Home Explore Help
Sign In
SMusatov
/
netdata
mirror of https://github.com/netdata/netdata.git
1
0
Fork 0
Files Wiki
Browse Source

make coverity-scan.sh usable by hand (#6747)

* make coverity-scan.sh usable by hand

* updated debug variable and docs

* merge coverity-scan.sh and coverity-install.sh

-- MERGING AND TAKING OVER FURTHER IMPROVEMENTS as agreed --
Costa Tsaousis 5 years ago
parent
59dd72b8ef
commit
fd9eb73ccc
3 changed files with 145 additions and 75 deletions
Split View Show Diff Stats
  1. 1 2
      .gitignore
  2. 1 35
      coverity-install.sh
  3. 143 38
      coverity-scan.sh

+ 1 - 2
.gitignore
View File 

@@ -77,8 +77,7 @@ packaging/makeself/tmp/
 
 # coverity
 
 cov-int/
 
 netdata-coverity-analysis.tgz
 
-.coverity-token
 
-.coverity-build
 
+.coverity-scan.conf
 
 
 .cproject/
 
 .idea/

+ 1 - 35
coverity-install.sh
View File 

@@ -5,38 +5,4 @@
 
 #
 
 # Author: Pavlos Emm. Katsoulakis (paul@netdata.cloud)
 
 
-token="${COVERITY_SCAN_TOKEN}"
 
-([ -z "${token}" ] && [ -f .coverity-token ]) && token="$(<.coverity-token)"
 
-if [ -z "${token}" ]; then
 
-	echo >&2 "Save the coverity token to .coverity-token or export it as COVERITY_SCAN_TOKEN."
 
-	exit 1
 
-fi
 
-
 
-covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
 
-([ -z "${covbuild}" ] && [ -f .coverity-build ]) && covbuild="$(<.coverity-build)"
 
-if [ ! -z "${covbuild}" ]; then
 
-	echo >&2 "Coverity already installed, nothing to do!"
 
-	exit 0
 
-fi
 
-
 
-echo >&2 "Installing coverity..."
 
-WORKDIR="/opt/coverity-source"
 
-mkdir -p "${WORKDIR}"
 
-
 
-curl -SL --data "token=${token}&project=${REPOSITORY}" https://scan.coverity.com/download/linux64 > "${WORKDIR}/coverity_tool.tar.gz"
 
-if [ -f "${WORKDIR}/coverity_tool.tar.gz" ]; then
 
-	tar -x -C "${WORKDIR}" -f "${WORKDIR}/coverity_tool.tar.gz"
 
-	sudo mv "${WORKDIR}/cov-analysis-linux64-2019.03" /opt/coverity
 
-	export PATH=${PATH}:/opt/coverity/bin/
 
-else
 
-	echo "Failed to download coverity tool tarball!"
 
-fi
 
-
 
-# Validate the installation
 
-covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
 
-if [ -z "$covbuild" ]; then
 
-	echo "Failed to install coverity!"
 
-	exit 1
 
-else
 
-	echo >&2 "Coverity scan installed!"
 
-fi
 
+exec ./coverity-scan.sh install "${@}"

+ 143 - 38
coverity-scan.sh
View File 

@@ -1,62 +1,167 @@
 
 #!/usr/bin/env bash
 
 # Coverity scan script
 
 #
 
-# To run this script you need to provide API token. This can be done either by:
 
-#  - Putting token in ".coverity-token" file
 
-#  - Assigning token value to COVERITY_SCAN_TOKEN environment variable
 
-#
 
 # Copyright: SPDX-License-Identifier: GPL-3.0-or-later
 
 #
 
 # Author  : Costa Tsaousis (costa@netdata.cloud)
 
 # Author  : Pawel Krupa (paulfantom)
 
 # Author  : Pavlos Emm. Katsoulakis (paul@netdata.cloud)
 
 
-cpus=$(grep -c ^processor </proc/cpuinfo)
 
+# To run manually, save configuration to .coverity-scan.conf like this:
 
+#
 
+# the repository to report to coverity - devs can set here their own fork
 
+# REPOSITORY="netdata/netdata"
 
