# This Source Code Form is subject to the terms of the Mozilla Public
# License, v. 2.0. If a copy of the MPL was not distributed with this
# file, You can obtain one at http://mozilla.org/MPL/2.0/.
---
job-defaults:
    # Run only on try and code-review tasks
    # to avoid running Coverity SA on the whole codebase
    run-on-projects: []
    platform: linux64/opt
    worker-type:
        by-platform:
            linux64.*: b-linux
    worker:
        docker-image: {in-tree: debian10-amd64-build}
        max-run-time: 5400
    treeherder:
        kind: other
        tier: 2
    run:
        using: run-task
        tooltool-downloads: public
    fetches:
        toolchain:
            - linux64-clang-10
            - linux64-rust
            - linux64-cbindgen
            - linux64-nasm
            - linux64-node
            - linux64-lucetc
            - wasi-sysroot
    when:
        # Extension list from https://hg.mozilla.org/mozilla-central/file/default/python/mozbuild/mozbuild/mach_commands.py#l1664
        files-changed:
            - '**/*.c'
            - '**/*.cpp'
            - '**/*.cc'
            - '**/*.cxx'
            - '**/*.m'
            - '**/*.mm'
            - '**/*.h'
            - '**/*.hh'
            - '**/*.hpp'
            - '**/*.hxx'

coverity:
    description: Run static-analysis (Coverity) on C/C++ patches
    attributes:
        code-review: true
    treeherder:
        symbol: cpp(coverity)
    run:
        cwd: '{checkout}'
        command: >-
            source taskcluster/scripts/misc/source-test-clang-setup.sh &&
            ./mach --log-no-times static-analysis check-coverity --outgoing --output $HOME/coverity.json
    scopes:
        - secrets:get:project/relman/coverity
    worker:
        artifacts:
            - type: file
              name: public/code-review/coverity.json
              path: /builds/worker/coverity.json
            - type: file
              name: public/code-review/coverity-orig.json
              path: /builds/worker/workspace/coverity/cov-results.json

coverity-full-analysis:
    description: Run Coverity based static-analysis on the entire Gecko repo
    treeherder:
        symbol: Static-Analysis(coverity-full-analysis)
    worker-type:
        by-platform:
            linux64.*: b-linux-xlarge
    run-on-projects: []
    run:
        cwd: '{checkout}'
        command: >-
            source taskcluster/scripts/misc/source-test-clang-setup.sh &&
            ./mach --log-no-times static-analysis check-coverity --full-build
    scopes:
        - secrets:get:project/relman/coverity
    worker:
        max-run-time: 14400
    when:
        files-changed:
            - '**/*.c'
            - '**/*.cpp'
            - '**/*.cc'
            - '**/*.cxx'
            - '**/*.m'
            - '**/*.mm'
            - '**/*.h'
            - '**/*.hh'
            - '**/*.hpp'
            - '**/*.hxx'
            - '**/*.py'
            - '**/*.js'