xref: /aosp_15_r20/external/tcpdump/.ci-coverity-scan-build.sh (revision 05b00f6010a2396e3db2409989fc67270046269f) 
1*05b00f60SXin Li#!/bin/sh
2*05b00f60SXin Li
3*05b00f60SXin Liset -e
4*05b00f60SXin Li
5*05b00f60SXin Li# Environment check
6*05b00f60SXin Liprintf "\033[33;1mNote: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com\033[0m\n"
7*05b00f60SXin Li[ -z "$COVERITY_SCAN_PROJECT_NAME" ] && echo "ERROR: COVERITY_SCAN_PROJECT_NAME must be set" && exit 1
8*05b00f60SXin Li#[ -z "$COVERITY_SCAN_NOTIFICATION_EMAIL" ] && echo "ERROR: COVERITY_SCAN_NOTIFICATION_EMAIL must be set" && exit 1
9*05b00f60SXin Li[ -z "$COVERITY_SCAN_BUILD_COMMAND" ] && echo "ERROR: COVERITY_SCAN_BUILD_COMMAND must be set" && exit 1
10*05b00f60SXin Li[ -z "$COVERITY_SCAN_TOKEN" ] && echo "ERROR: COVERITY_SCAN_TOKEN must be set" && exit 1
11*05b00f60SXin Li
12*05b00f60SXin LiPLATFORM=$(uname)
13*05b00f60SXin LiTOOL_ARCHIVE=/tmp/cov-analysis-${PLATFORM}.tgz
14*05b00f60SXin LiTOOL_URL=https://scan.coverity.com/download/cxx/${PLATFORM}
15*05b00f60SXin LiTOOL_BASE=/tmp/coverity-scan-analysis
16*05b00f60SXin LiUPLOAD_URL="https://scan.coverity.com/builds"
17*05b00f60SXin LiSCAN_URL="https://scan.coverity.com"
18*05b00f60SXin Li
19*05b00f60SXin Li# Verify upload is permitted
20*05b00f60SXin LiAUTH_RES=$(curl -s --form project="$COVERITY_SCAN_PROJECT_NAME" --form token="$COVERITY_SCAN_TOKEN" $SCAN_URL/api/upload_permitted)
21*05b00f60SXin Liif [ "$AUTH_RES" = "Access denied" ]; then
22*05b00f60SXin Li  printf "\033[33;1mCoverity Scan API access denied. Check COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN.\033[0m\n"
23*05b00f60SXin Li  exit 1
24*05b00f60SXin Lielse
25*05b00f60SXin Li  AUTH=$(echo "$AUTH_RES" | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['upload_permitted']")
26*05b00f60SXin Li  if [ "$AUTH" = "true" ]; then
27*05b00f60SXin Li    printf "\033[33;1mCoverity Scan analysis authorized per quota.\033[0m\n"
28*05b00f60SXin Li  else
29*05b00f60SXin Li    WHEN=$(echo "$AUTH_RES" | ruby -e "require 'rubygems'; require 'json'; puts JSON[STDIN.read]['next_upload_permitted_at']")
30*05b00f60SXin Li    printf "\033[33;1mCoverity Scan analysis NOT authorized until %s.\033[0m\n" "$WHEN"
31*05b00f60SXin Li    exit 0
32*05b00f60SXin Li  fi
33*05b00f60SXin Lifi
34*05b00f60SXin Li
35*05b00f60SXin Liif [ ! -d $TOOL_BASE ]; then
36*05b00f60SXin Li  # Download Coverity Scan Analysis Tool
37*05b00f60SXin Li  if [ ! -e "$TOOL_ARCHIVE" ]; then
38*05b00f60SXin Li    printf "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m\n"
39*05b00f60SXin Li    wget -nv -O "$TOOL_ARCHIVE" "$TOOL_URL" --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN"
40*05b00f60SXin Li  fi
41*05b00f60SXin Li
42*05b00f60SXin Li  # Extract Coverity Scan Analysis Tool
43*05b00f60SXin Li  printf "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m\n"
44*05b00f60SXin Li  mkdir -p $TOOL_BASE
45*05b00f60SXin Li  tar xzf "$TOOL_ARCHIVE" -C "$TOOL_BASE"
46*05b00f60SXin Lifi
47*05b00f60SXin Li
48*05b00f60SXin LiTOOL_DIR=$(find $TOOL_BASE -type d -name 'cov-analysis*')
49*05b00f60SXin Liexport PATH=$TOOL_DIR/bin:$PATH
50*05b00f60SXin Li
51*05b00f60SXin Li# Build
52*05b00f60SXin Liprintf "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m\n"
53*05b00f60SXin LiCOV_BUILD_OPTIONS=""
54*05b00f60SXin Li#COV_BUILD_OPTIONS="--return-emit-failures 8 --parse-error-threshold 85"
55*05b00f60SXin LiRESULTS_DIR="cov-int"
56*05b00f60SXin Lieval "${COVERITY_SCAN_BUILD_COMMAND_PREPEND}"
57*05b00f60SXin Li# Do not quote COV_BUILD_OPTIONS so it collapses when it is empty and expands
58*05b00f60SXin Li# when it is not.
