| Message ID | 20240308130507.582097-2-pbonzini@redhat.com (mailing list archive) |
|---|---|
| State | New, archived |
| Headers | show |
| Series | ci: allow running Coverity Scan uploads via GitLab | expand |
On Fri, 8 Mar 2024 at 13:05, Paolo Bonzini <pbonzini@redhat.com> wrote: > > Add an option to check if upload is permitted without actually > attempting a build. This can be useful to add a third outcome > beyond success and failure---namely, a CI job can self-cancel > if the uploading quota has been reached. > > There is a small change here in that a failure to do the upload > check changes the exit code from 1 to 99. 99 was chosen because > it is what Autotools and Meson use to represent a problem in the > setup (as opposed to a failure in the test). > > Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> > -check_upload_permissions() { > - # Check whether we can do an upload to the server; will exit the script > - # with status 1 if the check failed (usually a bad token); > - # will exit the script with status 0 if the check indicated that we > - # can't upload yet (ie we are at quota) > - # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized. > +upload_permitted() { > + # Check whether we can do an upload to the server; will exit *the script* > + # with status 99 if the check failed (usually a bad token); > + # will return from the function with status 1 if the check indicated > + # that we can't upload yet (ie we are at quota) > + # Assumes that COVERITY_TOKEN and PROJNAME have been initialized. > > echo "Checking upload permissions..." > > if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then > echo "Coverity Scan API access denied: bad token?" > - exit 1 > + exit 99 > fi > > # Really up_perm is a JSON response with either > @@ -76,25 +77,40 @@ check_upload_permissions() { > # We do some hacky string parsing instead of properly parsing it. > case "$up_perm" in > *upload_permitted*true*) > - echo "Coverity Scan: upload permitted" > + return 0 > ;; > *next_upload_permitted_at*) > - if [ "$DRYRUN" = yes ]; then > - echo "Coverity Scan: upload quota reached, continuing dry run" > - else > - echo "Coverity Scan: upload quota reached; stopping here" > - # Exit success as this isn't a build error. > - exit 0 > - fi > + return 1 > ;; > *) > echo "Coverity Scan upload check: unexpected result $up_perm" > - exit 1 > + exit 99 > ;; > esac > } > > > +check_upload_permissions() { > + # Check whether we can do an upload to the server; will exit the script > + # with status 1 if the check failed (usually a bad token); This should also be "status 99", I think. > + # will exit the script with status 0 if the check indicated that we > + # can't upload yet (ie we are at quota) > + # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized. > + > + if upload_permitted; then > + echo "Coverity Scan: upload permitted" > + else > + if [ "$DRYRUN" = yes ]; then > + echo "Coverity Scan: upload quota reached, continuing dry run" > + else > + echo "Coverity Scan: upload quota reached; stopping here" > + # Exit success as this isn't a build error. > + exit 0 > + fi > + fi > +} Otherwise Reviewed-by: Peter Maydell <peter.maydell@linaro.org> thanks -- PMM
diff --git a/scripts/coverity-scan/run-coverity-scan b/scripts/coverity-scan/run-coverity-scan index d56c9b66776..96d852aa362 100755 --- a/scripts/coverity-scan/run-coverity-scan +++ b/scripts/coverity-scan/run-coverity-scan @@ -28,6 +28,7 @@ # project settings, if you have maintainer access there. # Command line options: +# --check-upload-only : return success if upload is possible # --dry-run : run the tools, but don't actually do the upload # --docker : create and work inside a container # --docker-engine : specify the container engine to use (docker/podman/auto); @@ -57,18 +58,18 @@ # putting it in a file and using --tokenfile. Everything else has # a reasonable default if this is run from a git tree. -check_upload_permissions() { - # Check whether we can do an upload to the server; will exit the script - # with status 1 if the check failed (usually a bad token); - # will exit the script with status 0 if the check indicated that we - # can't upload yet (ie we are at quota) - # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized. +upload_permitted() { + # Check whether we can do an upload to the server; will exit *the script* + # with status 99 if the check failed (usually a bad token); + # will return from the function with status 1 if the check indicated + # that we can't upload yet (ie we are at quota) + # Assumes that COVERITY_TOKEN and PROJNAME have been initialized. echo "Checking upload permissions..." if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then echo "Coverity Scan API access denied: bad token?" - exit 1 + exit 99 fi # Really up_perm is a JSON response with either @@ -76,25 +77,40 @@ check_upload_permissions() { # We do some hacky string parsing instead of properly parsing it. case "$up_perm" in *upload_permitted*true*) - echo "Coverity Scan: upload permitted" + return 0 ;; *next_upload_permitted_at*) - if [ "$DRYRUN" = yes ]; then - echo "Coverity Scan: upload quota reached, continuing dry run" - else - echo "Coverity Scan: upload quota reached; stopping here" - # Exit success as this isn't a build error. - exit 0 - fi + return 1 ;; *) echo "Coverity Scan upload check: unexpected result $up_perm" - exit 1 + exit 99 ;; esac } +check_upload_permissions() { + # Check whether we can do an upload to the server; will exit the script + # with status 1 if the check failed (usually a bad token); + # will exit the script with status 0 if the check indicated that we + # can't upload yet (ie we are at quota) + # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized. + + if upload_permitted; then + echo "Coverity Scan: upload permitted" + else + if [ "$DRYRUN" = yes ]; then + echo "Coverity Scan: upload quota reached, continuing dry run" + else + echo "Coverity Scan: upload quota reached; stopping here" + # Exit success as this isn't a build error. + exit 0 + fi + fi +} + + build_docker_image() { # build docker container including the coverity-scan tools echo "Building docker container..." @@ -152,9 +168,14 @@ update_coverity_tools () { DRYRUN=no UPDATE=yes DOCKER=no +PROJNAME=QEMU while [ "$#" -ge 1 ]; do case "$1" in + --check-upload-only) + shift + DRYRUN=check + ;; --dry-run) shift DRYRUN=yes @@ -251,6 +272,11 @@ if [ -z "$COVERITY_TOKEN" ]; then exit 1 fi +if [ "$DRYRUN" = check ]; then + upload_permitted + exit $? +fi + if [ -z "$COVERITY_BUILD_CMD" ]; then NPROC=$(nproc) COVERITY_BUILD_CMD="make -j$NPROC" @@ -266,7 +292,6 @@ if [ -z "$SRCDIR" ]; then SRCDIR="$PWD" fi -PROJNAME=QEMU TARBALL=cov-int.tar.xz if [ "$UPDATE" = only ]; then
Add an option to check if upload is permitted without actually attempting a build. This can be useful to add a third outcome beyond success and failure---namely, a CI job can self-cancel if the uploading quota has been reached. There is a small change here in that a failure to do the upload check changes the exit code from 1 to 99. 99 was chosen because it is what Autotools and Meson use to represent a problem in the setup (as opposed to a failure in the test). Signed-off-by: Paolo Bonzini <pbonzini@redhat.com> --- scripts/coverity-scan/run-coverity-scan | 59 ++++++++++++++++++------- 1 file changed, 42 insertions(+), 17 deletions(-)