Commit c85d606eee01de894db828e81482aa2812b1b5d9

Ben Straub 2014-01-16T11:36:06

Merge pull request #2044 from libgit2/coverity Run Coverity scan on Travis

diff --git a/.travis.yml b/.travis.yml
index 151060f..f25ff76 100644
--- a/.travis.yml
+++ b/.travis.yml
@@ -9,13 +9,21 @@ compiler:
 
 # Settings to try
 env:
+ global:
+  - secure: "YnhS+8n6B+uoyaYfaJ3Lei7cSJqHDPiKJCKFIF2c87YDfmCvAJke8QtE7IzjYDs7UFkTCM4ox+ph2bERUrxZbSCyEkHdjIZpKuMJfYWja/jgMqTMxdyOH9y8JLFbZsSXDIXDwqBlC6vVyl1fP90M35wuWcNTs6tctfVWVofEFbs="
+ matrix:
   - OPTIONS="-DTHREADSAFE=ON -DCMAKE_BUILD_TYPE=Release"
   - OPTIONS="-DBUILD_CLAR=ON -DBUILD_EXAMPLES=ON"
 
 matrix:
+ fast_finish: true
  include:
    - compiler: i586-mingw32msvc-gcc
      env: OPTIONS="-DBUILD_CLAR=OFF -DWIN32=ON -DMINGW=ON"
+   - compiler: gcc
+     env: COVERITY=1
+ allow_failures:
+   - env: COVERITY=1
 
 install:
  - sudo apt-get -qq update
diff --git a/README.md b/README.md
index e6a903c..f814b87 100644
--- a/README.md
+++ b/README.md
@@ -2,6 +2,7 @@ libgit2 - the Git linkable library
 ==================================
 
 [![Build Status](https://secure.travis-ci.org/libgit2/libgit2.png?branch=development)](http://travis-ci.org/libgit2/libgit2)
+[![Coverity Scan Build Status](https://scan.coverity.com/projects/639/badge.svg)](https://scan.coverity.com/projects/639)
 
 `libgit2` is a portable, pure C implementation of the Git core methods provided as a
 re-entrant linkable library with a solid API, allowing you to write native
diff --git a/script/cibuild.sh b/script/cibuild.sh
index aa4fa47..5c0584a 100755
--- a/script/cibuild.sh
+++ b/script/cibuild.sh
@@ -1,5 +1,11 @@
 #!/bin/sh
 
+if [ "$COVERITY" -eq 1 ];
+then
+	./script/coverity.sh;
+	exit $?;
+fi
+
 # Create a test repo which we can use for the online::push tests
 mkdir $HOME/_temp
 git init --bare $HOME/_temp/test.git
diff --git a/script/coverity.sh b/script/coverity.sh
new file mode 100755
index 0000000..e720088
--- /dev/null
+++ b/script/coverity.sh
@@ -0,0 +1,57 @@
+#!/bin/bash
+set -e
+
+# Environment check
+[ -z "$COVERITY_TOKEN" ] && echo "Need to set a coverity token" && exit 1
+
+# Only run this on our branches
+echo "Pull request: $TRAVIS_PULL_REQUEST  |  Slug: $TRAVIS_REPO_SLUG"
+if [ "$TRAVIS_PULL_REQUEST" != "false" -o "$TRAVIS_REPO_SLUG" != "libgit2/libgit2" ];
+then
+	echo "Only analyzing 'development' on the main repo."
+	exit 0
+fi
+
+COV_VERSION=6.6.1
+case `uname -m` in
+	i?86)				BITS=32 ;;
+	amd64|x86_64)	BITS=64 ;;
+esac
+SCAN_TOOL=https://scan.coverity.com/download/linux-${BITS}
+TOOL_BASE=`pwd`/_coverity-scan
+
+# Install coverity tools
+if [ ! -d $TOOL_BASE ]; then
+	echo "Downloading coverity..."
+	mkdir -p $TOOL_BASE
+	cd $TOOL_BASE
+	wget -O coverity_tool.tgz $SCAN_TOOL \
+		--post-data "project=libgit2&token=$COVERITY_TOKEN"
+	tar xzf coverity_tool.tgz
+	cd ..
+	TOOL_DIR=`find $TOOL_BASE -type d -name 'cov-analysis*'`
+	ln -s $TOOL_DIR $TOOL_BASE/cov-analysis
+fi
+
+COV_BUILD="$TOOL_BASE/cov-analysis/bin/cov-build"
+
+# Configure and build
+rm -rf _build
+mkdir _build
+cd _build
+cmake .. -DTHREADSAFE=ON
+COVERITY_UNSUPPORTED=1 \
+	$COV_BUILD --dir cov-int \
+	cmake --build .
+
+# Upload results
+tar czf libgit2.tgz cov-int
+SHA=`git rev-parse --short HEAD`
+curl \
+	--form project=libgit2 \
+	--form token=$COVERITY_TOKEN \
+	--form email=bs@github.com \
+	--form file=@libgit2.tgz \
+	--form version=$SHA \
+	--form description="Travis build" \
+	http://scan5.coverity.com/cgi-bin/upload.py