Merge pull request #5382 from libgit2/pks/azure-coverity

azure: fix Coverity pipeline

Merge pull request #5382 from libgit2/pks/azure-coverity
azure: fix Coverity pipeline
65ac33ae · Patrick Steinhardt · GitHub · bd6b1c41 · 86c54cc8 · bd6b1c41
Unverified Commit 65ac33ae authored Feb 07, 2020 by Patrick Steinhardt Committed by GitHub Feb 07, 2020
Hide whitespace changes
Inline Side-by-side

Showing with 69 additions and 93 deletions

azure-pipelines/coverity-build.sh
+0 -41

azure-pipelines/coverity-publish.sh
+0 -33

azure-pipelines/coverity.sh
+62 -0

azure-pipelines/coverity.yml
+7 -19

No files found.
--- a/azure-pipelines/coverity-build.sh
+++ b/azure-pipelines/coverity-build.sh
-#!/bin/bash
-set -e
-# Environment check
-[ -z "$COVERITY_TOKEN" ] && echo "Need to set a coverity token" && exit 1
-SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
-BUILD_DIR=$(pwd)
-case $(uname -m) in
-	i?86)				BITS=32 ;;
-	amd64|x86_64)	BITS=64 ;;
-esac
-SCAN_TOOL=https://scan.coverity.com/download/cxx/linux${BITS}
-TOOL_BASE=$(pwd)/_coverity-scan
-# Install coverity tools
-if [ ! -d "$TOOL_BASE" ]; then
-	echo "Downloading coverity..."
-	mkdir -p "$TOOL_BASE"
-	pushd "$TOOL_BASE"
-	wget -O coverity_tool.tgz $SCAN_TOOL \
-		--post-data "project=libgit2&token=$COVERITY_TOKEN"
-	tar xzf coverity_tool.tgz
-	popd
-	TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
-	ln -s "$TOOL_DIR" "$TOOL_BASE"/cov-analysis
-fi
-cp "${SOURCE_DIR}/script/user_nodefs.h" "$TOOL_BASE"/cov-analysis/config/user_nodefs.h
-COV_BUILD="$TOOL_BASE/cov-analysis/bin/cov-build"
-# Configure and build
-cmake ${SOURCE_DIR}
-COVERITY_UNSUPPORTED=1 \
-	$COV_BUILD --dir cov-int \
-	cmake --build .
--- a/azure-pipelines/coverity-publish.sh
+++ b/azure-pipelines/coverity-publish.sh
-#!/bin/bash
-set -e
-# Results check
-[ ! -d "cov-int" ] && echo "Coverity directory not found" && exit 1
-# Upload results
-tar czf libgit2.tgz cov-int
-SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
-SHA=$(cd ${SOURCE_DIR} && git rev-parse --short HEAD)
-HTML="$(curl \
-	--silent \
-	--write-out "\n%{http_code}" \
-	--form token="$COVERITY_TOKEN" \
-	--form email=libgit2@gmail.com \
-	--form file=@libgit2.tgz \
-	--form version="$SHA" \
-	--form description="libgit2 build" \
-	https://scan.coverity.com/builds?project=libgit2)"
-# Body is everything up to the last line
-BODY="$(echo "$HTML" | head -n-1)"
-# Status code is the last line
-STATUS_CODE="$(echo "$HTML" | tail -n1)"
-if [ "${STATUS_CODE}" != "200" -a "${STATUS_CODE}" != "201" ]; then
-	echo "Received error code ${STATUS_CODE} from Coverity"
-	exit 1
-fi
--- a/azure-pipelines/coverity.sh
+++ b/azure-pipelines/coverity.sh
+#!/bin/bash -e
+if test -z "$COVERITY_TOKEN"
+then
+    echo "Need to set a coverity token"
+    exit 1
+fi
+case $(uname -m) in
+    i?86)
+        BITS=32;;
+    amd64|x86_64)
+        BITS=64;;
+    *)
