diff options
author | Costa Tsaousis <costa@tsaousis.gr> | 2019-08-31 21:10:53 +0300 |
---|---|---|
committer | Paul Emm. Katsoulakis <34388743+paulkatsoulakis@users.noreply.github.com> | 2019-08-31 21:10:53 +0300 |
commit | fd9eb73ccc705846eeaf816c590187077a9b7450 (patch) | |
tree | 1d2f5a15ef2404f6a284e8e1ceac6d43ae69259b | |
parent | 59dd72b8efef91a78a462972c1ddadfb09fd4557 (diff) |
make coverity-scan.sh usable by hand (#6747)
* make coverity-scan.sh usable by hand
* updated debug variable and docs
* merge coverity-scan.sh and coverity-install.sh
-- MERGING AND TAKING OVER FURTHER IMPROVEMENTS as agreed --
-rw-r--r-- | .gitignore | 3 | ||||
-rwxr-xr-x | coverity-install.sh | 36 | ||||
-rwxr-xr-x | coverity-scan.sh | 181 |
3 files changed, 145 insertions, 75 deletions
diff --git a/.gitignore b/.gitignore index 4251aff4e1..52a108f7fd 100644 --- a/.gitignore +++ b/.gitignore @@ -77,8 +77,7 @@ packaging/makeself/tmp/ # coverity cov-int/ netdata-coverity-analysis.tgz -.coverity-token -.coverity-build +.coverity-scan.conf .cproject/ .idea/ diff --git a/coverity-install.sh b/coverity-install.sh index 16e999311e..83d2ad92f5 100755 --- a/coverity-install.sh +++ b/coverity-install.sh @@ -5,38 +5,4 @@ # # Author: Pavlos Emm. Katsoulakis (paul@netdata.cloud) -token="${COVERITY_SCAN_TOKEN}" -([ -z "${token}" ] && [ -f .coverity-token ]) && token="$(<.coverity-token)" -if [ -z "${token}" ]; then - echo >&2 "Save the coverity token to .coverity-token or export it as COVERITY_SCAN_TOKEN." - exit 1 -fi - -covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" -([ -z "${covbuild}" ] && [ -f .coverity-build ]) && covbuild="$(<.coverity-build)" -if [ ! -z "${covbuild}" ]; then - echo >&2 "Coverity already installed, nothing to do!" - exit 0 -fi - -echo >&2 "Installing coverity..." -WORKDIR="/opt/coverity-source" -mkdir -p "${WORKDIR}" - -curl -SL --data "token=${token}&project=${REPOSITORY}" https://scan.coverity.com/download/linux64 > "${WORKDIR}/coverity_tool.tar.gz" -if [ -f "${WORKDIR}/coverity_tool.tar.gz" ]; then - tar -x -C "${WORKDIR}" -f "${WORKDIR}/coverity_tool.tar.gz" - sudo mv "${WORKDIR}/cov-analysis-linux64-2019.03" /opt/coverity - export PATH=${PATH}:/opt/coverity/bin/ -else - echo "Failed to download coverity tool tarball!" -fi - -# Validate the installation -covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" -if [ -z "$covbuild" ]; then - echo "Failed to install coverity!" - exit 1 -else - echo >&2 "Coverity scan installed!" -fi +exec ./coverity-scan.sh install "${@}" diff --git a/coverity-scan.sh b/coverity-scan.sh index 977a2c2967..ee8f19e7fc 100755 --- a/coverity-scan.sh +++ b/coverity-scan.sh @@ -1,62 +1,167 @@ #!/usr/bin/env bash # Coverity scan script # -# To run this script you need to provide API token. This can be done either by: -# - Putting token in ".coverity-token" file -# - Assigning token value to COVERITY_SCAN_TOKEN environment variable -# # Copyright: SPDX-License-Identifier: GPL-3.0-or-later # # Author : Costa Tsaousis (costa@netdata.cloud) # Author : Pawel Krupa (paulfantom) # Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud) -cpus=$(grep -c ^processor </proc/cpuinfo) +# To run manually, save configuration to .coverity-scan.conf like this: +# +# the repository to report to coverity - devs can set here their own fork +# REPOSITORY="netdata/netdata" +# +# the email of the developer, as given to coverity +# COVERITY_SCAN_SUBMIT_MAIL="you@example.com" +# +# the token given by coverity to the developer +# COVERITY_SCAN_TOKEN="TOKEN taken from Coverity site" +# +# the absolute path of the cov-build - optional +# COVERITY_BUILD_PATH="/opt/cov-analysis-linux64-2019.03/bin/cov-build" +# +# when set, the script will print on screen the curl command that submits the build to coverity +# this includes the token, so the default is not to print it. +# COVERITY_SUBMIT_DEBUG=1 +# +# All these variables can also be exported before running this script. +# +# If the first parameter of this script is "install", +# coverity build tools will be downloaded and installed in /opt/coverity + +# the version of coverity to use +COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03" + +source packaging/installer/functions.sh || exit 1 + +cpus=$(find_processors) [ -z "${cpus}" ] && cpus=1 +if [ -f ".coverity-scan.conf" ] +then + source ".coverity-scan.conf" || exit 1 +fi + +repo="${REPOSITORY}" +if [ -z "${repo}" ]; then + fatal "export variable REPOSITORY or set it in .coverity-scan.conf" +fi +repo="${repo//\//%2F}" + +email="${COVERITY_SCAN_SUBMIT_MAIL}" +if [ -z "${email}" ]; then + fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf" +fi + token="${COVERITY_SCAN_TOKEN}" -([ -z "${token}" ] && [ -f .coverity-token ]) && token="$(<.coverity-token)" if [ -z "${token}" ]; then - echo >&2 "Save the coverity token to .coverity-token or export it as COVERITY_SCAN_TOKEN." - exit 1 + fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf" fi -export PATH=${PATH}:/opt/coverity/bin/ -covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" -([ -z "${covbuild}" ] && [ -f .coverity-build ]) && covbuild="$(<.coverity-build)" -if [ -z "${covbuild}" ]; then - echo >&2 "Cannot find 'cov-build' binary in \$PATH." - exit 1 -elif [ ! -x "${covbuild}" ]; then - echo >&2 "The command ${covbuild} is not executable. Save command the full filename of cov-build in .coverity-build" - exit 1 -fi +# only print the output of a command +# when debugging is enabled +# used to hide the token when debugging is not enabled +debugrun() { + if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ] + then + run "${@}" + return $? + else + "${@}" + return $? + fi +} + +scanit() { + export PATH="${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/" + covbuild="${COVERITY_BUILD_PATH}" + [ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" + if [ -z "${covbuild}" ]; then + fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf" + elif [ ! -x "${covbuild}" ]; then + fatal "The command '${covbuild}' is not executable. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf" + fi + + version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)" + progress "Working on netdata version: ${version}" + + progress "Cleaning up old builds..." + run make clean || echo >&2 "Nothing to clean" -version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)" -echo >&2 "Working on netdata version: ${version}" + [ -d "cov-int" ] && rm -rf "cov-int" -echo >&2 "Cleaning up old builds..." -make clean || echo >&2 "Nothing to clean" + [ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz -[ -d "cov-int" ] && rm -rf "cov-int" + progress "Configuring netdata source..." + run autoreconf -ivf + run ./configure --disable-lto \ + --enable-https \ + --enable-jsonc \ + --enable-plugin-nfacct \ + --enable-plugin-freeipmi \ + --enable-plugin-cups \ + --enable-backend-prometheus-remote-write \ + ${NULL} -[ -f netdata-coverity-analysis.tgz ] && rm netdata-coverity-analysis.tgz + # TODO: enable these plugins too + # --enable-plugin-xenstat \ + # --enable-backend-kinesis \ + # --enable-backend-mongodb \ -autoreconf -ivf -./configure --enable-plugin-nfacct --enable-plugin-freeipmi -"${covbuild}" --dir cov-int make -j${cpus} || exit 1 + progress "Analyzing netdata..." + run "${covbuild}" --dir cov-int make -j${cpus} || exit 1 -echo >&2 "Compressing data..." -tar czvf netdata-coverity-analysis.tgz cov-int || exit 1 + echo >&2 "Compressing analysis..." + run tar czvf netdata-coverity-analysis.tgz cov-int || exit 1 -echo >&2 "Sending analysis for version ${version} ..." -COVERITY_SUBMIT_RESULT=$(curl --progress-bar --form token="${token}" \ - --form email=${COVERITY_SCAN_SUBMIT_MAIL} \ - --form file=@netdata-coverity-analysis.tgz \ - --form version="${version}" \ - --form description="netdata, real-time performance monitoring, done right." \ - https://scan.coverity.com/builds?project=${REPOSITORY}) + echo >&2 "Sending analysis to coverity for netdata version ${version} ..." + COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \ + --form token="${token}" \ + --form email=${email} \ + --form file=@netdata-coverity-analysis.tgz \ + --form version="${version}" \ + --form description="netdata, monitor everything, in real-time." \ + https://scan.coverity.com/builds?project=${repo}) -echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}" + echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}" -echo >&2 "Coverity scan mechanism completed" + progress "Coverity scan completed" +} + +installit() { + progress "Downloading coverity..." + cd /tmp || exit 1 + + [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ] && run rm -f "${COVERITY_BUILD_VERSION}.tar.gz" + debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64 + + if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then + progress "Installing coverity..." + cd /opt || exit 1 + run sudo tar -z -x -f "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1 + rm "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" + export PATH=${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/ + else + fatal "Failed to download coverity tool tarball!" + fi + + # Validate the installation + covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)" + if [ -z "$covbuild" ]; then + fatal "Failed to install coverity." + fi + + progress "Coverity scan tools are installed." + return 0 +} + +if [ "${1}" = "install" ] +then + shift 1 + installit "${@}" + exit $? +else + scanit "${@}" + exit $? +fi |