1
votes

I use coverity for my rails application, but I can't upload any build.

I tried it with the Coverity Scan Self-Build. It runs without any problems, but when I upload my .tgz file, it fails with the following message:

Please fix the errors below.

  • Project is invalid

I used the following commands:

$ ~/Downloads/cov-analysis-linux64-8.5.0.3/bin/cov-build --dir cov-int --no-command --fs-capture-search ./
Coverity Build Capture (64-bit) version 8.5.0.3 on Linux 4.7.4-1-ARCH x86_64
Internal version numbers: db70178643 p-kent-push-26368.949


[STATUS] Running filesystem capture search...
[WARNING] Path '/<PATH_TO_MY_APP>/cov-int' looks like an idir. Skipping filesystem capture on it.
[STATUS] Emitting 239 source files from filesystem capture
|0----------25-----------50----------75---------100|
****************************************************
Emitted 3 JavaScript compilation units (100%) successfully
Emitted 233 Ruby compilation units (100%) successfully

3 JavaScript compilation units (100%) are ready for analysis
233 Ruby compilation units (100%) are ready for analysis
The cov-build utility completed successfully.
$ tar czvf myproject.tgz cov-int
cov-int/
cov-int/build-id.txt
cov-int/emit/
cov-int/emit/<HOST>/
cov-int/emit/<HOST>/emit-db.lock
cov-int/emit/<HOST>/emit-db
cov-int/emit/<HOST>/config/
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/coverity_config_created
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/coverity_config.xml
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/ruby-config-0/
cov-int/emit/<HOST>/config/80d7f82624e3b17456da362d1e5400da/ruby-config-0/coverity_config.xml
cov-int/emit/<HOST>/emit-db.write-lock
cov-int/emit/version
cov-int/tmp/
cov-int/build-log.txt
cov-int/BUILD.metrics.xml
cov-int/build-cwd.txt
cov-int/build-timings.txt
$

Afterwards I tried to upload the file myproject.tgz.

I also tried to use travis for uploading my first build, but it also fails with the following message:

Coverity Scan analysis selected for branch coverity_scan.
Coverity Scan analysis authorized per quota.
$ curl -s https://scan.coverity.com/scripts/travisci_build_coverity_scan.sh | COVERITY_SCAN_PROJECT_NAME="$PROJECT_NAME" COVERITY_SCAN_NOTIFICATION_EMAIL="${COVERITY_SCAN_NOTIFICATION_EMAIL:-<MY_EMAIL>}" COVERITY_SCAN_BUILD_COMMAND="${COVERITY_SCAN_BUILD_COMMAND:---no-command --fs-capture-search ./}" COVERITY_SCAN_BUILD_COMMAND_PREPEND="${COVERITY_SCAN_BUILD_COMMAND_PREPEND:-}" COVERITY_SCAN_BRANCH_PATTERN=${COVERITY_SCAN_BRANCH_PATTERN:-coverity_scan} bash
Note: COVERITY_SCAN_PROJECT_NAME and COVERITY_SCAN_TOKEN are available on Project Settings page on scan.coverity.com
Coverity Scan configured to run on branch coverity_scan
Coverity Scan analysis authorized per quota.
Downloading Coverity Scan Analysis Tool...
2016-09-29 20:36:31 URL:https://scan.coverity.com/download/Linux [449455458/449455458] -> "/tmp/cov-analysis-Linux.tgz" [1]
Extracting Coverity Scan Analysis Tool...
/tmp/coverity-scan-analysis ~/build/<PROJECT_NAME>
~/build/<PROJECT_NAME>
Running Coverity Scan Analysis Tool...
Coverity Build Capture (64-bit) version 8.5.0.3 on Linux 3.13.0-92-generic x86_64
Internal version numbers: db70178643 p-kent-push-26368.949
[STATUS] Running filesystem capture search...
[WARNING] Path '/home/travis/build/<PROJECT_NAME>/cov-int' looks like an idir. Skipping filesystem capture on it.
[STATUS] Emitting 238 source files from filesystem capture
|0----------25-----------50----------75---------100|
|******/*****/*****/******/*****/*****/*****/******/****/*****
Emitted 2 JavaScript compilation units (100%) successfully
Emitted 233 Ruby compilation units (100%) successfully
2 JavaScript compilation units (100%) are ready for analysis
233 Ruby compilation units (100%) are ready for analysis
The cov-build utility completed successfully.
Extracting SCM data for 235 files...
|0----------25-----------50----------75---------100|
*******/************************************|*********
Please see the log file '/home/travis/build/<PROJECT_NAME>/cov-int/scm_log.txt' for warnings and SCM command issues.
[WARNING] SCM data appears to be mismatched.
          File: '/home/travis/build/<PROJECT_NAME>/config/initializers/cookies_serializer.rb'
Please check the correctness of the SCM data with cov-manage-emit.
Successfully added SCM data for 235 files
Tarring Coverity Scan Analysis results...
Uploading Coverity Scan Analysis results...
Coverity Scan upload failed: ERROR: Project is invalid.

It also says Project is invalid. And since the build is from travis, I can't look into the logs.

The references file config/initializers/cookies_serializer.rb looks like this:

# Be sure to restart your server when you modify this file.

Rails.application.config.action_dispatch.cookies_serializer = :json

The third possibility is the command line upload. Here is the log:

$ curl --form token=<TOKEN> \
  --form email=<MY_EMAIL> \
  --form file=@/<PATH_TO_MY_APP>/myproject.zip \
  --form version="1.0" \
  --form description="Initial" \
  https://scan.coverity.com/builds?project=<MY_USERNAME>%2F<MY_PROJECT_NAME>
ERROR: Project is invalid
$

And here is an excerpt of my .travis.yml file:

# environment settings
env:
  global:
    - secure: "<SECURE>"
  matrix:
    - DB=sqlite
    - DB=mysql
    - DB=postgresql

# commands to run before the install
before_install:
  # download certificate
  - echo -n | openssl s_client -connect scan.coverity.com:443 | sed -ne '/-BEGIN CERTIFICATE-/,/-END CERTIFICATE-/p' | sudo tee -a /etc/ssl/certs/ca-

# addons
addons:
  coverity_scan:
    project:
      name: "<PROJECT_NAME>"
      description: "Build submitted via Travis CI"
    notification_email: <MY_EMAIL>
    build_command_prepend: ""
    build_command: "--no-command --fs-capture-search ./"
    branch_pattern: coverity_scan

I also tried this with the build command option --fs-capture-search ./app/, so just all application files are scanned.

Does anyone know why this error occurs?

Thanks in advance!

EDIT: added command line example

1
Here are the recipes we use at Crypto++ Coverity Scan. They are copy/paste recipes. In the past, the Scan Service submission had problems, but that's not the case anymore (thanks ML). The last problem I had submitting was due to the curl command (Coverity provided instructions that did not work). Use the cURL command provided by Crypto++.jww
I tried to upload my tgz file by the command line, but it also failed with the same message Project not valid...razr

1 Answers

1
votes

I believe the error message here is complaining that the project you're trying to commit your results to in SCAN isn't correctly configured. From your other question How to setup a Travis Rails project to submit to Coverity Scan?, you have this in your travis.yml. Did you update this to point to the correct project?

# addons
addons:
  coverity_scan:
    project:
      name: "<PROJECT_NAME>"
      description: "Build submitted via Travis CI"