ci: simplify the Coverity script a bit

Also, address https://github.com/systemd/systemd/pull/24252#issuecomment-1208747320 by using a pre-defined e-mail address stored in the GH Action secrets.
author: Frantisek Sumsal <frantisek@sumsal.cz> 2022-08-09 14:43:28 +0200
committer: Frantisek Sumsal <frantisek@sumsal.cz> 2022-08-11 10:57:25 +0200
commit: 176086a2ecef0274bdbdaf4ea00eb54c071bbb63 (patch)
tree: fa387592b29a3ad817da092c83482e4dfb9b9de8 /tools
parent: e8d0eb3915ac33cc0d3da87a836cee6e61645227 (diff)
download: systemd-176086a2ecef0274bdbdaf4ea00eb54c071bbb63.tar.gz
2 files changed, 40 insertions, 246 deletions
diff --git a/tools/coverity.sh b/tools/coverity.sh
index f140b78174..361376fd21 100755
--- a/tools/coverity.sh
+++ b/tools/coverity.sh
@@ -1,228 +1,62 @@
 #!/usr/bin/env bash
 # SPDX-License-Identifier: LGPL-2.1-or-later
 
-# The official unmodified version of the script can be found at
-# https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh
+set -eux
 
-set -e
+COVERITY_SCAN_TOOL_BASE="/tmp/coverity-scan-analysis"
+COVERITY_SCAN_PROJECT_NAME="systemd/systemd"
 
-# Declare build command
-COVERITY_SCAN_BUILD_COMMAND="ninja -C cov-build"
+function coverity_install_script {
+    local platform tool_url tool_archive
 
-# Environment check
-# Use default values if not set
-SCAN_URL=${SCAN_URL:="https://scan.coverity.com"}
-TOOL_BASE=${TOOL_BASE:="/tmp/coverity-scan-analysis"}
-UPLOAD_URL=${UPLOAD_URL:="https://scan.coverity.com/builds"}
+    platform=$(uname)
+    tool_url="https://scan.coverity.com/download/${platform}"
+    tool_archive="/tmp/cov-analysis-${platform}.tgz"
 
-# These must be set by environment
-echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m"
-[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
-[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
-[ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1
-[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
-[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
+    set +x # this is supposed to hide COVERITY_SCAN_TOKEN
+    echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
+    wget -nv -O "$tool_archive" "$tool_url" --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=${COVERITY_SCAN_TOKEN:?}"
+    set -x
 
-# Verify this branch should run
-if [[ "${CURRENT_REF^^}" =~ "${COVERITY_SCAN_BRANCH_PATTERN^^}" ]]; then
-    echo -e "\033[33;1mCoverity Scan configured to run on branch ${CURRENT_REF}\033[0m"
-else
-    echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${CURRENT_REF}\033[0m"
-    exit 1
-fi
-
-# Verify upload is permitted
-AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted`
-if [ "$AUTH_RES" = "Access denied" ]; then
-    echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m"
-    exit 1
-else
-    AUTH=`echo $AUTH_RES | jq .upload_permitted`
-    if [ "$AUTH" = "true" ]; then
-        echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m"
-    else
-        WHEN=`echo $AUTH_RES | jq .next_upload_permitted_at`
-        echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m"
-        exit 1
-    fi
-fi
-
-TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
-export PATH="$TOOL_DIR/bin:$PATH"
-
-# Disable CCACHE for cov-build to compilation units correctly
-export CCACHE_DISABLE=1
-
-# FUNCTION DEFINITIONS
-# --------------------
-_help()
-{
-    # displays help and exits
-    cat <<-EOF
-		USAGE: $0 [CMD] [OPTIONS]
-
-		CMD
-		  build   Issue Coverity build
-		  upload  Upload coverity archive for analysis
-              Note: By default, archive is created from default results directory.
-                    To provide custom archive or results directory, see --result-dir
-                    and --tar options below.
-
-		OPTIONS
-		  -h,--help     Display this menu and exits
-
-		  Applicable to build command
-		  ---------------------------
-		  -o,--out-dir  Specify Coverity intermediate directory (defaults to 'cov-int')
-		  -t,--tar      bool, archive the output to .tgz file (defaults to false)
-
-		  Applicable to upload command
-		  ----------------------------
-		  -d, --result-dir   Specify result directory if different from default ('cov-int')
-		  -t, --tar ARCHIVE  Use custom .tgz archive instead of intermediate directory or pre-archived .tgz
-                         (by default 'analysis-result.tgz'
-	EOF
-    return;
-}
-
-_pack()
-{
-    RESULTS_ARCHIVE=${RESULTS_ARCHIVE:-'analysis-results.tgz'}
-
-    echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
-    tar czf $RESULTS_ARCHIVE $RESULTS_DIR
-    SHA=`git rev-parse --short HEAD`
-
-    PACKED=true
+    mkdir -p "$COVERITY_SCAN_TOOL_BASE"
+    pushd "$COVERITY_SCAN_TOOL_BASE"
+    tar xzf "$tool_archive"
+    popd
 }
 