59*05b00f60SXin Li# shellcheck disable=SC2086
60*05b00f60SXin LiCOVERITY_UNSUPPORTED=1 cov-build --dir "$RESULTS_DIR" $COV_BUILD_OPTIONS "$COVERITY_SCAN_BUILD_COMMAND"
61*05b00f60SXin Licov-import-scm --dir $RESULTS_DIR --scm git --log $RESULTS_DIR/scm_log.txt 2>&1
62*05b00f60SXin Li
63*05b00f60SXin Li# Upload results
64*05b00f60SXin Liprintf "\033[33;1mTarring Coverity Scan Analysis results...\033[0m\n"
65*05b00f60SXin LiRESULTS_ARCHIVE=analysis-results.tgz
66*05b00f60SXin Litar czf $RESULTS_ARCHIVE $RESULTS_DIR
67*05b00f60SXin LiSHA=$(git rev-parse --short HEAD)
68*05b00f60SXin LiVERSION_SHA=$(cat VERSION)#$SHA
69*05b00f60SXin Li
70*05b00f60SXin Li# Verify Coverity Scan script test mode
71*05b00f60SXin Liif [ "${coverity_scan_script_test_mode:-false}" = true ]; then
72*05b00f60SXin Li  printf "\033[33;1mCoverity Scan configured in script test mode. Exit.\033[0m\n"
73*05b00f60SXin Li  exit 0
74*05b00f60SXin Lifi
75*05b00f60SXin Li
76*05b00f60SXin Liprintf "\033[33;1mUploading Coverity Scan Analysis results...\033[0m\n"
77*05b00f60SXin Liresponse=$(curl \
78*05b00f60SXin Li  --silent --write-out "\n%{http_code}\n" \
79*05b00f60SXin Li  --form project="$COVERITY_SCAN_PROJECT_NAME" \
80*05b00f60SXin Li  --form token="$COVERITY_SCAN_TOKEN" \
81*05b00f60SXin Li  --form email=blackhole@blackhole.io \
82*05b00f60SXin Li  --form file=@$RESULTS_ARCHIVE \
83*05b00f60SXin Li  --form version="$SHA" \
84*05b00f60SXin Li  --form description="$VERSION_SHA" \
85*05b00f60SXin Li  $UPLOAD_URL)
86*05b00f60SXin Listatus_code=$(echo "$response" | sed -n '$p')
87*05b00f60SXin Liif [ "$status_code" != "200" ] && [ "$status_code" != "201" ]; then
88*05b00f60SXin Li  TEXT=$(echo "$response" | sed '$d')
89*05b00f60SXin Li  printf "\033[33;1mCoverity Scan upload failed with HTTP status code '%s': %s.\033[0m\n" "$status_code" "$TEXT"
90*05b00f60SXin Li  exit 1
91*05b00f60SXin Lifi
92