From a18ec2d2d81bfa178be09f3fa427ea4ddbc1bf40 Mon Sep 17 00:00:00 2001
From: James Mills <prologic@shortcircuit.net.au>
Date: Fri, 13 Mar 2020 07:24:06 +1000
Subject: [PATCH] Fix coverity scan (#8388)

* Fix coverity scan

* Add path filter to pull_request: condition

* Add missing dependency
---
 .github/workflows/coverity.yml | 16 ++++++++--
 coverity-scan.sh               | 56 ++++++++++++++++------------------
 2 files changed, 40 insertions(+), 32 deletions(-)

diff --git a/.github/workflows/coverity.yml b/.github/workflows/coverity.yml
index 1f84640cdc..926257dc08 100644
--- a/.github/workflows/coverity.yml
+++ b/.github/workflows/coverity.yml
@@ -4,6 +4,10 @@ name: Coverity Scan
 on:
   schedule:
     - cron: '0 1 * * *'
+  pull_request:
+    paths:
+      - .github/workflows/coverity.yml
+      - coverity-scan.sh
 jobs:
   coverity:
     if: github.repository == 'netdata/netdata'
@@ -12,12 +16,18 @@ jobs:
       - name: Checkout
         uses: actions/checkout@v2
       - name: Prepare environment
+        env:
+          DEBIAN_FRONTEND: 'noninteractive'
         run: |
-          ./packaging/installer/install-required-packages.sh --dont-wait --non-interactive netdata
-          sudo apt-get install -y libjson-c-dev libipmimonitoring-dev libcups2-dev libsnappy-dev \
-                                  libprotobuf-dev libprotoc-dev libssl-dev protobuf-compiler
+          ./packaging/installer/install-required-packages.sh \
+            --dont-wait --non-interactive netdata
+          sudo apt-get install -y libjson-c-dev libipmimonitoring-dev \
+                                  libcups2-dev libsnappy-dev libprotobuf-dev \
+                                  libprotoc-dev libssl-dev protobuf-compiler \
+                                  libnetfilter-acct-dev
       - name: Run coverity-scan
         env:
+          REPOSITORY: 'netdata/netdata'
           COVERITY_SCAN_TOKEN: ${{ secrets.COVERITY_SCAN_TOKEN }}
           COVERITY_SCAN_SUBMIT_MAIL: ${{ secrets.COVERITY_SCAN_SUBMIT_MAIL }}
         run: |
diff --git a/coverity-scan.sh b/coverity-scan.sh
index dd58b47884..cd2ff02795 100755
--- a/coverity-scan.sh
+++ b/coverity-scan.sh
@@ -48,37 +48,35 @@ source packaging/installer/functions.sh || echo "Failed to fully load the functi
 cpus=$(find_processors)
 [ -z "${cpus}" ] && cpus=1
 
-if [ -f ".coverity-scan.conf" ]
-then
-	source ".coverity-scan.conf"
+if [ -f ".coverity-scan.conf" ]; then
+  source ".coverity-scan.conf"
 fi
 
 repo="${REPOSITORY}"
 if [ -z "${repo}" ]; then
-	fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
+  fatal "export variable REPOSITORY or set it in .coverity-scan.conf"
 fi
 repo="${repo//\//%2F}"
 
 email="${COVERITY_SCAN_SUBMIT_MAIL}"
 if [ -z "${email}" ]; then
-	fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
+  fatal "export variable COVERITY_SCAN_SUBMIT_MAIL or set it in .coverity-scan.conf"
 fi
 
 token="${COVERITY_SCAN_TOKEN}"
 if [ -z "${token}" ]; then
-	fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
+  fatal "export variable COVERITY_SCAN_TOKEN or set it in .coverity-scan.conf"
 fi
 
-if ! command -v curl >/dev/null 2>&1; then
-	fatal "CURL is required for coverity scan to work"
+if ! command -v curl > /dev/null 2>&1; then
+  fatal "CURL is required for coverity scan to work"
 fi
 
 # only print the output of a command
 # when debugging is enabled
 # used to hide the token when debugging is not enabled
 debugrun() {
-  if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]
-  then
+  if [ "${COVERITY_SUBMIT_DEBUG}" = "1" ]; then
     run "${@}"
     return $?
   else
@@ -91,7 +89,7 @@ scanit() {
   progress "Scanning using coverity"
   export PATH="${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/"
   covbuild="${COVERITY_BUILD_PATH}"
-  [ -z "${covbuild}" ] && covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
+  [ -z "${covbuild}" ] && covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
 
   if [ -z "${covbuild}" ]; then
     fatal "Cannot find 'cov-build' binary in \$PATH. Export variable COVERITY_BUILD_PATH or set it in .coverity-scan.conf"
@@ -146,7 +144,7 @@ installit() {
     progress "Installing coverity..."
     cd "${INSTALL_DIR}"
 
-    run sudo tar -z -x -f  "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
+    run sudo tar -z -x -f "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz" || exit 1
     rm "${TMP_DIR}/${COVERITY_BUILD_VERSION}.tar.gz"
     export PATH=${PATH}:${INSTALL_DIR}/${COVERITY_BUILD_VERSION}/bin/
   else
@@ -154,7 +152,7 @@ installit() {
   fi
 
   # Validate the installation
-  covbuild="$(which cov-build 2>/dev/null || command -v cov-build 2>/dev/null)"
+  covbuild="$(which cov-build 2> /dev/null || command -v cov-build 2> /dev/null)"
   if [ -z "$covbuild" ]; then
     fatal "Failed to install coverity."
   fi
@@ -183,23 +181,23 @@ OTHER_OPTIONS+=" --enable-backend-prometheus-remote-write"
 
 FOUND_OPTS="NO"
 while [ -n "${1}" ]; do
-	if [ "${1}" = "--with-install" ]; then
-		progress "Running coverity install"
-		installit
-		shift 1
-	elif [ -n "${1}" ]; then
-		# Clear the default arguments, once you bump into the first argument
-		if [ "${FOUND_OPTS}" = "NO" ]; then
-			OTHER_OPTIONS="${1}"
-			FOUND_OPTS="YES"
-		else
-			OTHER_OPTIONS+=" ${1}"
-		fi
+  if [ "${1}" = "--with-install" ]; then
+    progress "Running coverity install"
+    installit
+    shift 1
+  elif [ -n "${1}" ]; then
+    # Clear the default arguments, once you bump into the first argument
+    if [ "${FOUND_OPTS}" = "NO" ]; then
+      OTHER_OPTIONS="${1}"
+      FOUND_OPTS="YES"
+    else
+      OTHER_OPTIONS+=" ${1}"
+    fi
 
-		shift 1
-	else
-		break
-	fi
+    shift 1
+  else
+    break
+  fi
 done
 
 echo "Running coverity scan with extra options ${OTHER_OPTIONS}"