MIRRORS/yocto-autobuilder-helper
1
0
Fork 0
mirror of git://git.yoctoproject.org/yocto-autobuilder-helper.git synced 2025-07-19 20:59:02 +02:00
Code Issues Actions Packages Projects Releases Wiki Activity
b4f7c4d10a
yocto-autobuilder-helper/scripts/run-cvecheck
Ross Burton 97c6c18708 scripts/run-cvecheck: pull before updating metrics 
Do another git-pull in the metrics repository before updating the
metrics, in case other metrics jobs running in parallel have updated the
repositories since they were cloned.  There will always be possibility
of racing metrics jobs, but this should reduce the chance of it
happening.

An alternative would be to commit and then rebase before pushing, but I
fear that a git-merge could produce invalid JSON and we'd have to
manually fix up the repository.  In my opinion, a wasted metrics run is
preferable to potentially corrupted repositories.

[RP: Moved to after the bitbke invocation]

Signed-off-by: Ross Burton <ross.burton@arm.com>
Signed-off-by: Richard Purdie <richard.purdie@linuxfoundation.org>
2023-11-03 15:06:35 +00:00

110 lines
2.7 KiB
Bash
Executable File
Raw Blame History

#!/bin/bash
#
# SPDX-License-Identifier: GPL-2.0-only
#
set -eu
ARGS=$(getopt -o '' --long 'metrics:,branch:,results:,push' -n 'run-cvecheck' -- "$@")
if [ $? -ne 0 ]; then
echo 'Cannot parse arguments...' >&2
exit 1
fi
eval set -- "$ARGS"
unset ARGS
# Location of the yocto-autobuilder-helper scripts
OURDIR=$(dirname $0)
# The metrics repository to use
METRICSDIR=""
# Where to copy results to
RESULTSDIR=""
# The branch we're building
BRANCH=""
# Whether to push the metrics
PUSH=0
while true; do
case "$1" in
'--metrics')
METRICSDIR=$(realpath $2)
shift 2
continue
;;
'--branch')
BRANCH=$2
shift 2
continue
;;
'--results')
RESULTSDIR=$(realpath -m $2)
shift 2
continue
;;
'--push')
PUSH=1
shift
continue
;;
'--')
shift
break
;;
*)
echo "Unexpected value $1" >&2
exit 1
;;
esac
done
TIMESTAMP=`date +"%s"`
if ! test "$METRICSDIR" -a "$BRANCH" -a "$RESULTSDIR"; then
echo "Not all required options specified"
exit 1
fi
#
# CVE Checks
#
if [ ! -d $RESULTSDIR ]; then
mkdir $RESULTSDIR
fi
cd ..
set +u
. oe-init-build-env build
set -u
bitbake world --runall cve_check -R conf/distro/include/cve-extra-exclusions.inc
# Do another pull to make sure we're as up to date as possible. This is
# preferable to committing and rebasing before pushing as it would be better to
# waste some time repeating work than commit potentially corrupted files from a
# git merge gone wrong.
git -C $METRICSDIR pull
if [ -e tmp/log/cve/cve-summary.json ]; then
git -C $METRICSDIR rm --ignore-unmatch cve-check/$BRANCH/*.json
mkdir -p $METRICSDIR/cve-check/$BRANCH/
cp tmp/log/cve/cve-summary.json $METRICSDIR/cve-check/$BRANCH/$TIMESTAMP.json
git -C $METRICSDIR add cve-check/$BRANCH/$TIMESTAMP.json
git -C $METRICSDIR commit -asm "Autobuilder adding new CVE data for branch $BRANCH" || true
if [ "$PUSH" = "1" ]; then
git -C $METRICSDIR push
fi
$OURDIR/cve-report.py tmp/log/cve/cve-summary.json > $RESULTSDIR/cve-status-$BRANCH.txt
fi
if [ "$BRANCH" = "master" ]; then
mkdir -p $METRICSDIR/cve-check/$BRANCH/
$OURDIR/cve-generate-chartdata --json $METRICSDIR/cve-count-byday.json --resultsdir $METRICSDIR/cve-check/
git -C $METRICSDIR add cve-count-byday.json
git -C $METRICSDIR commit -asm "Autobuilder updating CVE counts" || true
if [ "$PUSH" = "1" ]; then
git -C $METRICSDIR push
fi
cp $METRICSDIR/cve-count-byday.json $RESULTSDIR
cp $METRICSDIR/cve-count-byday-lastyear.json $RESULTSDIR
fi
Reference in New Issue View Git Blame Copy Permalink