1#!/bin/sh 2 3set -e 4 5# Environment check 6echo -e "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m" 7[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1 8#[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1 9[ -z "$COVERITY_SCAN_BRANCH_PATTERN" ] && echo "ERROR: COVERITY_SCAN_BRANCH_PATTERN must be set" && exit 1 10[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1 11[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1 12 13PLATFORM=`uname` 14TOOL_ARCHIVE=/tmp/cov-analysis-${PLATFORM}.tgz 15TOOL_URL=https://scan.coverity.com/download/cxx/${PLATFORM} 16TOOL_BASE=/tmp/coverity-scan-analysis 17UPLOAD_URL="https://scan.coverity.com/builds" 18SCAN_URL="https://scan.coverity.com" 19 20# Verify Coverity Scan run condition 21COVERITY_SCAN_RUN_CONDITION=${coverity_scan_run_condition:-true} 22echo -ne "\033[33;1mTesting '${COVERITY_SCAN_RUN_CONDITION}' condition... " 23if eval [ $COVERITY_SCAN_RUN_CONDITION ]; then 24 echo -e "True.\033[0m" 25else 26 echo -e "False. Exit.\033[0m" 27 exit 0 28fi 29 30# Do not run on pull requests 31if [ "${TRAVIS_PULL_REQUEST}" = "true" ]; then 32 echo -e "\033[33;1mINFO: Skipping Coverity Analysis: branch is a pull request.\033[0m" 33 exit 0 34fi 35 36# Verify this branch should run 37IS_COVERITY_SCAN_BRANCH=`ruby -e "puts '${TRAVIS_BRANCH}' =~ /\\A$COVERITY_SCAN_BRANCH_PATTERN\\z/ ? 1 : 0"` 38if [ "$IS_COVERITY_SCAN_BRANCH" = "1" ]; then 39 echo -e "\033[33;1mCoverity Scan configured to run on branch ${TRAVIS_BRANCH}\033[0m" 40else 41 echo -e "\033[33;1mCoverity Scan NOT configured to run on branch ${TRAVIS_BRANCH}\033[0m" 42 exit 1 43fi 44 45# Verify upload is permitted 46AUTH_RES=`curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted` 47if [ "$AUTH_RES" = "Access denied" ]; then 48 echo -e "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m" 49 exit 1 50else 51 AUTH=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']"` 52 if [ "$AUTH" = "true" ]; then 53 echo -e "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m" 54 else 55 WHEN=`echo $AUTH_RES | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']"` 56 echo -e "\033[33;1mCoverity Scan analysis NOT authorized until $WHEN.\033[0m" 57 exit 0 58 fi 59fi 60 61if [ ! -d $TOOL_BASE ]; then 62 # Download Coverity Scan Analysis Tool 63 if [ ! -e $TOOL_ARCHIVE ]; then 64 echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m" 65 wget -nv -O $TOOL_ARCHIVE $TOOL_URL --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" 66 fi 67 68 # Extract Coverity Scan Analysis Tool 69 echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m" 70 mkdir -p $TOOL_BASE 71 pushd $TOOL_BASE 72 tar xzf $TOOL_ARCHIVE 73 popd 74fi 75 76TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'` 77export PATH=$TOOL_DIR/bin:$PATH 78 79# Build 80echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m" 81COV_BUILD_OPTIONS="" 82#COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85" 83RESULTS_DIR="cov-int" 84eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}" 85COVERITY_UNSUPPORTED=1 cov-build --dir $RESULTS_DIR $COV_BUILD_OPTIONS $COVERITY_SCAN_BUILD_COMMAND 86cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt 2>&1 87 88# Upload results 89echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m" 90RESULTS_ARCHIVE=analysis-results.tgz 91tar czf $RESULTS_ARCHIVE $RESULTS_DIR 92SHA=`git rev-parse --short HEAD` 93VERSION_SHA=$(cat VERSION)#$SHA 94 95# Verify Coverity Scan script test mode 96if [ "$coverity_scan_script_test_mode" = true ]; then 97 echo -e "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m" 98 exit 0 99fi 100 101echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m" 102response=$(curl \ 103 --silent --write-out "\n%{http_code}\n" \ 104 --form project=$COVERITY_SCAN_PROJECT_NAME \ 105 --form token=$COVERITY_SCAN_TOKEN \ 106 --form email=blackhole@blackhole.io \ 107 --form file=@$RESULTS_ARCHIVE \ 108 --form version=$SHA \ 109 --form description="$VERSION_SHA" \ 110 $UPLOAD_URL) 111status_code=$(echo "$response" | sed -n '$p') 112if [ "$status_code" != "201" ]; then 113 TEXT=$(echo "$response" | sed '$d') 114 echo -e "\033[33;1mCoverity Scan upload failed: $TEXT.\033[0m" 115 exit 1 116fi 117