MIRRORS/yocto-autobuilder-helper
1
0
Fork 0
mirror of git://git.yoctoproject.org/yocto-autobuilder-helper.git synced 2025-07-19 20:59:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
b113aba114
yocto-autobuilder-helper/scripts/run-cvecheck
Ross Burton 97c6c18708 scripts/run-cvecheck: pull before updating metrics 
Do another git-pull in the metrics repository before updating the
metrics, in case other metrics jobs running in parallel have updated the
repositories since they were cloned.  There will always be possibility
of racing metrics jobs, but this should reduce the chance of it
happening.

An alternative would be to commit and then rebase before pushing, but I
fear that a git-merge could produce invalid JSON and we'd have to
manually fix up the repository.  In my opinion, a wasted metrics run is
preferable to potentially corrupted repositories.

[RP: Moved to after the bitbke invocation]

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-11-03 15:06:35 +00:00

2.7 KiB
Executable File
Raw Blame History

#!/bin/bash

SPDX-License-Identifier: GPL-2.0-only

set -eu

ARGS=$(getopt -o '' --long 'metrics:,branch:,results:,push' -n 'run-cvecheck' -- "$@") if [ $? -ne 0 ]; then echo 'Cannot parse arguments...' >&2 exit 1 fi eval set -- "$ARGS" unset ARGS

Location of the yocto-autobuilder-helper scripts

OURDIR=$(dirname $0)

The metrics repository to use

METRICSDIR=""

Where to copy results to

RESULTSDIR=""

The branch we're building

BRANCH=""

Whether to push the metrics

PUSH=0

while true; do case "$1" in '--metrics') METRICSDIR=$(realpath $2) shift 2 continue ;; '--branch') BRANCH=$2 shift 2 continue ;; '--results') RESULTSDIR=$(realpath -m $2) shift 2 continue ;; '--push') PUSH=1 shift continue ;; '--') shift break ;; *) echo "Unexpected value $1" >&2 exit 1 ;; esac done

TIMESTAMP=date +"%s"

if ! test "$METRICSDIR" -a "$BRANCH" -a "$RESULTSDIR"; then echo "Not all required options specified" exit 1 fi

CVE Checks

if [ ! -d $RESULTSDIR ]; then mkdir $RESULTSDIR fi

cd .. set +u . oe-init-build-env build set -u bitbake world --runall cve_check -R conf/distro/include/cve-extra-exclusions.inc

Do another pull to make sure we're as up to date as possible. This is

preferable to committing and rebasing before pushing as it would be better to

waste some time repeating work than commit potentially corrupted files from a

git merge gone wrong.

git -C $METRICSDIR pull

if [ -e tmp/log/cve/cve-summary.json ]; then git -C $METRICSDIR rm --ignore-unmatch cve-check/$BRANCH/*.json mkdir -p $METRICSDIR/cve-check/$BRANCH/ cp tmp/log/cve/cve-summary.json $METRICSDIR/cve-check/$BRANCH/$TIMESTAMP.json git -C $METRICSDIR add cve-check/$BRANCH/$TIMESTAMP.json git -C $METRICSDIR commit -asm "Autobuilder adding new CVE data for branch $BRANCH" || true if [ "$PUSH" = "1" ]; then git -C $METRICSDIR push fi $OURDIR/cve-report.py tmp/log/cve/cve-summary.json > $RESULTSDIR/cve-status-$BRANCH.txt fi

if [ "$BRANCH" = "master" ]; then mkdir -p $METRICSDIR/cve-check/$BRANCH/ $OURDIR/cve-generate-chartdata --json $METRICSDIR/cve-count-byday.json --resultsdir $METRICSDIR/cve-check/ git -C $METRICSDIR add cve-count-byday.json git -C $METRICSDIR commit -asm "Autobuilder updating CVE counts" || true if [ "$PUSH" = "1" ]; then git -C $METRICSDIR push fi

cp $METRICSDIR/cve-count-byday.json $RESULTSDIR
cp $METRICSDIR/cve-count-byday-lastyear.json $RESULTSDIR

fi