| # |
| # Copyright (c) 2019-2020, Arm Limited. All rights reserved. |
| # |
| # SPDX-License-Identifier: BSD-3-Clause |
| # |
| #NOTE: stdout is a log file; &3 prints to the terminal |
| #NOTE: This makefile must be run from within the workspace coverity directory |
| |
| # Remove all default rules |
| .SUFFIXES : |
| |
| cov_dir=coverity |
| cov_config=${cov_dir}/config/config.xml |
| report=--preview-report-v2 "${cov_dir}/report.json" |
| |
| golden_cov=--dir "${cov_dir}/golden" |
| golden_repo=${cov_dir}/golden-repo |
| golden_snapshot=${cov_dir}/golden-snapshot |
| golden_analyze=${cov_dir}/golden.txt |
| golden_hash=${cov_dir}/golden.hash |
| |
| branch_cov=--dir "${cov_dir}/branch" |
| branch_repo=${cov_dir}/branch-repo |
| branch_snapshot=${cov_dir}/branch-snapshot |
| branch_analyze=${cov_dir}/branch.txt |
| branch_hash=${cov_dir}/branch.hash |
| |
| stream_name?=${BUILD_CONFIG} |
| |
| cov-common-args= --host "${coverity_host}" --auth-key-file "${auth_file}" |
| cov-manage-args= ${cov-common-args} --ssl --port "${coverity_port}" |
| cov-manage=cov-manage-im ${cov-manage-args} --mode |
| cov-commit-args= ${cov-common-args} --https-port "${coverity_port}" |
| cov-commit=cov-commit-defects ${cov-commit-args} --stream "${stream_name}" |
| cov-build=MAKEFLAGS= cov-build --config ${cov_config} |
| cov-analyze=cov-analyze --verbose 0 |
| cov-errors=cov-format-errors |
| |
| # Make idiom to force a rule to be run. This works by because empty rule does |
| # not create its target, which will always run and force all reverse-deps to run |
| force: ; |
| |
| # This is forced because on the second invocation of make will already have the |
| # ${golden_hash} file. |
| golden-setup: ${golden_hash} force |
| git clone -q "${tf_root}" "${golden_repo}" -b "${golden_ref}" |
| git -C "${golden_repo}" checkout `cat ${golden_hash}` 2>&1 |
| echo "golden: ${golden_url} ${golden_ref}" >&3 |
| |
| # Note: If we don't have an "integration" branch then we're probably the CI and |
| # have a shallow clone |
| ${golden_hash}: |
| git -C "${tf_root}" rev-parse "${golden_ref}" >/dev/null 2>/dev/null \ |
| || ( git -C "${tf_root}" fetch "${golden_url}" "${golden_ref}" \ |
| && git -C "${tf_root}" branch "${golden_ref}" FETCH_HEAD \ |
| && git -C "${tf_root}" fetch -q --unshallow "${golden_url}" ) |
| git -C "${tf_root}" merge-base HEAD "${golden_ref}" > $@ |
| echo "golden: `cat $@`" >&3 |
| |
| ifneq (${cov_force_commit}, 1) |
| # The following rule runs this makefile recursively, with ${cov_force_commit}=1, |
| # when a suitable snapshot could not be found. This will cause the else branch |
| # of this if to be taken and a new snapshot will be created on the server. |
| ${golden_snapshot}: ${golden_hash} |
| "${ci_root}/script/get_latest_snapshot.py" ${cov-commit-args} \ |
| --description "${description}" --version "`cat ${golden_hash}`" \ |
| "${stream_name}" > "${golden_snapshot}" \ |
| || $(MAKE) ${golden_snapshot} cov_force_commit=1 \ |
| -f ${ci_root}/script/coverity-Makefile |
| echo "golden: snapshot ID `cat ${golden_snapshot}` exists" >&3 |
| else |
| ${golden_snapshot}: stream-setup ${golden_analyze} ${golden_hash} golden-setup |
| ${cov-commit} ${golden_cov} \ |
| --description "${description}" \ |
| --version "`cat ${golden_hash}`" \ |
| --snapshot-id-file "${golden_snapshot}" |
| echo "golden: new snapshot ID: `cat ${golden_snapshot}`" >&3 |
| endif |
| |
| # Create a copy of the user's repo to avoid cleaining their repo |
| branch-setup: |
| git clone -q "${tf_root}" "${branch_repo}" |
| rsync -a --exclude=".git" --exclude "**.o" --exclude "**.d" \ |
| "${tf_root}/" "${branch_repo}" |
| ifneq (${dont_clean}, 1) |
| MAKEFLAGS= make -C "${branch_repo}" distclean |
| endif |
| |
| ${branch_hash}: branch-setup |
| git -C ${branch_repo} show -q --format=%H > $@ |
| echo "branch: `cat $@`" >&3 |
| |
| # This is allowed to fail, as there may not be a stream for every possible build |
| # combination. Failure indicates that the stream already exists. |
| stream-setup: |
| -${cov-manage} streams --add --set "name:${stream_name}" \ |
| && ${cov-manage} projects --name "Arm Trusted Firmware" --update \ |
| --insert "stream:${stream_name}" |
| |
| ${cov_config}: |
| cov-configure --comptype gcc --template --compiler "${cov_compiler}" \ |
| --config "${cov_config}" |
| |
| ${golden_analyze}: golden-setup ${cov_config} |
| ${cov-build} ${golden_cov} make -C ${golden_repo} ${SUBMAKE} |
| ${cov-analyze} ${golden_cov} ${cov_options} \ |
| --strip-path "$(realpath ${golden_repo})" > ${golden_analyze} |
| |
| ${branch_analyze}: branch-setup ${cov_config} ${branch_hash} |
| ${cov-build} ${branch_cov} make -C ${branch_repo} ${SUBMAKE} |
| ${cov-analyze} ${branch_cov} ${cov_options} \ |
| --strip-path "$(realpath ${branch_repo})" > ${branch_analyze} |
| |
| branch-cov-commit-defects: stream-setup ${branch_analyze} ${branch_hash} |
| ${cov-commit} ${branch_cov} --description "${description}" \ |
| --version "`cat ${branch_hash}`" \ |
| --snapshot-id-file "${branch_snapshot}" |
| echo "branch: new snapshot ID: `cat ${branch_snapshot}`" >&3 |
| |
| |
| ifdef cov_force_commit |
| full-commit-defects-dep = branch-cov-commit-defects |
| else |
| full-commit-defects-dep = |
| endif |
| |
| ${cov_dir}/diff.json: ${branch_analyze} ${golden_snapshot} |
| ${cov-commit} ${branch_cov} --preview-report-v2 $@ \ |
| --comparison-snapshot-id "`cat ${golden_snapshot}`" |
| |
| ${cov_dir}/full.json: ${full-commit-defects-dep} ${branch_analyze} |
| ${cov-errors} ${branch_cov} --json-output-v7 ${cov_dir}/full.json |
| |
| %-defects.txt: ${cov_dir}/%.json |
| -python3 ${ci_root}/script/coverity_parser.py $^ \ |
| --output defects.json --totals defects-summary.txt > $@ |
| |
| |
| |
| branch-report-full: full-defects.txt |
| branch-report-compare: diff-defects.txt |