From 0cf5b6b17d1d96226880fcfabc614dbaada808ac Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Mon, 28 Jan 2019 10:48:49 +0000
Subject: ci: ignore coverity failures in nightly runs

Coverity is back but it's only read-only!  Agh.  Just allow it to fail
and not impact the overall job run.
---
 azure-pipelines/coverity.yml | 36 ++++++++++++++++++++++++
 azure-pipelines/nightly.yml  | 19 -------------
 ci/coverity-build.sh         | 41 ++++++++++++++++++++++++++++
 ci/coverity-publish.sh       | 33 ++++++++++++++++++++++
 ci/coverity.sh               | 65 --------------------------------------------
 5 files changed, 110 insertions(+), 84 deletions(-)
 create mode 100644 azure-pipelines/coverity.yml
 create mode 100755 ci/coverity-build.sh
 create mode 100755 ci/coverity-publish.sh
 delete mode 100755 ci/coverity.sh

diff --git a/azure-pipelines/coverity.yml b/azure-pipelines/coverity.yml
new file mode 100644
index 000000000..d8d34229e
--- /dev/null
+++ b/azure-pipelines/coverity.yml
@@ -0,0 +1,36 @@
+resources:
+- repo: self
+
+jobs:
+- job: coverity
+  displayName: 'Coverity'
+  pool:
+    vmImage: 'Ubuntu 16.04'
+  steps:
+  - task: Docker@0
+    displayName: Build
+    inputs:
+      action: 'Run an image'
+      imageName: 'libgit2/trusty-openssl:latest'
+      volumes: |
+       $(Build.SourcesDirectory):/src
+       $(Build.BinariesDirectory):/build
+      envVars: |
+       COVERITY_TOKEN=$(COVERITY_TOKEN)
+      workDir: '/build'
+      containerCommand: '/src/ci/coverity-build.sh'
+      detached: false
+  - task: Docker@0
+    displayName: Publish
+    inputs:
+      action: 'Run an image'
+      imageName: 'libgit2/trusty-openssl:latest'
+      volumes: |
+       $(Build.SourcesDirectory):/src
+       $(Build.BinariesDirectory):/build
+      envVars: |
+       COVERITY_TOKEN=$(COVERITY_TOKEN)
+      workDir: '/build'
+      containerCommand: '/src/ci/coverity-publish.sh'
+      detached: false
+    continueOnError: true
diff --git a/azure-pipelines/nightly.yml b/azure-pipelines/nightly.yml
index de7da9677..1d34a14df 100644
--- a/azure-pipelines/nightly.yml
+++ b/azure-pipelines/nightly.yml
@@ -186,22 +186,3 @@ jobs:
        CMAKE_OPTIONS=-DUSE_HTTPS=OpenSSL
        RUN_INVASIVE_TESTS=true
        SKIP_PROXY_TESTS=true
-
-- job: coverity
-  displayName: 'Coverity'
-  pool:
-    vmImage: 'Ubuntu 16.04'
-  steps:
-  - task: Docker@0
-    displayName: Build
-    inputs:
-      action: 'Run an image'
-      imageName: 'libgit2/trusty-openssl:latest'
-      volumes: |
-       $(Build.SourcesDirectory):/src
-       $(Build.BinariesDirectory):/build
-      envVars: |
-       COVERITY_TOKEN=$(COVERITY_TOKEN)
-      workDir: '/build'
-      containerCommand: '/src/ci/coverity.sh'
-      detached: false
diff --git a/ci/coverity-build.sh b/ci/coverity-build.sh
new file mode 100755
index 000000000..f8264fa83
--- /dev/null
+++ b/ci/coverity-build.sh
@@ -0,0 +1,41 @@
+#!/bin/bash
+
+set -e
+
+# Environment check
+[ -z "$COVERITY_TOKEN" ] && echo "Need to set a coverity token" && exit 1
+
+SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
+BUILD_DIR=$(pwd)
+
+case $(uname -m) in
+	i?86)				BITS=32 ;;
+	amd64|x86_64)	BITS=64 ;;
+esac
+SCAN_TOOL=https://scan.coverity.com/download/cxx/linux${BITS}
+TOOL_BASE=$(pwd)/_coverity-scan
+
+# Install coverity tools
+if [ ! -d "$TOOL_BASE" ]; then
+	echo "Downloading coverity..."
+	mkdir -p "$TOOL_BASE"
+	pushd "$TOOL_BASE"
