.gitlab-ci.yml

image: fedora:38
stages:
  - prepare
  - build
  - deploy

.prepare:coverity: &coverity
  cache:
    key: coverity
    paths:
      - .coverity
  variables:
    COVERITY_RESULTS_DIR: cov-int
  before_script:
    - d=.coverity
    - mkdir -p "$d"
    - covtar=$d/coverity.tar.gz
    - |
      _curl() {
        curl --silent --show-error --fail \
          -F "token=$COVERITY_TOKEN" -F "project=$COVERITY_PROJECT" https://scan.coverity.com/download/linux64 "$@"
      }

    - |
      if test -e "$covtar"; then
        echo "Checking cached coverity scan tool"
        rm -f /tmp/coverity.md5 /tmp/coverity.md5.tmp
        _curl -F "md5=1" --output /tmp/coverity.md5.tmp
        printf '%s\t-' "`sed '1p;d' /tmp/coverity.md5.tmp`" > /tmp/coverity.md5
        md5sum -c /tmp/coverity.md5 < "$covtar" || rm -f "$covtar"
      fi

    - |
      if ! test -e "$covtar"; then
        echo "Downloading coverity scan tool"
        _curl --output "$covtar"
      fi

    - rm -rf /tmp/opt
    - mkdir -p /tmp/opt
    - tar xzf "$covtar" -C /tmp/opt --no-same-owner --strip-components=2
    - PATH=/tmp/opt/bin:$PATH

    - |
      _cov_build() {
        cov-build --dir "$COVERITY_RESULTS_DIR" "$@"
      }

      _cov_submit() {
        RESULTS_ARCHIVE=/tmp/analysis-results.tgz

        echo "==== Importing SCM information"
        cov-import-scm --dir "$COVERITY_RESULTS_DIR" --scm git --log "$COVERITY_RESULTS_DIR"/scm_log.txt

        rm -f "$RESULTS_ARCHIVE"
        echo "==== Creating tarball"
        tar czf "$RESULTS_ARCHIVE" "$COVERITY_RESULTS_DIR" --owner root --group root --mode a+rX,go-w

        echo "==== Submitting build results"
        curl \
          --fail --silent --show-error \
          --write-out '\n%{http_code}: %{size_upload} bytes uploaded; %{size_download} donwloaded in %{time_connect} seconds\n' \
          --form "token=$COVERITY_TOKEN" \
          --form "project=$COVERITY_PROJECT" \
          --form "file=@$RESULTS_ARCHIVE" \
          --form "version=$CI_COMMIT_SHA" \
          --form "description=Travis CI build" \
          --form "email=$GITLAB_USER_EMAIL" \
          https://scan.coverity.com/builds
      }

build:
  stage: build
  coverage: '/^\s*Total:\|(\d+\.\d+\%)\s+.*$/'
  artifacts:
    expire_in: 1 day
    paths:
      - build-gcov/.lcov-html
      - build-analyze/*.plist
  script:
    - dnf install -y lcov gcc openssl-devel make clang valgrind libubsan

    - |
      _make_dir() {
        d=build-$1
        shift
        mkdir -p $d
        make -j -C $d -f ../Makefile clean
        make -j -C $d -f ../Makefile "$@"
      }

    # run VPATH builds first
    - _make_dir world   run-tests
    - _make_dir analyze analyze ANALYZE_OUTPUT=html || ':'
    - _make_dir gcov    run-gcov || ":"

    # run non-VPATH build
    - make clean
    - make -j world

coverity:
  <<: *coverity
  stage: build
  only:
    - /^coverity-scan$/
  artifacts:
    expire_in: 1 day
    paths:
      - cov-int/
  script:
    - dnf install -y gcc openssl-devel make git-core
    - _cov_build make IN_COVSCAN=1 world
    - _cov_submit

pages:
  stage: deploy
  variables:
    GIT_STRATEGY: none
    GIT_SUBMODULE_STRATEGY: none
  artifacts:
    expire_in: 1 week
    paths:
      - public
  dependencies:
    - build
  script:
    - mkdir -p public
    - mv build-gcov/.lcov-html public/lcov
    - mv build-analyze  public/analyze || ':'