script/coverity.sh


Log

Author Commit Date CI Message
Patrick Steinhardt 18c18e3d 2016-10-31T15:55:46 coverity: check for Coverity token only if necessary When running a Coverity build, we have to provide an authentication token in order to proof that we are actually allowed to run analysis in the name of a certain project. As this token should be secret, it is only set on the main repository, so when we were requested to run the Coverity script on another repository we do error out. But in fact we do also error out if the Coverity analysis should _not_ be run if there is no authentication token provided. Fix the issue by only checking for the authentication token after determining if analysis is indeed requested.
Patrick Steinhardt 561276ee 2016-10-28T14:48:30 coverity: only analyze the master branch of the main repository We used to only execute Coverity analysis on the 'development' branch before commit 998f001 (Refine build limitation, 2014-01-15), which refined Coverity build limitations. While we do not really use the 'development' branch anymore, it does still make sense to only analyze a single branch, as otherwise Coverity might get confused. Re-establish the restriction such that we only analyze libgit2's 'master' branch. Also fix the message announcing why we do not actually analyze a certain build.
Patrick Steinhardt 6c4d2d3e 2016-10-28T14:45:55 coverity: fix download URL
Patrick Steinhardt 2615d0d6 2016-03-02T01:50:34 coverity: report errors when uploading tarball Curl by default does not report errors by setting the error code. As the upload can fail through several conditions (e.g. the rate limit, leading to unauthorized access) we should indicate this information in Travis CI. To improve upon the behavior, use `--write-out=%{http_code}` to write out the HTTP code in addition to the received body and return an error if the code does not equal 201.
Patrick Steinhardt 50174ab4 2016-02-10T11:06:23 coverity: use https URL for posting build When posting our instrumented build results to Coverity we have to include sensitive information, in particular our authorization token. Currently we use an unencrypted channel to post this information, leading to the token being transferred in plain. Fix this by using a secured connection instead.
Patrick Steinhardt 8dddea42 2016-02-10T10:59:14 coverity: provide nodef for GITERR_CHECK_ALLOC Coverity currently lists a lot of errors with regard to GITERR_CHECK_ALLOC causing resource leaks. We know this macro is only invoked when we want to abort because we are out of memory. Coverity allows for overriding the default model where we know that certain functions guarantee a desired behavior. The user_nodefs.h is used to override the behavior of macros. Re-define GITERR_CHECK_ALLOC inside of it to specify its abort nature.
Ungureanu Marius a4fccbbf 2014-11-17T07:01:40 Run shell scripts through shellcheck
Ben Straub 998f0016 2014-01-15T12:32:12 Refine build limitation
Ben Straub 53e6f480 2014-01-15T12:12:17 Only run coverity on development
Ben Straub 9bf17d2c 2014-01-13T14:11:14 Add coverity-scan script