+        echo "Unsupported arch '$(uname -m)'"
+        exit 1;;
+esac
+SCAN_TOOL=https://scan.coverity.com/download/cxx/linux${BITS}
+SOURCE_DIR=$(realpath "$(dirname "${BASH_SOURCE[0]}")"/..)
+BUILD_DIR=${SOURCE_DIR}/coverity-build
+TOOL_DIR=${BUILD_DIR}/coverity-tools
+# Install coverity tools
+if ! test -d "$TOOL_DIR"
+then
+    mkdir -p "$TOOL_DIR"
+    curl --silent --location --data "project=libgit2&token=$COVERITY_TOKEN" "$SCAN_TOOL" |
+        tar -xzC "$TOOL_DIR"
+    ln -s "$(find "$TOOL_DIR" -type d -name 'cov-analysis*')" "$TOOL_DIR"/cov-analysis
+fi
+cp "${SOURCE_DIR}/script/user_nodefs.h" "$TOOL_DIR"/cov-analysis/config/
+# Build libgit2 with Coverity
+mkdir -p "$BUILD_DIR"
+cd "$BUILD_DIR"
+cmake "$SOURCE_DIR"
+COVERITY_UNSUPPORTED=1 \
+    "$TOOL_DIR/cov-analysis/bin/cov-build" --dir cov-int \
+    cmake --build .
+# Upload results
+tar -czf libgit2.tgz cov-int
+REVISION=$(cd ${SOURCE_DIR} && git rev-parse --short HEAD)
+HTML="$(curl \
+    --silent \
+    --write-out "\n%{http_code}" \
+    --form token="$COVERITY_TOKEN" \
+    --form email=libgit2@gmail.com \
+    --form file=@libgit2.tgz \
+    --form version="$REVISION" \
+    --form description="libgit2 build" \
+    https://scan.coverity.com/builds?project=libgit2)"
+# Status code is the last line
+STATUS_CODE="$(echo "$HTML" | tail -n1)"
+if test "${STATUS_CODE}" != 200 && test "${STATUS_CODE}" != 201
+then
+    echo "Received error code ${STATUS_CODE} from Coverity"
+    exit 1
+fi
--- a/azure-pipelines/coverity.yml
+++ b/azure-pipelines/coverity.yml
@@ -7,32 +7,20 @@ jobs:
  pool:
    vmImage: 'Ubuntu 16.04'
  steps:
+  - script: |
+     cd $(Build.SourcesDirectory)/azure-pipelines/docker
+     docker build -t libgit2/xenial --build-arg BASE=ubuntu:xenial -f xenial .
+    displayName: 'Build Docker image'
  - task: Docker@0
-    displayName: Build
+    displayName: Analyze
    inputs:
      action: 'Run an image'
-      docker:
+      imageName: libgit2/xenial
-        image: xenial
-        base: xenial
      volumes: |
       $(Build.SourcesDirectory):/home/libgit2/source
       $(Build.BinariesDirectory):/home/libgit2/build
      envVars: |
       COVERITY_TOKEN=$(COVERITY_TOKEN)
      workDir: '/home/libgit2/build'
-      containerCommand: '/home/libgit2/source/azure-pipelines/coverity-build.sh'
+      containerCommand: '/home/libgit2/source/azure-pipelines/coverity.sh'
      detached: false
-  - task: Docker@0
-    displayName: Publish
-    inputs:
-      action: 'Run an image'
-      imageName: 'libgit2/trusty-openssl:latest'
-      volumes: |
-       $(Build.SourcesDirectory):/home/libgit2/source
-       $(Build.BinariesDirectory):/home/libgit2/build
-      envVars: |
-       COVERITY_TOKEN=$(COVERITY_TOKEN)
-      workDir: '/home/libgit2/build'
-      containerCommand: '/home/libgit2/source/azure-pipelines/coverity-publish.sh'
-      detached: false
-    continueOnError: true