yocto-autobuilder-helper/scripts/run-cvecheck

#!/bin/bash
#
# SPDX-License-Identifier: GPL-2.0-only
#
PARENTDIR=`realpath $1`
TARGETDIR=`realpath $2`
RESULTSDIR=`realpath -m $3`
BUILDDIR=`realpath $4`
BRANCH=$5
OURDIR=`dirname $0`

TIMESTAMP=`date +"%s"`

#
# CVE Checks
#
if [ ! -e $PARENTDIR/yocto-metrics ]; then
    git clone ssh://git@push.yoctoproject.org/yocto-metrics $PARENTDIR/yocto-metrics
fi

if [ ! -d $RESULTSDIR ]; then
    mkdir $RESULTSDIR
fi

for branch in master mickledore langdale kirkstone dunfell; do
    mkdir -p $PARENTDIR/yocto-metrics/cve-check/$branch/
    git -C $PARENTDIR reset origin/$branch --hard
    rm conf/local.conf
    rm conf/bblayers.conf
    rm -f conf/templateconf.cfg
    rm tmp/ -rf
    unset BB_ENV_PASSTHROUGH_ADDITIONS
    unset BB_ENV_EXTRAWHITE
    cd ..
    . oe-init-build-env build
    bitbake world --runall cve_check -R conf/distro/include/cve-extra-exclusions.inc
    if [ -e tmp/log/cve/cve-summary.json ]; then
        git -C $PARENTDIR/yocto-metrics rm cve-check/$branch/*.json
        mkdir -p $PARENTDIR/yocto-metrics/cve-check/$branch
        cp tmp/log/cve/cve-summary.json $PARENTDIR/yocto-metrics/cve-check/$branch/$TIMESTAMP.json
        git -C $PARENTDIR/yocto-metrics add cve-check/$branch/$TIMESTAMP.json
        git -C $PARENTDIR/yocto-metrics commit -asm "Autobuilder adding new CVE data for branch $branch"
        git -C $PARENTDIR/yocto-metrics push
        $OURDIR/cve-report.py tmp/log/cve/cve-summary.json > $RESULTSDIR/cve-status-$branch.txt
    fi
done

mkdir -p $PARENTDIR/yocto-metrics/cve-check/
$OURDIR/cve-generate-chartdata --json $PARENTDIR/yocto-metrics/cve-count-byday.json --resultsdir $PARENTDIR/yocto-metrics/cve-check/
git -C $PARENTDIR/yocto-metrics add cve-count-byday.json
git -C $PARENTDIR/yocto-metrics commit -asm "Autobuilder updating CVE counts"
git -C $PARENTDIR/yocto-metrics push

cp $PARENTDIR/yocto-metrics/cve-count-byday.json $RESULTSDIR
cp $PARENTDIR/yocto-metrics/cve-count-byday-lastyear.json $RESULTSDIR