run-coverity-scan: add --check-upload-only option

Add an option to check if upload is permitted without actually attempting a build. This can be useful to add a third outcome beyond success and failure---namely, a CI job can self-cancel if the uploading quota has been reached. There is a small change here in that a failure to do the upload check changes the exit code from 1 to 99. 99 was chosen because it is what Autotools and Meson use to represent a problem in the setup (as opposed to a failure in the test). Reviewed-by: Peter Maydell <peter.maydell@linaro.org> Signed-off-by: Paolo Bonzini <pbonzini@redhat.com>
2024-03-04 13:06:57 -05:00 · 2024-03-04 13:06:57 -05:00 · 2f3e5e4c08
commit 2f3e5e4c08
parent 9ed7c6dd9f
1 changed files with 42 additions and 17 deletions
--- a/scripts/coverity-scan/run-coverity-scan
+++ b/scripts/coverity-scan/run-coverity-scan
@ -28,6 +28,7 @@
 # project settings, if you have maintainer access there.

 # Command line options:
+#   --check-upload-only : return success if upload is possible
 #   --dry-run : run the tools, but don't actually do the upload
 #   --docker : create and work inside a container
 #   --docker-engine : specify the container engine to use (docker/podman/auto);
@ -57,18 +58,18 @@
 # putting it in a file and using --tokenfile. Everything else has
 # a reasonable default if this is run from a git tree.

-check_upload_permissions() {
-    # Check whether we can do an upload to the server; will exit the script
-    # with status 1 if the check failed (usually a bad token);
-    # will exit the script with status 0 if the check indicated that we
-    # can't upload yet (ie we are at quota)
-    # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized.
+upload_permitted() {
+    # Check whether we can do an upload to the server; will exit *the script*
+    # with status 99 if the check failed (usually a bad token);
+    # will return from the function with status 1 if the check indicated
+    # that we can't upload yet (ie we are at quota)
+    # Assumes that COVERITY_TOKEN and PROJNAME have been initialized.

    echo "Checking upload permissions..."

    if ! up_perm="$(wget https://scan.coverity.com/api/upload_permitted --post-data "token=$COVERITY_TOKEN&project=$PROJNAME" -q -O -)"; then
        echo "Coverity Scan API access denied: bad token?"
-        exit 1
+        exit 99
    fi

    # Really up_perm is a JSON response with either
@ -76,25 +77,40 @@ check_upload_permissions() {
    # We do some hacky string parsing instead of properly parsing it.
    case "$up_perm" in
        *upload_permitted*true*)
-            echo "Coverity Scan: upload permitted"
+            return 0
            ;;
        *next_upload_permitted_at*)
-            if [ "$DRYRUN" = yes ]; then
-                echo "Coverity Scan: upload quota reached, continuing dry run"
-            else
-                echo "Coverity Scan: upload quota reached; stopping here"
-                # Exit success as this isn't a build error.
-                exit 0
-            fi
+            return 1
            ;;
        *)
            echo "Coverity Scan upload check: unexpected result $up_perm"
-            exit 1
+            exit 99
            ;;
    esac
 }


+check_upload_permissions() {
+    # Check whether we can do an upload to the server; will exit the script
+    # with status 99 if the check failed (usually a bad token);
+    # will exit the script with status 0 if the check indicated that we
+    # can't upload yet (ie we are at quota)
+    # Assumes that COVERITY_TOKEN, PROJNAME and DRYRUN have been initialized.
+
+    if upload_permitted; then
+        echo "Coverity Scan: upload permitted"
+    else
+        if [ "$DRYRUN" = yes ]; then
+            echo "Coverity Scan: upload quota reached, continuing dry run"
+        else
+            echo "Coverity Scan: upload quota reached; stopping here"
+            # Exit success as this isn't a build error.
+            exit 0
+        fi
+    fi
+}
+
+
 build_docker_image() {
    # build docker container including the coverity-scan tools
    echo "Building docker container..."
@ -152,9 +168,14 @@ update_coverity_tools () {
 DRYRUN=no
 UPDATE=yes
 DOCKER=no
+PROJNAME=QEMU

 while [ "$#" -ge 1 ]; do
    case "$1" in
+        --check-upload-only)
+            shift
+            DRYRUN=check
+            ;;
        --dry-run)
            shift
            DRYRUN=yes
@ -251,6 +272,11 @@ if [ -z "$COVERITY_TOKEN" ]; then
    exit 1
 fi

+if [ "$DRYRUN" = check ]; then
+    upload_permitted
+    exit $?
+fi
+
 if [ -z "$COVERITY_BUILD_CMD" ]; then
    NPROC=$(nproc)
    COVERITY_BUILD_CMD="make -j$NPROC"
@ -266,7 +292,6 @@ if [ -z "$SRCDIR" ]; then
    SRCDIR="$PWD"
 fi

-PROJNAME=QEMU
 TARBALL=cov-int.tar.xz

 if [ "$UPDATE" = only ]; then