From d9096ce998c10caa1b10d4212a00e816f226ec33 Mon Sep 17 00:00:00 2001
From: Pavel Hrdina <phrdina@redhat.com>
Date: Thu, 12 Nov 2020 14:56:25 +0100
Subject: [PATCH] gitlab-ci: add coverity job
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Introduce new job to make a coverity build and upload coverity data to
scan.coverity.com where the analysis is then executed.

Signed-off-by: Pavel Hrdina <phrdina@redhat.com>
Reviewed-by: Daniel P. Berrangé <berrange@redhat.com>
---
 .gitlab-ci.yml           | 20 ++++++++++++++++++++
 ci/containers/README.rst | 22 ++++++++++++++++++++++
 2 files changed, 42 insertions(+)

diff --git a/.gitlab-ci.yml b/.gitlab-ci.yml
index 725c76e9ee..6792accf8f 100644
--- a/.gitlab-ci.yml
+++ b/.gitlab-ci.yml
@@ -585,3 +585,23 @@ check-dco:
       - $CI_PROJECT_NAMESPACE == 'libvirt'
   variables:
     GIT_DEPTH: 1000
+
+
+# Coverity job that is run only by schedules
+coverity:
+  image: $CI_REGISTRY_IMAGE/ci-centos-8:latest
+  needs:
+    - x64-centos-8-container
+  stage: builds
+  script:
+    - curl https://scan.coverity.com/download/linux64 --form project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN -o /tmp/cov-analysis-linux64.tgz
+    - tar xfz /tmp/cov-analysis-linux64.tgz
+    - meson build
+    - cov-analysis-linux64-*/bin/cov-build --dir cov-int ninja -C build
+    - tar cfz cov-int.tar.gz cov-int
+    - curl https://scan.coverity.com/builds?project=$COVERITY_SCAN_PROJECT_NAME --form token=$COVERITY_SCAN_TOKEN --form email=$GITLAB_USER_EMAIL --form file=@cov-int.tar.gz --form version="$(git describe --tags)" --form description="$(git describe --tags) / $CI_COMMIT_TITLE / $CI_COMMIT_REF_NAME:$CI_PIPELINE_ID"
+  only:
+    refs:
+      - schedules
+    variables:
+      - $COVERITY_SCAN_PROJECT_NAME && $COVERITY_SCAN_TOKEN
diff --git a/ci/containers/README.rst b/ci/containers/README.rst
index 530897e311..f2ee132613 100644
--- a/ci/containers/README.rst
+++ b/ci/containers/README.rst
@@ -12,3 +12,25 @@ https://gitlab.com/libvirt/libvirt-ci
 The containers are built during the CI process and cached in the GitLab
 container registry of the project doing the build. The cached containers
 can be deleted at any time and will be correctly rebuilt.
+
+
+Coverity scan integration
+=========================
+
+This will be used only by the main repository for master branch by running
+scheduled pipeline in GitLab.
+
+The service is proved by `Coverity Scan`_ and requires that the project is
+registered there to get free coverity analysis which we already have for
+`libvirt project`_.
+
+To run the coverity job it requires two new variables:
+
+  * ``COVERITY_SCAN_PROJECT_NAME``, containing the `libvirt project`_
+    name.
+
+  * ``COVERITY_SCAN_TOKEN``, token visible to admins of `libvirt project`_
+
+
+.. _Coverity Scan: https://scan.coverity.com/
+.. _libvirt project: https://scan.coverity.com/projects/libvirt