Home Explore Help
Sign In
SMusatov
/
netdata
mirror of https://github.com/netdata/netdata.git
1
0
Fork 0
Files Wiki
Browse Source

Fix coverity scan (#8388)

* Fix coverity scan

* Add path filter to pull_request: condition

* Add missing dependency
James Mills 5 years ago
parent
53d0634b02
commit
a18ec2d2d8
2 changed files with 41 additions and 33 deletions
Split View Show Diff Stats
  1. 13 3
      .github/workflows/coverity.yml
  2. 28 30
      coverity-scan.sh

+ 13 - 3
.github/workflows/coverity.yml
View File 

@@ -4,6 +4,10 @@ name: Coverity Scan
 
 on:
 
   schedule:
 
     - cron: '0 1 * * *'
 
+  pull_request:
 
+    paths:
 
+      - .github/workflows/coverity.yml
 
+      - coverity-scan.sh
 
 jobs:
 
   coverity:
 
     if: github.repository == 'netdata/netdata'
 
@@ -12,12 +16,18 @@ jobs:
 
       - name: Checkout
 
         uses: actions/checkout@v2
 
       - name: Prepare environment
 
+        env:
 
+          DEBIAN_FRONTEND: 'noninteractive'
 
         run: |
 
-          ./packaging/installer/install-required-packages.sh --dont-wait --non-interactive netdata
 
-          sudo apt-get install -y libjson-c-dev libipmimonitoring-dev libcups2-dev libsnappy-dev \
 
-                                  libprotobuf-dev libprotoc-dev libssl-dev protobuf-compiler
 
+          ./packaging/installer/install-required-packages.sh \
 
+            --dont-wait --non-interactive netdata
 
+          sudo apt-get install -y libjson-c-dev libipmimonitoring-dev \
 
+                                  libcups2-dev libsnappy-dev libprotobuf-dev \
 
+                                  libprotoc-dev libssl-dev protobuf-compiler \
 
+                                  libnetfilter-acct-dev
 
       - name: Run coverity-scan
 
         env:
 
+          REPOSITORY: 'netdata/netdata'
 
           COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
 
           COVERITY_SCAN_SUBMIT_MAIL: ${{ secrets.COVERITY_SCAN_SUBMIT_MAIL }}
 
         run: |

+ 28 - 30
coverity-scan.sh
View File 

@@ -48,37 +48,35 @@ source packaging/installer/functions.sh || echo "Failed to fully load the functi
 
 cpus=$(find_processors)
 
 [ -z "${cpus}" ] && cpus=1
 
 
-if [ -f ".coverity-scan.conf" ]
 
-then
 
-	source ".coverity-scan.conf"
 
+if [ -f ".coverity-scan.conf" ]; then
 
+  source ".coverity-scan.conf"
 
 fi
 
 
 repo="${REPOSITORY}"
 
 if [ -z "${repo}" ]; then
 
-	fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
 
+  fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
 
 fi
 
 repo="${repo//\//%2F}"
 
 
 email="${COVERITY_SCAN_SUBMIT_MAIL}"
 
 if [ -z "${email}" ]; then
 
-	fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
 
+  fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
 
 fi
 
 
 token="${COVERITY_SCAN_TOKEN}"
 
 if [ -z "${token}" ]; then
 
-	fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
 
+  fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
 
 fi
 
 
-if ! command -v curl >/dev/null 2>&1; then
 
-	fatal "CURL is required for coverity scan to work"
 
+if ! command -v curl > /dev/null 2>&1; then
 
+  fatal "CURL is required for coverity scan to work"
 
 fi
 
 
 # only print the output of a command
 
 # when debugging is enabled
 
 # used to hide the token when debugging is not enabled
 
 debugrun() {
 
-  if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]
 
-  then
 
+  if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]; then
 
     run "${@}"
 
     return $?
 
   else
 
@@ -91,7 +89,7 @@ scanit() {
 
   progress "Scanning using coverity"
 
   export PATH="${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/"
 
   covbuild="${COVERITY_BUILD_PATH}"
 
-  [ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
 
+  [ -z "${covbuild}" ] && covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
 
 
   if [ -z "${covbuild}" ]; then
 
     fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
 
@@ -146,7 +144,7 @@ installit() {
 
     progress "Installing coverity..."
 
     cd "${INSTALL_DIR}"
 
 
-    run sudo tar -z -x -f  "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
 
+    run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
 
     rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz"
 
     export PATH=${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/
 
   else
 
@@ -154,7 +152,7 @@ installit() {
 
   fi
 
 
   # Validate the installation
 
-  covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
 
+  covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
 
   if [ -z "$covbuild" ]; then
 
     fatal "Failed to install coverity."
 
   fi
 
@@ -183,23 +181,23 @@ OTHER_OPTIONS+=" --enable-backend-prometheus-remote-write"
 
 
 FOUND_OPTS="NO"
 
 while [ -n "${1}" ]; do
 
-	if [ "${1}" = "--with-install" ]; then
 
-		progress "Running coverity install"
 
-		installit
 
-		shift 1
 
-	elif [ -n "${1}" ]; then
 
-		# Clear the default arguments, once you bump into the first argument
 
-		if [ "${FOUND_OPTS}" = "NO" ]; then
 
-			OTHER_OPTIONS="${1}"
 
-			FOUND_OPTS="YES"
 
-		else
 
-			OTHER_OPTIONS+=" ${1}"
 
-		fi
 
-
 
-		shift 1
 
-	else
 
-		break
 
-	fi
 
+  if [ "${1}" = "--with-install" ]; then
 
+    progress "Running coverity install"
 
+    installit
 
+    shift 1
 
+  elif [ -n "${1}" ]; then
 
+    # Clear the default arguments, once you bump into the first argument
 
+    if [ "${FOUND_OPTS}" = "NO" ]; then
 
+      OTHER_OPTIONS="${1}"
 
+      FOUND_OPTS="YES"
 
+    else
 
+      OTHER_OPTIONS+=" ${1}"
 
+    fi
 
+
 
+    shift 1
 
+  else
 
+    break
 
+  fi
 
 done
 
 
 echo "Running coverity scan with extra options ${OTHER_OPTIONS}"