From 36780e07f6ea0420c0f86aa8064ab0653ab7dd98 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Mon, 14 Feb 2022 21:06:31 +0100 Subject: [PATCH 1/3] Drop coverity cache feature The coverity CI job cache feature is used to ensure that the 1 GB cov-analysis-linux64.tgz file is being cached on GitLab CI runner, where it was downloaded in the past. This feature does not seem to work anymore; given that the proper solution to creating distributed cache is complicated, better to drop the feature altogether. (cherry picked from commit c966304e90d08eebc0264b40c3a62c7a2cd51152) --- .gitlab-ci.yml | 19 ++++++------------- 1 file changed, 6 insertions(+), 13 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 261347c979..1587f463b3 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1174,16 +1174,14 @@ release: # Coverity Scan analysis upload -.coverity_cache_prep: &coverity_cache_prep - - test -f cov-analysis-linux64.md5 && test -f cov-analysis-linux64.tgz || ( - curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 +.coverity_prep: &coverity_prep + - curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN - --form md5=1; - curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 + --form md5=1 + - curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME - --form token=$COVERITY_SCAN_TOKEN; - ) + --form token=$COVERITY_SCAN_TOKEN - test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)" - tar --extract --gzip --file=cov-analysis-linux64.tgz - test -d cov-analysis-linux64-2021.12.1 @@ -1208,7 +1206,7 @@ coverity: CFLAGS: "${CFLAGS_COMMON} -Og" EXTRA_CONFIGURE: "--with-libidn2" script: - - *coverity_cache_prep + - *coverity_prep - *configure - *coverity_build needs: @@ -1224,11 +1222,6 @@ coverity: variables: - $COVERITY_SCAN_PROJECT_NAME - $COVERITY_SCAN_TOKEN - cache: - key: cov-analysis-linux64-2021.12.1 - paths: - - cov-analysis-linux64.md5 - - cov-analysis-linux64.tgz # Respdiff tests From bed115211e991315ff42530301bac2609c9418f4 Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Tue, 15 Feb 2022 11:24:01 +0100 Subject: [PATCH 2/3] Download Coverity Scan analysis tool to /tmp Downloading and unpacking Coverity Scan analysis tool tarball (cov-analysis-linux64.tgz) to $CI_PROJECT_DIR interferes with the execution of the analysis tool when the --fs-capture-search option is used because the tool starts to analyze some of its Javascript files. (There's the --fs-capture-search-exclude-regex option, but I failed to find a way to make it work.) (cherry picked from commit 1333bdf67e2fd30907ee17bb165e1ac46d969f81) --- .gitlab-ci.yml | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1587f463b3..1c028ab00f 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1175,24 +1175,24 @@ release: # Coverity Scan analysis upload .coverity_prep: &coverity_prep - - curl --output cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 + - curl --output /tmp/cov-analysis-linux64.md5 https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form md5=1 - - curl --output cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 + - curl --output /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN - - test "$(md5sum cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat cov-analysis-linux64.md5)" - - tar --extract --gzip --file=cov-analysis-linux64.tgz - - test -d cov-analysis-linux64-2021.12.1 + - test "$(md5sum /tmp/cov-analysis-linux64.tgz | awk '{ print $1 }')" = "$(cat /tmp/cov-analysis-linux64.md5)" + - tar --extract --gzip --file=/tmp/cov-analysis-linux64.tgz --directory=/tmp + - test -d /tmp/cov-analysis-linux64-2021.12.1 .coverity_build: &coverity_build - - cov-analysis-linux64-2021.12.1/bin/cov-build --dir cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1' - - tar --create --gzip --file=cov-int.tar.gz cov-int/ + - /tmp/cov-analysis-linux64-2021.12.1/bin/cov-build --dir /tmp/cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1' + - tar --create --gzip --file=/tmp/cov-int.tar.gz --directory /tmp cov-int - curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form email=bind-changes@isc.org - --form file=@cov-int.tar.gz + --form file=@/tmp/cov-int.tar.gz --form version="$(git rev-parse --short HEAD)" --form description="$(git rev-parse --short HEAD) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID" 2>&1 | tee curl-response.txt @@ -1209,6 +1209,8 @@ coverity: - *coverity_prep - *configure - *coverity_build + after_script: + - mv -v /tmp/cov-int.tar.gz ${CI_PROJECT_DIR}/ needs: - job: autoreconf artifacts: true From e1a463e98d5aeddc55024b9a1c2d0943b6a39bee Mon Sep 17 00:00:00 2001 From: Michal Nowak Date: Thu, 10 Feb 2022 11:05:46 +0100 Subject: [PATCH 3/3] Capture scripts for Coverity Scan analysis With the recent Coverity Scan 2021.12 version, Python 3 scripts are being analyzed in addition to C files. The --fs-capture-search option scripts for Coverity Scan analysis should be added to leverage this feature. (cherry picked from commit b4a2674d98902983e8096c99b747343482d30673) --- .gitlab-ci.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml index 1c028ab00f..6a274830c1 100644 --- a/.gitlab-ci.yml +++ b/.gitlab-ci.yml @@ -1187,7 +1187,7 @@ release: - test -d /tmp/cov-analysis-linux64-2021.12.1 .coverity_build: &coverity_build - - /tmp/cov-analysis-linux64-2021.12.1/bin/cov-build --dir /tmp/cov-int sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1' + - /tmp/cov-analysis-linux64-2021.12.1/bin/cov-build --dir /tmp/cov-int --fs-capture-search . sh -c 'make -j${BUILD_PARALLEL_JOBS:-1} -k all V=1' - tar --create --gzip --file=/tmp/cov-int.tar.gz --directory /tmp cov-int - curl -v https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN