summaryrefslogtreecommitdiffstats
path: root/coverity-scan.sh
diff options
context:
space:
mode:
Diffstat (limited to 'coverity-scan.sh')
-rwxr-xr-xcoverity-scan.sh210
1 files changed, 0 insertions, 210 deletions
diff --git a/coverity-scan.sh b/coverity-scan.sh
deleted file mode 100755
index 8466b21a7..000000000
--- a/coverity-scan.sh
+++ /dev/null
@@ -1,210 +0,0 @@
-#!/usr/bin/env bash
-#
-# Coverity scan script
-#
-# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
-#
-# Author : Costa Tsaousis (costa@netdata.cloud)
-# Author : Pawel Krupa (paulfantom)
-# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
-# shellcheck disable=SC1091,SC2230,SC2086
-
-# To run manually, save configuration to .coverity-scan.conf like this:
-#
-# the repository to report to coverity - devs can set here their own fork
-# REPOSITORY="netdata/netdata"
-#
-# the email of the developer, as given to coverity
-# COVERITY_SCAN_SUBMIT_MAIL="you@example.com"
-#
-# the token given by coverity to the developer
-# COVERITY_SCAN_TOKEN="TOKEN taken from Coverity site"
-#
-# the absolute path of the cov-build - optional
-# COVERITY_BUILD_PATH="/opt/cov-analysis-linux64-2021.12/bin/cov-build"
-#
-# when set, the script will print on screen the curl command that submits the build to coverity
-# this includes the token, so the default is not to print it.
-# COVERITY_SUBMIT_DEBUG=1
-#
-# Override the standard coverity build version we know is supported
-# COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
-#
-# All these variables can also be exported before running this script.
-#
-# If the first parameter of this script is "install",
-# coverity build tools will be downloaded and installed in /opt/coverity
-
-set -e
-
-INSTALL_DIR="/opt"
-
-# the version of coverity to use
-COVERITY_BUILD_VERSION="${COVERITY_BUILD_VERSION:-cov-analysis-linux64-2023.6.2}"
-
-# TODO: For some reasons this does not fully load on Debian 10 (Haven't checked if it happens on other distros yet), it breaks
-source packaging/installer/functions.sh || echo "Failed to fully load the functions library"
-
-cpus=$(find_processors)
-[ -z "${cpus}" ] && cpus=1
-
-if [ -f ".coverity-scan.conf" ]; then
- source ".coverity-scan.conf"
-fi
-
-repo="${REPOSITORY}"
-if [ -z "${repo}" ]; then
- fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
-fi
-repo="${repo//\//%2F}"
-
-email="${COVERITY_SCAN_SUBMIT_MAIL}"
-if [ -z "${email}" ]; then
- fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
-fi
-
-token="${COVERITY_SCAN_TOKEN}"
-if [ -z "${token}" ]; then
- fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
-fi
-
-if ! command -v curl > /dev/null 2>&1; then
- fatal "CURL is required for coverity scan to work"
-fi
-
-# only print the output of a command
-# when debugging is enabled
-# used to hide the token when debugging is not enabled
-debugrun() {
- if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]; then
- run "${@}"
- return $?
- else
- "${@}"
- return $?
- fi
-}
-
-scanit() {
- progress "Scanning using coverity"
- COVERITY_PATH=$(find "${INSTALL_DIR}" -maxdepth 1 -name 'cov*linux*')
- export PATH=${PATH}:${COVERITY_PATH}/bin/
- covbuild="${COVERITY_BUILD_PATH}"
- [ -z "${covbuild}" ] && covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
-
- if [ -z "${covbuild}" ]; then
- fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
- elif [ ! -x "${covbuild}" ]; then
- fatal "The command '${covbuild}' is not executable. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
- fi
-
- version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)"
- progress "Working on netdata version: ${version}"
-
- progress "Cleaning up old builds..."
- run make clean || echo >&2 "Nothing to clean"
-
- [ -d "cov-int" ] && rm -rf "cov-int"
-
- [ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz
-
- progress "Configuring netdata source..."
-
- run autoreconf -ivf
- run ./configure ${OTHER_OPTIONS}
-
- progress "Analyzing netdata..."
- run "${covbuild}" --dir cov-int make -j${cpus}
-
- echo >&2 "Compressing analysis..."
- run tar czvf netdata-coverity-analysis.tgz cov-int
-
- echo >&2 "Sending analysis to coverity for netdata version ${version} ..."
- COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \
- --form token="${token}" \
- --form email="${email}" \
- --form file=@netdata-coverity-analysis.tgz \
- --form version="${version}" \
- --form description="netdata, monitor everything, in real-time." \
- https://scan.coverity.com/builds?project="${repo}")
-
- echo "${COVERITY_SUBMIT_RESULT}" | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
-
- progress "Coverity scan completed"
-}
-
-installit() {
- ORIGINAL_DIR="${PWD}"
- TMP_DIR="$(mktemp -d /tmp/netdata-coverity-scan-XXXXX)"
- progress "Downloading coverity in ${TMP_DIR}..."
- cd "${TMP_DIR}"
-
- debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64
-
- if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then
- progress "Installing coverity..."
- cd "${INSTALL_DIR}"
-
- run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
- rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz"
- COVERITY_PATH=$(find "${INSTALL_DIR}" -maxdepth 1 -name 'cov*linux*')
- export PATH=${PATH}:${COVERITY_PATH}/bin/
- elif find . -name "*.tar.gz" > /dev/null 2>&1; then
- ls ./*.tar.gz
- fatal "Downloaded coverity tool tarball does not appear to be the version we were expecting, exiting."
- else
- fatal "Failed to download coverity tool tarball!"
- fi
-
- # Validate the installation
- covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
- if [ -z "$covbuild" ]; then
- fatal "Failed to install coverity."
- fi
-
- progress "Coverity scan tools are installed."
- cd "$ORIGINAL_DIR"
-
- # Clean temp directory
- [ -n "${TMP_DIR}" ] && rm -rf "${TMP_DIR}"
- return 0
-}
-
-OTHER_OPTIONS="--disable-lto"
-OTHER_OPTIONS+=" --with-zlib"
-OTHER_OPTIONS+=" --with-math"
-OTHER_OPTIONS+=" --enable-lz4"
-OTHER_OPTIONS+=" --enable-openssl"
-OTHER_OPTIONS+=" --enable-jsonc"
-OTHER_OPTIONS+=" --enable-plugin-nfacct"
-OTHER_OPTIONS+=" --enable-plugin-freeipmi"
-OTHER_OPTIONS+=" --enable-plugin-cups"
-OTHER_OPTIONS+=" --enable-exporting-prometheus-remote-write"
-# TODO: enable these plugins too
-#OTHER_OPTIONS+=" --enable-plugin-xenstat"
-#OTHER_OPTIONS+=" --enable-exporting-kinesis"
-#OTHER_OPTIONS+=" --enable-exporting-mongodb"
-
-FOUND_OPTS="NO"
-while [ -n "${1}" ]; do
- if [ "${1}" = "--with-install" ]; then
- progress "Running coverity install"
- installit
- shift 1
- elif [ -n "${1}" ]; then
- # Clear the default arguments, once you bump into the first argument
- if [ "${FOUND_OPTS}" = "NO" ]; then
- OTHER_OPTIONS="${1}"
- FOUND_OPTS="YES"
- else
- OTHER_OPTIONS+=" ${1}"
- fi
-
- shift 1
- else
- break
- fi
-done
-
-echo "Running coverity scan with extra options ${OTHER_OPTIONS}"
-scanit "${OTHER_OPTIONS}"