mutter/.gitlab-ci/download-coverity-tarball.sh
Carlos Garnacho 5e8c808cfb ci: Add job for pushing coverity reports
This job does:
1. Download the coverity bundle and untar it
2. Build mutter using clang and the coverity tool
3. Compress the coverity report
4. Upload for analysis

Things to note:
- Analysis are throttled, as per https://scan.coverity.com/faq#frequency
  we qualify for 21 weekly builds, 3 daily. Mutter is sometimes a busy
  project, so it seems we'd get often those consumed early in the day.
  This is something we can resign to, but the times we'll try to upload
  a report to have it rejected make the operation kinda pointless and
  probably better throttled by ourselves.
- The task is manual, given the restrictions above.
- The task only applies on master, as the envvar holding the coverity
  token is protected in gitlab.
- I had to use clang as the coverity tool doesn't seem to work ATM with
  gcc as per recent Fedora.
- The coverity tarball is 1.2GB in size, which is a bit too big to have
  it downloaded each time. As per their upload instructions, the tarball
  gets updated twice yearly, so this is cached to minimize downloads.
- The coverity token for mutter is kept private/hidden in gitlab CI
  settings.

Part-of: <https://gitlab.gnome.org/GNOME/mutter/-/merge_requests/1100>
2021-07-13 15:14:21 +00:00

39 lines
883 B
Bash
Executable File

#!/usr/bin/bash
# We need a coverity token to fetch the tarball
if [ -x $COVERITY_TOKEN ]
then
echo "No coverity token. Run this job from a protected branch."
exit -1
fi
mkdir -p coverity
# Download and check MD5 first
curl https://scan.coverity.com/download/linux64 \
--data "token=$COVERITY_TOKEN&project=mutter&md5=1" \
--output /tmp/coverity_tool.md5
diff /tmp/coverity_tool.md5 coverity/coverity_tool.md5 >/dev/null 2>&1
if [ $? -eq 0 -a -d coverity/cov-analysis* ]
then
echo "Coverity tarball is up-to-date"
exit 0
fi
# Download and extract coverity tarball
curl https://scan.coverity.com/download/linux64 \
--data "token=$COVERITY_TOKEN&project=mutter" \
--output /tmp/coverity_tool.tgz
rm -rf ./coverity/cov-analysis*
tar zxf /tmp/coverity_tool.tgz -C coverity/
if [ $? -eq 0 ]
then
mv /tmp/coverity_tool.md5 coverity/
fi
rm /tmp/coverity_tool.tgz