summaryrefslogtreecommitdiffstats
path: root/coverity-scan.sh
diff options
context:
space:
mode:
Diffstat (limited to 'coverity-scan.sh')
-rwxr-xr-xcoverity-scan.sh181
1 files changed, 143 insertions, 38 deletions
diff --git a/coverity-scan.sh b/coverity-scan.sh
index 977a2c296..ee8f19e7f 100755
--- a/coverity-scan.sh
+++ b/coverity-scan.sh
@@ -1,62 +1,167 @@
#!/usr/bin/env bash
# Coverity scan script
#
-# To run this script you need to provide API token. This can be done either by:
-# - Putting token in ".coverity-token" file
-# - Assigning token value to COVERITY_SCAN_TOKEN environment variable
-#
# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
#
# Author : Costa Tsaousis (costa@netdata.cloud)
# Author : Pawel Krupa (paulfantom)
# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
-cpus=$(grep -c ^processor </proc/cpuinfo)
+# To run manually, save configuration to .coverity-scan.conf like this:
+#
+# the repository to report to coverity - devs can set here their own fork
+# REPOSITORY="netdata/netdata"
+#
+# the email of the developer, as given to coverity
+# COVERITY_SCAN_SUBMIT_MAIL="you@example.com"
+#
+# the token given by coverity to the developer
+# COVERITY_SCAN_TOKEN="TOKEN taken from Coverity site"
+#
+# the absolute path of the cov-build - optional
+# COVERITY_BUILD_PATH="/opt/cov-analysis-linux64-2019.03/bin/cov-build"
+#
+# when set, the script will print on screen the curl command that submits the build to coverity
+# this includes the token, so the default is not to print it.
+# COVERITY_SUBMIT_DEBUG=1
+#
+# All these variables can also be exported before running this script.
+#
+# If the first parameter of this script is "install",
+# coverity build tools will be downloaded and installed in /opt/coverity
+
+# the version of coverity to use
+COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
+
+source packaging/installer/functions.sh || exit 1
+
+cpus=$(find_processors)
[ -z "${cpus}" ] && cpus=1
+if [ -f ".coverity-scan.conf" ]
+then
+ source ".coverity-scan.conf" || exit 1
+fi
+
+repo="${REPOSITORY}"
+if [ -z "${repo}" ]; then
+ fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
+fi
+repo="${repo//\//%2F}"
+
+email="${COVERITY_SCAN_SUBMIT_MAIL}"
+if [ -z "${email}" ]; then
+ fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
+fi
+
token="${COVERITY_SCAN_TOKEN}"
-([ -z "${token}" ] && [ -f .coverity-token ]) && token="$(<.coverity-token)"
if [ -z "${token}" ]; then
- echo >&2 "Save the coverity token to .coverity-token or export it as COVERITY_SCAN_TOKEN."
- exit 1
+ fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
fi
-export PATH=${PATH}:/opt/coverity/bin/
-covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
-([ -z "${covbuild}" ] && [ -f .coverity-build ]) && covbuild="$(<.coverity-build)"
-if [ -z "${covbuild}" ]; then
- echo >&2 "Cannot find 'cov-build' binary in \$PATH."
- exit 1
-elif [ ! -x "${covbuild}" ]; then
- echo >&2 "The command ${covbuild} is not executable. Save command the full filename of cov-build in .coverity-build"
- exit 1
-fi
+# only print the output of a command
+# when debugging is enabled
+# used to hide the token when debugging is not enabled
+debugrun() {
+ if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]
+ then
+ run "${@}"
+ return $?
+ else
+ "${@}"
+ return $?
+ fi
+}
+
+scanit() {
+ export PATH="${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/"
+ covbuild="${COVERITY_BUILD_PATH}"
+ [ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
+ if [ -z "${covbuild}" ]; then
+ fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
+ elif [ ! -x "${covbuild}" ]; then
+ fatal "The command '${covbuild}' is not executable. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
+ fi
+
+ version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)"
+ progress "Working on netdata version: ${version}"
+
+ progress "Cleaning up old builds..."
+ run make clean || echo >&2 "Nothing to clean"
-version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)"
-echo >&2 "Working on netdata version: ${version}"
+ [ -d "cov-int" ] && rm -rf "cov-int"
-echo >&2 "Cleaning up old builds..."
-make clean || echo >&2 "Nothing to clean"
+ [ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz
-[ -d "cov-int" ] && rm -rf "cov-int"
+ progress "Configuring netdata source..."
+ run autoreconf -ivf
+ run ./configure --disable-lto \
+ --enable-https \
+ --enable-jsonc \
+ --enable-plugin-nfacct \
+ --enable-plugin-freeipmi \
+ --enable-plugin-cups \
+ --enable-backend-prometheus-remote-write \
+ ${NULL}
-[ -f netdata-coverity-analysis.tgz ] && rm netdata-coverity-analysis.tgz
+ # TODO: enable these plugins too
+ # --enable-plugin-xenstat \
+ # --enable-backend-kinesis \
+ # --enable-backend-mongodb \
-autoreconf -ivf
-./configure --enable-plugin-nfacct --enable-plugin-freeipmi
-"${covbuild}" --dir cov-int make -j${cpus} || exit 1
+ progress "Analyzing netdata..."
+ run "${covbuild}" --dir cov-int make -j${cpus} || exit 1
-echo >&2 "Compressing data..."
-tar czvf netdata-coverity-analysis.tgz cov-int || exit 1
+ echo >&2 "Compressing analysis..."
+ run tar czvf netdata-coverity-analysis.tgz cov-int || exit 1
-echo >&2 "Sending analysis for version ${version} ..."
-COVERITY_SUBMIT_RESULT=$(curl --progress-bar --form token="${token}" \
- --form email=${COVERITY_SCAN_SUBMIT_MAIL} \
- --form file=@netdata-coverity-analysis.tgz \
- --form version="${version}" \
- --form description="netdata, real-time performance monitoring, done right." \
- https://scan.coverity.com/builds?project=${REPOSITORY})
+ echo >&2 "Sending analysis to coverity for netdata version ${version} ..."
+ COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \
+ --form token="${token}" \
+ --form email=${email} \
+ --form file=@netdata-coverity-analysis.tgz \
+ --form version="${version}" \
+ --form description="netdata, monitor everything, in real-time." \
+ https://scan.coverity.com/builds?project=${repo})
-echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
+ echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
-echo >&2 "Coverity scan mechanism completed"
+ progress "Coverity scan completed"
+}
+
+installit() {
+ progress "Downloading coverity..."
+ cd /tmp || exit 1
+
+ [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ] && run rm -f "${COVERITY_BUILD_VERSION}.tar.gz"
+ debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64
+
+ if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then
+ progress "Installing coverity..."
+ cd /opt || exit 1
+ run sudo tar -z -x -f "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
+ rm "/tmp/${COVERITY_BUILD_VERSION}.tar.gz"
+ export PATH=${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/
+ else
+ fatal "Failed to download coverity tool tarball!"
+ fi
+
+ # Validate the installation
+ covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
+ if [ -z "$covbuild" ]; then
+ fatal "Failed to install coverity."
+ fi
+
+ progress "Coverity scan tools are installed."
+ return 0
+}
+
+if [ "${1}" = "install" ]
+then
+ shift 1
+ installit "${@}"
+ exit $?
+else
+ scanit "${@}"
+ exit $?
+fi