azure: coverity: fix Coverity builds due to various issuespks/azure-coverity

There's several issues with our Coverity builds, like e.g. missing wget
in our containers. Simplify our Coverity pipeline and fix these issues.

4 files changed, 64 insertions, 90 deletions

diff --git a/azure-pipelines/coverity-build.sh b/azure-pipelines/coverity-build.sh
deleted file mode 100755
index f8264fa83..000000000
--- a/azure-pipelines/coverity-build.sh
+++ /dev/null
@@ -1,41 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# Environment check
-[ -z "$COVERITY_TOKEN" ] && echo "Need to set a coverity token" && exit 1
-
-SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
-BUILD_DIR=$(pwd)
-
-case $(uname -m) in
-	i?86)				BITS=32 ;;
-	amd64|x86_64)	BITS=64 ;;
-esac
-SCAN_TOOL=https://scan.coverity.com/download/cxx/linux${BITS}
-TOOL_BASE=$(pwd)/_coverity-scan
-
-# Install coverity tools
-if [ ! -d "$TOOL_BASE" ]; then
-	echo "Downloading coverity..."
-	mkdir -p "$TOOL_BASE"
-	pushd "$TOOL_BASE"
-	wget -O coverity_tool.tgz $SCAN_TOOL \
-		--post-data "project=libgit2&token=$COVERITY_TOKEN"
-	tar xzf coverity_tool.tgz
-	popd
-	TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
-	ln -s "$TOOL_DIR" "$TOOL_BASE"/cov-analysis
-fi
-
-cp "${SOURCE_DIR}/script/user_nodefs.h" "$TOOL_BASE"/cov-analysis/config/user_nodefs.h
-
-COV_BUILD="$TOOL_BASE/cov-analysis/bin/cov-build"
-
-# Configure and build
-cmake ${SOURCE_DIR}
-
-COVERITY_UNSUPPORTED=1 \
-	$COV_BUILD --dir cov-int \
-	cmake --build .
-
diff --git a/azure-pipelines/coverity-publish.sh b/azure-pipelines/coverity-publish.sh
deleted file mode 100755
index 2341b13fb..000000000
--- a/azure-pipelines/coverity-publish.sh
+++ /dev/null
@@ -1,33 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# Results check
-[ ! -d "cov-int" ] && echo "Coverity directory not found" && exit 1
-
-# Upload results
-tar czf libgit2.tgz cov-int
-
-SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
-SHA=$(cd ${SOURCE_DIR} && git rev-parse --short HEAD)
-
-HTML="$(curl \
-	--silent \
-	--write-out "\n%{http_code}" \
-	--form token="$COVERITY_TOKEN" \
-	--form email=libgit2@gmail.com \
-	--form file=@libgit2.tgz \
-	--form version="$SHA" \
-	--form description="libgit2 build" \
-	https://scan.coverity.com/builds?project=libgit2)"
-
-# Body is everything up to the last line
-BODY="$(echo "$HTML" | head -n-1)"
-
-# Status code is the last line
-STATUS_CODE="$(echo "$HTML" | tail -n1)"
-
-if [ "${STATUS_CODE}" != "200" -a "${STATUS_CODE}" != "201" ]; then
-	echo "Received error code ${STATUS_CODE} from Coverity"
-	exit 1
-fi
diff --git a/azure-pipelines/coverity.sh b/azure-pipelines/coverity.sh
new file mode 100755
index 000000000..14faadc49
--- /dev/null
+++ b/azure-pipelines/coverity.sh
@@ -0,0 +1,62 @@
+#!/bin/bash -e
+
+if test -z "$COVERITY_TOKEN"
+then
+    echo "Need to set a coverity token"
+    exit 1
+fi
+
+case $(uname -m) in
+    i?86)
+        BITS=32;;
+    amd64|x86_64)
+        BITS=64;;
+    *)
+        echo "Unsupported arch '$(uname -m)'"
+        exit 1;;
+esac
+
+SCAN_TOOL=https://scan.coverity.com/download/cxx/linux${BITS}
+SOURCE_DIR=$(realpath "$(dirname "${BASH_SOURCE[0]}")"/..)
+BUILD_DIR=${SOURCE_DIR}/coverity-build
+TOOL_DIR=${BUILD_DIR}/coverity-tools
+
+# Install coverity tools
+if ! test -d "$TOOL_DIR"
+then
+    mkdir -p "$TOOL_DIR"
+    curl --silent --location --data "project=libgit2&token=$COVERITY_TOKEN" "$SCAN_TOOL" |
+        tar -xzC "$TOOL_DIR"
+    ln -s "$(find "$TOOL_DIR" -type d -name 'cov-analysis*')" "$TOOL_DIR"/cov-analysis
+fi
+
+cp "${SOURCE_DIR}/script/user_nodefs.h" "$TOOL_DIR"/cov-analysis/config/
+
+# Build libgit2 with Coverity
+mkdir -p "$BUILD_DIR"
+cd "$BUILD_DIR"
+cmake "$SOURCE_DIR"
+COVERITY_UNSUPPORTED=1 \
+    "$TOOL_DIR/cov-analysis/bin/cov-build" --dir cov-int \
+    cmake --build .
+
+# Upload results
+tar -czf libgit2.tgz cov-int
+REVISION=$(cd ${SOURCE_DIR} && git rev-parse --short HEAD)
+HTML="$(curl \
+    --silent \
+    --write-out "\n%{http_code}" \
+    --form token="$COVERITY_TOKEN" \
+    --form email=libgit2@gmail.com \
+    --form file=@libgit2.tgz \
+    --form version="$REVISION" \
+    --form description="libgit2 build" \
+    https://scan.coverity.com/builds?project=libgit2)"
+
+# Status code is the last line
+STATUS_CODE="$(echo "$HTML" | tail -n1)"
+if test "${STATUS_CODE}" != 200 && test "${STATUS_CODE}" != 201
+then
+    echo "Received error code ${STATUS_CODE} from Coverity"
+    exit 1
+fi
diff --git a/azure-pipelines/coverity.yml b/azure-pipelines/coverity.yml
index b4ee8f1c9..10450af5d 100644
--- a/azure-pipelines/coverity.yml
+++ b/azure-pipelines/coverity.yml
@@ -12,7 +12,7 @@ jobs:
      docker build -t libgit2/xenial --build-arg BASE=ubuntu:xenial -f xenial .
     displayName: 'Build Docker image'
   - task: Docker@0
-    displayName: Build
+    displayName: Analyze
     inputs:
       action: 'Run an image'
       imageName: libgit2/xenial
@@ -22,19 +22,5 @@ jobs:
       envVars: |
        COVERITY_TOKEN=$(COVERITY_TOKEN)
       workDir: '/home/libgit2/build'
-      containerCommand: '/home/libgit2/source/azure-pipelines/coverity-build.sh'
+      containerCommand: '/home/libgit2/source/azure-pipelines/coverity.sh'
       detached: false
-  - task: Docker@0
-    displayName: Publish
-    inputs:
-      action: 'Run an image'
-      imageName: libgit2/xenial
-      volumes: |
-       $(Build.SourcesDirectory):/home/libgit2/source
-       $(Build.BinariesDirectory):/home/libgit2/build
-      envVars: |
-       COVERITY_TOKEN=$(COVERITY_TOKEN)
-      workDir: '/home/libgit2/build'
-      containerCommand: '/home/libgit2/source/azure-pipelines/coverity-publish.sh'
-      detached: false
-    continueOnError: true