mutter/.gitlab-ci/download-coverity-tarball.sh

#!/bin/bash

# We need a coverity token to fetch the tarball
if [ -x $COVERITY_TOKEN ]
then
  echo "No coverity token. Run this job from a protected branch."
  exit -1
fi

mkdir -p coverity

# Download and check MD5 first
curl https://scan.coverity.com/download/linux64 \
  --data "token=$COVERITY_TOKEN&project=mutter&md5=1" \
  --output /tmp/coverity_tool.md5

diff /tmp/coverity_tool.md5 coverity/coverity_tool.md5 >/dev/null 2>&1

if [ $? -eq 0 -a -d coverity/cov-analysis* ]
then
  echo "Coverity tarball is up-to-date"
  exit 0
fi

# Download and extract coverity tarball
curl https://scan.coverity.com/download/linux64 \
  --data "token=$COVERITY_TOKEN&project=mutter" \
  --output /tmp/coverity_tool.tgz

rm -rf ./coverity/cov-analysis*

tar zxf /tmp/coverity_tool.tgz -C coverity/
if [ $? -eq 0 ]
then
  mv /tmp/coverity_tool.md5 coverity/
fi

rm /tmp/coverity_tool.tgz
tests: Use a more interoperable path to bash On systems that have undergone the /usr merge, /bin/bash and /usr/bin/bash can be used interchangeably, but on systems where /bin and /usr/bin are separate (such as Debian 11 or older), bash was traditionally in /bin and there is no bash in /usr/bin. Resolves: https://gitlab.gnome.org/GNOME/mutter/-/issues/2385 Signed-off-by: Simon McVittie <smcv@debian.org> Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/2900> 2023-03-06 05:32:55 -05:00			`#!/bin/bash`
ci: Add job for pushing coverity reports This job does: 1. Download the coverity bundle and untar it 2. Build mutter using clang and the coverity tool 3. Compress the coverity report 4. Upload for analysis Things to note: - Analysis are throttled, as per https://scan.coverity.com/faq#frequency we qualify for 21 weekly builds, 3 daily. Mutter is sometimes a busy project, so it seems we'd get often those consumed early in the day. This is something we can resign to, but the times we'll try to upload a report to have it rejected make the operation kinda pointless and probably better throttled by ourselves. - The task is manual, given the restrictions above. - The task only applies on master, as the envvar holding the coverity token is protected in gitlab. - I had to use clang as the coverity tool doesn't seem to work ATM with gcc as per recent Fedora. - The coverity tarball is 1.2GB in size, which is a bit too big to have it downloaded each time. As per their upload instructions, the tarball gets updated twice yearly, so this is cached to minimize downloads. - The coverity token for mutter is kept private/hidden in gitlab CI settings. Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1100> 2020-02-29 09:06:26 -05:00
			`# We need a coverity token to fetch the tarball`
			`if [ -x $COVERITY_TOKEN ]`
			`then`
			`echo "No coverity token. Run this job from a protected branch."`
			`exit -1`
			`fi`

			`mkdir -p coverity`

			`# Download and check MD5 first`
			`curl https://scan.coverity.com/download/linux64 \`
			`--data "token=$COVERITY_TOKEN&project=mutter&md5=1" \`
			`--output /tmp/coverity_tool.md5`

			`diff /tmp/coverity_tool.md5 coverity/coverity_tool.md5 >/dev/null 2>&1`

			`if [ $? -eq 0 -a -d coverity/cov-analysis* ]`
			`then`
			`echo "Coverity tarball is up-to-date"`
			`exit 0`
			`fi`

			`# Download and extract coverity tarball`
			`curl https://scan.coverity.com/download/linux64 \`
			`--data "token=$COVERITY_TOKEN&project=mutter" \`
			`--output /tmp/coverity_tool.tgz`

			`rm -rf ./coverity/cov-analysis*`

			`tar zxf /tmp/coverity_tool.tgz -C coverity/`
			`if [ $? -eq 0 ]`
			`then`
			`mv /tmp/coverity_tool.md5 coverity/`
			`fi`

			`rm /tmp/coverity_tool.tgz`