Add JJB template for static code analysis by Coverity Scan service

"onap-gerrit-maven-coverity" JJB template runs 'mvn clean install' and then
publishes results to Coverity Scan service for static code analysis.

Usage example:

- project:
    name: so-coverity
    jobs:
      - onap-gerrit-maven-coverity
    cron: '@daily'
    build-node: 'ubuntu1604-builder-4c-4g'
    project: 'so'
    project-name: 'so'
    branch: 'master'
    mvn-settings: 'so-settings'
    mvn-goals: 'clean install'
    mvn-opts: '-Xmx1024m -XX:MaxPermSize=256m'
    mvn-params: '-Dmaven.test.skip=true'
    coverity-project-name: 'onap-so'
    coverity-token: 'PUT COVERITY TOKEN HERE'
    coverity-user-email: 'PUT USER EMAIL HERE'

Issue-ID: CIMAN-260

Signed-off-by: Artem Naluzhnyy <A.Naluzhnyy@samsung.com>
Change-Id: I6f4fa6359b5be91932c5a1a1ed7ba0a4068ac152

3 files changed, 219 insertions, 0 deletions

diff --git a/jjb/ci-management/ci-management-coverity.yaml b/jjb/ci-management/ci-management-coverity.yaml
new file mode 100644
index 000000000..399f7fa80
--- /dev/null
+++ b/jjb/ci-management/ci-management-coverity.yaml
@@ -0,0 +1,114 @@
+---
+# Coverity Scan static analysis
+
+- builder:
+    name: onap-maven-coverity
+    builders:
+      - lf-maven-install:
+          mvn-version: '{mvn-version}'
+      - lf-update-java-alternatives:
+          java-version: '{java-version}'
+      - lf-provide-maven-settings:
+          global-settings-file: global-settings
+          settings-file: '{mvn-settings}'
+      - shell: !include-raw-escape:
+          - ../../global-jjb/shell/common-variables.sh
+          - ../../shell/maven-coverity.sh
+      - lf-provide-maven-settings-cleanup
+
+- job-template:
+    name: '{project-name}-coverity'
+    id: onap-gerrit-maven-coverity
+
+    project-type: freestyle
+    node: '{build-node}'
+
+    branch: master
+    build-days-to-keep: 7
+    build-timeout: 60
+    cron: '@daily'
+    disable-job: false
+    git-url: '$GIT_URL/$PROJECT'
+    java-version: openjdk8
+    mvn-global-settings: global-settings
+    mvn-opts: ''
+    mvn-params: ''
+    mvn-version: mvn35
+    coverity-project-name: ''
+    coverity-token: ''
+    coverity-user-email: ''
+    stream: master
+    submodule-recursive: true
+    submodule-timeout: 10
+    submodule-disable: false
+    archive-artifacts: >
+      **/*.log
+      **/hs_err_*.log
+      **/target/**/feature.xml
+      **/target/failsafe-reports/failsafe-summary.xml
+      **/target/surefire-reports/*-output.txt
+
+    disabled: '{disable-job}'
+
+    properties:
+      - lf-infra-properties:
+          build-days-to-keep: '{build-days-to-keep}'
+
+    parameters:
+      - lf-infra-parameters:
+          project: '{project}'
+          branch: '{branch}'
+          stream: '{stream}'
+      - lf-infra-maven-parameters:
+          mvn-opts: '{mvn-opts}'
+          mvn-params: '{mvn-params}'
+          mvn-version: '{mvn-version}'
+      - string:
+          name: ARCHIVE_ARTIFACTS
+          default: '{archive-artifacts}'
+          description: Artifacts to archive to the logs server.
+      - string:
+          name: COVERITY_PROJECT_NAME
+          default: '{coverity-project-name}'
+          description: |
+              Project name in Coverity Scan service.
+      - string:
+          name: COVERITY_TOKEN
+          default: '{coverity-token}'
+          description: |
+              Project token in Coverity Scan service.
+      - string:
+          name: COVERITY_USER_EMAIL
+          default: '{coverity-user-email}'
+          description: |
+              Email of registered user in Coverity Scan service who initiated
+              the submittion.
+
+    triggers:
+      - timed: '{obj:cron}'
+
+    wrappers:
+      - lf-infra-wrappers:
+          build-timeout: '{build-timeout}'
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+
+    builders:
+      - lf-infra-pre-build
+      - onap-maven-coverity:
+          java-version: '{java-version}'
+          mvn-settings: '{mvn-settings}'
+          mvn-version: '{mvn-version}'
+
+    publishers:
+      - lf-infra-publish
+
+    scm:
+      - lf-infra-gerrit-scm:
+          jenkins-ssh-credential: '{jenkins-ssh-credential}'
+          git-url: '{git-url}'
+          refspec: $GERRIT_REFSPEC
+          branch: $GERRIT_BRANCH
+          submodule-recursive: '{submodule-recursive}'
+          submodule-timeout: '{submodule-timeout}'
+          submodule-disable: '{submodule-disable}'
+          choosing-strategy: default
diff --git a/jjb/ci-management/ci-management-views.yaml b/jjb/ci-management/ci-management-views.yaml
index 8915a2caa..b463c7a40 100644
--- a/jjb/ci-management/ci-management-views.yaml
+++ b/jjb/ci-management/ci-management-views.yaml
@@ -46,6 +46,14 @@
     view-regex: '^(?=.*-sonar)(?!.*-no-sonar).*'
     view-description: 'List of Sonar jobs'
 
