#!/usr/bin/env bash
#
# Coverity scan script
#
# Copyright: SPDX-License-Identifier: GPL-3.0-or-later
#
# Author : Costa Tsaousis (costa@netdata.cloud)
# Author : Pawel Krupa (paulfantom)
# Author : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
# shellcheck disable=SC1091,SC2230,SC2086
# To run manually, save configuration to .coverity-scan.conf like this:
#
# the repository to report to coverity - devs can set here their own fork
# REPOSITORY="netdata/netdata"
#
# the email of the developer, as given to coverity
# COVERITY_SCAN_SUBMIT_MAIL="you@example.com"
#
# the token given by coverity to the developer
# COVERITY_SCAN_TOKEN="TOKEN taken from Coverity site"
#
# the absolute path of the cov-build - optional
# COVERITY_BUILD_PATH="/opt/cov-analysis-linux64-2021.12/bin/cov-build"
#
# when set, the script will print on screen the curl command that submits the build to coverity
# this includes the token, so the default is not to print it.
# COVERITY_SUBMIT_DEBUG=1
#
# Override the standard coverity build version we know is supported
# COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
#
# All these variables can also be exported before running this script.
#
# If the first parameter of this script is "install",
# coverity build tools will be downloaded and installed in /opt/coverity
set -e
INSTALL_DIR="/opt"
# the version of coverity to use
COVERITY_BUILD_VERSION="${COVERITY_BUILD_VERSION:-cov-analysis-linux64-2023.6.2}"
SCRIPT_SOURCE="$(
self=${0}
while [ -L "${self}" ]
do
cd "${self%/*}" || exit 1
self=$(readlink "${self}")
done
cd "${self%/*}" || exit 1
echo "$(pwd -P)/${self##*/}"
)"
REPO_ROOT="$(dirname "${SCRIPT_SOURCE}")/../.."
. "${REPO_ROOT}/packaging/installer/functions.sh"
JOBS=$(find_processors)
[ -z "${JOBS}" ] && JOBS=1
if command -v ninja 2>&1; then
ninja="$(command -v ninja)"
fi
CMAKE_OPTS="${ninja:+-G Ninja}"
BUILD_OPTS="VERBOSE=1"
[ -n "${ninja}" ] && BUILD_OPTS="-v"
NETDATA_BUILD_DIR="${NETDATA_BUILD_DIR:-./build/}"
if [ -f ".coverity-scan.conf" ]; then
source ".coverity-scan.conf"
fi
repo="${REPOSITORY}"
if [ -z "${repo}" ]; then
fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
fi
repo="${repo//\//%2F}"
email="${COVERITY_SCAN_SUBMIT_MAIL}"
if [ -z "${email}" ]; then
fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
fi
token="${COVERITY_SCAN_TOKEN}"
if [ -z "${token}" ]; then
fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
fi
if ! command -v curl > /dev/null 2>&1; then
fatal "CURL is required for coverity scan to work"
fi
# only print the output of a command
# when debugging is enabled
# used to hide the token when debugging is not enabled
debugrun() {
if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]; then
run "${@}"
return $?
else
"${@}"
return $?
fi
}
scanit() {
progress "Scanning using coverity"
COVERITY_PATH=$(find "${INSTALL_DIR}" -maxdepth 1 -name 'cov*linux*')
export PATH=${PATH}:${COVERITY_PATH}/bin/
covbuild="${COVERITY_BUILD_PATH}"
[ -z "${covbuild}" ] && covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
if [ -z