOKEN}" \
  86   --form 'md5=1' \
  87   --output 'coverity_tool.md5' \
  88   'https://scan.coverity.com/download/linux64'
  89
  90 echo -n ' coverity_tool.tgz' >> 'coverity_tool.md5'
  91 md5sum --check 'coverity_tool.md5'
  92
  93 tar \
  94   --extract \
  95   --gunzip \
  96   --file='coverity_tool.tgz'
  97
  98 COVERITY_BUILD_TOOL_DIRECTORY=$(
  99   head -1 <( \
 100     tar \
 101       --list \
 102       --gunzip \
 103       --file='coverity_tool.tgz'
 104   )
 105 )
 106 COVERITY_BINARY_DIRECTORY="${COVERITY_BUILD_TOOL_DIRECTORY}bin"
 107 test -d "${COVERITY_BINARY_DIRECTORY}" \
 108   || exit 1
 109 export PATH="${PATH}:${COVERITY_BINARY_DIRECTORY}"
 110
 111 rm 'coverity_tool.tgz'
 112
 113 #-----------------------------------------------------------------------------
 114 # Build
 115
 116 export MAVEN_OPTS
 117
 118 eval cov-build \
 119   --dir 'cov-int' \
 120   ${FS_CAPTURE_SEARCH_PARAMS} \
 121   "${MVN}" clean install \
 122     --errors \
 123     --global-settings "${GLOBAL_SETTINGS_FILE}" \
 124     --settings "${SETTINGS_FILE}" \
 125     ${MAVEN_OPTIONS:=} \
 126     ${MAVEN_PARAMS:=}
 127
 128 cov-import-scm \
 129   --dir 'cov-int' \
 130   --scm 'git'
 131
 132 cov-manage-emit \
 133   --dir cov-int \
 134   list \
 135 | grep \
 136   --invert-match \
 137   '^Translation unit:$' \
 138 | sed \
 139   's!^[[:digit:]]\+ -> !!' \
 140 > 'coverity-scan-analysed-files.log'
 141
 142 #-----------------------------------------------------------------------------
 143 # Submit results to Coverity service
 144
 145 tar \
 146   --create \
 147   --gzip \
 148   --file='results.tgz' \
 149   'cov-int'
 150
 151 curl \
 152   --verbose \
 153   --silent \
 154   --show-error \
 155   --fail \
 156   --form "project=${COVERITY_PROJECT_NAME}" \
 157   --form "email=${COVERITY_USER_EMAIL}" \
 158   --form "token=${COVERITY_TOKEN}" \
 159   --form 'file=@results.tgz' \
 160   --form "version=${GIT_COMMIT:0:7}" \
 161   --form "description=${GIT_BRANCH}" \
 162   'https://scan.coverity.com/builds'
 163
 164 #-----------------------------------------------------------------------------
 165
 166 exit 0