summaryrefslogtreecommitdiffstats
path: root/src/pmdk/utils/docker/run-coverity.sh
diff options
context:
space:
mode:
Diffstat (limited to 'src/pmdk/utils/docker/run-coverity.sh')
-rwxr-xr-xsrc/pmdk/utils/docker/run-coverity.sh71
1 files changed, 71 insertions, 0 deletions
diff --git a/src/pmdk/utils/docker/run-coverity.sh b/src/pmdk/utils/docker/run-coverity.sh
new file mode 100755
index 000000000..140fa753d
--- /dev/null
+++ b/src/pmdk/utils/docker/run-coverity.sh
@@ -0,0 +1,71 @@
+#!/usr/bin/env bash
+# SPDX-License-Identifier: BSD-3-Clause
+# Copyright 2017-2020, Intel Corporation
+
+#
+# run-coverity.sh - runs the Coverity scan build
+#
+
+set -e
+
+if [[ "$CI_REPO_SLUG" != "$GITHUB_REPO" \
+ && ( "$COVERITY_SCAN_NOTIFICATION_EMAIL" == "" \
+ || "$COVERITY_SCAN_TOKEN" == "" ) ]]; then
+ echo
+ echo "Skipping Coverity build:"\
+ "COVERITY_SCAN_TOKEN=\"$COVERITY_SCAN_TOKEN\" or"\
+ "COVERITY_SCAN_NOTIFICATION_EMAIL="\
+ "\"$COVERITY_SCAN_NOTIFICATION_EMAIL\" is not set"
+ exit 0
+fi
+
+# Prepare build environment
+./prepare-for-build.sh
+
+CERT_FILE=/etc/ssl/certs/ca-certificates.crt
+TEMP_CF=$(mktemp)
+cp $CERT_FILE $TEMP_CF
+
+# Download Coverity certificate
+echo -n | openssl s_client -connect scan.coverity.com:443 | \
+ sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | \
+ tee -a $TEMP_CF
+
+echo $USERPASS | sudo -S mv $TEMP_CF $CERT_FILE
+
+export COVERITY_SCAN_PROJECT_NAME="$CI_REPO_SLUG"
+[[ "$CI_EVENT_TYPE" == "cron" ]] \
+ && export COVERITY_SCAN_BRANCH_PATTERN="master" \
+ || export COVERITY_SCAN_BRANCH_PATTERN="coverity_scan"
+export COVERITY_SCAN_BUILD_COMMAND="make -j$(nproc) all"
+
+cd $WORKDIR
+
+#
+# Run the Coverity scan
+#
+
+# The 'travisci_build_coverity_scan.sh' script requires the following
+# environment variables to be set:
+# - TRAVIS_BRANCH - has to contain the name of the current branch
+# - TRAVIS_PULL_REQUEST - has to be set to 'true' in case of pull requests
+#
+export TRAVIS_BRANCH=${CI_BRANCH}
+[ "${CI_EVENT_TYPE}" == "pull_request" ] && export TRAVIS_PULL_REQUEST="true"
+
+# XXX: Patch the Coverity script.
+# Recently, this script regularly exits with an error, even though
+# the build is successfully submitted. Probably because the status code
+# is missing in response, or it's not 201.
+# Changes:
+# 1) change the expected status code to 200 and
+# 2) print the full response string.
+#
+# This change should be reverted when the Coverity script is fixed.
+#
+# The previous version was:
+# curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh | bash
+
+wget https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh
+patch < utils/docker/0001-travis-fix-travisci_build_coverity_scan.sh.patch
+bash ./travisci_build_coverity_scan.sh