+#
 
+# the email of the developer, as given to coverity
 
+# COVERITY_SCAN_SUBMIT_MAIL="you@example.com"
 
+#
 
+# the token given by coverity to the developer
 
+# COVERITY_SCAN_TOKEN="TOKEN taken from Coverity site"
 
+#
 
+# the absolute path of the cov-build - optional
 
+# COVERITY_BUILD_PATH="/opt/cov-analysis-linux64-2019.03/bin/cov-build"
 
+#
 
+# when set, the script will print on screen the curl command that submits the build to coverity
 
+# this includes the token, so the default is not to print it.
 
+# COVERITY_SUBMIT_DEBUG=1
 
+#
 
+# All these variables can also be exported before running this script.
 
+#
 
+# If the first parameter of this script is "install",
 
+# coverity build tools will be downloaded and installed in /opt/coverity
 
+
 
+# the version of coverity to use
 
+COVERITY_BUILD_VERSION="cov-analysis-linux64-2019.03"
 
+
 
+source packaging/installer/functions.sh || exit 1
 
+
 
+cpus=$(find_processors)
 
 [ -z "${cpus}" ] && cpus=1
 
 
+if [ -f ".coverity-scan.conf" ]
 
+then
 
+	source ".coverity-scan.conf" || exit 1
 
+fi
 
+
 
+repo="${REPOSITORY}"
 
+if [ -z "${repo}" ]; then
 
+	fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
 
+fi
 
+repo="${repo//\//%2F}"
 
+
 
+email="${COVERITY_SCAN_SUBMIT_MAIL}"
 
+if [ -z "${email}" ]; then
 
+	fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
 
+fi
 
+
 
 token="${COVERITY_SCAN_TOKEN}"
 
-([ -z "${token}" ] && [ -f .coverity-token ]) && token="$(<.coverity-token)"
 
 if [ -z "${token}" ]; then
 
-	echo >&2 "Save the coverity token to .coverity-token or export it as COVERITY_SCAN_TOKEN."
 
-	exit 1
 
+	fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
 
 fi
 
 
-export PATH=${PATH}:/opt/coverity/bin/
 
-covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
 
-([ -z "${covbuild}" ] && [ -f .coverity-build ]) && covbuild="$(<.coverity-build)"
 
-if [ -z "${covbuild}" ]; then
 
-	echo >&2 "Cannot find 'cov-build' binary in \$PATH."
 
-	exit 1
 
-elif [ ! -x "${covbuild}" ]; then
 
-	echo >&2 "The command ${covbuild} is not executable. Save command the full filename of cov-build in .coverity-build"
 
-	exit 1
 
-fi
 
+# only print the output of a command
 
+# when debugging is enabled
 
+# used to hide the token when debugging is not enabled
 
+debugrun() {
 
+  if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]
 
+  then
 
+    run "${@}"
 
+    return $?
 
+  else
 
+    "${@}"
 
+    return $?
 
+  fi
 
+}
 
+
 
+scanit() {
 
+  export PATH="${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/"
 
+  covbuild="${COVERITY_BUILD_PATH}"
 
+  [ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
 
+  if [ -z "${covbuild}" ]; then
 
+    fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
 
+  elif [ ! -x "${covbuild}" ]; then
 
+    fatal "The command '${covbuild}' is not executable. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
 
+  fi
 
+
 
+  version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)"
 
+  progress "Working on netdata version: ${version}"
 
+
 
+  progress "Cleaning up old builds..."
 
+  run make clean || echo >&2 "Nothing to clean"
 
 
-version="$(grep "^#define PACKAGE_VERSION" config.h | cut -d '"' -f 2)"
 
-echo >&2 "Working on netdata version: ${version}"
 
+  [ -d "cov-int" ] && rm -rf "cov-int"
 
 
-echo >&2 "Cleaning up old builds..."
 
-make clean || echo >&2 "Nothing to clean"
 
+  [ -f netdata-coverity-analysis.tgz ] && run rm netdata-coverity-analysis.tgz
 
 
-[ -d "cov-int" ] && rm -rf "cov-int"
 
+  progress "Configuring netdata source..."
 
+  run autoreconf -ivf
 
+  run ./configure --disable-lto \
 
+    --enable-https \
 
+    --enable-jsonc \
 
+    --enable-plugin-nfacct \
 
+    --enable-plugin-freeipmi \
 
+    --enable-plugin-cups \
 
+    --enable-backend-prometheus-remote-write \
 
+    ${NULL}
 
 
-[ -f netdata-coverity-analysis.tgz ] && rm netdata-coverity-analysis.tgz
 
+  # TODO: enable these plugins too
 
+  #	--enable-plugin-xenstat \
 
+  #	--enable-backend-kinesis \
 
+  #	--enable-backend-mongodb \
 
 
-autoreconf -ivf
 
-./configure --enable-plugin-nfacct --enable-plugin-freeipmi
 
-"${covbuild}" --dir cov-int make -j${cpus} || exit 1
 
+  progress "Analyzing netdata..."
 
+  run "${covbuild}" --dir cov-int make -j${cpus} || exit 1
 
 
-echo >&2 "Compressing data..."
 
-tar czvf netdata-coverity-analysis.tgz cov-int || exit 1
 
+  echo >&2 "Compressing analysis..."
 
+  run tar czvf netdata-coverity-analysis.tgz cov-int || exit 1
 
 
-echo >&2 "Sending analysis for version ${version} ..."
 
-COVERITY_SUBMIT_RESULT=$(curl --progress-bar --form token="${token}" \
 
-  --form email=${COVERITY_SCAN_SUBMIT_MAIL} \
 
-  --form file=@netdata-coverity-analysis.tgz \
 
-  --form version="${version}" \
 
-  --form description="netdata, real-time performance monitoring, done right." \
 
-  https://scan.coverity.com/builds?project=${REPOSITORY})
 
+  echo >&2 "Sending analysis to coverity for netdata version ${version} ..."
 
+  COVERITY_SUBMIT_RESULT=$(debugrun curl --progress-bar \
 
+    --form token="${token}" \
 
+    --form email=${email} \
 
+    --form file=@netdata-coverity-analysis.tgz \
 
+    --form version="${version}" \
 
+    --form description="netdata, monitor everything, in real-time." \
 
+    https://scan.coverity.com/builds?project=${repo})
 
 
-echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
 
+  echo ${COVERITY_SUBMIT_RESULT} | grep -q -e 'Build successfully submitted' || echo >&2 "scan results were not pushed to coverity. Message was: ${COVERITY_SUBMIT_RESULT}"
 
 
-echo >&2 "Coverity scan mechanism completed"
 
+  progress "Coverity scan completed"
 
+}
 
+
 
+installit() {
 
+  progress "Downloading coverity..."
 
+  cd /tmp || exit 1
 
+
 
+  [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ] && run rm -f "${COVERITY_BUILD_VERSION}.tar.gz"
 
+  debugrun curl --remote-name --remote-header-name --show-error --location --data "token=${token}&project=${repo}" https://scan.coverity.com/download/linux64
 
+
 
+  if [ -f "${COVERITY_BUILD_VERSION}.tar.gz" ]; then
 
+    progress "Installing coverity..."
 
+    cd /opt || exit 1
 
+    run sudo tar -z -x -f  "/tmp/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
 
+    rm "/tmp/${COVERITY_BUILD_VERSION}.tar.gz"
 
+    export PATH=${PATH}:/opt/${COVERITY_BUILD_VERSION}/bin/
 
+  else
 
+    fatal "Failed to download coverity tool tarball!"
 
+  fi
 
+
 
+  # Validate the installation
 
+  covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
 
+  if [ -z "$covbuild" ]; then
 
+    fatal "Failed to install coverity."
 
+  fi
 
+
 
+  progress "Coverity scan tools are installed."
 
+  return 0
 
+}
 
+
 
+if [ "${1}" = "install" ]
 
+then
 
+  shift 1
 
+  installit "${@}"
 
+  exit $?
 
+else
 
+  scanit "${@}"
 
+  exit $?
 
+fi