Download Coverity Scan analysis tool to /tmp

Downloading and unpacking Coverity Scan analysis tool tarball
(cov-analysis-linux64.tgz) to $CI_PROJECT_DIR interferes with the
execution of the analysis tool when the --fs-capture-search option is
used because the tool starts to analyze some of its Javascript files.
(There's the --fs-capture-search-exclude-regex <path> option, but I
failed to find a way to make it work.)

(cherry picked from commit 1333bdf67e2fd30907ee17bb165e1ac46d969f81)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 631b44244d177bd2758a821c420fa5590c9fff0e..ea7231c22e85e520620e018d9b29a89a56742968 100644 (file)
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -1252,24 +1252,24 @@ release:
 # Coverity Scan analysis upload
 
 .coverity_prep: &coverity_prep
-  - curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64
+  - curl --output /tmp/cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64
          --form project=$COVERITY_SCAN_PROJECT_NAME
          --form token=$COVERITY_SCAN_TOKEN
          --form md5=1
-  - curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
+  - curl --output /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
          --form project=$COVERITY_SCAN_PROJECT_NAME
          --form token=$COVERITY_SCAN_TOKEN
-  - test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)"
-  - tar --extract --gzip --file=cov-analysis-linux64.tgz
-  - test -d cov-analysis-linux64-2021.12.1
+  - test "$(md5sum /tmp/cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat /tmp/cov-analysis-linux64.md5)"
+  - tar --extract --gzip --file=/tmp/cov-analysis-linux64.tgz --directory=/tmp
+  - test -d /tmp/cov-analysis-linux64-2021.12.1
 
 .coverity_build: &coverity_build
-  - cov-analysis-linux64-2021.12.1/bin/cov-build --dir cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
-  - tar --create --gzip --file=cov-int.tar.gz cov-int/
+  - /tmp/cov-analysis-linux64-2021.12.1/bin/cov-build --dir /tmp/cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1'
+  - tar --create --gzip --file=/tmp/cov-int.tar.gz --directory /tmp cov-int
   - curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
         --form token=$COVERITY_SCAN_TOKEN
         --form email=bind-changes@isc.org
-        --form file=@cov-int.tar.gz
+        --form file=@/tmp/cov-int.tar.gz
         --form version="$(git rev-parse --short HEAD)"
         --form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1
         | tee curl-response.txt
@@ -1286,6 +1286,8 @@ coverity:
     - *coverity_prep
     - *configure
     - *coverity_build
+  after_script:
+    - mv -v /tmp/cov-int.tar.gz ${CI_PROJECT_DIR}/
   needs:
     - job: autoreconf
       artifacts: true