path: root/20-coverity-scan.sh

#!/bin/bash

# SPDX-License-Identifier: GPL-2.0-or-later
#
# Coverity Scan Static analysis checker
#
# More CI reference at : 
# https://www.synopsys.com/blogs/software-security/integrating-coverity-scan-with-gitlab-ci/

# Stop on error (don't publish bad results)
set -e

source ./common.sh

LIBCAMERA=${1:-$(srcdir libcamera)}
ID=coverity

BRANCH=$(libcamera_branch "$LIBCAMERA")

check_version "$LIBCAMERA" "$ID"

logfile=$(log_filename $ID)

echo "Commencing coverity scan..." > $logfile

## Parse coverity

TOKEN=`git config --get coverity.token`
EMAIL=`git config --get coverity.email`

function get_coverity() {
	echo "Downloading Coverity Scan..."
	curl -o /tmp/cov-analysis-linux64.tgz \
		--form project=libcamera \
	       	--form token=$TOKEN \
		https://scan.coverity.com/download/linux64
	tar xfz /tmp/cov-analysis-linux64.tgz
	rm /tmp/cov-analysis-linux64.tgz
}

COVERITY_PATH=./cov-analysis-linux*

if [ ! -d $COVERITY_PATH ];
then
	get_coverity >> $logfile
fi

COVERITY_PATH=$(realpath ./cov-analysis-linux*)

if [ ! -d $COVERITY_PATH ];
then
	echo "Failed to install or obtain Coverity Scan"
	exit 1
fi


export PATH=$PATH:$COVERITY_PATH/bin

echo $PATH

BUILDDIR="$(builddir $ID)"

# We must guarantee that coverity builds are not retrieved from any cache
export CCACHE_DISABLE=true

function build_coverity() {

	rm -rf $BUILDDIR
	meson "$BUILDDIR" "$LIBCAMERA" \
		--prefix=/usr \
		-Dv4l2=true \
		-Dandroid=enabled \
		-Ddocumentation=disabled \
		-Dgstreamer=enabled

	cd $BUILDDIR
	cov-build --dir cov-int ninja

	echo "Compressing results for submission..."
	tar czf libcamera.tgz cov-int
	cd -
}


build_coverity >> $logfile

echo "Submitting to scan.coverity.com..." >> $logfile

curl --form token=$TOKEN \
  --form email=$EMAIL \
  --form file=@$BUILDDIR/libcamera.tgz \
  --form version="$VERSION" \
  --form description="$BRANCH" \
  https://scan.coverity.com/builds?project=libcamera

echo "build $VERSION submitted for $BRANCH." | tee -a $logfile

completed $ID