+- project:
+    name: All-Coverity
+    views:
+      - common-view
+    view-name: All-Coverity
+    view-regex: '.*-coverity'
+    view-description: 'List of Coverity jobs'
+
 - view:
     name: CLM
     description: 'List of CLM jobs'
diff --git a/shell/maven-coverity.sh b/shell/maven-coverity.sh
new file mode 100644
index 000000000..739754211
--- /dev/null
+++ b/shell/maven-coverity.sh
@@ -0,0 +1,97 @@
+#!/bin/bash
+
+# Copyright 2019 Samsung Electronics Co., Ltd.
+#
+# Licensed under the Apache License, Version 2.0 (the "License");
+# you may not use this file except in compliance with the License.
+# You may obtain a copy of the License at
+#
+# http://www.apache.org/licenses/LICENSE-2.0
+#
+# Unless required by applicable law or agreed to in writing, software
+# distributed under the License is distributed on an "AS IS" BASIS,
+# WITHOUT WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied.
+# See the License for the specific language governing permissions and
+# limitations under the License.
+
+set -Eeuxo pipefail
+PS4='+['$(readlink -f "$0")' ${FUNCNAME[0]%main}#$LINENO] '
+
+echo '---> maven-coverity.sh'
+
+#-----------------------------------------------------------------------------
+# Get Coverity Scan build tool
+
+curl \
+  --verbose \
+  --silent \
+  --show-error \
+  --fail \
+  --form "project=${COVERITY_PROJECT_NAME}" \
+  --form "token=${COVERITY_TOKEN}" \
+  --output 'coverity_tool.tgz' \
+  'https://scan.coverity.com/download/linux64'
+
+tar \
+  --extract \
+  --gunzip \
+  --file='coverity_tool.tgz'
+
+COVERITY_BUILD_TOOL_DIRECTORY=$(
+  head -1 <( \
+    tar \
+      --list \
+      --gunzip \
+      --file='coverity_tool.tgz'
+  )
+)
+COVERITY_BINARY_DIRECTORY="${COVERITY_BUILD_TOOL_DIRECTORY}bin"
+test -d "${COVERITY_BINARY_DIRECTORY}" \
+  || exit 1
+export PATH="${PATH}:${COVERITY_BINARY_DIRECTORY}"
+
+rm 'coverity_tool.tgz'
+
+#-----------------------------------------------------------------------------
+# Build
+
+export MAVEN_OPTS
+
+cov-build \
+  --dir 'cov-int' \
+  "${MVN}" clean install \
+    --errors \
+    --global-settings "${GLOBAL_SETTINGS_FILE}" \
+    --settings "${SETTINGS_FILE}" \
+    ${MAVEN_OPTIONS:=} \
+    ${MAVEN_PARAMS:=}
+
+cov-import-scm \
+  --dir 'cov-int' \
+  --scm 'git'
+
+#-----------------------------------------------------------------------------
+# Submit results to Coverity service
+
+tar \
+  --create \
+  --gzip \
+  --file='results.tgz' \
+  'cov-int'
+
+curl \
+  --verbose \
+  --silent \
+  --show-error \
+  --fail \
+  --form "project=${COVERITY_PROJECT_NAME}" \
+  --form "email=${COVERITY_USER_EMAIL}" \
+  --form "token=${COVERITY_TOKEN}" \
+  --form 'file=@results.tgz' \
+  --form "version=${GIT_COMMIT:0:7}" \
+  --form "description=${GIT_BRANCH}" \
+  'https://scan.coverity.com/builds'
+
+#-----------------------------------------------------------------------------
+
+exit 0