+function run_coverity {
+    local results_dir tool_dir results_archive sha response status_code
 
-_build()
-{
-    echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
-    local _cov_build_options=""
-    #local _cov_build_options="--return-emit-failures 8 --parse-error-threshold 85"
-    eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
-    COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $_cov_build_options sh -c "$COVERITY_SCAN_BUILD_COMMAND"
-    cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt
+    results_dir="cov-int"
+    tool_dir=$(find "$COVERITY_SCAN_TOOL_BASE" -type d -name 'cov-analysis*')
+    results_archive="analysis-results.tgz"
+    sha=$(git rev-parse --short HEAD)
 
-    if [ $? != 0 ]; then
-	echo -e "\033[33;1mCoverity Scan Build failed: $TEXT.\033[0m"
-	return 1
-    fi
-
-    [ -z $TAR ] || [ $TAR = false ] && return 0
+    meson -Dman=false build
+    COVERITY_UNSUPPORTED=1 "$tool_dir/bin/cov-build" --dir "$results_dir" sh -c "ninja -C ./build -v"
+    "$tool_dir/bin/cov-import-scm" --dir "$results_dir" --scm git --log "$results_dir/scm_log.txt"
 
-    if [ "$TAR" = true ]; then
-	_pack
-    fi
-}
+    tar czf "$results_archive" "$results_dir"
 
-
-_upload()
-{
-    # pack results
-    [ -z $PACKED ] || [ $PACKED = false ] && _pack
-
-    # Upload results
+    set +x # this is supposed to hide COVERITY_SCAN_TOKEN
     echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
     response=$(curl \
-	           --silent --write-out "\n%{http_code}\n" \
-	           --form project=$COVERITY_SCAN_PROJECT_NAME \
-	           --form token=$COVERITY_SCAN_TOKEN \
-	           --form email=$COVERITY_SCAN_NOTIFICATION_EMAIL \
-	           --form file=@$RESULTS_ARCHIVE \
-	           --form version=$SHA \
-	           --form description="Travis CI build" \
-	           $UPLOAD_URL)
+               --silent --write-out "\n%{http_code}\n" \
+               --form project="$COVERITY_SCAN_PROJECT_NAME" \
+               --form token="${COVERITY_SCAN_TOKEN:?}" \
+               --form email="${COVERITY_SCAN_NOTIFICATION_EMAIL:?}" \
+               --form file="@$results_archive" \
+               --form version="$sha" \
+               --form description="Daily build" \
+               https://scan.coverity.com/builds)
     printf "\033[33;1mThe response is\033[0m\n%s\n" "$response"
     status_code=$(echo "$response" | sed -n '$p')
-    # Coverity Scan used to respond with 201 on successfully receiving analysis results.
-    # Now for some reason it sends 200 and may change back in the foreseeable future.
-    # See https://github.com/pmem/pmdk/commit/7b103fd2dd54b2e5974f71fb65c81ab3713c12c5
     if [ "$status_code" != "200" ]; then
-	TEXT=$(echo "$response" | sed '$d')
-	echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m"
-	exit 1
+        echo -e "\033[33;1mCoverity Scan upload failed: $(echo "$response" | sed '$d').\033[0m"
+        return 1
     fi
-
-    echo -e "\n\033[33;1mCoverity Scan Analysis completed successfully.\033[0m"
-    exit 0
+    set -x
 }
 