+	wget -O coverity_tool.tgz $SCAN_TOOL \
+		--post-data "project=libgit2&token=$COVERITY_TOKEN"
+	tar xzf coverity_tool.tgz
+	popd
+	TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
+	ln -s "$TOOL_DIR" "$TOOL_BASE"/cov-analysis
+fi
+
+cp "${SOURCE_DIR}/script/user_nodefs.h" "$TOOL_BASE"/cov-analysis/config/user_nodefs.h
+
+COV_BUILD="$TOOL_BASE/cov-analysis/bin/cov-build"
+
+# Configure and build
+cmake ${SOURCE_DIR}
+
+COVERITY_UNSUPPORTED=1 \
+	$COV_BUILD --dir cov-int \
+	cmake --build .
+
diff --git a/ci/coverity-publish.sh b/ci/coverity-publish.sh
new file mode 100755
index 000000000..2341b13fb
--- /dev/null
+++ b/ci/coverity-publish.sh
@@ -0,0 +1,33 @@
+#!/bin/bash
+
+set -e
+
+# Results check
+[ ! -d "cov-int" ] && echo "Coverity directory not found" && exit 1
+
+# Upload results
+tar czf libgit2.tgz cov-int
+
+SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
+SHA=$(cd ${SOURCE_DIR} && git rev-parse --short HEAD)
+
+HTML="$(curl \
+	--silent \
+	--write-out "\n%{http_code}" \
+	--form token="$COVERITY_TOKEN" \
+	--form email=libgit2@gmail.com \
+	--form file=@libgit2.tgz \
+	--form version="$SHA" \
+	--form description="libgit2 build" \
+	https://scan.coverity.com/builds?project=libgit2)"
+
+# Body is everything up to the last line
+BODY="$(echo "$HTML" | head -n-1)"
+
+# Status code is the last line
+STATUS_CODE="$(echo "$HTML" | tail -n1)"
+
+if [ "${STATUS_CODE}" != "200" -a "${STATUS_CODE}" != "201" ]; then
+	echo "Received error code ${STATUS_CODE} from Coverity"
+	exit 1
+fi
diff --git a/ci/coverity.sh b/ci/coverity.sh
deleted file mode 100755
index a97fae8c8..000000000
--- a/ci/coverity.sh
+++ /dev/null
@@ -1,65 +0,0 @@
-#!/bin/bash
-
-set -e
-
-# Environment check
-[ -z "$COVERITY_TOKEN" ] && echo "Need to set a coverity token" && exit 1
-
-SOURCE_DIR=${SOURCE_DIR:-$( cd "$( dirname "${BASH_SOURCE[0]}" )" && dirname $( pwd ) )}
-BUILD_DIR=$(pwd)
-
-case $(uname -m) in
-	i?86)				BITS=32 ;;
-	amd64|x86_64)	BITS=64 ;;
-esac
-SCAN_TOOL=https://scan.coverity.com/download/cxx/linux${BITS}
-TOOL_BASE=$(pwd)/_coverity-scan
-
-# Install coverity tools
-if [ ! -d "$TOOL_BASE" ]; then
-	echo "Downloading coverity..."
-	mkdir -p "$TOOL_BASE"
-	pushd "$TOOL_BASE"
-	wget -O coverity_tool.tgz $SCAN_TOOL \
-		--post-data "project=libgit2&token=$COVERITY_TOKEN"
-	tar xzf coverity_tool.tgz
-	popd
-	TOOL_DIR=$(find "$TOOL_BASE" -type d -name 'cov-analysis*')
-	ln -s "$TOOL_DIR" "$TOOL_BASE"/cov-analysis
-fi
-
-cp "${SOURCE_DIR}/script/user_nodefs.h" "$TOOL_BASE"/cov-analysis/config/user_nodefs.h
-
-COV_BUILD="$TOOL_BASE/cov-analysis/bin/cov-build"
-
-# Configure and build
-cmake ${SOURCE_DIR}
-
-COVERITY_UNSUPPORTED=1 \
-	$COV_BUILD --dir cov-int \
-	cmake --build .
-
-# Upload results
-tar czf libgit2.tgz cov-int
-SHA=$(cd ${SOURCE_DIR} && git rev-parse --short HEAD)
-
-HTML="$(curl \
-	--silent \
-	--write-out "\n%{http_code}" \
-	--form token="$COVERITY_TOKEN" \
-	--form email=libgit2@gmail.com \
-	--form file=@libgit2.tgz \
-	--form version="$SHA" \
-	--form description="libgit2 build" \
-	https://scan.coverity.com/builds?project=libgit2)"
-# Body is everything up to the last line
-BODY="$(echo "$HTML" | head -n-1)"
-# Status code is the last line
-STATUS_CODE="$(echo "$HTML" | tail -n1)"
-
-echo "${BODY}"
-
-if [ "${STATUS_CODE}" != "200" -a "${STATUS_CODE}" != "201" ]; then
-	echo "Received error code ${STATUS_CODE} from Coverity"
-	exit 1
-fi
-- 
cgit v1.2.1


