From: Evgeny Vereshchagin <evvers@ya.ru>
Date: Mon, 13 Jul 2020 16:01:47 +0000 (+0000)
Subject: travis: integrate util-linux with Coverity Scan
X-Git-Tag: v2.36~55^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=07919e55b07976c95d2f89dc617bade5742fb0ab;p=thirdparty%2Futil-linux.git

travis: integrate util-linux with Coverity Scan

For this to work, a daily cron job running on the master branch
should be added: https://docs.travis-ci.com/user/cron-jobs/

The report can found at https://scan.coverity.com/projects/karelzak-util-linux

Signed-off-by: Evgeny Vereshchagin <evvers@ya.ru>
---

diff --git a/.travis-functions.sh b/.travis-functions.sh
index 509e2a9258..9cdc2357fa 100755
--- a/.travis-functions.sh
+++ b/.travis-functions.sh
@@ -30,6 +30,10 @@ fi
 MAKE="make -j2"
 DUMP_CONFIG_LOG="short"
 
+# Coverity-related settings
+COVERITY_SCAN_TOOL_BASE="/tmp/coverity-scan-analysis"
+COVERITY_SCAN_PROJECT_NAME="karelzak/util-linux"
+
 # workaround ugly warning on travis OSX,
 # see https://github.com/direnv/direnv/issues/210
 shell_session_update() { :; }
@@ -124,6 +128,43 @@ function check_root
 	sudo env "PATH=$PATH" $MAKE install || return
 }
 
+function run_coverity
+{
+	local results_dir="cov-int"
+	local tool_dir=$(find $COVERITY_SCAN_TOOL_BASE -type d -name 'cov-analysis*')
+	local results_archive="analysis-results.tgz"
+	local sha=$(git rev-parse --short HEAD)
+	local author_email=$(git log -1 --pretty="%aE")
+	local response status_code
+
+	xconfigure --enable-all-programs || return
+	echo -e "\033[33;1mRunning Coverity Scan Analysis Tool...\033[0m"
+	COVERITY_UNSUPPORTED=1 $tool_dir/bin/cov-build --dir $results_dir sh -c "$MAKE check-programs all" || return
+	$tool_dir/bin/cov-import-scm --dir $results_dir --scm git --log $results_dir/scm_log.txt || return
+
+	echo -e "\033[33;1mTarring Coverity Scan Analysis results...\033[0m"
+	tar czf $results_archive $results_dir || return
+
+	echo -e "\033[33;1mUploading Coverity Scan Analysis results...\033[0m"
+	response=$(curl \
+		   --silent --write-out "\n%{http_code}\n" \
+		   --form project=$COVERITY_SCAN_PROJECT_NAME \
+	           --form token=$COVERITY_SCAN_TOKEN \
+	           --form email=$author_email \
+		   --form file=@$results_archive \
+		   --form version=$sha \
+		   --form description="Travis CI build" \
+		   https://scan.coverity.com/builds)
+	printf "\033[33;1mThe response is\033[0m\n%s\n" "$response"
+	status_code=$(echo "$response" | sed -n '$p')
+	if [ "$status_code" != "200" ]; then
+		echo -e "\033[33;1mCoverity Scan upload failed: $(echo "$response" | sed '$d').\033[0m"
+		return 1
+	fi
+
+	echo -e "\n\033[33;1mCoverity Scan Analysis completed successfully.\033[0m"
+}
+
 function check_dist
 {
 	xconfigure \
@@ -181,6 +222,27 @@ function travis_install_script
 		libsystemd-daemon-dev \
 		libsystemd-journal-dev \
 		|| true
+
+	if [ "$TRAVIS_BUILD_STAGE_NAME" = "Coverity" ]; then
+		coverity_install_script
+		return
+	fi
+}
+
+function coverity_install_script
+{
+	local platform=$(uname)
+	local tool_url="https://scan.coverity.com/download/${platform}"
+	local tool_archive="/tmp/cov-analysis-${platform}.tgz"
+
+	echo -e "\033[33;1mDownloading Coverity Scan Analysis Tool...\033[0m"
+	wget -nv -O $tool_archive $tool_url --post-data "project=$COVERITY_SCAN_PROJECT_NAME&token=$COVERITY_SCAN_TOKEN" || return
+
+	echo -e "\033[33;1mExtracting Coverity Scan Analysis Tool...\033[0m"
+	mkdir -p $COVERITY_SCAN_TOOL_BASE
+	pushd $COVERITY_SCAN_TOOL_BASE
+	tar xzf $tool_archive || return
+	popd
 }
 
 function osx_install_script
@@ -233,6 +295,13 @@ function travis_before_script
 function travis_script
 {
 	local ret
+
+	# run_coverity should be run before set -o xtrace so as not to expose COVERITY_SCAN_TOKEN
+	if [ "$TRAVIS_BUILD_STAGE_NAME" = "Coverity" ]; then
+		run_coverity
+		return
+	fi
+
 	set -o xtrace
 
 	case "$MAKE_CHECK" in
diff --git a/.travis.yml b/.travis.yml
index b703b2dded..87cc0a615a 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -15,7 +15,13 @@ env:
   - MAKE_CHECK="root"
   - MAKE_CHECK="dist"
 
-matrix:
+stages:
+  - name: Coverity
+    if: type = cron
+  - name: Test
+    if: type != cron
+
+jobs:
   include:
     # test old Ubuntu 12.04 and OSX for compatibility
     - dist: precise
@@ -34,6 +40,11 @@ matrix:
     - arch: s390x
       compiler: gcc-10
       env: MAKE_CHECK="root"
+    - stage: Coverity
+      compiler: gcc
+      env:
+        # Generated with `travis encrypt -r karelzak/util-linux COVERITY_SCAN_TOKEN=***`
+        - secure: cqwhidkCY+BckuBwmBevstLCHJm9aS2pQnYB3xGiz9JeqwW/x5h9pMElQdTFWw3AD2p5DzKzuW9nUtqNVzMSUWdPBrQGeuBT5tJW5eFeP/9mb5CG1/+w5xzOaZ/+3CK0gtcMSyRhGl2NeuLlimj6hzy37cUTSmBVHzGMZLD51As=
 
 branches:
   only: