[lttng-ci.git] / scripts / common / coverity.sh

#!/bin/bash
#
# SPDX-FileCopyrightText: 2015 Jonathan Rajotte-Julien <jonathan.rajotte-julien@efficios.com>
# SPDX-FileCopyrightText: 2023 Michael Jeanson <mjeanson@efficios.com>
# SPDX-License-Identifier: GPL-2.0-or-later

set -exu

# Required variables
WORKSPACE=${WORKSPACE:-}

# Coverity settings
# The project name and token have to be provided trough env variables
#COVERITY_SCAN_PROJECT_NAME=""
#COVERITY_SCAN_TOKEN=""
COVERITY_SCAN_DESCRIPTION="Automated CI build"
COVERITY_SCAN_NOTIFICATION_EMAIL="ci-notification@lists.lttng.org"
COVERITY_SCAN_BUILD_OPTIONS=""
#COVERITY_SCAN_BUILD_OPTIONS=("--return-emit-failures 8" "--parse-error-threshold 85")

DEPS_INC="$WORKSPACE/deps/build/include"
DEPS_LIB="$WORKSPACE/deps/build/lib"
DEPS_PKGCONFIG="$DEPS_LIB/pkgconfig"
DEPS_BIN="$WORKSPACE/deps/build/bin"

export PATH="$DEPS_BIN:$PATH"
export LD_LIBRARY_PATH="$DEPS_LIB:${LD_LIBRARY_PATH:-}"
export PKG_CONFIG_PATH="$DEPS_PKGCONFIG"
export CPPFLAGS="-I$DEPS_INC"
export LDFLAGS="-L$DEPS_LIB"

SRCDIR="$WORKSPACE/src/${COVERITY_SCAN_PROJECT_NAME}"
TMPDIR="$WORKSPACE/tmp"

NPROC=$(nproc)
PLATFORM=$(uname)
export CFLAGS="-O0 -g -DDEBUG"
export CXXFLAGS="-O0 -g -DDEBUG"

# Cache the tool installer in the home directory since we delete the workspace
# on each build
TOOL_ARCHIVE="$HOME/cov-analysis-${PLATFORM}.tgz"
TOOL_URL=https://scan.coverity.com/download/${PLATFORM}
TOOL_BASE="$TMPDIR/coverity-scan-analysis"

UPLOAD_URL="https://scan.coverity.com/builds"
SCAN_URL="https://scan.coverity.com"

RESULTS_DIR_NAME="cov-int"
RESULTS_DIR="$WORKSPACE/$RESULTS_DIR_NAME"
RESULTS_ARCHIVE=analysis-results.tgz

# Create tmp directory
rm -rf "$TMPDIR"
mkdir -p "$TMPDIR"

export TMPDIR

case "$COVERITY_SCAN_PROJECT_NAME" in
babeltrace)
    CONF_OPTS=("--enable-python-bindings" "--enable-python-bindings-doc" "--enable-python-plugins")
    BUILD_TYPE="autotools"
    ;;
liburcu)
    CONF_OPTS=()
    BUILD_TYPE="autotools"
    ;;
lttng-modules)
    CONF_OPTS=()
    BUILD_TYPE="autotools"
    ;;
lttng-tools)
    CONF_OPTS=()
    BUILD_TYPE="autotools"
    ;;
lttng-ust)
    CONF_OPTS=("--enable-java-agent-all" "--enable-python-agent")
    BUILD_TYPE="autotools"
    export CLASSPATH="/usr/share/java/log4j-api.jar:/usr/share/java/log4j-core.jar:/usr/share/java/log4j-1.2.jar"
    ;;
lttng-scope|ctf-java|libdelorean-java|jabberwocky)
    CONF_OPTS=()
    BUILD_TYPE="maven"
    MVN_BIN="$HOME/tools/hudson.tasks.Maven_MavenInstallation/default/bin/mvn"
    ;;
*)
    echo "Generic project, no configure options."
    CONF_OPTS=()
    BUILD_TYPE="autotools"
    ;;
esac

if [ -d "$WORKSPACE/src/linux" ]; then
	export KERNELDIR="$WORKSPACE/src/linux"
fi

# Enter the source directory
cd "$SRCDIR"

# Verify upload is permitted
set +x
AUTH_RES=$(curl --silent --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted)
set -x
if [ "$AUTH_RES" = "Access denied" ]; then
  echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
  exit 1
else
  AUTH=$(echo "$AUTH_RES" | jq .upload_permitted)
  if [ "$AUTH" = "true" ]; then
    echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
  else
    WHEN=$(echo "$AUTH_RES" | jq .next_upload_permitted_at)
    echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
    exit 1
  fi
fi


