summaryrefslogtreecommitdiff
path: root/security/nss/automation/taskcluster/scripts/run_scan_build.sh
blob: 99f80ab5fa5c121126bb50c2f0b45dc140792972 (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
#!/usr/bin/env bash

source $(dirname $0)/tools.sh

if [ $(id -u) = 0 ]; then
    # Drop privileges by re-running this script.
    exec su worker $0 $@
fi

# Clone NSPR if needed.
if [ ! -d "nspr" ]; then
    hg_clone https://hg.mozilla.org/projects/nspr nspr default
fi

# Build.
cd nss
make nss_build_all

# What we want to scan.
# key: directory to scan
# value: number of errors expected in that directory
declare -A scan=( \
        [lib/base]=0 \
        [lib/certdb]=0 \
        [lib/certhigh]=0 \
        [lib/ckfw]=0 \
        [lib/crmf]=0 \
        [lib/cryptohi]=0 \
        [lib/dev]=0 \
        [lib/freebl]=0 \
        [lib/nss]=0 \
        [lib/ssl]=0 \
        [lib/util]=0 \
    )

# remove .OBJ directories to force a rebuild of just the select few
for i in "${!scan[@]}"; do
   find "$i" -name "*.OBJ" -exec rm -rf {} \+
done

# run scan-build (only building affected directories)
scan-build -o /home/worker/artifacts --use-cc=$CC --use-c++=$CCC make nss_build_all && cd ..

# print errors we found
set +v +x
STATUS=0
for i in "${!scan[@]}"; do
   n=$(grep -Rn "$i" /home/worker/artifacts/*/report-*.html | wc -l)
   if [ $n -ne ${scan[$i]} ]; then
     STATUS=1
     echo "$(date '+%T') WARNING - TEST-UNEXPECTED-FAIL: $i contains $n scan-build errors"
   elif [ $n -ne 0 ]; then
     echo "$(date '+%T') WARNING - TEST-EXPECTED-FAIL: $i contains $n scan-build errors"
   fi
done
exit $STATUS