diff options
Diffstat (limited to 'coverity-scan.sh')
-rwxr-xr-x | coverity-scan.sh | 115 |
1 files changed, 77 insertions, 38 deletions
diff --git a/coverity-scan.sh b/coverity-scan.sh index ee8f19e7..dd58b478 100755 --- a/coverity-scan.sh +++ b/coverity-scan.sh @@ -1,4 +1,5 @@ #!/usr/bin/env bash +# # Coverity scan script # # Copyright: SPDX-License-Identifier: GPL-3.0-or-later @@ -6,6 +7,7 @@ # Author : Costa Tsaousis (costa@netdata.cloud) # Author : Pawel Krupa (paulfantom) # Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud) +# shellcheck disable=SC1091,SC2230,SC2086 # To run manually, save configuration to .coverity-scan.conf like this: # @@ -25,22 +27,30 @@ # this includes the token, so the default is not to print it. # COVERITY_SUBMIT_DEBUG=1 # +# Override the standard coverity build version we know is supported +# COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03" +# # All these variables can also be exported before running this script. # # If the first parameter of this script is "install", # coverity build tools will be downloaded and installed in /opt/coverity +set -e + +INSTALL_DIR="/opt" + # the version of coverity to use -COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03" +COVERITY_BUILD_VERSION="${COVERITY_BUILD_VERSION:-cov-analysis-linux64-2019.03}" -source packaging/installer/functions.sh || exit 1 +# TODO: For some reasons this does not fully load on Debian 10 (Haven't checked if it happens on other distros yet), it breaks +source packaging/installer/functions.sh || echo "Failed to fully load the functions library" cpus=$(find_processors) [ -z "${cpus}" ] && cpus=1 if [ -f ".coverity-scan.conf" ] then - source ".coverity-scan.conf" || exit 1 + source ".coverity-scan.conf" fi repo="${REPOSITORY}" @@ -59,6 +69,10 @@ if [ -z "${token}" ]; then fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf" fi +if ! command -v curl >/dev/null 2>&1; then + fatal "CURL is required for coverity scan to work" +fi + # only print the output of a command # when debugging is enabled # used to hide the token when debugging is not enabled @@ -74,9 +88,11 @@ debugrun() { } scanit() { - export PATH="${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/" + progress "Scanning using coverity" + export PATH="${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/" covbuild="${COVERITY_BUILD_PATH}" [ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" + if [ -z "${covbuild}" ]; then fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf" elif [ ! -x "${covbuild}" ]; then @@ -94,54 +110,45 @@ scanit() { [ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz progress "Configuring netdata source..." + run autoreconf -ivf - run ./configure --disable-lto \ - --enable-https \ - --enable-jsonc \ - --enable-plugin-nfacct \ - --enable-plugin-freeipmi \ - --enable-plugin-cups \ - --enable-backend-prometheus-remote-write \ - ${NULL} - - # TODO: enable these plugins too - # --enable-plugin-xenstat \ - # --enable-backend-kinesis \ - # --enable-backend-mongodb \ + run ./configure ${OTHER_OPTIONS} progress "Analyzing netdata..." - run "${covbuild}" --dir cov-int make -j${cpus} || exit 1 + run "${covbuild}" --dir cov-int make -j${cpus} echo >&2 "Compressing analysis..." - run tar czvf netdata-coverity-analysis.tgz cov-int || exit 1 + run tar czvf netdata-coverity-analysis.tgz cov-int echo >&2 "Sending analysis to coverity for netdata version ${version} ..." COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \ --form token="${token}" \ - --form email=${email} \ + --form email="${email}" \ --form file=@netdata-coverity-analysis.tgz \ --form version="${version}" \ --form description="netdata, monitor everything, in real-time." \ - https://scan.coverity.com/builds?project=${repo}) + https://scan.coverity.com/builds?project="${repo}") - echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}" + echo "${COVERITY_SUBMIT_RESULT}" | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}" progress "Coverity scan completed" } installit() { - progress "Downloading coverity..." - cd /tmp || exit 1 + ORIGINAL_DIR="${PWD}" + TMP_DIR="$(mktemp -d /tmp/netdata-coverity-scan-XXXXX)" + progress "Downloading coverity in ${TMP_DIR}..." + cd "${TMP_DIR}" - [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ] && run rm -f "${COVERITY_BUILD_VERSION}.tar.gz" debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64 if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then progress "Installing coverity..." - cd /opt || exit 1 - run sudo tar -z -x -f "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1 - rm "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" - export PATH=${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/ + cd "${INSTALL_DIR}" + + run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1 + rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" + export PATH=${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/ else fatal "Failed to download coverity tool tarball!" fi @@ -152,16 +159,48 @@ installit() { fatal "Failed to install coverity." fi + # Clean temp directory + [ -n "${TMP_DIR}" ] && rm -rf "${TMP_DIR}" + progress "Coverity scan tools are installed." + cd "$ORIGINAL_DIR" return 0 } -if [ "${1}" = "install" ] -then - shift 1 - installit "${@}" - exit $? -else - scanit "${@}" - exit $? -fi +OTHER_OPTIONS="--disable-lto" +OTHER_OPTIONS+=" --with-zlib" +OTHER_OPTIONS+=" --with-math" +OTHER_OPTIONS+=" --enable-https" +OTHER_OPTIONS+=" --enable-jsonc" +OTHER_OPTIONS+=" --enable-plugin-nfacct" +OTHER_OPTIONS+=" --enable-plugin-freeipmi" +OTHER_OPTIONS+=" --enable-plugin-cups" +OTHER_OPTIONS+=" --enable-backend-prometheus-remote-write" +# TODO: enable these plugins too +#OTHER_OPTIONS+=" --enable-plugin-xenstat" +#OTHER_OPTIONS+=" --enable-backend-kinesis" +#OTHER_OPTIONS+=" --enable-backend-mongodb" + +FOUND_OPTS="NO" +while [ -n "${1}" ]; do + if [ "${1}" = "--with-install" ]; then + progress "Running coverity install" + installit + shift 1 + elif [ -n "${1}" ]; then + # Clear the default arguments, once you bump into the first argument + if [ "${FOUND_OPTS}" = "NO" ]; then + OTHER_OPTIONS="${1}" + FOUND_OPTS="YES" + else + OTHER_OPTIONS+=" ${1}" + fi + + shift 1 + else + break + fi +done + +echo "Running coverity scan with extra options ${OTHER_OPTIONS}" +scanit "${OTHER_OPTIONS}" |