---
# Coverity Scan static analysis
- job-template:
name: "{project-name}-coverity"
id: onap-gerrit-maven-coverity
description: >
How to access Coverity Scan static analysis results
- Visit Coverity Scan
project page.
- If you have not been added to the project on Coverity Scan service yet:
- Click on
Add me to project.
- Wait till the project administrators grant you appropriate permissions.
- Click on
View Defects.
Please note that processing data takes some time. You will get an email when it's done.
See more Coverity Scan HOWTOs on ONAP Developer Wiki.
project-type: freestyle
node: "{build-node}"
branch: master
build-days-to-keep: 7
build-timeout: 240
cron: "@daily"
disabled: false
dry-run: false
git-url: "$GIT_URL/$PROJECT"
java-version: openjdk8
mvn-global-settings: global-settings
mvn-opts: ""
mvn-params: ""
mvn-version: mvn35
coverity-project-name: ""
coverity-token: ""
coverity-user-email: ""
coverity-search-paths: ""
coverity-search-exclude-regexs: ""
max-git-repo-age-hours: 0
stream: master
submodule-recursive: true
submodule-timeout: 10
submodule-disable: false
archive-artifacts: >
cov-int/BUILD.metrics.xml
cov-int/build-log.txt
cov-int/build-timings.txt
cov-int/cov-import-scm-timings.txt
cov-int/coverity-scan-analysed-files.txt
cov-int/scm-untracked-files.txt
cov-int/failed_jsp/*
cov-int/java-security-da-input.dat
cov-int/java-security-da-whitelist.dat
cov-int/jsp-compilation-log.txt
cov-int/jsp-debug-log.txt
cov-int/security.log
properties:
- lf-infra-properties:
build-days-to-keep: "{build-days-to-keep}"
parameters:
- lf-infra-parameters:
project: "{project}"
branch: "{branch}"
stream: "{stream}"
- lf-infra-maven-parameters:
mvn-opts: "{mvn-opts}"
mvn-params: "{mvn-params}"
mvn-version: "{mvn-version}"
- string:
name: ARCHIVE_ARTIFACTS
default: "{archive-artifacts}"
description: Artifacts to archive to the logs server.
- string:
name: SEARCH_PATHS
default: "{coverity-search-paths}"
description: >
Additional directories to search for files to analyse by Coverity
Scan service (space separated).
- string:
name: SEARCH_EXCLUDE_REGEXS
default: "{coverity-search-exclude-regexs}"
description: >
File path patterns to exclude from analysis by Coverity Scan
service (e.g. 3rd-party or auto-generated sources, space
separated).
- string:
name: COVERITY_USER_EMAIL
default: "{coverity-user-email}"
description: >
E-mail address to receive analysis status report after submittion.
It must be a registered user on Coverity Scan service added as a
member to appropriate Coverity Scan project with "Maintainer/Owner"
role.
- bool:
name: DRY_RUN
default: "{dry-run}"
description: Do not submit results to Coverity Scan server at the end of the build.
- string:
name: "MAX_GIT_REPO_AGE_HOURS"
default: "{max-git-repo-age-hours}"
description: >
If set to non-zero run the code scan only if there were no git
repository commits last MAX_GIT_REPO_AGE_HOURS hours.
It makes sense to set the value twice the 'cron' interval for the
job (e.g. if 'cron: @daily', then MAX_GIT_REPO_AGE_HOURS=48)
triggers:
- timed: "{obj:cron}"
wrappers:
- lf-infra-wrappers:
build-timeout: "{build-timeout}"
jenkins-ssh-credential: "{jenkins-ssh-credential}"
builders:
- lf-infra-pre-build
- lf-maven-install:
mvn-version: "{mvn-version}"
- lf-update-java-alternatives:
java-version: "{java-version}"
- lf-provide-maven-settings:
global-settings-file: global-settings
settings-file: "{mvn-settings}"
- inject:
properties-content: |
COVERITY_PROJECT_NAME={coverity-project-name}
COVERITY_TOKEN={coverity-token}
- shell: !include-raw-escape:
- ../../global-jjb/shell/common-variables.sh
- ../../shell/maven-coverity.sh
- lf-provide-maven-settings-cleanup
publishers:
- lf-infra-publish
scm:
- lf-infra-gerrit-scm:
jenkins-ssh-credential: "{jenkins-ssh-credential}"
git-url: "{git-url}"
refspec: $GERRIT_REFSPEC
branch: $GERRIT_BRANCH
submodule-recursive: "{submodule-recursive}"
submodule-timeout: "{submodule-timeout}"
submodule-disable: "{submodule-disable}"
choosing-strategy: default