# Download Coverity Scan Analysis Tool
if [ ! -d "$TOOL_BASE" ]; then
  echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
  set +x
  curl --fail \
       --location \
       --remote-time \
       --form project="$COVERITY_SCAN_PROJECT_NAME" \
       --form token="$COVERITY_SCAN_TOKEN" \
       --output "$TOOL_ARCHIVE" \
       "$TOOL_URL" || rm -f "$TOOL_ARCHIVE"
  set -x

  # Extract Coverity Scan Analysis Tool
  echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
  mkdir -p "$TOOL_BASE"
  cd "$TOOL_BASE" || exit 1
  tar xzf "$TOOL_ARCHIVE"
  cd -
fi

TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
export PATH=$TOOL_DIR/bin:$PATH

COVERITY_SCAN_VERSION=$(git describe --always | sed 's|-|.|g')

# Build
echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
case "$BUILD_TYPE" in
maven)
    cov-configure --java
    cov-build --dir "$RESULTS_DIR" "${COVERITY_SCAN_BUILD_OPTIONS[@]}" "$MVN_BIN" \
      -s "$MVN_SETTINGS" \
      -Dmaven.repo.local="$WORKSPACE/.repository" \
      -Dmaven.compiler.fork=true \
      -Dmaven.compiler.forceJavaCompilerUse=true \
      -Dmaven.test.skip=true \
      -DskipTests \
      clean verify
    ;;
autotools)
    # Prepare build dir for autotools based projects
    if [ -f "./bootstrap" ]; then
      ./bootstrap
      ./configure "${CONF_OPTS[@]}"
    fi

    cov-build --dir "$RESULTS_DIR" ${COVERITY_SCAN_BUILD_OPTIONS[@]} make -j"$NPROC" V=1
    ;;
*)
    echo "Unsupported build type: $BUILD_TYPE"
    exit 1
    ;;
esac


cov-import-scm --dir "$RESULTS_DIR" --scm git --log "$RESULTS_DIR/scm_log.txt"

cd "${WORKSPACE}"

# Tar results
echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
tar czf $RESULTS_ARCHIVE $RESULTS_DIR_NAME

# Upload results
echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
response=$(curl \
  --write-out "\n%{http_code}\n" \
  --form project="$COVERITY_SCAN_PROJECT_NAME" \
  --form token="$COVERITY_SCAN_TOKEN" \
  --form email="$COVERITY_SCAN_NOTIFICATION_EMAIL" \
  --form file=@"$RESULTS_ARCHIVE" \
  --form version="$COVERITY_SCAN_VERSION" \
  --form description="$COVERITY_SCAN_DESCRIPTION" \
  "$UPLOAD_URL")
status_code=$(echo "$response" | sed -n '$p')
if [ "${status_code:0:1}" == "2" ]; then
  echo -e "\033[33;1mCoverity Scan upload successful.\033[0m"
else
  TEXT=$(echo "$response" | sed '$d')
  echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
  exit 1
fi