-# PARSE COMMAND LINE OPTIONS
-# --------------------------
-
-case $1 in
-    -h|--help)
-	_help
-	exit 0
-	;;
-    build)
-	CMD='build'
-	TEMP=`getopt -o ho:t --long help,out-dir:,tar -n '$0' -- "$@"`
-	_ec=$?
-	[[ $_ec -gt 0 ]] && _help && exit $_ec
-	shift
-	;;
-    upload)
-	CMD='upload'
-	TEMP=`getopt -o hd:t: --long help,result-dir:tar: -n '$0' -- "$@"`
-	_ec=$?
-	[[ $_ec -gt 0 ]] && _help && exit $_ec
-	shift
-	;;
-    *)
-	_help && exit 1 ;;
-esac
-
-RESULTS_DIR='cov-int'
-
-eval set -- "$TEMP"
-if [ $? != 0 ] ; then exit 1 ; fi
-
-# extract options and their arguments into variables.
-if [[ $CMD == 'build' ]]; then
-    TAR=false
-    while true ; do
-	case $1 in
-	    -h|--help)
-		_help
-		exit 0
-		;;
-	    -o|--out-dir)
-		RESULTS_DIR="$2"
-		shift 2
-		;;
-	    -t|--tar)
-		TAR=true
-		shift
-		;;
-	    --) _build; shift ; break ;;
-	    *) echo "Internal error" ; _help && exit 6 ;;
-	esac
-    done
-
-elif [[ $CMD == 'upload' ]]; then
-    while true ; do
-	case $1 in
-	    -h|--help)
-		_help
-		exit 0
-		;;
-	    -d|--result-dir)
-		CHANGE_DEFAULT_DIR=true
-		RESULTS_DIR="$2"
-		shift 2
-		;;
-	    -t|--tar)
-		RESULTS_ARCHIVE="$2"
-		[ -z $CHANGE_DEFAULT_DIR ] || [ $CHANGE_DEFAULT_DIR = false ] && PACKED=true
-		shift 2
-		;;
-	    --) _upload; shift ; break ;;
-	    *) echo "Internal error" ; _help && exit 6 ;;
-	esac
-    done
-
-fi
+coverity_install_script
+run_coverity
diff --git a/tools/get-coverity.sh b/tools/get-coverity.sh
deleted file mode 100755
index b067ed23eb..0000000000
--- a/tools/get-coverity.sh
+++ /dev/null
@@ -1,40 +0,0 @@
-#!/usr/bin/env bash
-# SPDX-License-Identifier: LGPL-2.1-or-later
-
-# Download and extract coverity tool
-
-set -e
-set -o pipefail
-
-# Environment check
-if [ -z "$COVERITY_SCAN_TOKEN" ]; then
-    echo >&2 'ERROR: COVERITY_SCAN_TOKEN must be set'
-    exit 1
-fi
-
-# Use default values if not set
-PLATFORM="$(uname)"
-TOOL_BASE="${TOOL_BASE:-/tmp/coverity-scan-analysis}"
-TOOL_ARCHIVE="${TOOL_ARCHIVE:-/tmp/cov-analysis-${PLATFORM}.tgz}"
-TOOL_URL="https://scan.coverity.com/download/${PLATFORM}"
-
-# Make sure wget is installed
-sudo apt-get update && sudo apt-get -y install wget
-
-# Get coverity tool
-if [ ! -d "$TOOL_BASE" ]; then
-    # Download Coverity Scan Analysis Tool
-    if [ ! -e "$TOOL_ARCHIVE" ]; then
-        echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
-        wget -nv -O "$TOOL_ARCHIVE" "$TOOL_URL" --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
-    fi
-
-    # Extract Coverity Scan Analysis Tool
-    echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
-    mkdir -p "$TOOL_BASE"
-    pushd "$TOOL_BASE"
-    tar xzf "$TOOL_ARCHIVE"
-    popd
-fi
-
-echo -e "\033[33;1mCoverity Scan Analysis Tool can be found at $TOOL_BASE ...\033[0m"
author	Frantisek Sumsal <frantisek@sumsal.cz>	2022-08-09 14:43:28 +0200
committer	Frantisek Sumsal <frantisek@sumsal.cz>	2022-08-11 10:57:25 +0200
commit	176086a2ecef0274bdbdaf4ea00eb54c071bbb63 (patch)
tree	fa387592b29a3ad817da092c83482e4dfb9b9de8 /tools
parent	e8d0eb3915ac33cc0d3da87a836cee6e61645227 (diff)
download	systemd-176086a2ecef0274bdbdaf4ea00eb54c071bbb63.tar.gz