diff mbox series

[1/2] run-coverity-scan: add --check-upload-only option

Message ID 20240305190902.364753-2-pbonzini@redhat.com (mailing list archive)
State New, archived
Headers show
Series ci: allow running Coverity Scan uploads via GitLab | expand

Commit Message

Paolo Bonzini March 5, 2024, 7:09 p.m. UTC
Add an option to check if upload is permitted without actually
attempting a build.  This can be useful to add a third outcome
beyond success and failure---namely, a CI job can self-cancel
if the uploading quota has been reached.

Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
---
 scripts/coverity-scan/run-coverity-scan | 51 ++++++++++++++++++-------
 1 file changed, 38 insertions(+), 13 deletions(-)

Comments

Peter Maydell March 7, 2024, 12:47 p.m. UTC | #1
On Tue, 5 Mar 2024 at 19:09, Paolo Bonzini <pbonzini@redhat.com> wrote:
>
> Add an option to check if upload is permitted without actually
> attempting a build.  This can be useful to add a third outcome
> beyond success and failure---namely, a CI job can self-cancel
> if the uploading quota has been reached.
>
> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
> ---
>  scripts/coverity-scan/run-coverity-scan | 51 ++++++++++++++++++-------
>  1 file changed, 38 insertions(+), 13 deletions(-)
>
> diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan
> index d56c9b66776..4bc991f70fd 100755
> --- a/scripts/coverity-scan/run-coverity-scan
> +++ b/scripts/coverity-scan/run-coverity-scan
> @@ -28,6 +28,7 @@
>  # project settings, if you have maintainer access there.
>
>  # Command line options:
> +#   --check-upload-only : return success if upload is possible
>  #   --dry-run : run the tools, but don't actually do the upload
>  #   --docker : create and work inside a container
>  #   --docker-engine : specify the container engine to use (docker/podman/auto);
> @@ -57,18 +58,18 @@
>  # putting it in a file and using --tokenfile. Everything else has
>  # a reasonable default if this is run from a git tree.
>
> -check_upload_permissions() {
> +upload_permitted() {
>      # Check whether we can do an upload to the server; will exit the script
>      # with status 1 if the check failed (usually a bad token);

This comment says we exit with status 1 on a failed check...

>      # will exit the script with status 0 if the check indicated that we
>      # can't upload yet (ie we are at quota)
> -    # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized.
> +    # Assumes that COVERITY_TOKEN and PROJNAME have been initialized.
>
>      echo "Checking upload permissions..."
>
>      if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then
>          echo "Coverity Scan API access denied: bad token?"
> -        exit 1
> +        exit 99

...but these changes switch to exit 99 instead. It's not clear to
me why -- the commit message doesn't say anything about changing
the exit status.

>      fi
>
>      # Really up_perm is a JSON response with either

Otherwise this looks OK.

thanks
-- PMM
diff mbox series

Patch

diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan
index d56c9b66776..4bc991f70fd 100755
--- a/scripts/coverity-scan/run-coverity-scan
+++ b/scripts/coverity-scan/run-coverity-scan
@@ -28,6 +28,7 @@ 
 # project settings, if you have maintainer access there.
 
 # Command line options:
+#   --check-upload-only : return success if upload is possible
 #   --dry-run : run the tools, but don't actually do the upload
 #   --docker : create and work inside a container
 #   --docker-engine : specify the container engine to use (docker/podman/auto);
@@ -57,18 +58,18 @@ 
 # putting it in a file and using --tokenfile. Everything else has
 # a reasonable default if this is run from a git tree.
 
-check_upload_permissions() {
+upload_permitted() {
     # Check whether we can do an upload to the server; will exit the script
     # with status 1 if the check failed (usually a bad token);
     # will exit the script with status 0 if the check indicated that we
     # can't upload yet (ie we are at quota)
-    # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized.
+    # Assumes that COVERITY_TOKEN and PROJNAME have been initialized.
 
     echo "Checking upload permissions..."
 
     if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then
         echo "Coverity Scan API access denied: bad token?"
-        exit 1
+        exit 99
     fi
 
     # Really up_perm is a JSON response with either
@@ -76,25 +77,40 @@  check_upload_permissions() {
     # We do some hacky string parsing instead of properly parsing it.
     case "$up_perm" in
         *upload_permitted*true*)
-            echo "Coverity Scan: upload permitted"
+            return 0
             ;;
         *next_upload_permitted_at*)
-            if [ "$DRYRUN" = yes ]; then
-                echo "Coverity Scan: upload quota reached, continuing dry run"
-            else
-                echo "Coverity Scan: upload quota reached; stopping here"
-                # Exit success as this isn't a build error.
-                exit 0
-            fi
+            return 1
             ;;
         *)
             echo "Coverity Scan upload check: unexpected result $up_perm"
-            exit 1
+            exit 99
             ;;
     esac
 }
 
 
+check_upload_permissions() {
+    # Check whether we can do an upload to the server; will exit the script
+    # with status 1 if the check failed (usually a bad token);
+    # will exit the script with status 0 if the check indicated that we
+    # can't upload yet (ie we are at quota)
+    # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized.
+
+    if upload_permitted; then
+        echo "Coverity Scan: upload permitted"
+    else
+        if [ "$DRYRUN" = yes ]; then
+            echo "Coverity Scan: upload quota reached, continuing dry run"
+        else
+            echo "Coverity Scan: upload quota reached; stopping here"
+            # Exit success as this isn't a build error.
+            exit 0
+        fi
+    fi
+}
+
+
 build_docker_image() {
     # build docker container including the coverity-scan tools
     echo "Building docker container..."
@@ -152,9 +168,14 @@  update_coverity_tools () {
 DRYRUN=no
 UPDATE=yes
 DOCKER=no
+PROJNAME=QEMU
 
 while [ "$#" -ge 1 ]; do
     case "$1" in
+        --check-upload-only)
+            shift
+            DRYRUN=check
+            ;;
         --dry-run)
             shift
             DRYRUN=yes
@@ -251,6 +272,11 @@  if [ -z "$COVERITY_TOKEN" ]; then
     exit 1
 fi
 
+if [ "$DRYRUN" = check ]; then
+    upload_permitted
+    exit $?
+fi
+
 if [ -z "$COVERITY_BUILD_CMD" ]; then
     NPROC=$(nproc)
     COVERITY_BUILD_CMD="make -j$NPROC"
@@ -266,7 +292,6 @@  if [ -z "$SRCDIR" ]; then
     SRCDIR="$PWD"
 fi
 
-PROJNAME=QEMU
 TARBALL=cov-int.tar.xz
 
 if [ "$UPDATE" = only ]; then