blob: ee8f19e7fc1b51d7b9a450a3d762677af22c37a3 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145
146
147
148
149
150
151
152
153
154
155
156
157
158
159
160
161
162
163
164
165
166
167
|
#!/usr/bin/env bash
# Coverity scan script
#
# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
#
# Author : Costa Tsaousis (costa@netdata.cloud)
# Author : Pawel Krupa (paulfantom)
# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
# To run manually, save configuration to .coverity-scan.conf like this:
#
# the repository to report to coverity - devs can set here their own fork
# REPOSITORY="netdata/netdata"
#
# the email of the developer, as given to coverity
# COVERITY_SCAN_SUBMIT_MAIL="you@example.com"
#
# the token given by coverity to the developer
# COVERITY_SCAN_TOKEN="TOKEN taken from Coverity site"
#
# the absolute path of the cov-build - optional
# COVERITY_BUILD_PATH="/opt/cov-analysis-linux64-2019.03/bin/cov-build"
#
# when set, the script will print on screen the curl command that submits the build to coverity
# this includes the token, so the default is not to print it.
# COVERITY_SUBMIT_DEBUG=1
#
# All these variables can also be exported before running this script.
#
# If the first parameter of this script is "install",
# coverity build tools will be downloaded and installed in /opt/coverity
# the version of coverity to use
COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
source packaging/installer/functions.sh || exit 1
cpus=$(find_processors)
[ -z "${cpus}" ] && cpus=1
if [ -f ".coverity-scan.conf" ]
then
source ".coverity-scan.conf" || exit 1
fi
repo="${REPOSITORY}"
if [ -z "${repo}" ]; then
fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
fi
repo="${repo//\//%2F}"
email="${COVERITY_SCAN_SUBMIT_MAIL}"
if [ -z "${email}" ]; then
fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
fi
token="${COVERITY_SCAN_TOKEN}"
if [ -z "${token}" ]; then
fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
fi
# only print the output of a command
# when debugging is enabled
# used to hide the token when debugging is not enabled
debugrun() {
if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]
then
run "${@}"
return $?
else
"${@}"
return $?
fi
}
scanit() {
export PATH="${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/"
covbuild="${COVERITY_BUILD_PATH}"
[ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
if [ -z "${covbuild}" ]; then
fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
elif [ ! -x "${covbuild}" ]; then
fatal "The command '${covbuild}' is not executable. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
fi
version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)"
progress "Working on netdata version: ${version}"
progress "Cleaning up old builds..."
run make clean || echo >&2 "Nothing to clean"
[ -d "cov-int" ] && rm -rf "cov-int"
[ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz
progress "Configuring netdata source..."
run autoreconf -ivf
run ./configure --disable-lto \
--enable-https \
--enable-jsonc \
--enable-plugin-nfacct \
--enable-plugin-freeipmi \
--enable-plugin-cups \
--enable-backend-prometheus-remote-write \
${NULL}
# TODO: enable these plugins too
# --enable-plugin-xenstat \
# --enable-backend-kinesis \
# --enable-backend-mongodb \
progress "Analyzing netdata..."
run "${covbuild}" --dir cov-int make -j${cpus} || exit 1
echo >&2 "Compressing analysis..."
run tar czvf netdata-coverity-analysis.tgz cov-int || exit 1
echo >&2 "Sending analysis to coverity for netdata version ${version} ..."
COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \
--form token="${token}" \
--form email=${email} \
--form file=@netdata-coverity-analysis.tgz \
--form version="${version}" \
--form description="netdata, monitor everything, in real-time." \
https://scan.coverity.com/builds?project=${repo})
echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
progress "Coverity scan completed"
}
installit() {
progress "Downloading coverity..."
cd /tmp || exit 1
[ -f "${COVERITY_BUILD_VERSION}.tar.gz" ] && run rm -f "${COVERITY_BUILD_VERSION}.tar.gz"
debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64
if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then
progress "Installing coverity..."
cd /opt || exit 1
run sudo tar -z -x -f "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
rm "/tmp/${COVERITY_BUILD_VERSION}.tar.gz"
export PATH=${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/
else
fatal "Failed to download coverity tool tarball!"
fi
# Validate the installation
covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
if [ -z "$covbuild" ]; then
fatal "Failed to install coverity."
fi
progress "Coverity scan tools are installed."
return 0
}
if [ "${1}" = "install" ]
then
shift 1
installit "${@}"
exit $?
else
scanit "${@}"
exit $?
fi
|