| #! /bin/bash |
| # |
| # This script allows you to run coverity on the project and submit the |
| # results. Do this inside the docker build container. Only works if |
| # you are a coverity scan thrift project admin with access to the |
| # necessary security token. |
| # |
| # Environment Variables |
| # |
| # COVERITY_SCAN_NOTIFICATION_EMAIL - email address to notify |
| # COVERITY_SCAN_TOKEN - the Coverity Scan token (should be secure) |
| # VERSION - the version to report we scanned |
| |
| set -ex |
| |
| wget -nv https://entrust.com/root-certificates/entrust_l1k.cer -O /tmp/scanca.cer |
| |
| pushd /tmp |
| if [[ "$1" != "--skipdownload" ]]; then |
| rm -rf coverity_tool.tgz cov-analysis* |
| wget -nv -O coverity_tool.tgz https://scan.coverity.com/download/cxx/linux64 --post-data "project=thrift&token=$COVERITY_SCAN_TOKEN" |
| tar xzf coverity_tool.tgz |
| fi |
| COVBIN=$(echo $(pwd)/cov-analysis*/bin) |
| export PATH=$COVBIN:$PATH |
| popd |
| |
| ./bootstrap.sh |
| ./configure $* |
| rm -rf cov-int/ |
| cov-build --dir cov-int make check -j3 |
| tail -50 cov-int/build-log.txt |
| tar cJf cov-int.tar.xz cov-int/ |
| curl --cacert /tmp/scanca.cer \ |
| --form token="$COVERITY_SCAN_TOKEN" \ |
| --form email="$COVERITY_SCAN_NOTIFICATION_EMAIL" \ |
| --form file=@cov-int.tar.xz \ |
| --form version="$VERSION" \ |
| --form description="thrift master" \ |
| https://scan.coverity.com/builds?project=thrift |