From b41b9c947f73d5fbea00158f9fa11f6f9c1608c6 Mon Sep 17 00:00:00 2001 From: Richard Lau Date: Tue, 14 May 2024 20:35:49 +0100 Subject: [PATCH] ansible: automate installation of Coverity build tool --- ansible/MANUAL_STEPS.md | 6 +-- .../roles/jenkins-workspace/tasks/main.yml | 38 +++++++++++++++++++ 2 files changed, 40 insertions(+), 4 deletions(-) diff --git a/ansible/MANUAL_STEPS.md b/ansible/MANUAL_STEPS.md index 4b6877020..1551f37f9 100644 --- a/ansible/MANUAL_STEPS.md +++ b/ansible/MANUAL_STEPS.md @@ -662,11 +662,9 @@ The hosts labelled jenkins-workspace are used to "execute" the coordination of J Note that not all jobs can use jenkins-workspace servers for execution, some are tied to other hosts. -The jenkins-workspace hosts are setup as standard Node.js nodes but are only given the `jenkins-workspace` label. After setup, they require the following manual steps: +The jenkins-workspace hosts are setup as standard Node.js nodes but are only given the `jenkins-workspace` label. -* Download the Coverity Build Tool for Linux x64 at (requires a Coverity login) -* Extract to `/var`, e.g. so the resulting directory looks like `/var/cov-analysis-linux64-2017.07/` or similar -* Ensure that the [node-coverity-daily](https://ci.nodejs.org/job/node-daily-coverity/configure) job matches the path used in its explicit `PATH` setting +The playbook should download and install the Coverity build tool needed for static analysis into `/var/`. The extracted build tool should end up in a directory similar to `/var/cov-analysis-linux64-2023.6.2`. This directory must match the `PATH` setting in the [node-coverity-daily](https://ci.nodejs.org/job/node-daily-coverity/configure) job. According to Synopsis the tool is usually updated twice yearly -- if it is updated the directory will change and the job will need to be updated accordingly. ## Docker hosts diff --git a/ansible/roles/jenkins-workspace/tasks/main.yml b/ansible/roles/jenkins-workspace/tasks/main.yml index 7f580f70c..b802109d0 100644 --- a/ansible/roles/jenkins-workspace/tasks/main.yml +++ b/ansible/roles/jenkins-workspace/tasks/main.yml @@ -158,3 +158,41 @@ name: jq state: latest update_cache: yes + +# Coverity build tool. See MANUAL_STEPS.md. +- name: Get md5sum for Coverity build tool + ansible.builtin.uri: + body: + md5: 1 + token: "{{ secrets.coverity_token }}" + project: Node.js + body_format: form-urlencoded + method: POST + url: https://scan.coverity.com/download/linux64 + return_content: true + register: coverity_build_tool_meta + +- name: Download Coverity build tool + ansible.builtin.uri: + body: + token: "{{ secrets.coverity_token }}" + project: Node.js + body_format: form-urlencoded + dest: /tmp/ + method: POST + url: https://scan.coverity.com/download/linux64 + register: coverity_build_tool + +- name: Validate checksum of downloaded Coverity build tool + ansible.builtin.stat: + checksum_algorithm: md5 + path: "{{ coverity_build_tool.path }}" + failed_when: coverity_build_tool_file.stat.checksum != coverity_build_tool_meta.content + register: coverity_build_tool_file + +- name: Unpack Coverity build tool + ansible.builtin.unarchive: + creates: "/var/{{ coverity_build_tool.path|regex_search('/tmp/(.+)\\.tar\\.gz', '\\1')|first }}" + dest: /var/ + remote_src: true + src: "{{ coverity_build_tool.path }}"