From: Michal Nowak <mnowak@isc.org>
Date: Wed, 12 Feb 2020 10:01:35 +0000 (+0000)
Subject: Add Coverity Scan to CI
X-Git-Tag: v9.14.11~5^2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=27ff22ff3701dd80761420fc767d238970d6a81b;p=thirdparty%2Fbind9.git

Add Coverity Scan to CI

This job requires two CI variables to be set:

  - COVERITY_SCAN_PROJECT_NAME: project name, which is associated with
    the BIND branch for which this job is executed, e.g. "bind-master",

  - COVERITY_SCAN_TOKEN: project token.

(cherry picked from commit e8392e4bb911366b65cdc461ec907d9e1a68bf54)
---

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index d86ec6bf246..5098d83f2b6 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1086,3 +1086,61 @@ release:sid:amd64:
     paths:
       - "*.tar.gz"
     expire_in: "1 day"
+
+# Coverity Scan analysis upload
+
+.coverity_cache_prep: &coverity_cache_prep |
+  test -f cov-analysis-linux64.md5 && test -f cov-analysis-linux64.tgz || (
+  curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 \
+       --form project=$COVERITY_SCAN_PROJECT_NAME \
+       --form token=$COVERITY_SCAN_TOKEN \
+       --form md5=1
+  curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 \
+       --form project=$COVERITY_SCAN_PROJECT_NAME \
+       --form token=$COVERITY_SCAN_TOKEN
+  )
+  test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)"
+  tar --extract --gzip --file=cov-analysis-linux64.tgz
+  test -d cov-analysis-linux64-2019.03
+
+.coverity_build: &coverity_build |
+  cov-analysis-linux64-2019.03/bin/cov-build --dir cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
+  tar --create --gzip --file=cov-int.tar.gz cov-int/
+  curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME \
+       --form token=$COVERITY_SCAN_TOKEN \
+       --form email=bind-changes@isc.org \
+       --form file=@cov-int.tar.gz \
+       --form version="$(git rev-parse --short HEAD)" \
+       --form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1 \
+       | tee curl-response.txt
+  grep -q 'Build successfully submitted' curl-response.txt
+
+build:coverity:sid:amd64:
+  <<: *debian_sid_amd64_image
+  stage: build
+  variables:
+    CC: gcc
+    CFLAGS: "${CFLAGS_COMMON} -O3"
+    EXTRA_CONFIGURE: "--enable-dnstap --with-libidn2"
+  script:
+    - *coverity_cache_prep
+    - *configure
+    - *coverity_build
+  dependencies:
+    - autoreconf:sid:amd64
+  needs:
+    - autoreconf:sid:amd64
+  artifacts:
+    paths:
+      - curl-response.txt
+      - cov-int.tar.gz
+    expire_in: "1 week"
+    when: on_failure
+  only:
+    - schedules
+    - web
+  cache:
+    key: cov-analysis-linux64-2019.03
+    paths:
+      - cov-analysis-linux64.md5
+      - cov-analysis-linux64.tgz