[tracker-miners/wip/carlosg/ci-coverity: 8/8] ci: Integrate coverity builds

[Carlos Garnacho <carlosg src gnome org>]

commit 1779ee98c1e95922b730978046b5c6c77c793826
Author: Carlos Garnacho <carlosg gnome org>
Date:   Sat Feb 29 11:43:50 2020 +0100

    ci: Integrate coverity builds
    
    This goes to (atm) its own "analysis" stage, and builds the package
    with the coverity tool, so the results are uploaded to the coverity
    site for analysis. This only happens for the master branch as there
    is a limit on weekly builds, so can't be free for every change.
    
    The script relies on the COVERITY_TOKEN envvar being set, which should
    be done through project settings so it stays private.
    
    One peculiarity with this test is that we explicitly avoid the
    -Dtracker_core=subproject option, as we don't want tracker core code
    to be compiled with the coverity tool (already does this on its own).

 .gitlab-ci.yml | 25 ++++++++++++++++++++++++-
 1 file changed, 24 insertions(+), 1 deletion(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f6db4055e..944c34bc1 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -12,7 +12,7 @@ variables:
 
 stages:
   - test
-
+  - analysis
 
 .test_template: &test
   stage: test
@@ -65,3 +65,26 @@ test-fedora-latest:
 test-ubuntu-rolling:
   image: registry.gitlab.gnome.org/gnome/tracker-oci-images/amd64/ubuntu:rolling
   <<: *test
+
+coverity:
+  stage: analysis
+  image: registry.gitlab.gnome.org/gnome/tracker-oci-images/amd64/fedora:latest
+  allow_failure: true
+  script:
+    - dnf install -y clang
+    # Build tracker, we must go out the subproject route as we don't want
+    # tracker code to be included in the coverity reports for tracker-miners.
+    - su tracker -c '.gitlab-ci/checkout-tracker.sh'
+    - su tracker -c 'export INSTALL=`pwd`/install; cd subprojects/tracker; meson build --libdir lib --prefix 
$INSTALL; cd build; ninja install;'
+    - su tracker -c 'curl https://scan.coverity.com/download/linux64 --data 
"token=$COVERITY_TOKEN&project=tracker-miners" --output /tmp/coverity_tool.tgz'
+    - su tracker -c 'tar zxf /tmp/coverity_tool.tgz'
+    - su tracker -c 'mkdir coverity-build'
+    - su tracker -c 'export INSTALL=`pwd`/install; export CC=clang; cd coverity-build; meson 
--pkg-config-path=$INSTALL/lib/pkgconfig ..'
+    - su tracker -c 'cd coverity-build; ../cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja'
+    - su tracker -c 'cd coverity-build; tar czf cov-int.tar.gz cov-int'
+    - su tracker -c 'curl https://scan.coverity.com/builds?project=tracker-miners
+      --form token=$COVERITY_TOKEN --form email=carlosg gnome org
+      --form file=@coverity-build/cov-int.tar.gz --form version="`git describe --tags`"
+      --form description="gitlab CI build"'
+  only:
+    - master