diff options
author | Kieran Bingham <kieran.bingham@ideasonboard.com> | 2021-06-28 23:50:02 +0100 |
---|---|---|
committer | Kieran Bingham <kieran.bingham@ideasonboard.com> | 2021-07-07 11:02:50 +0100 |
commit | bd764934725f1b0a0a9d906a355f9071bc0f2a2c (patch) | |
tree | 7495edec30f17cc78e605961ce259af54a84570a /20-coverity-scan.sh | |
parent | 5eed21511f8aca1e74c6622569e61d32a128cb4f (diff) |
ci: Introduce coverity scan builder
Signed-off-by: Kieran Bingham <kieran.bingham@ideasonboard.com>
Diffstat (limited to '20-coverity-scan.sh')
-rwxr-xr-x | 20-coverity-scan.sh | 98 |
1 files changed, 98 insertions, 0 deletions
diff --git a/20-coverity-scan.sh b/20-coverity-scan.sh new file mode 100755 index 0000000..169fce2 --- /dev/null +++ b/20-coverity-scan.sh @@ -0,0 +1,98 @@ +#!/bin/bash + +# SPDX-License-Identifier: GPL-2.0-or-later +# +# Coverity Scan Static analysis checker +# +# More CI reference at : +# https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/ + +# Stop on error (don't publish bad results) +set -e + +source ./common.sh + +LIBCAMERA=${1:-$(pwd)/libcamera} +ID=coverity + +BRANCH=$(libcamera_branch "$LIBCAMERA") + +check_version "$LIBCAMERA" "$ID" + +logfile=$(log_filename $ID) + +echo "Commencing coverity scan..." > $logfile + +## Parse coverity + +TOKEN=`git config --get coverity.token` +EMAIL=`git config --get coverity.email` + +function get_coverity() { + echo "Downloading Coverity Scan..." + curl -o /tmp/cov-analysis-linux64.tgz \ + --form project=libcamera \ + --form token=$TOKEN \ + https://scan.coverity.com/download/linux64 + tar xfz /tmp/cov-analysis-linux64.tgz + rm /tmp/cov-analysis-linux64.tgz +} + +COVERITY_PATH=./cov-analysis-linux* + +if [ ! -d $COVERITY_PATH ]; +then + get_coverity >> $logfile +fi + +COVERITY_PATH=$(realpath ./cov-analysis-linux*) + +if [ ! -d $COVERITY_PATH ]; +then + echo "Failed to install or obtain Coverity Scan" + exit 1 +fi + + +export PATH=$PATH:$COVERITY_PATH/bin + +echo $PATH + +BUILDDIR="$(builddir $ID)" + +# We must guarantee that coverity builds are not retrieved from any cache +export CCACHE_DISABLE=true + +function build_coverity() { + + rm -rf $BUILDDIR + meson "$BUILDDIR" "$LIBCAMERA" \ + --prefix=/usr \ + -Dv4l2=true \ + -Dandroid=enabled \ + -Ddocumentation=disabled \ + -Dgstreamer=enabled + + cd $BUILDDIR + cov-build --dir cov-int ninja + + echo "Compressing results for submission..." + tar czf libcamera.tgz cov-int + cd - +} + + +build_coverity >> $logfile + +echo "Submitting to scan.coverity.com..." >> $logfile + +curl --form token=$TOKEN \ + --form email=$EMAIL \ + --form file=@$BUILDDIR/libcamera.tgz \ + --form version="$VERSION" \ + --form description="$BRANCH" \ + https://scan.coverity.com/builds?project=libcamera + +echo "build $VERSION submitted for $BRANCH." | tee -a $logfile + +completed $ID |