diff options
Diffstat (limited to 'coverity-scan.sh')
-rwxr-xr-x | coverity-scan.sh | 181 |
1 files changed, 143 insertions, 38 deletions
diff --git a/coverity-scan.sh b/coverity-scan.sh index 977a2c296..ee8f19e7f 100755 --- a/coverity-scan.sh +++ b/coverity-scan.sh @@ -1,62 +1,167 @@ #!/usr/bin/env bash # Coverity scan script # -# To run this script you need to provide API token. This can be done either by: -# - Putting token in ".coverity-token" file -# - Assigning token value to COVERITY_SCAN_TOKEN environment variable -# # Copyright: SPDX-License-Identifier: GPL-3.0-or-later # # Author : Costa Tsaousis (costa@netdata.cloud) # Author : Pawel Krupa (paulfantom) # Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud) -cpus=$(grep -c ^processor </proc/cpuinfo) +# To run manually, save configuration to .coverity-scan.conf like this: +# +# the repository to report to coverity - devs can set here their own fork +# REPOSITORY="netdata/netdata" +# +# the email of the developer, as given to coverity +# COVERITY_SCAN_SUBMIT_MAIL="you@example.com" +# +# the token given by coverity to the developer +# COVERITY_SCAN_TOKEN="TOKEN taken from Coverity site" +# +# the absolute path of the cov-build - optional +# COVERITY_BUILD_PATH="/opt/cov-analysis-linux64-2019.03/bin/cov-build" +# +# when set, the script will print on screen the curl command that submits the build to coverity +# this includes the token, so the default is not to print it. +# COVERITY_SUBMIT_DEBUG=1 +# +# All these variables can also be exported before running this script. +# +# If the first parameter of this script is "install", +# coverity build tools will be downloaded and installed in /opt/coverity + +# the version of coverity to use +COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03" + +source packaging/installer/functions.sh || exit 1 + +cpus=$(find_processors) [ -z "${cpus}" ] && cpus=1 +if [ -f ".coverity-scan.conf" ] +then + source ".coverity-scan.conf" || exit 1 +fi + +repo="${REPOSITORY}" +if [ -z "${repo}" ]; then + fatal "export variable REPOSITORY or set it in .coverity-scan.conf" +fi +repo="${repo//\//%2F}" + +email="${COVERITY_SCAN_SUBMIT_MAIL}" +if [ -z "${email}" ]; then + fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf" +fi + token="${COVERITY_SCAN_TOKEN}" -([ -z "${token}" ] && [ -f .coverity-token ]) && token="$(<.coverity-token)" if [ -z "${token}" ]; then - echo >&2 "Save the coverity token to .coverity-token or export it as COVERITY_SCAN_TOKEN." - exit 1 + fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf" fi -export PATH=${PATH}:/opt/coverity/bin/ -covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" -([ -z "${covbuild}" ] && [ -f .coverity-build ]) && covbuild="$(<.coverity-build)" -if [ -z "${covbuild}" ]; then - echo >&2 "Cannot find 'cov-build' binary in \$PATH." - exit 1 -elif [ ! -x "${covbuild}" ]; then - echo >&2 "The command ${covbuild} is not executable. Save command the full filename of cov-build in .coverity-build" - exit 1 -fi +# only print the output of a command +# when debugging is enabled +# used to hide the token when debugging is not enabled +debugrun() { + if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ] + then + run "${@}" + return $? + else + "${@}" + return $? + fi +} + +scanit() { + export PATH="${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/" + covbuild="${COVERITY_BUILD_PATH}" + [ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" + if [ -z "${covbuild}" ]; then + fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf" + elif [ ! -x "${covbuild}" ]; then + fatal "The command '${covbuild}' is not executable. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf" + fi + + version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)" + progress "Working on netdata version: ${version}" + + progress "Cleaning up old builds..." + run make clean || echo >&2 "Nothing to clean" -version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)" -echo >&2 "Working on netdata version: ${version}" + [ -d "cov-int" ] && rm -rf "cov-int" -echo >&2 "Cleaning up old builds..." -make clean || echo >&2 "Nothing to clean" + [ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz -[ -d "cov-int" ] && rm -rf "cov-int" + progress "Configuring netdata source..." + run autoreconf -ivf + run ./configure --disable-lto \ + --enable-https \ + --enable-jsonc \ + --enable-plugin-nfacct \ + --enable-plugin-freeipmi \ + --enable-plugin-cups \ + --enable-backend-prometheus-remote-write \ + ${NULL} -[ -f netdata-coverity-analysis.tgz ] && rm netdata-coverity-analysis.tgz + # TODO: enable these plugins too + # --enable-plugin-xenstat \ + # --enable-backend-kinesis \ + # --enable-backend-mongodb \ -autoreconf -ivf -./configure --enable-plugin-nfacct --enable-plugin-freeipmi -"${covbuild}" --dir cov-int make -j${cpus} || exit 1 + progress "Analyzing netdata..." + run "${covbuild}" --dir cov-int make -j${cpus} || exit 1 -echo >&2 "Compressing data..." -tar czvf netdata-coverity-analysis.tgz cov-int || exit 1 + echo >&2 "Compressing analysis..." + run tar czvf netdata-coverity-analysis.tgz cov-int || exit 1 -echo >&2 "Sending analysis for version ${version} ..." -COVERITY_SUBMIT_RESULT=$(curl --progress-bar --form token="${token}" \ - --form email=${COVERITY_SCAN_SUBMIT_MAIL} \ - --form file=@netdata-coverity-analysis.tgz \ - --form version="${version}" \ - --form description="netdata, real-time performance monitoring, done right." \ - https://scan.coverity.com/builds?project=${REPOSITORY}) + echo >&2 "Sending analysis to coverity for netdata version ${version} ..." + COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \ + --form token="${token}" \ + --form email=${email} \ + --form file=@netdata-coverity-analysis.tgz \ + --form version="${version}" \ + --form description="netdata, monitor everything, in real-time." \ + https://scan.coverity.com/builds?project=${repo}) -echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}" + echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}" -echo >&2 "Coverity scan mechanism completed" + progress "Coverity scan completed" +} + +installit() { + progress "Downloading coverity..." + cd /tmp || exit 1 + + [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ] && run rm -f "${COVERITY_BUILD_VERSION}.tar.gz" + debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64 + + if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then + progress "Installing coverity..." + cd /opt || exit 1 + run sudo tar -z -x -f "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1 + rm "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" + export PATH=${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/ + else + fatal "Failed to download coverity tool tarball!" + fi + + # Validate the installation + covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" + if [ -z "$covbuild" ]; then + fatal "Failed to install coverity." + fi + + progress "Coverity scan tools are installed." + return 0 +} + +if [ "${1}" = "install" ] +then + shift 1 + installit "${@}" + exit $? +else + scanit "${@}" + exit $? +fi |