# EOF
Commit	Line	Data
51c9c62d	1	#!/bin/bash
87b23e49	2	#
2c34ea14 MJ	3	# SPDX-FileCopyrightText: 2015 Jonathan Rajotte-Julien <jonathan.rajotte-julien@efficios.com>
	4	# SPDX-FileCopyrightText: 2023 Michael Jeanson <mjeanson@efficios.com>
	5	# SPDX-License-Identifier: GPL-2.0-or-later
87b23e49	6
51c9c62d MJ	7	set -exu
51c9c62d MJ	8
30c8dfac MJ	9	# Required variables
	10	WORKSPACE=${WORKSPACE:-}
	11
87b23e49	12	# Coverity settings
e8078c79	13	# The project name and token have to be provided trough env variables
87b23e49 MJ	14	#COVERITY_SCAN_PROJECT_NAME=""
87b23e49 MJ	15	#COVERITY_SCAN_TOKEN=""
87b23e49 MJ	16	COVERITY_SCAN_DESCRIPTION="Automated CI build"
	17	COVERITY_SCAN_NOTIFICATION_EMAIL="ci-notification@lists.lttng.org"
	18	COVERITY_SCAN_BUILD_OPTIONS=""
fa299733	19	#COVERITY_SCAN_BUILD_OPTIONS=("--return-emit-failures 8" "--parse-error-threshold 85")
87b23e49	20
30c8dfac MJ	21	DEPS_INC="$WORKSPACE/deps/build/include"
	22	DEPS_LIB="$WORKSPACE/deps/build/lib"
	23	DEPS_PKGCONFIG="$DEPS_LIB/pkgconfig"
	24	DEPS_BIN="$WORKSPACE/deps/build/bin"
	25
	26	export PATH="$DEPS_BIN:$PATH"
	27	export LD_LIBRARY_PATH="$DEPS_LIB:${LD_LIBRARY_PATH:-}"
	28	export PKG_CONFIG_PATH="$DEPS_PKGCONFIG"
	29	export CPPFLAGS="-I$DEPS_INC"
	30	export LDFLAGS="-L$DEPS_LIB"
	31
1f4fba8c MJ	32	SRCDIR="$WORKSPACE/src/${COVERITY_SCAN_PROJECT_NAME}"
	33	TMPDIR="$WORKSPACE/tmp"
	34
87b23e49 MJ	35	NPROC=$(nproc)
	36	PLATFORM=$(uname)
	37	export CFLAGS="-O0 -g -DDEBUG"
2c34ea14	38	export CXXFLAGS="-O0 -g -DDEBUG"
87b23e49	39
fa299733 MJ	40	# Cache the tool installer in the home directory since we delete the workspace
	41	# on each build
	42	TOOL_ARCHIVE="$HOME/cov-analysis-${PLATFORM}.tgz"
87b23e49	43	TOOL_URL=https://scan.coverity.com/download/${PLATFORM}
1f4fba8c	44	TOOL_BASE="$TMPDIR/coverity-scan-analysis"
87b23e49 MJ	45
	46	UPLOAD_URL="https://scan.coverity.com/builds"
	47	SCAN_URL="https://scan.coverity.com"
	48
1f4fba8c MJ	49	RESULTS_DIR_NAME="cov-int"
	50	RESULTS_DIR="$WORKSPACE/$RESULTS_DIR_NAME"
	51	RESULTS_ARCHIVE=analysis-results.tgz
87b23e49	52
1f4fba8c MJ	53	# Create tmp directory
	54	rm -rf "$TMPDIR"
	55	mkdir -p "$TMPDIR"
	56
	57	export TMPDIR
	58
	59	case "$COVERITY_SCAN_PROJECT_NAME" in
	60	babeltrace)
fa299733	61	CONF_OPTS=("--enable-python-bindings" "--enable-python-bindings-doc" "--enable-python-plugins")
e3f027ec	62	BUILD_TYPE="autotools"
1f4fba8c MJ	63	;;
1f4fba8c MJ	64	liburcu)
fa299733	65	CONF_OPTS=()
e3f027ec	66	BUILD_TYPE="autotools"
1f4fba8c MJ	67	;;
1f4fba8c MJ	68	lttng-modules)
fa299733	69	CONF_OPTS=()
e3f027ec	70	BUILD_TYPE="autotools"
1f4fba8c MJ	71	;;
1f4fba8c MJ	72	lttng-tools)
fa299733	73	CONF_OPTS=()
e3f027ec	74	BUILD_TYPE="autotools"
1f4fba8c MJ	75	;;
1f4fba8c MJ	76	lttng-ust)
fa299733	77	CONF_OPTS=("--enable-java-agent-all" "--enable-python-agent")
e3f027ec	78	BUILD_TYPE="autotools"
46823f75	79	export CLASSPATH="/usr/share/java/log4j-api.jar:/usr/share/java/log4j-core.jar:/usr/share/java/log4j-1.2.jar"
1f4fba8c	80	;;
e3f027ec	81	lttng-scope\|ctf-java\|libdelorean-java\|jabberwocky)
fa299733	82	CONF_OPTS=()
e3f027ec	83	BUILD_TYPE="maven"
7525e08d MJ	84	MVN_BIN="$HOME/tools/hudson.tasks.Maven_MavenInstallation/default/bin/mvn"
7525e08d MJ	85	;;
1f4fba8c MJ	86	*)
1f4fba8c MJ	87	echo "Generic project, no configure options."
fa299733	88	CONF_OPTS=()
e3f027ec	89	BUILD_TYPE="autotools"
1f4fba8c MJ	90	;;
1f4fba8c MJ	91	esac
87b23e49	92
7e942863 MJ	93	if [ -d "$WORKSPACE/src/linux" ]; then
7e942863 MJ	94	export KERNELDIR="$WORKSPACE/src/linux"
5122da3c JR	95	fi
5122da3c JR	96
ae3ca8a0 MJ	97	# Enter the source directory
ae3ca8a0 MJ	98	cd "$SRCDIR"
87b23e49 MJ	99
87b23e49 MJ	100	# Verify upload is permitted
e8078c79	101	set +x
