| #!/usr/bin/env bash |
| # SPDX-License-Identifier: BSD-3-Clause |
| |
| set -eo pipefail |
| |
| # Override project to the old project name becuase coverity didn't understand the rename from |
| # 01org/TPM2.0-TSS to tpm2-software/tpm2-tss |
| export PROJECT='01org/TPM2.0-TSS' |
| echo "PROJECT=$PROJECT" |
| |
| if [ -z "$COVERITY_SCAN_TOKEN" ]; then |
| echo "coverity.run invoked without COVERITY_SCAN_TOKEN set...exiting!" |
| exit 1 |
| fi |
| |
| if [ -z "$COVERITY_SUBMISSION_EMAIL" ]; then |
| echo "coverity.run invoked without COVERITY_SUBMISSION_EMAIL set...exiting!" |
| exit 1 |
| fi |
| |
| # Sanity check, this should only be executing on the coverity_scan branch |
| if [[ "$REPO_BRANCH" != *coverity_scan ]]; then |
| echo "coverity.run invoked for non-coverity branch $REPO_BRANCH...exiting!" |
| exit 1 |
| fi |
| |
| if [[ "$CC" == clang* ]]; then |
| echo "Coverity scan branch detected, not running with clang...exiting!" |
| exit 1 |
| fi |
| |
| # branch is coverity_scan |
| echo "Running coverity build" |
| |
| # ensure coverity_scan tool is available to the container |
| # We cannot package these in the docker image, as we would be distributing their software |
| # for folks not coupled to our COVERITY_SCAN_TOKEN. |
| if [ ! -f "$(pwd)/cov-analysis/bin/cov-build" ]; then |
| curl --data-urlencode "project=$PROJECT" \ |
| --data-urlencode "token=$COVERITY_SCAN_TOKEN" \ |
| "https://scan.coverity.com/download/linux64" -o coverity_tool.tgz |
| |
| stat coverity_tool.tgz |
| |
| curl --data-urlencode "project=$PROJECT" \ |
| --data-urlencode "token=$COVERITY_SCAN_TOKEN" \ |
| --data-urlencode "md5=1" \ |
| "https://scan.coverity.com/download/linux64" -o coverity_tool.md5 |
| |
| stat coverity_tool.md5 |
| cat coverity_tool.md5 |
| md5sum coverity_tool.tgz |
| echo "$(cat coverity_tool.md5)" coverity_tool.tgz | md5sum -c |
| |
| echo "unpacking cov-analysis" |
| tar -xf coverity_tool.tgz |
| mv cov-analysis-* cov-analysis |
| fi |
| |
| export PATH=$PATH:$(pwd)/cov-analysis/bin |
| |
| echo "Which cov-build: $(which cov-build)" |
| |
| pushd "$DOCKER_BUILD_DIR" |
| |
| source ".ci/docker-prelude.sh" |
| |
| echo "Performing build with Coverity Scan" |
| rm -rf cov-int |
| ./bootstrap && ./configure --enable-debug && make clean |
| cov-build --dir $DOCKER_BUILD_DIR/cov-int make -j $(nproc) |
| |
| echo "Collecting Coverity data for submission" |
| rm -fr README |
| AUTHOR="$(git log -1 $HEAD --pretty="%aN")" |
| AUTHOR_EMAIL="$(git log -1 $HEAD --pretty="%aE")" |
| VERSION="$(git rev-parse HEAD)" |
| echo "Name: $AUTHOR" >> README |
| echo "Email: $AUTHOR_EMAIL" >> README |
| echo "Project: $PROJECT" >> README |
| echo "Build-Version: $VERSION" >> README |
| echo "Description: $REPO_NAME $REPO_BRANCH" >> README |
| echo "Submitted-by: $PROJECT CI" >> README |
| echo "---README---" |
| cat README |
| echo "---EOF---" |
| |
| rm -f scan.tgz |
| tar -czf scan.tgz README cov-int |
| |
| rm -rf README cov-int |
| |
| # upload the results |
| echo "Testing for scan results..." |
| scan_file=$(stat --printf='%n' scan.tgz) |
| |
| echo "Submitting data to Coverity" |
| curl --form token="$COVERITY_SCAN_TOKEN" \ |
| --form email="$COVERITY_SUBMISSION_EMAIL" \ |
| --form project="$PROJECT" \ |
| --form file=@"$scan_file" \ |
| --form version="$VERSION" \ |
| --form description="$REPO_NAME $REPO_BRANCH" \ |
| "https://scan.coverity.com/builds?project=$PROJECT" |
| |
| rm -rf scan.tgz |
| |
| popd |
| |
| exit 0 |