run-coverity-scan: add --check-upload-only option

Add an option to check if upload is permitted without actually
attempting a build.  This can be useful to add a third outcome
beyond success and failure---namely, a CI job can self-cancel
if the uploading quota has been reached.

There is a small change here in that a failure to do the upload
check changes the exit code from 1 to 99.  99 was chosen because
it is what Autotools and Meson use to represent a problem in the
setup (as opposed to a failure in the test).

Reviewed-by: Peter Maydell <peter.maydell@linaro.org>
Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
This commit is contained in:
Paolo Bonzini 2024-03-04 13:06:57 -05:00
parent 9ed7c6dd9f
commit 2f3e5e4c08

View File

@ -28,6 +28,7 @@
# project settings, if you have maintainer access there. # project settings, if you have maintainer access there.
# Command line options: # Command line options:
# --check-upload-only : return success if upload is possible
# --dry-run : run the tools, but don't actually do the upload # --dry-run : run the tools, but don't actually do the upload
# --docker : create and work inside a container # --docker : create and work inside a container
# --docker-engine : specify the container engine to use (docker/podman/auto); # --docker-engine : specify the container engine to use (docker/podman/auto);
@ -57,18 +58,18 @@
# putting it in a file and using --tokenfile. Everything else has # putting it in a file and using --tokenfile. Everything else has
# a reasonable default if this is run from a git tree. # a reasonable default if this is run from a git tree.
check_upload_permissions() { upload_permitted() {
# Check whether we can do an upload to the server; will exit the script # Check whether we can do an upload to the server; will exit *the script*
# with status 1 if the check failed (usually a bad token); # with status 99 if the check failed (usually a bad token);
# will exit the script with status 0 if the check indicated that we # will return from the function with status 1 if the check indicated
# can't upload yet (ie we are at quota) # that we can't upload yet (ie we are at quota)
# Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized. # Assumes that COVERITY_TOKEN and PROJNAME have been initialized.
echo "Checking upload permissions..." echo "Checking upload permissions..."
if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then
echo "Coverity Scan API access denied: bad token?" echo "Coverity Scan API access denied: bad token?"
exit 1 exit 99
fi fi
# Really up_perm is a JSON response with either # Really up_perm is a JSON response with either
@ -76,9 +77,29 @@ check_upload_permissions() {
# We do some hacky string parsing instead of properly parsing it. # We do some hacky string parsing instead of properly parsing it.
case "$up_perm" in case "$up_perm" in
*upload_permitted*true*) *upload_permitted*true*)
echo "Coverity Scan: upload permitted" return 0
;; ;;
*next_upload_permitted_at*) *next_upload_permitted_at*)
return 1
;;
*)
echo "Coverity Scan upload check: unexpected result $up_perm"
exit 99
;;
esac
}
check_upload_permissions() {
# Check whether we can do an upload to the server; will exit the script
# with status 99 if the check failed (usually a bad token);
# will exit the script with status 0 if the check indicated that we
# can't upload yet (ie we are at quota)
# Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized.
if upload_permitted; then
echo "Coverity Scan: upload permitted"
else
if [ "$DRYRUN" = yes ]; then if [ "$DRYRUN" = yes ]; then
echo "Coverity Scan: upload quota reached, continuing dry run" echo "Coverity Scan: upload quota reached, continuing dry run"
else else
@ -86,12 +107,7 @@ check_upload_permissions() {
# Exit success as this isn't a build error. # Exit success as this isn't a build error.
exit 0 exit 0
fi fi
;; fi
*)
echo "Coverity Scan upload check: unexpected result $up_perm"
exit 1
;;
esac
} }
@ -152,9 +168,14 @@ update_coverity_tools () {
DRYRUN=no DRYRUN=no
UPDATE=yes UPDATE=yes
DOCKER=no DOCKER=no
PROJNAME=QEMU
while [ "$#" -ge 1 ]; do while [ "$#" -ge 1 ]; do
case "$1" in case "$1" in
--check-upload-only)
shift
DRYRUN=check
;;
--dry-run) --dry-run)
shift shift
DRYRUN=yes DRYRUN=yes
@ -251,6 +272,11 @@ if [ -z "$COVERITY_TOKEN" ]; then
exit 1 exit 1
fi fi
if [ "$DRYRUN" = check ]; then
upload_permitted
exit $?
fi
if [ -z "$COVERITY_BUILD_CMD" ]; then if [ -z "$COVERITY_BUILD_CMD" ]; then
NPROC=$(nproc) NPROC=$(nproc)
COVERITY_BUILD_CMD="make -j$NPROC" COVERITY_BUILD_CMD="make -j$NPROC"
@ -266,7 +292,6 @@ if [ -z "$SRCDIR" ]; then
SRCDIR="$PWD" SRCDIR="$PWD"
fi fi
PROJNAME=QEMU
TARBALL=cov-int.tar.xz TARBALL=cov-int.tar.xz
if [ "$UPDATE" = only ]; then if [ "$UPDATE" = only ]; then