diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 3c14e0a2fc..8a80e02395 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -49,6 +49,7 @@ stages: - tier3 - deploy - triage + - coverity variables: FDO_UPSTREAM_REPO: NetworkManager/NetworkManager @@ -59,11 +60,11 @@ variables: # # This is done by running `ci-fairy generate-template` and possibly bumping # ".default_tag". - ALPINE_TAG: 'tag-ec99bc32ed7f' - CENTOS_TAG: 'tag-a76c3f2e9d0f' - DEBIAN_TAG: 'tag-3f6892bcd503' - FEDORA_TAG: 'tag-a76c3f2e9d0f' - UBUNTU_TAG: 'tag-3f6892bcd503' + ALPINE_TAG: 'tag-f0b648c04526' + CENTOS_TAG: 'tag-c2d500e0391f' + DEBIAN_TAG: 'tag-7687baa06688' + FEDORA_TAG: 'tag-c2d500e0391f' + UBUNTU_TAG: 'tag-7687baa06688' ALPINE_EXEC: 'bash .gitlab-ci/alpine-install.sh' CENTOS_EXEC: 'bash .gitlab-ci/fedora-install.sh' @@ -639,6 +640,24 @@ triage:issues: - gem install gitlab-triage - gitlab-triage --debug --token $API_TOKEN --source-id $CI_PROJECT_ID +coverity: + extends: + - .fdo.distribution-image@fedora + variables: + FDO_DISTRIBUTION_VERSION: '40' + FDO_DISTRIBUTION_TAG: $FEDORA_TAG + stage: coverity + needs: [] + rules: + - if: $CI_PIPELINE_SOURCE == 'schedule' + script: + - dnf install -y curl + - BUILD_TYPE=meson CC=gcc CONFIGURE_ONLY=1 contrib/scripts/nm-ci-run.sh + - cd build + - ../.gitlab-ci/coverity.sh download + - cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja + - ../.gitlab-ci/coverity.sh upload + # Clean the generated images periodically to get updated snapshots of the distribution images. # Create an scheduled pipeline to run it, passing an AUTHFILE environment variable of type # 'File' with an authentication token with API access level. diff --git a/.gitlab-ci/ci.template b/.gitlab-ci/ci.template index 55df9d9ba6..aa9cfb968c 100644 --- a/.gitlab-ci/ci.template +++ b/.gitlab-ci/ci.template @@ -53,6 +53,7 @@ stages: - tier3 - deploy - triage + - coverity variables: FDO_UPSTREAM_REPO: NetworkManager/NetworkManager @@ -248,6 +249,24 @@ triage:issues: - gem install gitlab-triage - gitlab-triage --debug --token $API_TOKEN --source-id $CI_PROJECT_ID +coverity: + extends: + - .fdo.distribution-image@fedora + variables: + FDO_DISTRIBUTION_VERSION: '40' + FDO_DISTRIBUTION_TAG: $FEDORA_TAG + stage: coverity + needs: [] + rules: + - if: $CI_PIPELINE_SOURCE == 'schedule' + script: + - dnf install -y curl + - BUILD_TYPE=meson CC=gcc CONFIGURE_ONLY=1 contrib/scripts/nm-ci-run.sh + - cd build + - ../.gitlab-ci/coverity.sh download + - cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja + - ../.gitlab-ci/coverity.sh upload + # Clean the generated images periodically to get updated snapshots of the distribution images. # Create an scheduled pipeline to run it, passing an AUTHFILE environment variable of type # 'File' with an authentication token with API access level. diff --git a/.gitlab-ci/coverity.sh b/.gitlab-ci/coverity.sh new file mode 100755 index 0000000000..8d06c52e87 --- /dev/null +++ b/.gitlab-ci/coverity.sh @@ -0,0 +1,25 @@ +#!/bin/bash +set -e + +[ "$COVERITY_SCAN_PROJECT_NAME" = "" ] && echo "missing COVERITY_SCAN_PROJECT_NAME" >&2 && exit 1 +[ "$COVERITY_SCAN_TOKEN" = "" ] && echo "missing COVERITY_SCAN_PROJECT_NAME" >&2 && exit 1 + +if [ "$1" = "download" ]; then + curl https://scan.coverity.com/download/linux64 \ + -o /tmp/cov-analysis-linux64.tar.gz \ + --form "project=$COVERITY_SCAN_PROJECT_NAME" \ + --form "token=$COVERITY_SCAN_TOKEN" + + tar xvzf /tmp/cov-analysis-linux64.tar.gz +elif [ "$1" = "upload" ]; then + tar cvzf cov-int.tar.gz cov-int + ls -l cov-int.tar.gz + curl "https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME" \ + --form "token=$COVERITY_SCAN_TOKEN" --form "email=$GITLAB_USER_EMAIL" \ + --form file=@cov-int.tar.gz --form version="`meson introspect --projectinfo | jq -r .version`" \ + --form description="ci run: $CI_COMMIT_TITLE / `git rev-parse --short HEAD`" + rm -rf cov-int* +else + echo "invalid command: $1" >&2 + exit 1 +fi \ No newline at end of file