summaryrefslogtreecommitdiffstats
path: root/coverity-scan.sh
diff options
context:
space:
mode:
Diffstat (limited to 'coverity-scan.sh')
-rwxr-xr-xcoverity-scan.sh115
1 files changed, 77 insertions, 38 deletions
diff --git a/coverity-scan.sh b/coverity-scan.sh
index ee8f19e7..dd58b478 100755
--- a/coverity-scan.sh
+++ b/coverity-scan.sh
@@ -1,4 +1,5 @@
#!/usr/bin/env bash
+#
# Coverity scan script
#
# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
@@ -6,6 +7,7 @@
# Author : Costa Tsaousis (costa@netdata.cloud)
# Author : Pawel Krupa (paulfantom)
# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
+# shellcheck disable=SC1091,SC2230,SC2086
# To run manually, save configuration to .coverity-scan.conf like this:
#
@@ -25,22 +27,30 @@
# this includes the token, so the default is not to print it.
# COVERITY_SUBMIT_DEBUG=1
#
+# Override the standard coverity build version we know is supported
+# COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
+#
# All these variables can also be exported before running this script.
#
# If the first parameter of this script is "install",
# coverity build tools will be downloaded and installed in /opt/coverity
+set -e
+
+INSTALL_DIR="/opt"
+
# the version of coverity to use
-COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
+COVERITY_BUILD_VERSION="${COVERITY_BUILD_VERSION:-cov-analysis-linux64-2019.03}"
-source packaging/installer/functions.sh || exit 1
+# TODO: For some reasons this does not fully load on Debian 10 (Haven't checked if it happens on other distros yet), it breaks
+source packaging/installer/functions.sh || echo "Failed to fully load the functions library"
cpus=$(find_processors)
[ -z "${cpus}" ] && cpus=1
if [ -f ".coverity-scan.conf" ]
then
- source ".coverity-scan.conf" || exit 1
+ source ".coverity-scan.conf"
fi
repo="${REPOSITORY}"
@@ -59,6 +69,10 @@ if [ -z "${token}" ]; then
fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
fi
+if ! command -v curl >/dev/null 2>&1; then
+ fatal "CURL is required for coverity scan to work"
+fi
+
# only print the output of a command
# when debugging is enabled
# used to hide the token when debugging is not enabled
@@ -74,9 +88,11 @@ debugrun() {
}
scanit() {
- export PATH="${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/"
+ progress "Scanning using coverity"
+ export PATH="${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/"
covbuild="${COVERITY_BUILD_PATH}"
[ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
+
if [ -z "${covbuild}" ]; then
fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
elif [ ! -x "${covbuild}" ]; then
@@ -94,54 +110,45 @@ scanit() {
[ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz
progress "Configuring netdata source..."
+
run autoreconf -ivf
- run ./configure --disable-lto \
- --enable-https \
- --enable-jsonc \
- --enable-plugin-nfacct \
- --enable-plugin-freeipmi \
- --enable-plugin-cups \
- --enable-backend-prometheus-remote-write \
- ${NULL}
-
- # TODO: enable these plugins too
- # --enable-plugin-xenstat \
- # --enable-backend-kinesis \
- # --enable-backend-mongodb \
+ run ./configure ${OTHER_OPTIONS}
progress "Analyzing netdata..."
- run "${covbuild}" --dir cov-int make -j${cpus} || exit 1
+ run "${covbuild}" --dir cov-int make -j${cpus}
echo >&2 "Compressing analysis..."
- run tar czvf netdata-coverity-analysis.tgz cov-int || exit 1
+ run tar czvf netdata-coverity-analysis.tgz cov-int
echo >&2 "Sending analysis to coverity for netdata version ${version} ..."
COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \
--form token="${token}" \
- --form email=${email} \
+ --form email="${email}" \
--form file=@netdata-coverity-analysis.tgz \
--form version="${version}" \
--form description="netdata, monitor everything, in real-time." \
- https://scan.coverity.com/builds?project=${repo})
+ https://scan.coverity.com/builds?project="${repo}")
- echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
+ echo "${COVERITY_SUBMIT_RESULT}" | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
progress "Coverity scan completed"
}
installit() {
- progress "Downloading coverity..."
- cd /tmp || exit 1
+ ORIGINAL_DIR="${PWD}"
+ TMP_DIR="$(mktemp -d /tmp/netdata-coverity-scan-XXXXX)"
+ progress "Downloading coverity in ${TMP_DIR}..."
+ cd "${TMP_DIR}"
- [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ] && run rm -f "${COVERITY_BUILD_VERSION}.tar.gz"
debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64
if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then
progress "Installing coverity..."
- cd /opt || exit 1
- run sudo tar -z -x -f "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
- rm "/tmp/${COVERITY_BUILD_VERSION}.tar.gz"
- export PATH=${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/
+ cd "${INSTALL_DIR}"
+
+ run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
+ rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz"
+ export PATH=${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/
else
fatal "Failed to download coverity tool tarball!"
fi
@@ -152,16 +159,48 @@ installit() {
fatal "Failed to install coverity."
fi
+ # Clean temp directory
+ [ -n "${TMP_DIR}" ] && rm -rf "${TMP_DIR}"
+
progress "Coverity scan tools are installed."
+ cd "$ORIGINAL_DIR"
return 0
}
-if [ "${1}" = "install" ]
-then
- shift 1
- installit "${@}"
- exit $?
-else
- scanit "${@}"
- exit $?
-fi
+OTHER_OPTIONS="--disable-lto"
+OTHER_OPTIONS+=" --with-zlib"
+OTHER_OPTIONS+=" --with-math"
+OTHER_OPTIONS+=" --enable-https"
+OTHER_OPTIONS+=" --enable-jsonc"
+OTHER_OPTIONS+=" --enable-plugin-nfacct"
+OTHER_OPTIONS+=" --enable-plugin-freeipmi"
+OTHER_OPTIONS+=" --enable-plugin-cups"
+OTHER_OPTIONS+=" --enable-backend-prometheus-remote-write"
+# TODO: enable these plugins too
+#OTHER_OPTIONS+=" --enable-plugin-xenstat"
+#OTHER_OPTIONS+=" --enable-backend-kinesis"
+#OTHER_OPTIONS+=" --enable-backend-mongodb"
+
+FOUND_OPTS="NO"
+while [ -n "${1}" ]; do
+ if [ "${1}" = "--with-install" ]; then
+ progress "Running coverity install"
+ installit
+ shift 1
+ elif [ -n "${1}" ]; then
+ # Clear the default arguments, once you bump into the first argument
+ if [ "${FOUND_OPTS}" = "NO" ]; then
+ OTHER_OPTIONS="${1}"
+ FOUND_OPTS="YES"
+ else
+ OTHER_OPTIONS+=" ${1}"
+ fi
+
+ shift 1
+ else
+ break
+ fi
+done
+
+echo "Running coverity scan with extra options ${OTHER_OPTIONS}"
+scanit "${OTHER_OPTIONS}"