[gnome-shell/wip/carlosg/ci-coverity: 7/7] ci: Add job for pushing coverity reports
- From: Marge Bot <marge-bot src gnome org>
- To: commits-list gnome org
- Cc:
- Subject: [gnome-shell/wip/carlosg/ci-coverity: 7/7] ci: Add job for pushing coverity reports
- Date: Fri, 16 Jul 2021 21:49:21 +0000 (UTC)
commit 6203668b6c175d4782bc7a3fdc57a4a5f668e52f
Author: Carlos Garnacho <carlosg gnome org>
Date: Wed Jul 14 19:21:34 2021 +0200
ci: Add job for pushing coverity reports
This job does:
1. Download the coverity bundle and untar it in a cached location
2. Build GNOME Shell using clang and the coverity tool
3. Compress the coverity report
4. Upload for analysis
In a similar setup to that of Mutter.
Part-of: <https://gitlab.gnome.org/GNOME/gnome-shell/-/merge_requests/1913>
.gitlab-ci.yml | 27 ++++++++++++++++++++++-
.gitlab-ci/download-coverity-tarball.sh | 38 +++++++++++++++++++++++++++++++++
2 files changed, 64 insertions(+), 1 deletion(-)
---
diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index f56975ec85..0882f25e89 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -9,6 +9,7 @@ stages:
- review
- build
- test
+ - analyze
- deploy
default:
@@ -29,7 +30,7 @@ variables:
LINT_LOG: "eslint-report.xml"
LINT_MR_LOG: "eslint-mr-report.xml"
-image: registry.gitlab.gnome.org/gnome/mutter/fedora/34:x86_64-2021-07-07.1
+image: registry.gitlab.gnome.org/gnome/mutter/fedora/34:x86_64-2021-07-09.1
workflow:
rules:
@@ -208,6 +209,30 @@ test:
- build/meson-logs/testlog.txt
when: on_failure
+test-coverity:
+ rules:
+ - if: '$CI_PIPELINE_SOURCE == "schedule" && $GNOME_SHELL_SCHEDULED_JOB == "coverity"'
+ when: always
+ - when: manual
+ needs: ["build"]
+ stage: analyze
+ allow_failure: true
+ before_script:
+ - ninja -C mutter/build install
+ script:
+ - .gitlab-ci/download-coverity-tarball.sh
+ - CC=clang meson coverity-build -Dman=false
+ - ./coverity/cov-analysis-linux64-*/bin/cov-build --fs-capture-search js --dir cov-int ninja -C
coverity-build
+ - tar czf cov-int.tar.gz cov-int
+ - curl https://scan.coverity.com/builds?project=GNOME+Shell
+ --form token=$COVERITY_TOKEN --form email=carlosg gnome org
+ --form file=@cov-int.tar.gz --form version="`git describe --tags`"
+ --form description="GitLab CI build"
+ cache:
+ key: coverity-tarball
+ paths:
+ - coverity
+
flatpak:
stage: build
needs: ["check_commit_log"]
diff --git a/.gitlab-ci/download-coverity-tarball.sh b/.gitlab-ci/download-coverity-tarball.sh
new file mode 100755
index 0000000000..e2afc5d555
--- /dev/null
+++ b/.gitlab-ci/download-coverity-tarball.sh
@@ -0,0 +1,38 @@
+#!/usr/bin/bash
+
+# We need a coverity token to fetch the tarball
+if [ -x $COVERITY_TOKEN ]
+then
+ echo "No coverity token. Run this job from a protected branch."
+ exit -1
+fi
+
+mkdir -p coverity
+
+# Download and check MD5 first
+curl https://scan.coverity.com/download/linux64 \
+ --data "token=$COVERITY_TOKEN&project=GNOME+Shell&md5=1" \
+ --output /tmp/coverity_tool.md5
+
+diff /tmp/coverity_tool.md5 coverity/coverity_tool.md5 >/dev/null 2>&1
+
+if [ $? -eq 0 -a -d coverity/cov-analysis* ]
+then
+ echo "Coverity tarball is up-to-date"
+ exit 0
+fi
+
+# Download and extract coverity tarball
+curl https://scan.coverity.com/download/linux64 \
+ --data "token=$COVERITY_TOKEN&project=GNOME+Shell" \
+ --output /tmp/coverity_tool.tgz
+
+rm -rf ./coverity/cov-analysis*
+
+tar zxf /tmp/coverity_tool.tgz -C coverity/
+if [ $? -eq 0 ]
+then
+ mv /tmp/coverity_tool.md5 coverity/
+fi
+
+rm /tmp/coverity_tool.tgz
[
Date Prev][
Date Next] [
Thread Prev][
Thread Next]
[
Thread Index]
[
Date Index]
[
Author Index]