I use coverity for my rails application, but I can't upload any build.
I tried it with the Coverity Scan Self-Build. It runs without any problems, but when I upload my .tgz
file, it fails with the following message:
Please fix the errors below.
- Project is invalid
I used the following commands:
$ ~/Downloads/cov-analysis-linux64-8.5.0.3/bin/cov-build --dir cov-int --no-command --fs-capture-search ./
Coverity Build Capture (64-bit) version 8.5.0.3 on Linux 4.7.4-1-ARCH x86_64
Internal version numbers: db70178643 p-kent-push-26368.949
[STATUS] Running filesystem capture search...
[WARNING] Path '/<PATH_TO_MY_APP>/cov-int' looks like an idir. Skipping filesystem capture on it.
[STATUS] Emitting 239 source files from filesystem capture
|0----------25-----------50----------75---------100|
****************************************************
Emitted 3 JavaScript compilation units (100%) successfully
Emitted 233 Ruby compilation units (100%) successfully
3 JavaScript compilation units (100%) are ready for analysis
233 Ruby compilation units (100%) are ready for analysis
The cov-build utility completed successfully.
$ tar czvf myproject.tgz cov-int
cov-int/
cov-int/build-id.txt
cov-int/emit/
cov-int/emit/<HOST>/
cov-int/emit/<HOST>/emit-db.lock
cov-int/emit/<HOST>/emit-db
cov-int/emit/<HOST>/config/
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/coverity_config_created
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/coverity_config.xml
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/ruby-config-0/
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/ruby-config-0/coverity_config.xml
cov-int/emit/<HOST>/emit-db.write-lock
cov-int/emit/version
cov-int/tmp/
cov-int/build-log.txt
cov-int/BUILD.metrics.xml
cov-int/build-cwd.txt
cov-int/build-timings.txt
$
Afterwards I tried to upload the file myproject.tgz
.
I also tried to use travis for uploading my first build, but it also fails with the following message:
Coverity Scan analysis selected for branch coverity_scan.
Coverity Scan analysis authorized per quota.
$ curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh | COVERITY_SCAN_PROJECT_NAME="$PROJECT_NAME" COVERITY_SCAN_NOTIFICATION_EMAIL="${COVERITY_SCAN_NOTIFICATION_EMAIL:-<MY_EMAIL>}" COVERITY_SCAN_BUILD_COMMAND="${COVERITY_SCAN_BUILD_COMMAND:---no-command --fs-capture-search ./}" COVERITY_SCAN_BUILD_COMMAND_PREPEND="${COVERITY_SCAN_BUILD_COMMAND_PREPEND:-}" COVERITY_SCAN_BRANCH_PATTERN=${COVERITY_SCAN_BRANCH_PATTERN:-coverity_scan} bash
Note: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com
Coverity Scan configured to run on branch coverity_scan
Coverity Scan analysis authorized per quota.
Downloading Coverity Scan Analysis Tool...
2016-09-29 20:36:31 URL:https://scan.coverity.com/download/Linux [449455458/449455458] -> "/tmp/cov-analysis-Linux.tgz" [1]
Extracting Coverity Scan Analysis Tool...
/tmp/coverity-scan-analysis ~/build/<PROJECT_NAME>
~/build/<PROJECT_NAME>
Running Coverity Scan Analysis Tool...
Coverity Build Capture (64-bit) version 8.5.0.3 on Linux 3.13.0-92-generic x86_64
Internal version numbers: db70178643 p-kent-push-26368.949
[STATUS] Running filesystem capture search...
[WARNING] Path '/home/travis/build/<PROJECT_NAME>/cov-int' looks like an idir. Skipping filesystem capture on it.
[STATUS] Emitting 238 source files from filesystem capture
|0----------25-----------50----------75---------100|
|******/*****/*****/******/*****/*****/*****/******/****/*****
Emitted 2 JavaScript compilation units (100%) successfully
Emitted 233 Ruby compilation units (100%) successfully
2 JavaScript compilation units (100%) are ready for analysis
233 Ruby compilation units (100%) are ready for analysis
The cov-build utility completed successfully.
Extracting SCM data for 235 files...
|0----------25-----------50----------75---------100|
*******/************************************|*********
Please see the log file '/home/travis/build/<PROJECT_NAME>/cov-int/scm_log.txt' for warnings and SCM command issues.
[WARNING] SCM data appears to be mismatched.
File: '/home/travis/build/<PROJECT_NAME>/config/initializers/cookies_serializer.rb'
Please check the correctness of the SCM data with cov-manage-emit.
Successfully added SCM data for 235 files
Tarring Coverity Scan Analysis results...
Uploading Coverity Scan Analysis results...
Coverity Scan upload failed: ERROR: Project is invalid.
It also says Project is invalid. And since the build is from travis, I can't look into the logs.
The references file config/initializers/cookies_serializer.rb
looks like this:
# Be sure to restart your server when you modify this file.
Rails.application.config.action_dispatch.cookies_serializer = :json
The third possibility is the command line upload. Here is the log:
$ curl --form token=<TOKEN> \
--form email=<MY_EMAIL> \
--form file=@/<PATH_TO_MY_APP>/myproject.zip \
--form version="1.0" \
--form description="Initial" \
https://scan.coverity.com/builds?project=<MY_USERNAME>%2F<MY_PROJECT_NAME>
ERROR: Project is invalid
$
And here is an excerpt of my .travis.yml
file:
# environment settings
env:
global:
- secure: "<SECURE>"
matrix:
- DB=sqlite
- DB=mysql
- DB=postgresql
# commands to run before the install
before_install:
# download certificate
- echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-
# addons
addons:
coverity_scan:
project:
name: "<PROJECT_NAME>"
description: "Build submitted via Travis CI"
notification_email: <MY_EMAIL>
build_command_prepend: ""
build_command: "--no-command --fs-capture-search ./"
branch_pattern: coverity_scan
I also tried this with the build command option --fs-capture-search ./app/
, so just all application files are scanned.
Does anyone know why this error occurs?
Thanks in advance!
EDIT: added command line example
curl
command (Coverity provided instructions that did not work). Use the cURL command provided by Crypto++. – jww