.gitlab-ci.yml: add support to run coverity

Signed-off-by: Georgia Garcia <georgia.garcia@canonical.com>
2025-03-04 00:14:44 +01:00 · 2023-03-27 10:05:40 -03:00 · 2023-03-27 10:05:40 -03:00 · ae347d07fb
commit ae347d07fb
parent bba1a023bf
1 changed files with 27 additions and 0 deletions
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@ -136,3 +136,30 @@ include:
 variables:
  SAST_EXCLUDED_ANALYZERS: "eslint,flawfinder,semgrep,spotbugs"
  SAST_BANDIT_EXCLUDED_PATHS: "*/tst/*, */test/*"
+
+.send-to-coverity: &send-to-coverity
+  - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME
+    --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL
+    --form file=@$(ls apparmor-*-cov-int.tar.gz) --form version="$(git describe --tags)"
+    --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
+
+coverity:
+  stage: .post
+  extends:
+    - .ubuntu-before_script
+  only:
+    refs:
+      - coverity
+  script:
+      - apt-get install --no-install-recommends -y curl git texlive-latex-recommended
+      - *install-c-build-deps
+      - curl -o /tmp/cov-analysis-linux64.tgz https://scan.coverity.com/download/linux64
+        --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN
+      - tar xfz /tmp/cov-analysis-linux64.tgz
+      - COV_VERSION=$(ls -dt cov-analysis-linux64-* | head -1)
+      - PATH=$PATH:$(pwd)/$COV_VERSION/bin
+      - make coverity
+      - *send-to-coverity
+  artifacts:
+    paths:
+      - "apparmor-*.tar.gz"