From 52a97eed430bdf1d6383afb2ebfd09b1a5b96e9e Mon Sep 17 00:00:00 2001
From: Edward Thomson <ethomson@edwardthomson.com>
Date: Mon, 28 Jan 2019 12:16:50 +0000
Subject: ci: add coverity badge to the README

---
 README.md | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/README.md b/README.md
index 8569df078..b675fdee0 100644
--- a/README.md
+++ b/README.md
@@ -6,7 +6,7 @@ libgit2 - the Git linkable library
 | **master** branch CI builds | [![Azure Pipelines Build Status](https://dev.azure.com/libgit2/libgit2/_apis/build/status/libgit2?branchName=master)](https://dev.azure.com/libgit2/libgit2/_build/latest?definitionId=7&branchName=master)   |
 | **v0.27 branch** CI builds | [![Azure Pipelines Build Status](https://dev.azure.com/libgit2/libgit2/_apis/build/status/libgit2?branchName=maint/v0.27)](https://dev.azure.com/libgit2/libgit2/_build/latest?definitionId=7&branchName=maint/v0.27) |
 | **v0.26 branch** CI builds | [![Azure Pipelines Build Status](https://dev.azure.com/libgit2/libgit2/_apis/build/status/libgit2?branchName=maint/v0.26)](https://dev.azure.com/libgit2/libgit2/_build/latest?definitionId=7&branchName=maint/v0.26) |
-| **Nightly** builds | [![Azure Pipelines Build Status](https://libgit2.visualstudio.com/libgit2/_apis/build/status/libgit2-nightly?branchName=master)](https://libgit2.visualstudio.com/libgit2/_build/latest?definitionId=9&branchName=master) [![Coverity Scan Build Status](https://scan.coverity.com/projects/639/badge.svg)](https://scan.coverity.com/projects/639) |
+| **Nightly** builds | [![Azure Pipelines Build Status](https://libgit2.visualstudio.com/libgit2/_apis/build/status/libgit2?branchName=master&label=Full+Build)](https://libgit2.visualstudio.com/libgit2/_build/latest?definitionId=9&branchName=master) [![Build Status](https://dev.azure.com/libgit2/libgit2/_apis/build/status/coverity?branchName=master&label=Coverity+Build)](https://dev.azure.com/libgit2/libgit2/_build/latest?definitionId=21?branchName=master) [![Coverity Scan Build Status](https://scan.coverity.com/projects/639/badge.svg)](https://scan.coverity.com/projects/639) |
 
 `libgit2` is a portable, pure C implementation of the Git core methods
 provided as a linkable library with a solid API, allowing to build Git
-- 
cgit v1.2.1