1#!/bin/sh 2 3set -e 4 5# Environment check 6printf "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m\n" 7[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1 8#[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1 9[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1 10[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1 11 12PLATFORM=$(uname) 13TOOL_ARCHIVE=/tmp/cov-analysis-${PLATFORM}.tgz 14TOOL_URL=https://scan.coverity.com/download/cxx/${PLATFORM} 15TOOL_BASE=/tmp/coverity-scan-analysis 16UPLOAD_URL="https://scan.coverity.com/builds" 17SCAN_URL="https://scan.coverity.com" 18 19# Verify upload is permitted 20AUTH_RES=$(curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted) 21if [ "$AUTH_RES" = "Access denied" ]; then 22 printf "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m\n" 23 exit 1 24else 25 AUTH=$(echo "$AUTH_RES" | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']") 26 if [ "$AUTH" = "true" ]; then 27 printf "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m\n" 28 else 29 WHEN=$(echo "$AUTH_RES" | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']") 30 printf "\033[33;1mCoverity Scan analysis NOT authorized until %s.\033[0m\n" "$WHEN" 31 exit 0 32 fi 33fi 34 35if [ ! -d $TOOL_BASE ]; then 36 # Download Coverity Scan Analysis Tool 37 if [ ! -e "$TOOL_ARCHIVE" ]; then 38 printf "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m\n" 39 wget -nv -O "$TOOL_ARCHIVE" "$TOOL_URL" --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" 40 fi 41 42 # Extract Coverity Scan Analysis Tool 43 printf "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m\n" 44 mkdir -p $TOOL_BASE 45 tar xzf "$TOOL_ARCHIVE" -C "$TOOL_BASE" 46fi 47 48TOOL_DIR=$(find $TOOL_BASE -type d -name 'cov-analysis*') 49export PATH=$TOOL_DIR/bin:$PATH 50 51# Build 52printf "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m\n" 53COV_BUILD_OPTIONS="" 54#COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85" 55RESULTS_DIR="cov-int" 56eval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}" 57# Do not quote COV_BUILD_OPTIONS so it collapses when it is empty and expands 58# when it is not. 59# shellcheck disable=SC2086 60COVERITY_UNSUPPORTED=1 cov-build --dir "$RESULTS_DIR" $COV_BUILD_OPTIONS "$COVERITY_SCAN_BUILD_COMMAND" 61cov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt 2>&1 62 63# Upload results 64printf "\033[33;1mTarring Coverity Scan Analysis results...\033[0m\n" 65RESULTS_ARCHIVE=analysis-results.tgz 66tar czf $RESULTS_ARCHIVE $RESULTS_DIR 67SHA=$(git rev-parse --short HEAD) 68VERSION_SHA=$(cat VERSION)#$SHA 69 70# Verify Coverity Scan script test mode 71if [ "${coverity_scan_script_test_mode:-false}" = true ]; then 72 printf "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m\n" 73 exit 0 74fi 75 76printf "\033[33;1mUploading Coverity Scan Analysis results...\033[0m\n" 77response=$(curl \ 78 --silent --write-out "\n%{http_code}\n" \ 79 --form project="$COVERITY_SCAN_PROJECT_NAME" \ 80 --form token="$COVERITY_SCAN_TOKEN" \ 81 --form email=blackhole@blackhole.io \ 82 --form file=@$RESULTS_ARCHIVE \ 83 --form version="$SHA" \ 84 --form description="$VERSION_SHA" \ 85 $UPLOAD_URL) 86status_code=$(echo "$response" | sed -n '$p') 87if [ "$status_code" != "200" ] && [ "$status_code" != "201" ]; then 88 TEXT=$(echo "$response" | sed '$d') 89 printf "\033[33;1mCoverity Scan upload failed with HTTP status code '%s': %s.\033[0m\n" "$status_code" "$TEXT" 90 exit 1 91fi 92