TrustedFirmware Git Browser
Code Review Sign In
review.trustedfirmware.org / ci / tf-a-ci-scripts.git / 32eb4a6eabe2c74710fef6c35d898e37cfe77c96 / . / script / coverity-Makefile
blob: a96cc827fd522db6379081dfb52c5dc1eb5afc46 [file] [log] [blame]
Zelalemc9531f82020-08-04 15:37:08 -0500[diff] [blame]1#
2# Copyright (c) 2019-2020, Arm Limited. All rights reserved.
3#
4# SPDX-License-Identifier: BSD-3-Clause
5#
6#NOTE: stdout is a log file; &3 prints to the terminal
7#NOTE: This makefile must be run from within the workspace coverity directory
8
9# Remove all default rules
10.SUFFIXES :
11
12cov_dir=coverity
13cov_config=${cov_dir}/config/config.xml
14report=--preview-report-v2 "${cov_dir}/report.json"
15
16golden_cov=--dir "${cov_dir}/golden"
17golden_repo=${cov_dir}/golden-repo
18golden_snapshot=${cov_dir}/golden-snapshot
19golden_analyze=${cov_dir}/golden.txt
20golden_hash=${cov_dir}/golden.hash
21
22branch_cov=--dir "${cov_dir}/branch"
23branch_repo=${cov_dir}/branch-repo
24branch_snapshot=${cov_dir}/branch-snapshot
25branch_analyze=${cov_dir}/branch.txt
26branch_hash=${cov_dir}/branch.hash
27
28stream_name?=${BUILD_CONFIG}
29
30cov-common-args= --host "${coverity_host}" --auth-key-file "${auth_file}"
31cov-manage-args= ${cov-common-args} --ssl --port "${coverity_port}"
32cov-manage=cov-manage-im ${cov-manage-args} --mode
33cov-commit-args= ${cov-common-args} --https-port "${coverity_port}"
34cov-commit=cov-commit-defects ${cov-commit-args} --stream "${stream_name}"
35cov-build=MAKEFLAGS= cov-build --config ${cov_config}
36cov-analyze=cov-analyze --verbose 0
37cov-errors=cov-format-errors
38
39# Make idiom to force a rule to be run. This works by because empty rule does
40# not create its target, which will always run and force all reverse-deps to run
41force: ;
42
43# This is forced because on the second invocation of make will already have the
44# ${golden_hash} file.
45golden-setup: ${golden_hash} force
46 git clone -q "${tf_root}" "${golden_repo}" -b "${golden_ref}"
47 git -C "${golden_repo}" checkout `cat ${golden_hash}` 2>&1
48 echo "golden: ${golden_url} ${golden_ref}" >&3
49
50# Note: If we don't have an "integration" branch then we're probably the CI and
51# have a shallow clone
52${golden_hash}:
53 git -C "${tf_root}" rev-parse "${golden_ref}" >/dev/null 2>/dev/null \
54 || ( git -C "${tf_root}" fetch "${golden_url}" "${golden_ref}" \
55 && git -C "${tf_root}" branch "${golden_ref}" FETCH_HEAD \
56 && git -C "${tf_root}" fetch -q --unshallow "${golden_url}" )
57 git -C "${tf_root}" merge-base HEAD "${golden_ref}" > $@
58 echo "golden: `cat $@`" >&3
59
60ifneq (${cov_force_commit}, 1)
61# The following rule runs this makefile recursively, with ${cov_force_commit}=1,
62# when a suitable snapshot could not be found. This will cause the else branch
63# of this if to be taken and a new snapshot will be created on the server.
64${golden_snapshot}: ${golden_hash}
65 "${ci_root}/script/get_latest_snapshot.py" ${cov-commit-args} \
66 --description "${description}" --version "`cat ${golden_hash}`" \
67 "${stream_name}" > "${golden_snapshot}" \
68 || $(MAKE) ${golden_snapshot} cov_force_commit=1 \
69 -f ${ci_root}/script/coverity-Makefile
70 echo "golden: snapshot ID `cat ${golden_snapshot}` exists" >&3
71else
72${golden_snapshot}: stream-setup ${golden_analyze} ${golden_hash} golden-setup
73 ${cov-commit} ${golden_cov} \
74 --description "${description}" \
75 --version "`cat ${golden_hash}`" \
76 --snapshot-id-file "${golden_snapshot}"
77 echo "golden: new snapshot ID: `cat ${golden_snapshot}`" >&3
78endif
79
80# Create a copy of the user's repo to avoid cleaining their repo
81branch-setup:
82 git clone -q "${tf_root}" "${branch_repo}"
83 rsync -a --exclude=".git" --exclude "**.o" --exclude "**.d" \
84 "${tf_root}/" "${branch_repo}"
85ifneq (${dont_clean}, 1)
86 MAKEFLAGS= make -C "${branch_repo}" distclean
87endif
88
89${branch_hash}: branch-setup
90 git -C ${branch_repo} show -q --format=%H > $@
91 echo "branch: `cat $@`" >&3
92
93# This is allowed to fail, as there may not be a stream for every possible build
94# combination. Failure indicates that the stream already exists.
95stream-setup:
96 -${cov-manage} streams --add --set "name:${stream_name}" \
97 && ${cov-manage} projects --name "Arm Trusted Firmware" --update \
98 --insert "stream:${stream_name}"
99
100${cov_config}:
101 cov-configure --comptype gcc --template --compiler "${cov_compiler}" \
102 --config "${cov_config}"
103
104${golden_analyze}: golden-setup ${cov_config}
105 ${cov-build} ${golden_cov} make -C ${golden_repo} ${SUBMAKE}
106 ${cov-analyze} ${golden_cov} ${cov_options} \
107 --strip-path "$(realpath ${golden_repo})" > ${golden_analyze}
108
109${branch_analyze}: branch-setup ${cov_config} ${branch_hash}
110 ${cov-build} ${branch_cov} make -C ${branch_repo} ${SUBMAKE}
111 ${cov-analyze} ${branch_cov} ${cov_options} \
112 --strip-path "$(realpath ${branch_repo})" > ${branch_analyze}
113
114branch-cov-commit-defects: stream-setup ${branch_analyze} ${branch_hash}
115 ${cov-commit} ${branch_cov} --description "${description}" \
116 --version "`cat ${branch_hash}`" \
117 --snapshot-id-file "${branch_snapshot}"
118 echo "branch: new snapshot ID: `cat ${branch_snapshot}`" >&3
119
120
121ifdef cov_force_commit
122full-commit-defects-dep = branch-cov-commit-defects
123else
124full-commit-defects-dep =
125endif
126
127${cov_dir}/diff.json: ${branch_analyze} ${golden_snapshot}
128 ${cov-commit} ${branch_cov} --preview-report-v2 $@ \
129 --comparison-snapshot-id "`cat ${golden_snapshot}`"
130
131${cov_dir}/full.json: ${full-commit-defects-dep} ${branch_analyze}
132 ${cov-errors} ${branch_cov} --json-output-v7 ${cov_dir}/full.json
133
134%-defects.txt: ${cov_dir}/%.json
135 -python3 ${ci_root}/script/coverity_parser.py $^ \
136 --output defects.json --totals defects-summary.txt > $@
137
138
139
140branch-report-full: full-defects.txt
141branch-report-compare: diff-defects.txt