fa299733	102	AUTH_RES=$(curl --silent --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted)
e8078c79	103	set -x
87b23e49 MJ	104	if [ "$AUTH_RES" = "Access denied" ]; then
	105	echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
	106	exit 1
	107	else
a57a60d9	108	AUTH=$(echo "$AUTH_RES" \| jq .upload_permitted)
87b23e49 MJ	109	if [ "$AUTH" = "true" ]; then
	110	echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
	111	else
a57a60d9	112	WHEN=$(echo "$AUTH_RES" \| jq .next_upload_permitted_at)
87b23e49 MJ	113	echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
	114	exit 1
	115	fi
	116	fi
	117
	118
	119	# Download Coverity Scan Analysis Tool
a57a60d9	120	if [ ! -d "$TOOL_BASE" ]; then
9be4a494 MJ	121	echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
9be4a494 MJ	122	set +x
1a2329a7 MJ	123	curl --fail \
	124	--location \
	125	--remote-time \
	126	--form project="$COVERITY_SCAN_PROJECT_NAME" \
	127	--form token="$COVERITY_SCAN_TOKEN" \
	128	--output "$TOOL_ARCHIVE" \
	129	"$TOOL_URL" \|\| rm -f "$TOOL_ARCHIVE"
9be4a494	130	set -x
87b23e49 MJ	131
	132	# Extract Coverity Scan Analysis Tool
	133	echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
a57a60d9 MJ	134	mkdir -p "$TOOL_BASE"
	135	cd "$TOOL_BASE" \|\| exit 1
	136	tar xzf "$TOOL_ARCHIVE"
87b23e49 MJ	137	cd -
	138	fi
	139
a57a60d9	140	TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
87b23e49	141	export PATH=$TOOL_DIR/bin:$PATH
1f4fba8c	142
a57a60d9	143	COVERITY_SCAN_VERSION=$(git describe --always \| sed 's\|-\|.\|g')
87b23e49	144
87b23e49 MJ	145	# Build
87b23e49 MJ	146	echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
e3f027ec MJ	147	case "$BUILD_TYPE" in
e3f027ec MJ	148	maven)
7525e08d	149	cov-configure --java
fa299733	150	cov-build --dir "$RESULTS_DIR" "${COVERITY_SCAN_BUILD_OPTIONS[@]}" "$MVN_BIN" \
7525e08d MJ	151	-s "$MVN_SETTINGS" \
	152	-Dmaven.repo.local="$WORKSPACE/.repository" \
	153	-Dmaven.compiler.fork=true \
	154	-Dmaven.compiler.forceJavaCompilerUse=true \
	155	-Dmaven.test.skip=true \
	156	-DskipTests \
	157	clean verify
	158	;;
e3f027ec	159	autotools)
c0eca50d MJ	160	# Prepare build dir for autotools based projects
	161	if [ -f "./bootstrap" ]; then
	162	./bootstrap
fa299733	163	./configure "${CONF_OPTS[@]}"
c0eca50d MJ	164	fi
c0eca50d MJ	165
fa299733	166	cov-build --dir "$RESULTS_DIR" ${COVERITY_SCAN_BUILD_OPTIONS[@]} make -j"$NPROC" V=1
7525e08d	167	;;
e3f027ec MJ	168	*)
	169	echo "Unsupported build type: $BUILD_TYPE"
	170	exit 1
	171	;;
7525e08d MJ	172	esac
	173
	174
	175
a57a60d9	176	cov-import-scm --dir "$RESULTS_DIR" --scm git --log "$RESULTS_DIR/scm_log.txt"
87b23e49	177
1f4fba8c MJ	178	cd "${WORKSPACE}"
1f4fba8c MJ	179
87b23e49 MJ	180	# Tar results
87b23e49 MJ	181	echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
1f4fba8c	182	tar czf $RESULTS_ARCHIVE $RESULTS_DIR_NAME
87b23e49 MJ	183
	184	# Upload results
	185	echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
fa299733	186	response=$(curl \
732698e9	187	--write-out "\n%{http_code}\n" \
a57a60d9 MJ	188	--form project="$COVERITY_SCAN_PROJECT_NAME" \
	189	--form token="$COVERITY_SCAN_TOKEN" \
	190	--form email="$COVERITY_SCAN_NOTIFICATION_EMAIL" \
	191	--form file=@"$RESULTS_ARCHIVE" \
	192	--form version="$COVERITY_SCAN_VERSION" \
	193	--form description="$COVERITY_SCAN_DESCRIPTION" \
	194	"$UPLOAD_URL")
87b23e49	195	status_code=$(echo "$response" \| sed -n '$p')
e3449c79	196	if [ "${status_code:0:1}" == "2" ]; then
7525e08d MJ	197	echo -e "\033[33;1mCoverity Scan upload successful.\033[0m"
7525e08d MJ	198	else
87b23e49 MJ	199	TEXT=$(echo "$response" \| sed '$d')
	200	echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
	201	exit 1
	202	fi
a57a60d9 MJ	203
a57a60d9 MJ	204	# EOF