From: Paolo Bonzini <pbonzini@redhat.com>
To: qemu-devel@nongnu.org
Cc: peter.maydell@linaro.org, berrange@redhat.com
Subject: [PATCH 1/2] run-coverity-scan: add --check-upload-only option
Date: Tue, 5 Mar 2024 20:09:01 +0100 [thread overview]
Message-ID: <20240305190902.364753-2-pbonzini@redhat.com> (raw)
In-Reply-To: <20240305190902.364753-1-pbonzini@redhat.com>
Add an option to check if upload is permitted without actually
attempting a build. This can be useful to add a third outcome
beyond success and failure---namely, a CI job can self-cancel
if the uploading quota has been reached.
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
scripts/coverity-scan/run-coverity-scan | 51 ++++++++++++++++++-------
1 file changed, 38 insertions(+), 13 deletions(-)
diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan
index d56c9b66776..4bc991f70fd 100755
--- a/scripts/coverity-scan/run-coverity-scan
+++ b/scripts/coverity-scan/run-coverity-scan
@@ -28,6 +28,7 @@
# project settings, if you have maintainer access there.
# Command line options:
+# --check-upload-only : return success if upload is possible
# --dry-run : run the tools, but don't actually do the upload
# --docker : create and work inside a container
# --docker-engine : specify the container engine to use (docker/podman/auto);
@@ -57,18 +58,18 @@
# putting it in a file and using --tokenfile. Everything else has
# a reasonable default if this is run from a git tree.
-check_upload_permissions() {
+upload_permitted() {
# Check whether we can do an upload to the server; will exit the script
# with status 1 if the check failed (usually a bad token);
# will exit the script with status 0 if the check indicated that we
# can't upload yet (ie we are at quota)
- # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized.
+ # Assumes that COVERITY_TOKEN and PROJNAME have been initialized.
echo "Checking upload permissions..."
if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then
echo "Coverity Scan API access denied: bad token?"
- exit 1
+ exit 99
fi
# Really up_perm is a JSON response with either
@@ -76,25 +77,40 @@ check_upload_permissions() {
# We do some hacky string parsing instead of properly parsing it.
case "$up_perm" in
*upload_permitted*true*)
- echo "Coverity Scan: upload permitted"
+ return 0
;;
*next_upload_permitted_at*)
- if [ "$DRYRUN" = yes ]; then
- echo "Coverity Scan: upload quota reached, continuing dry run"
- else
- echo "Coverity Scan: upload quota reached; stopping here"
- # Exit success as this isn't a build error.
- exit 0
- fi
+ return 1
;;
*)
echo "Coverity Scan upload check: unexpected result $up_perm"
- exit 1
+ exit 99
;;
esac
}
+check_upload_permissions() {
+ # Check whether we can do an upload to the server; will exit the script
+ # with status 1 if the check failed (usually a bad token);
+ # will exit the script with status 0 if the check indicated that we
+ # can't upload yet (ie we are at quota)
+ # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized.
+
+ if upload_permitted; then
+ echo "Coverity Scan: upload permitted"
+ else
+ if [ "$DRYRUN" = yes ]; then
+ echo "Coverity Scan: upload quota reached, continuing dry run"
+ else
+ echo "Coverity Scan: upload quota reached; stopping here"
+ # Exit success as this isn't a build error.
+ exit 0
+ fi
+ fi
+}
+
+
build_docker_image() {
# build docker container including the coverity-scan tools
echo "Building docker container..."
@@ -152,9 +168,14 @@ update_coverity_tools () {
DRYRUN=no
UPDATE=yes
DOCKER=no
+PROJNAME=QEMU
while [ "$#" -ge 1 ]; do
case "$1" in
+ --check-upload-only)
+ shift
+ DRYRUN=check
+ ;;
--dry-run)
shift
DRYRUN=yes
@@ -251,6 +272,11 @@ if [ -z "$COVERITY_TOKEN" ]; then
exit 1
fi
+if [ "$DRYRUN" = check ]; then
+ upload_permitted
+ exit $?
+fi
+
if [ -z "$COVERITY_BUILD_CMD" ]; then
NPROC=$(nproc)
COVERITY_BUILD_CMD="make -j$NPROC"
@@ -266,7 +292,6 @@ if [ -z "$SRCDIR" ]; then
SRCDIR="$PWD"
fi
-PROJNAME=QEMU
TARBALL=cov-int.tar.xz
if [ "$UPDATE" = only ]; then
--
2.43.2
next prev parent reply other threads:[~2024-03-05 19:09 UTC|newest]
Thread overview: 4+ messages / expand[flat|nested] mbox.gz Atom feed top
2024-03-05 19:09 [PATCH 0/2] ci: allow running Coverity Scan uploads via GitLab Paolo Bonzini
2024-03-05 19:09 ` Paolo Bonzini [this message]
2024-03-07 12:47 ` [PATCH 1/2] run-coverity-scan: add --check-upload-only option Peter Maydell
2024-03-05 19:09 ` [PATCH 2/2] gitlab-ci: add manual job to run Coverity Paolo Bonzini
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20240305190902.364753-2-pbonzini@redhat.com \
--to=pbonzini@redhat.com \
--cc=berrange@redhat.com \
--cc=peter.maydell@linaro.org \
--cc=qemu-devel@nongnu.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).