Sync Coverity scripts with internal CI
Sync the scripts with platform-ci commit:
539c151d0cd99a5e6ca6c0e6966f6d8579fe864e
Signed-off-by: Zelalem <zelalem.aweke@arm.com>
Change-Id: I260c3490cc5079b66b735b03116af56501fa0642
diff --git a/script/coverity-Makefile b/script/coverity-Makefile
new file mode 100644
index 0000000..a96cc82
--- /dev/null
+++ b/script/coverity-Makefile
@@ -0,0 +1,141 @@
+#
+# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
+#
+# SPDX-License-Identifier: BSD-3-Clause
+#
+#NOTE: stdout is a log file; &3 prints to the terminal
+#NOTE: This makefile must be run from within the workspace coverity directory
+
+# Remove all default rules
+.SUFFIXES :
+
+cov_dir=coverity
+cov_config=${cov_dir}/config/config.xml
+report=--preview-report-v2 "${cov_dir}/report.json"
+
+golden_cov=--dir "${cov_dir}/golden"
+golden_repo=${cov_dir}/golden-repo
+golden_snapshot=${cov_dir}/golden-snapshot
+golden_analyze=${cov_dir}/golden.txt
+golden_hash=${cov_dir}/golden.hash
+
+branch_cov=--dir "${cov_dir}/branch"
+branch_repo=${cov_dir}/branch-repo
+branch_snapshot=${cov_dir}/branch-snapshot
+branch_analyze=${cov_dir}/branch.txt
+branch_hash=${cov_dir}/branch.hash
+
+stream_name?=${BUILD_CONFIG}
+
+cov-common-args= --host "${coverity_host}" --auth-key-file "${auth_file}"
+cov-manage-args= ${cov-common-args} --ssl --port "${coverity_port}"
+cov-manage=cov-manage-im ${cov-manage-args} --mode
+cov-commit-args= ${cov-common-args} --https-port "${coverity_port}"
+cov-commit=cov-commit-defects ${cov-commit-args} --stream "${stream_name}"
+cov-build=MAKEFLAGS= cov-build --config ${cov_config}
+cov-analyze=cov-analyze --verbose 0
+cov-errors=cov-format-errors
+
+# Make idiom to force a rule to be run. This works by because empty rule does
+# not create its target, which will always run and force all reverse-deps to run
+force: ;
+
+# This is forced because on the second invocation of make will already have the
+# ${golden_hash} file.
+golden-setup: ${golden_hash} force
+ git clone -q "${tf_root}" "${golden_repo}" -b "${golden_ref}"
+ git -C "${golden_repo}" checkout `cat ${golden_hash}` 2>&1
+ echo "golden: ${golden_url} ${golden_ref}" >&3
+
+# Note: If we don't have an "integration" branch then we're probably the CI and
+# have a shallow clone
+${golden_hash}:
+ git -C "${tf_root}" rev-parse "${golden_ref}" >/dev/null 2>/dev/null \
+ || ( git -C "${tf_root}" fetch "${golden_url}" "${golden_ref}" \
+ && git -C "${tf_root}" branch "${golden_ref}" FETCH_HEAD \
+ && git -C "${tf_root}" fetch -q --unshallow "${golden_url}" )
+ git -C "${tf_root}" merge-base HEAD "${golden_ref}" > $@
+ echo "golden: `cat $@`" >&3
+
+ifneq (${cov_force_commit}, 1)
+# The following rule runs this makefile recursively, with ${cov_force_commit}=1,
+# when a suitable snapshot could not be found. This will cause the else branch
+# of this if to be taken and a new snapshot will be created on the server.
+${golden_snapshot}: ${golden_hash}
+ "${ci_root}/script/get_latest_snapshot.py" ${cov-commit-args} \
+ --description "${description}" --version "`cat ${golden_hash}`" \
+ "${stream_name}" > "${golden_snapshot}" \
+ || $(MAKE) ${golden_snapshot} cov_force_commit=1 \
+ -f ${ci_root}/script/coverity-Makefile
+ echo "golden: snapshot ID `cat ${golden_snapshot}` exists" >&3
+else
+${golden_snapshot}: stream-setup ${golden_analyze} ${golden_hash} golden-setup
+ ${cov-commit} ${golden_cov} \
+ --description "${description}" \
+ --version "`cat ${golden_hash}`" \
+ --snapshot-id-file "${golden_snapshot}"
+ echo "golden: new snapshot ID: `cat ${golden_snapshot}`" >&3
+endif
+
+# Create a copy of the user's repo to avoid cleaining their repo
+branch-setup:
+ git clone -q "${tf_root}" "${branch_repo}"
+ rsync -a --exclude=".git" --exclude "**.o" --exclude "**.d" \
+ "${tf_root}/" "${branch_repo}"
+ifneq (${dont_clean}, 1)
+ MAKEFLAGS= make -C "${branch_repo}" distclean
+endif
+
+${branch_hash}: branch-setup
+ git -C ${branch_repo} show -q --format=%H > $@
+ echo "branch: `cat $@`" >&3
+
+# This is allowed to fail, as there may not be a stream for every possible build
+# combination. Failure indicates that the stream already exists.
+stream-setup:
+ -${cov-manage} streams --add --set "name:${stream_name}" \
+ && ${cov-manage} projects --name "Arm Trusted Firmware" --update \
+ --insert "stream:${stream_name}"
+
+${cov_config}:
+ cov-configure --comptype gcc --template --compiler "${cov_compiler}" \
+ --config "${cov_config}"
+
+${golden_analyze}: golden-setup ${cov_config}
+ ${cov-build} ${golden_cov} make -C ${golden_repo} ${SUBMAKE}
+ ${cov-analyze} ${golden_cov} ${cov_options} \
+ --strip-path "$(realpath ${golden_repo})" > ${golden_analyze}
+
+${branch_analyze}: branch-setup ${cov_config} ${branch_hash}
+ ${cov-build} ${branch_cov} make -C ${branch_repo} ${SUBMAKE}
+ ${cov-analyze} ${branch_cov} ${cov_options} \
+ --strip-path "$(realpath ${branch_repo})" > ${branch_analyze}
+
+branch-cov-commit-defects: stream-setup ${branch_analyze} ${branch_hash}
+ ${cov-commit} ${branch_cov} --description "${description}" \
+ --version "`cat ${branch_hash}`" \
+ --snapshot-id-file "${branch_snapshot}"
+ echo "branch: new snapshot ID: `cat ${branch_snapshot}`" >&3
+
+
+ifdef cov_force_commit
+full-commit-defects-dep = branch-cov-commit-defects
+else
+full-commit-defects-dep =
+endif
+
+${cov_dir}/diff.json: ${branch_analyze} ${golden_snapshot}
+ ${cov-commit} ${branch_cov} --preview-report-v2 $@ \
+ --comparison-snapshot-id "`cat ${golden_snapshot}`"
+
+${cov_dir}/full.json: ${full-commit-defects-dep} ${branch_analyze}
+ ${cov-errors} ${branch_cov} --json-output-v7 ${cov_dir}/full.json
+
+%-defects.txt: ${cov_dir}/%.json
+ -python3 ${ci_root}/script/coverity_parser.py $^ \
+ --output defects.json --totals defects-summary.txt > $@
+
+
+
+branch-report-full: full-defects.txt
+branch-report-compare: diff-defects.txt